===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth-options.c,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -r1.83 -r1.84
--- src/usr.bin/ssh/auth-options.c	2018/06/19 02:59:41	1.83
+++ src/usr.bin/ssh/auth-options.c	2018/10/03 06:38:35	1.84
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.83 2018/06/19 02:59:41 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.84 2018/10/03 06:38:35 djm Exp $ */
 /*
  * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
  *
@@ -466,13 +466,16 @@
 				errstr = "invalid environment string";
 				goto fail;
 			}
-			for (cp = opt; cp < tmp; cp++) {
-				if (!isalnum((u_char)*cp) && *cp != '_') {
-					free(opt);
-					errstr = "invalid environment string";
-					goto fail;
-				}
+			if ((cp = strdup(opt)) == NULL)
+				goto alloc_fail;
+			cp[tmp - opt] = '\0'; /* truncate at '=' */
+			if (!valid_env_name(cp)) {
+				free(cp);
+				free(opt);
+				errstr = "invalid environment string";
+				goto fail;
 			}
+			free(cp);
 			/* Append it. */
 			oarray = ret->env;
 			if ((ret->env = recallocarray(ret->env, ret->nenv,