Mailing List Archive

[Bug 3328] New: Issue with ForwardAgent value specified as an environment variable
https://bugzilla.mindrot.org/show_bug.cgi?id=3328

Bug ID: 3328
Summary: Issue with ForwardAgent value specified as an
environment variable
Product: Portable OpenSSH
Version: 8.6p1
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs@mindrot.org
Reporter: goetze@dovetail.com

Created attachment 3530
--> https://bugzilla.mindrot.org/attachment.cgi?id=3530&action=edit
xstrdup() added for ForwardAgent env var

Beginning with OpenSSH 8.2, the ssh_config ForwardAgent option can
accept "an explicit path to an agent socket or the name of an
environment variable (beginning with ‘$’) in which to find the path."

If an environment variable name is supplied, ssh.c uses getenv() to
capture the value, but fails to make a copy. This is problematic on
systems where subsequent calls to getenv() clobber the last returned
value.

This problem exists as of OpenSSH release 8.6.

I've attached a proposed patch, based on the OpenSSH 8.6p1 ssh.c source
file.

On a related note, I don't understand why the $ENV_VAR_NAME (without
braces) syntax is supported for this option. There is also support for
supplying the environment variable name via the ${ENV_VAR_NAME} (with
braces) syntax (see the code beginning at line 1415 in ssh.c).

Is the non-brace syntax a legacy format that needs to be preserved?

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs