Bug 1757

Summary: strdelim has a bug caused only one user with quote
Product: Portable OpenSSH Reporter: Bitman Zhou <bitman.zhou>
Component: MiscellaneousAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: normal CC: djm
Priority: P2    
Version: 5.4p1   
Hardware: Other   
OS: Linux   
Bug Depends on:    
Bug Blocks: 1708    
Attachments:
Description Flags
/home/djm/misc-strdelim-quote.diff dtucker: ok+

Description Bitman Zhou 2010-04-15 20:23:46 AEST 
openssh-5.4p1/misc.c

154 /* Characters considered whitespace in strsep calls. */
155 #define WHITESPACE " \t\r\n"
156 #define QUOTE   "\""
157 
158 /* return next token in configuration line */
159 char *
160 strdelim(char **s)
161 {
...
179         } else {
180             *s[0] = '\0';
181             return (old);
182         }
...


It should be:

        } else {
            *s[0] = '\0';
            *s += strspn(*s + 1, WHITESPACE) + 1;
            return (old);
        }
Comment 1 Damien Miller 2010-06-25 21:32:25 AEST 
Thanks for the report. Could you give an example of the bug? E.g. a testcase of what this code does wrong.
Comment 2 Bitman Zhou 2010-06-28 14:33:51 AEST 
To reproduce this bug, set AllowUsers to something like:

> "user name 1" "user name 2"
user name 2 won't be allowed to login

> "user name a" userb
userb won't be allowed to login

Thanks.
Comment 3 Damien Miller 2010-07-02 14:23:27 AEST 
Created attachment 1893 [details]
/home/djm/misc-strdelim-quote.diff

Patch version of proposed fix
Comment 4 Damien Miller 2010-07-02 14:32:57 AEST 
patch applied, this will be in OpenSSH 5.6. Thanks.
Comment 5 Damien Miller 2011-01-24 12:33:54 AEDT 
Move resolved bugs to CLOSED after 5.7 release