From 58212de771c381cd4fa05625927080bf264e9584 Mon Sep 17 00:00:00 2001
From: Axel Burri <axel@tty0.ch>
Date: Sun, 21 Mar 2021 12:53:22 +0100
Subject: [PATCH] ssh_filter_btrbk.sh: fix alternation regex

Security vulnerability fixed in alternation regex. Specialy crafted
commands may be executed without being propely checked.

Affects all versions >= btrbk-v0.23.0

Regression from:

   ccb5ed5e71 ssh_filter_btrbk: allow "realpath" and "cat /proc/self/mounts" on targets

Reported by: @protree (responsible disclosure)
---
 ssh_filter_btrbk.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssh_filter_btrbk.sh b/ssh_filter_btrbk.sh
index 5240597..c742aa5 100755
--- a/ssh_filter_btrbk.sh
+++ b/ssh_filter_btrbk.sh
@@ -86,7 +86,7 @@ reject_filtered_cmd()
         return 0
     fi
 
-    exact_cmd_match="^${allow_exact_list}$";
+    exact_cmd_match="^(${allow_exact_list})$";
     if [[ $SSH_ORIGINAL_COMMAND =~ $exact_cmd_match ]] ; then
         return 0
     fi