- (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be

[openssh.git] / session.c

diff --git a/session.c b/session.c
index 51c8a0ae45f624b44cfc4b9188417ed443fdaa67..3c759e4725c16a140a2698339480e9d515302e1e 100644 (file)
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.141 2002/06/26 08:58:26 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.143 2002/06/30 21:54:16 deraadt Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -877,12 +877,15 @@ read_environment_file(char ***env, u_int *envsize,
        FILE *f;
        char buf[4096];
        char *cp, *value;
+       u_int lineno = 0;
 
        f = fopen(filename, "r");
        if (!f)
                return;
 
        while (fgets(buf, sizeof(buf), f)) {
+               if (++lineno > 1000)
+                       fatal("Too many lines in environment file %s", filename);
                for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
                        ;
                if (!*cp || *cp == '#' || *cp == '\n')
@@ -891,7 +894,8 @@ read_environment_file(char ***env, u_int *envsize,
                        *strchr(cp, '\n') = '\0';
                value = strchr(cp, '=');
                if (value == NULL) {
-                       fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
+                       fprintf(stderr, "Bad line %u in %.100s\n", lineno,
+                           filename);
                        continue;
                }
                /*
@@ -988,13 +992,13 @@ do_setup_env(Session *s, const char *shell)
        if (!options.use_login) {
                while (custom_environment) {
                        struct envstring *ce = custom_environment;
-                       char *s = ce->s;
+                       char *str = ce->s;
 
-                       for (i = 0; s[i] != '=' && s[i]; i++)
+                       for (i = 0; str[i] != '=' && str[i]; i++)
                                ;
-                       if (s[i] == '=') {
-                               s[i] = 0;
-                               child_set_env(&env, &envsize, s, s + i + 1);
+                       if (str[i] == '=') {
+                               str[i] = 0;
+                               child_set_env(&env, &envsize, str, str + i + 1);
                        }
                        custom_environment = ce->next;
                        xfree(ce->s);
@@ -1038,8 +1042,17 @@ do_setup_env(Session *s, const char *shell)
                    s->authctxt->krb5_ticket_file);
 #endif
 #ifdef USE_PAM
-       /* Pull in any environment variables that may have been set by PAM. */
-       copy_environment(fetch_pam_environment(), &env, &envsize);
+       /*
+        * Pull in any environment variables that may have
+        * been set by PAM.
+        */
+       {
+               char **p;
+
+               p = fetch_pam_environment();
+               copy_environment(p, &env, &envsize);
+               free_pam_environment(p);
+       }
 #endif /* USE_PAM */
 
        if (auth_sock_name != NULL)
@@ -1155,8 +1168,6 @@ do_nologin(struct passwd *pw)
 void
 do_setusercontext(struct passwd *pw)
 {
-       char tty='\0';
-
 #ifdef HAVE_CYGWIN
        if (is_winnt) {
 #else /* HAVE_CYGWIN */
@@ -1166,9 +1177,9 @@ do_setusercontext(struct passwd *pw)
                setpcred(pw->pw_name);
 #endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
-#ifdef __bsdi__
+# ifdef __bsdi__
                setpgid(0, 0);
-#endif
+# endif
                if (setusercontext(lc, pw, pw->pw_uid,
                    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
                        perror("unable to set user context");
@@ -1205,8 +1216,7 @@ do_setusercontext(struct passwd *pw)
                irix_setusercontext(pw);
 #  endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
 # ifdef _AIX
-               /* XXX: Disable tty setting.  Enabled if required later */
-               aix_usrinfo(pw, &tty, -1);
+               aix_usrinfo(pw);
 # endif /* _AIX */
                /* Permanently switch to the desired uid. */
                permanently_set_uid(pw);