- djm@cvs.openbsd.org 2014/03/03 22:22:30

[session.c] ignore enviornment variables with embedded '=' or '\0' characters; spotted by Jann Horn; ok deraadt@ Id sync only - portable already has this.
2014-04-20 12:58:04 +10:00 · 2014-04-20 12:58:04 +10:00 · c10bf4d051
parent c2e49062fa
commit c10bf4d051
2 changed files with 9 additions and 1 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+20140420
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2014/03/03 22:22:30
+     [session.c]
+     ignore enviornment variables with embedded '=' or '\0' characters;
+     spotted by Jann Horn; ok deraadt@
+     Id sync only - portable already has this.
+
 20140401
 - (djm) On platforms that support it, use prctl() to prevent sftp-server
   from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net
--- a/session.c
+++ b/session.c
@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.270 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: session.c,v 1.271 2014/03/03 22:22:30 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved