version 1.598, 2023/10/12 02:48:43 |
version 1.599, 2023/12/18 14:47:44 |
|
|
free(cinfo); |
free(cinfo); |
} |
} |
|
|
|
static int |
|
valid_hostname(const char *s) |
|
{ |
|
size_t i; |
|
|
|
if (*s == '-') |
|
return 0; |
|
for (i = 0; s[i] != 0; i++) { |
|
if (strchr("'`\"$\\;&<>|(){}", s[i]) != NULL || |
|
isspace((u_char)s[i]) || iscntrl((u_char)s[i])) |
|
return 0; |
|
} |
|
return 1; |
|
} |
|
|
|
static int |
|
valid_ruser(const char *s) |
|
{ |
|
size_t i; |
|
|
|
if (*s == '-') |
|
return 0; |
|
for (i = 0; s[i] != 0; i++) { |
|
if (strchr("'`\";&<>|(){}", s[i]) != NULL) |
|
return 0; |
|
/* Disallow '-' after whitespace */ |
|
if (isspace((u_char)s[i]) && s[i + 1] == '-') |
|
return 0; |
|
/* Disallow \ in last position */ |
|
if (s[i] == '\\' && s[i + 1] == '\0') |
|
return 0; |
|
} |
|
return 1; |
|
} |
|
|
/* |
/* |
* Main program for the ssh client. |
* Main program for the ssh client. |
*/ |
*/ |
|
|
if (!host) |
if (!host) |
usage(); |
usage(); |
|
|
|
if (!valid_hostname(host)) |
|
fatal("hostname contains invalid characters"); |
|
if (options.user != NULL && !valid_ruser(options.user)) |
|
fatal("remote username contains invalid characters"); |
options.host_arg = xstrdup(host); |
options.host_arg = xstrdup(host); |
|
|
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |