From ae3a6c115f526337d5fc75cc107aed37a6de1da5 Mon Sep 17 00:00:00 2001
From: Konstantin Demin <rockdrilla@gmail.com>
Date: Tue, 16 Oct 2018 16:31:42 +0300
Subject: [PATCH] dropbear: forbid multiple "command=" options

cherry-pick upstream commit ed4c38ba467618a7193f4e5dec1d5f0169e0c227

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
---
 .../011-forbid-multiple-command-options.patch      | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 package/network/services/dropbear/patches/011-forbid-multiple-command-options.patch

diff --git a/package/network/services/dropbear/patches/011-forbid-multiple-command-options.patch b/package/network/services/dropbear/patches/011-forbid-multiple-command-options.patch
new file mode 100644
index 0000000000..e3a2dfc2c4
--- /dev/null
+++ b/package/network/services/dropbear/patches/011-forbid-multiple-command-options.patch
@@ -0,0 +1,14 @@
+--- a/svr-authpubkeyoptions.c
++++ b/svr-authpubkeyoptions.c
+@@ -168,6 +168,11 @@ int svr_add_pubkey_options(buffer *optio
+ 		if (match_option(options_buf, "command=\"") == DROPBEAR_SUCCESS) {
+ 			int escaped = 0;
+ 			const unsigned char* command_start = buf_getptr(options_buf, 0);
++
++			if (ses.authstate.pubkey_options->forced_command) {
++				goto bad_option;
++			}
++
+ 			while (options_buf->pos < options_buf->len) {
+ 				const char c = buf_getbyte(options_buf);
+ 				if (!escaped && c == '"') {
-- 
2.30.2