← Back to branch summary

~ubuntu-branches/ubuntu/raring/rssh/raring

« back to all changes in this revision

Viewing changes to main.c.in

  • Committer: Package Import Robot
  • Author(s): Russ Allbery
  • Date: 2012-08-10 22:14:34 UTC
  • Revision ID: package-import@ubuntu.com-20120810221434-kc3lj18l5zhebag4
Tags: 2.3.3-5
Apply upstream patch to close security vulnerability that permitted
clever manipulation of environment variables on the ssh command line
to bypass rssh checking.  (CVE-2012-3478)

Show diffs side-by-side

added added

removed removed

Lines of Context:
main.c.in
184
184
         * determine if the command in cmdline is acceptable to run, and store
185
185
         * name of program to exec in cmd
186
186
         */
187
 
        if ( !(*cmd = check_command_line(cmdline, opts)) ) return NULL;
 
187
        if ( !(*cmd = get_command(cmdline, opts)) ) return NULL;
188
188
 
189
189
        /* if we need to do chroot processing, do it */
190
190
        if ( opts->shell_flags & RSSH_USE_CHROOT ){
254
254
        }
255
255
 
256
256
        /* return vector of pointers to command line arguments */
257
 
        return build_arg_vector(cmdline, 0);
 
257
        argvec = build_arg_vector(cmdline, 0);
 
258
        if (check_command_line(argvec, opts)) return argvec;
 
259
        else return NULL;
258
260
}
259
261
 
260
262
void vers_info( void )