Bug 3328

Summary:

Issue with ForwardAgent value specified as an environment variable

Product:

Portable OpenSSH

Reporter:

Stephen Goetze <steve>

Component:

ssh

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED FIXED

Severity:

normal

CC:

dtucker

Priority:

Version:

8.6p1

Hardware:

Other

OS:

All

Bug Depends on:

Bug Blocks:

3302

Attachments:

Description	Flags
xstrdup() added for ForwardAgent env var	none

Description Stephen Goetze 2021-06-26 02:48:51 AEST

Created attachment 3530 [details]
xstrdup() added for ForwardAgent env var

Beginning with OpenSSH 8.2, the ssh_config ForwardAgent option can accept "an explicit path to an agent socket or the name of an environment variable (beginning with ‘$’) in which to find the path."

If an environment variable name is supplied, ssh.c uses getenv() to capture the value, but fails to make a copy.  This is problematic on systems where subsequent calls to getenv() clobber the last returned value.

This problem exists as of OpenSSH release 8.6.

I've attached a proposed patch, based on the OpenSSH 8.6p1 ssh.c source file.

On a related note, I don't understand why the $ENV_VAR_NAME (without braces) syntax is supported for this option.  There is also support for supplying the environment variable name via the ${ENV_VAR_NAME} (with braces) syntax (see the code beginning at line 1415 in ssh.c).  

Is the non-brace syntax a legacy format that needs to be preserved?

Comment 1 Darren Tucker 2021-08-07 15:23:48 AEST

(In reply to Stephen Goetze from comment #0)
[...]
> I've attached a proposed patch, based on the OpenSSH 8.6p1 ssh.c
> source file.

Thanks, I've added it to the list to do for the next release.

> On a related note, I don't understand why the $ENV_VAR_NAME (without
> braces) syntax is supported for this option.  There is also support
> for supplying the environment variable name via the ${ENV_VAR_NAME}
> (with braces) syntax (see the code beginning at line 1415 in ssh.c).
> 
> 
> Is the non-brace syntax a legacy format that needs to be preserved?

Yes, the non-brace syntax was existed only for this option prior to the more generic brace support being added for many options.  The old syntax is maintained for backward compatibility for any configs using it (we try not to break working configs without advance warning).

Comment 2 Darren Tucker 2021-08-08 19:15:24 AEST

This has been applied and will be in the next major release.

Thanks for the report.

Comment 3 Damien Miller 2022-02-25 13:58:00 AEDT

closing bugs resolved before openssh-8.9