www.cendio.com
Bug 5764 - PermitOpen functionality should add quotes around username with whitespace
: PermitOpen functionality should add quotes around username with whitespace
Status: CLOSED FIXED
: ThinLinc
VSM Agent
: trunk
: PC Unknown
: P2 Normal
: 4.6.0
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2016-01-04 08:59 by
Modified: 2018-09-17 09:25 (History)
Acceptance Criteria:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2016-01-04 08:59:51
(From Issue18342)

If you have a username with whitespace, for example a space, and using the
PermitOpen feature, then sshd_config will look like:

Match User xxx yyy
    PermitOpen 127.0.0.1:something

This is an invalid configuration and after the SIGHUP, the machine will no
longer respond to SSH. The username should be quoted like:

Match User "xxx yyy"
    PermitOpen 127.0.0.1:something
------- Comment #3 From cendio 2016-01-08 14:38:28 -------
There are more characters that confuse sshd. E.g. the user foo""foo:

> PermitOpen none
> # @thinlinc-begin@
> Match User "foo""foo"
>     PermitOpen 127.0.0.1:5901
> # @thinlinc-end@

Gives:

> Jan 08 14:36:26 dhcp-254-99.lkpg.cendio.se sshd[5947]: Missing Match criteria for foo
> Jan 08 14:36:26 dhcp-254-99.lkpg.cendio.se sshd[5947]: /etc/ssh/sshd_config line 157: Bad Match condition

The parser is unfortunately not very bright, so I think the only safe approach
is to avoid all its special characters. Currently that list is " \t\r\n\"=".
See strdelim() in misc.c.
------- Comment #5 From cendio 2016-01-19 16:56:50 -------
Code looks fine, still works for regular usernames.

Has the new fix been installed on the demo system?
------- Comment #6 From cendio 2016-01-20 08:39:15 -------
(In reply to comment #5)
> Code looks fine, still works for regular usernames.
> 
> Has the new fix been installed on the demo system?

Yes, on eudemo. usdemo has also been updated now.