===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/session.c,v
retrieving revision 1.278.2.1
retrieving revision 1.279
diff -u -r1.278.2.1 -r1.279
--- src/usr.bin/ssh/session.c	2016/03/10 11:54:22	1.278.2.1
+++ src/usr.bin/ssh/session.c	2015/10/24 22:52:22	1.279
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.278.2.1 2016/03/10 11:54:22 djm Exp $ */
+/* $OpenBSD: session.c,v 1.279 2015/10/24 22:52:22 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -40,7 +40,6 @@
 #include <sys/socket.h>
 #include <sys/queue.h>
 
-#include <ctype.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <grp.h>
@@ -143,6 +142,7 @@
 login_cap_t *lc;
 
 static int is_child = 0;
+static int in_chroot = 0;
 
 /* Name and directory of socket for authentication agent forwarding. */
 static char *auth_sock_name = NULL;
@@ -256,21 +256,6 @@
 	do_cleanup(authctxt);
 }
 
-/* Check untrusted xauth strings for metacharacters */
-static int
-xauth_valid_string(const char *s)
-{
-	size_t i;
-
-	for (i = 0; s[i] != '\0'; i++) {
-		if (!isalnum((u_char)s[i]) &&
-		    s[i] != '.' && s[i] != ':' && s[i] != '/' &&
-		    s[i] != '-' && s[i] != '_')
-		return 0;
-	}
-	return 1;
-}
-
 /*
  * Prepares for an interactive session.  This is called after the user has
  * been successfully authenticated.  During this message exchange, pseudo
@@ -344,13 +329,7 @@
 				s->screen = 0;
 			}
 			packet_check_eom();
-			if (xauth_valid_string(s->auth_proto) &&
-			    xauth_valid_string(s->auth_data))
-				success = session_setup_x11fwd(s);
-			else {
-				success = 0;
-				error("Invalid X11 forwarding data");
-			}
+			success = session_setup_x11fwd(s);
 			if (!success) {
 				free(s->auth_proto);
 				free(s->auth_data);
@@ -1234,7 +1213,7 @@
 			exit(1);
 		}
 
-		if (options.chroot_directory != NULL &&
+		if (!in_chroot && options.chroot_directory != NULL &&
 		    strcasecmp(options.chroot_directory, "none") != 0) {
                         tmp = tilde_expand_filename(options.chroot_directory,
 			    pw->pw_uid);
@@ -1246,6 +1225,7 @@
 			/* Make sure we don't attempt to chroot again */
 			free(options.chroot_directory);
 			options.chroot_directory = NULL;
+			in_chroot = 1;
 		}
 
 		/* Set UID */
@@ -1434,11 +1414,11 @@
 	if (chdir(pw->pw_dir) < 0) {
 		/* Suppress missing homedir warning for chroot case */
 		r = login_getcapbool(lc, "requirehome", 0);
-		if (r || options.chroot_directory == NULL ||
-		    strcasecmp(options.chroot_directory, "none") == 0)
+		if (r || !in_chroot) {
 			fprintf(stderr, "Could not chdir to home "
 			    "directory %s: %s\n", pw->pw_dir,
 			    strerror(errno));
+		}
 		if (r)
 			exit(1);
 	}
@@ -1822,13 +1802,7 @@
 	s->screen = packet_get_int();
 	packet_check_eom();
 
-	if (xauth_valid_string(s->auth_proto) &&
-	    xauth_valid_string(s->auth_data))
-		success = session_setup_x11fwd(s);
-	else {
-		success = 0;
-		error("Invalid X11 forwarding data");
-	}
+	success = session_setup_x11fwd(s);
 	if (!success) {
 		free(s->auth_proto);
 		free(s->auth_data);