Bug#1118288: openssh-client: ssh-agent does not handle paths with spaces
Package: openssh-client
Version: 1:10.0p1-8
Followup-For: Bug #1118288
Tag: patch
Dear Maintainer,
Here's a patch that fixes this bug.
Best regards,
Beat Bolli
>From 9ec0ecfcd29b6e371fbe92417aba3074aabe47c7 Mon Sep 17 00:00:00 2001
From: Beat Bolli <me+dev@drbeat.li>
Date: Mon, 20 Oct 2025 19:54:58 +0200
Subject: [PATCH] ssh-agent: quote the env values to protect contained spaces
When printing the env values to be evaluated by the shell, we need to
protect against contained spaces, otherwise weird stuff can happen:
tmpdir=$(mktemp -d)
mkdir "$tmpdir/path with spaces"
cd "$tmpdir/path with spaces"
export HOME="$PWD"
mkdir .ssh
eval $(ssh-agent)
This outputs `bash: with: command not found`.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118288
---
ssh-agent.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ssh-agent.c b/ssh-agent.c
index df241379c..9a4cfbb12 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -2462,7 +2462,7 @@ main(int ac, char **av)
SYSLOG_FACILITY_AUTH, 1);
if (socket_name[0] != '\0') {
format = c_flag ?
- "setenv %s %s;\n" : "%s=%s; export %s;\n";
+ "setenv %s '%s';\n" : "%s='%s'; export %s;\n";
printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
SSH_AUTHSOCKET_ENV_NAME);
printf("echo Agent pid %ld;\n", (long)parent_pid);
@@ -2479,7 +2479,7 @@ main(int ac, char **av)
close(sock);
snprintf(pidstrbuf, sizeof pidstrbuf, "%ld", (long)pid);
if (ac == 0) {
- format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
+ format = c_flag ? "setenv %s '%s';\n" : "%s='%s'; export %s;\n";
printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
SSH_AUTHSOCKET_ENV_NAME);
printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
base-commit: 74369b2b7c366887211ef5c092b0aaa60f31ef11
--
2.50.1
Reply to: