openssh bugs - Dec 2014 - [Bug 2329] New: Authorized keys environment parsing error

https://bugzilla.mindrot.org/show_bug.cgi?id=2329

            Bug ID: 2329
           Summary: Authorized keys environment parsing error
           Product: Portable OpenSSH
           Version: 6.7p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: coladict at gmail.com

Created attachment 2520
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2520&action=edit
Untested patch, but should work

When there is an environment setting in the authorized keys file and
setting them is disabled it results in a parsing error, rather than
simply ignoring the option.
I tried writing a workaround, but I won't have a second computer to
properly test it any time soon, so I didn't even try to compile it.
Also I would be doing it that on the Ubuntu sources, which have
different line numbers, but the code in that area is the same,
unchanged between the platforms.
If it doesn't work, at the very least it shows where the problem is.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2329

coladict at gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|6.7p1                       |-current

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2329

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2520|0                           |1
        is obsolete|                            |
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
             Status|NEW                         |ASSIGNED
                 CC|                            |djm at mindrot.org,
                   |                            |dtucker at zip.com.au
   Attachment #2592|                            |ok?(dtucker at zip.com.au)
              Flags|                            |

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 2592
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2592&action=edit
revised diff

IMO it's better to delay the test of permit_env until after the
environment variable is fully parsed. This will prevent it from getting
desynchronised and better alert on errors.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2329

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2360

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2329

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2592|ok?(dtucker at zip.com.au)     |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2329

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
patch applied. This will be in openssh-6.9

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2329

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2329

Christoph Anton Mitterer <calestyo at scientia.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |calestyo at scientia.net

--- Comment #4 from Christoph Anton Mitterer <calestyo at scientia.net>
---
The changelog entry for this reads:
>sshd(8): make parsing of authorized_keys "environment=" options
>independent of PermitUserEnv being enabled;
which kinda sounds as if "environment=" would be applied even if
PermitUserEnvironment=no... but this isn't the case here, is it?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.