don't allow newlines in ssh command

(again, thanks to Dan Carpenter for catching this)
2011-10-01 13:02:23 +05:30 · 2011-10-01 13:02:23 +05:30 · 909bc43e70
parent a07e0d6b5c
commit 909bc43e70
1 changed files with 4 additions and 0 deletions
--- a/src/gl-auth-command
+++ b/src/gl-auth-command
@ -93,6 +93,10 @@ unless ($ENV{SSH_ORIGINAL_COMMAND}) {
    $ENV{SSH_ORIGINAL_COMMAND} = 'info';
 }

+# quick sanity check for newlines; could be used to create fake log entries.
+# Not an access violation but possibly an audit/compliance reporting violation
+die "I don't like newlines in the command: $ENV{SSH_ORIGINAL_COMMAND}\n" if $ENV{SSH_ORIGINAL_COMMAND} =~ /[\n\r]/;
+
 # admin defined commands; please see doc/admin-defined-commands.mkd
 if ($GL_ADC_PATH and -d $GL_ADC_PATH) {
    try_adc();  # if it succeeds, this also 'exec's out