ssh_filter_btrbk.sh: disallow newlines in the SSH command

This disallows newline (that is: LF characters) in the SSH command, which could
have been exploited for arbitrary code execution, since commit
77a39282de.

Example:
    # export SSH_ORIGINAL_COMMAND=$'readlink /dev/stdout\ncat /etc/shadow'
    # ssh_filter_btrbk.sh

Since `readlink` is a generally allowed command, this works with any of
ssh_filter_btrbk.sh’s options.
But most likely, other commands that are “added” via `allow_cmd()` can be used,
too.

Signed-off-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>

# Please enter the commit message for your changes. Lines starting
# with '#' will be kept; you may remove them yourself if you want to.
# An empty message aborts the commit.
#
# Date:      Wed Nov 30 04:29:53 2022 +0100
#
# On branch fix-remote-code-execution
# Your branch and 'origin/fix-remote-code-execution' have diverged,
# and have 1 and 1 different commits each, respectively.
#   (use "git pull" to merge the remote branch into yours)
#
# Changes to be committed:
#	modified:   ssh_filter_btrbk.sh
#
# Untracked files:
#	ORIG
#

ssh_filter_btrbk.sh

@@ -183,6 +183,8 @@ restrict_path_list=${restrict_path_list#\|}
 
 case "$SSH_ORIGINAL_COMMAND" in
     *\.\./*)  reject_and_die 'directory traversal'  ;;
+    *'
+'*)           reject_and_die 'unsafe character LF'  ;;
     *\$*)     reject_and_die 'unsafe character "$"' ;;
     *\&*)     reject_and_die 'unsafe character "&"' ;;
     *\(*)     reject_and_die 'unsafe character "("' ;;