[Bash-completion-devel] Bug#524190: bash-completion: SSH completion of know hosts doesn't handle multiple host files

Wed Apr 15 11:41:55 UTC 2009

Package: bash-completion
Version: 1:1.0-2
Severity: normal
Tags: patch


I have a few IPs that has their OS replaced on a regular basis, for
these I have /dev/null set as their UserKnownHostsFile.

The eval line used to expand $HOME etc, is dangerous (probably only for
the users of a system if you have a BOFH). With multiple entries the
next entry will be tried to be executed;

knirch at traktor:~$ grep UserKnownHostsFile .ssh/config 
	UserKnownHostsFile "/tmp/lo l"
	#UserKnownHostsFile /dev/null
	UserKnownHostsFile /dev/null
knirch at traktor:~$ ssh [TAB]bash: /dev/null: Permission denied

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages bash-completion depends on:
ii  bash                          3.2-5      The GNU Bourne Again SHell

bash-completion recommends no packages.

bash-completion suggests no packages.

-- debconf-show failed
-------------- next part --------------

--- bash_completion	2009-04-02 22:01:39.000000000 +0200
+++ /etc/bash_completion.new	2009-04-15 13:19:36.000000000 +0200
@@ -2635,6 +2635,7 @@
 	local configfile
 	local cur curd ocur user suffix aliases global_kh user_kh hosts i host
 	local -a kh khd config
+	local IFS=$'\n'
 
 	COMPREPLY=()
 	cur=`_get_cword`
@@ -2667,14 +2668,20 @@
 
 	if [ ${#config[@]} -gt 0 ]; then
 	    # expand path (if present) to global known hosts file
-	    global_kh=$( eval echo "$( sed -ne 's/^[ \t]*[Gg][Ll][Oo][Bb][Aa][Ll][Kk][Nn][Oo][Ww][Nn][Hh][Oo][Ss][Tt][Ss][Ff][Ii][Ll][Ee]['"$'\t '"']*\(.*\)$/\1/p' "${config[@]}" )" )
+	    global_kh=($( sed -ne 's/^[ \t]*[Gg][Ll][Oo][Bb][Aa][Ll][Kk][Nn][Oo][Ww][Nn][Hh][Oo][Ss][Tt][Ss][Ff][Ii][Ll][Ee]['"$'\t '"']*\(.*\)$/\1/p' "${config[@]}" ))
+	    for (( i=0; i < ${#global_kh[@]}; i++ )); do
+		global_kh[i]=$(eval echo "${global_kh[i]//\"/}")
+	    done
 	    # expand path (if present) to user known hosts file
-	    user_kh=$( eval echo "$( sed -ne 's/^[ \t]*[Uu][Ss][Ee][Rr][Kk][Nn][Oo][Ww][Nn][Hh][Oo][Ss][Tt][Ss][Ff][Ii][Ll][Ee]['"$'\t '"']*\(.*\)$/\1/p' "${config[@]}" )" )
+	    user_kh=($( sed -ne 's/^[ \t]*[Uu][Ss][Ee][Rr][Kk][Nn][Oo][Ww][Nn][Hh][Oo][Ss][Tt][Ss][Ff][Ii][Ll][Ee]['"$'\t '"']*\(.*\)$/\1/p' "${config[@]}" ))
+	    for (( i=0; i < ${#user_kh[@]}; i++ )); do
+		user_kh[i]=$(eval echo "${user_kh[i]//\"/}")
+	    done
 	fi
 
 	# Global known_hosts files
 	[ -r "$global_kh" ] &&
-		kh=( "${kh[@]}" "$global_kh" )
+		kh=( "${kh[@]}" "${global_kh[@]}" )
 	if [ -z "$configfile" ]; then
 		[ -r /etc/ssh/ssh_known_hosts ] &&
 		  kh=( "${kh[@]}" /etc/ssh/ssh_known_hosts )
@@ -2690,7 +2697,7 @@
 
 	# User known_hosts files
 	[ -r "$user_kh" ] &&
-		kh=( "${kh[@]}" "$user_kh" )
+		kh=( "${kh[@]}" "${user_kh[@]}" )
 	if [ -z "$configfile" ]; then
 		[ -r ~/.ssh/known_hosts ] &&
 		  kh=( "${kh[@]}" ~/.ssh/known_hosts )
