You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 lines
1.2 KiB
57 lines
1.2 KiB
diff --git a/ssh.c b/ssh.c |
|
index 35c48e62..48d93ddf 100644 |
|
--- a/ssh.c |
|
+++ b/ssh.c |
|
@@ -626,6 +626,41 @@ ssh_conn_info_free(struct ssh_conn_info *cinfo) |
|
free(cinfo); |
|
} |
|
|
|
+static int |
|
+valid_hostname(const char *s) |
|
+{ |
|
+ size_t i; |
|
+ |
|
+ if (*s == '-') |
|
+ return 0; |
|
+ for (i = 0; s[i] != 0; i++) { |
|
+ if (strchr("'`\"$\\;&<>|(){}", s[i]) != NULL || |
|
+ isspace((u_char)s[i]) || iscntrl((u_char)s[i])) |
|
+ return 0; |
|
+ } |
|
+ return 1; |
|
+} |
|
+ |
|
+static int |
|
+valid_ruser(const char *s) |
|
+{ |
|
+ size_t i; |
|
+ |
|
+ if (*s == '-') |
|
+ return 0; |
|
+ for (i = 0; s[i] != 0; i++) { |
|
+ if (strchr("'`\";&<>|(){}", s[i]) != NULL) |
|
+ return 0; |
|
+ /* Disallow '-' after whitespace */ |
|
+ if (isspace((u_char)s[i]) && s[i + 1] == '-') |
|
+ return 0; |
|
+ /* Disallow \ in last position */ |
|
+ if (s[i] == '\\' && s[i + 1] == '\0') |
|
+ return 0; |
|
+ } |
|
+ return 1; |
|
+} |
|
+ |
|
/* |
|
* Main program for the ssh client. |
|
*/ |
|
@@ -1118,6 +1153,10 @@ main(int ac, char **av) |
|
if (!host) |
|
usage(); |
|
|
|
+ if (!valid_hostname(host)) |
|
+ fatal("hostname contains invalid characters"); |
|
+ if (options.user != NULL && !valid_ruser(options.user)) |
|
+ fatal("remote username contains invalid characters"); |
|
host_arg = xstrdup(host); |
|
|
|
/* Initialize the command to execute on remote host. */
|
|
|