===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/session.c,v
retrieving revision 1.277.2.1
retrieving revision 1.278
diff -u -r1.277.2.1 -r1.278
--- src/usr.bin/ssh/session.c	2016/03/10 11:53:34	1.277.2.1
+++ src/usr.bin/ssh/session.c	2015/04/24 01:36:00	1.278
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.277.2.1 2016/03/10 11:53:34 djm Exp $ */
+/* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -40,7 +40,6 @@
 #include <sys/socket.h>
 #include <sys/queue.h>
 
-#include <ctype.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <grp.h>
@@ -256,21 +255,6 @@
 	do_cleanup(authctxt);
 }
 
-/* Check untrusted xauth strings for metacharacters */
-static int
-xauth_valid_string(const char *s)
-{
-	size_t i;
-
-	for (i = 0; s[i] != '\0'; i++) {
-		if (!isalnum((u_char)s[i]) &&
-		    s[i] != '.' && s[i] != ':' && s[i] != '/' &&
-		    s[i] != '-' && s[i] != '_')
-		return 0;
-	}
-	return 1;
-}
-
 /*
  * Prepares for an interactive session.  This is called after the user has
  * been successfully authenticated.  During this message exchange, pseudo
@@ -344,13 +328,7 @@
 				s->screen = 0;
 			}
 			packet_check_eom();
-			if (xauth_valid_string(s->auth_proto) &&
-			    xauth_valid_string(s->auth_data))
-				success = session_setup_x11fwd(s);
-			else {
-				success = 0;
-				error("Invalid X11 forwarding data");
-			}
+			success = session_setup_x11fwd(s);
 			if (!success) {
 				free(s->auth_proto);
 				free(s->auth_data);
@@ -901,7 +879,7 @@
 			if (envsize >= 1000)
 				fatal("child_set_env: too many env vars");
 			envsize += 50;
-			env = (*envp) = xrealloc(env, envsize, sizeof(char *));
+			env = (*envp) = xreallocarray(env, envsize, sizeof(char *));
 			*envsizep = envsize;
 		}
 		/* Need to set the NULL pointer at end of array beyond the new slot. */
@@ -1555,7 +1533,7 @@
 			return NULL;
 		debug2("%s: allocate (allocated %d max %d)",
 		    __func__, sessions_nalloc, options.max_sessions);
-		tmp = xrealloc(sessions, sessions_nalloc + 1,
+		tmp = xreallocarray(sessions, sessions_nalloc + 1,
 		    sizeof(*sessions));
 		if (tmp == NULL) {
 			error("%s: cannot allocate %d sessions",
@@ -1822,13 +1800,7 @@
 	s->screen = packet_get_int();
 	packet_check_eom();
 
-	if (xauth_valid_string(s->auth_proto) &&
-	    xauth_valid_string(s->auth_data))
-		success = session_setup_x11fwd(s);
-	else {
-		success = 0;
-		error("Invalid X11 forwarding data");
-	}
+	success = session_setup_x11fwd(s);
 	if (!success) {
 		free(s->auth_proto);
 		free(s->auth_data);
@@ -1888,7 +1860,7 @@
 	for (i = 0; i < options.num_accept_env; i++) {
 		if (match_pattern(name, options.accept_env[i])) {
 			debug2("Setting env %d: %s=%s", s->num_env, name, val);
-			s->env = xrealloc(s->env, s->num_env + 1,
+			s->env = xreallocarray(s->env, s->num_env + 1,
 			    sizeof(*s->env));
 			s->env[s->num_env].name = name;
 			s->env[s->num_env].val = val;