- markus@cvs.openbsd.org 2002/06/26 14:51:33

[openssh.git] / session.c

diff --git a/session.c b/session.c
index aadc82fefda2b11608bd4844d37023f6c579327c..747a00afae1b5996689d24d7f68898fd05255029 100644 (file)
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.140 2002/06/23 21:06:41 deraadt Exp $");
+RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -849,6 +849,9 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
        } else {
                /* New variable.  Expand if necessary. */
                if (i >= (*envsizep) - 1) {
+                       if (*envsizep >= 1000)
+                               fatal("child_set_env: too many env vars,"
+                                   " skipping: %.100s", name);
                        (*envsizep) += 50;
                        env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
                }
@@ -874,12 +877,15 @@ read_environment_file(char ***env, u_int *envsize,
        FILE *f;
        char buf[4096];
        char *cp, *value;
+       u_int lineno = 0;
 
        f = fopen(filename, "r");
        if (!f)
                return;
 
        while (fgets(buf, sizeof(buf), f)) {
+               if (++lineno > 1000)
+                       fatal("Too many lines in environment file %s", filename);
                for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
                        ;
                if (!*cp || *cp == '#' || *cp == '\n')
@@ -888,7 +894,8 @@ read_environment_file(char ***env, u_int *envsize,
                        *strchr(cp, '\n') = '\0';
                value = strchr(cp, '=');
                if (value == NULL) {
-                       fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
+                       fprintf(stderr, "Bad line %u in %.100s\n", lineno,
+                           filename);
                        continue;
                }
                /*