Commit 4dbd137
committed
fix(ssh): reject control characters in ssh_add_host_key inputs
ssh_add_host_key writes the host/key_type/key into the line-oriented known_hosts file. Add a field validator on host/key/key_type that rejects ASCII control characters so a value with an embedded newline cannot inject additional known_hosts entries.1 parent 0fe026b commit 4dbd137
1 file changed
Lines changed: 15 additions & 1 deletion
Lines changed: 15 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
6 | 6 | | |
7 | 7 | | |
8 | 8 | | |
9 | | - | |
| 9 | + | |
10 | 10 | | |
11 | 11 | | |
12 | 12 | | |
| |||
87 | 87 | | |
88 | 88 | | |
89 | 89 | | |
| 90 | + | |
| 91 | + | |
| 92 | + | |
| 93 | + | |
| 94 | + | |
| 95 | + | |
| 96 | + | |
| 97 | + | |
| 98 | + | |
| 99 | + | |
| 100 | + | |
| 101 | + | |
| 102 | + | |
| 103 | + | |
0 commit comments