There is a wrong usage of strchr() in openssh. strchr() shall return a null pointer if the char was not found. Check whether return value is NULL instead of dereferencing it. Signed-off-by: Jubin Zhong <zhongjubin@xxxxxxxxxx> --- session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/session.c b/session.c index b25cbca..9e9d5fe 100644 --- a/session.c +++ b/session.c @@ -1105,7 +1105,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) for (n = 0 ; n < auth_opts->nenv; n++) { ocp = xstrdup(auth_opts->env[n]); cp = strchr(ocp, '='); - if (*cp == '=') { + if (cp != NULL) { *cp = '\0'; /* Apply PermitUserEnvironment allowlist */ if (options.permit_user_env_allowlist == NULL || -- 1.8.5.6 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev