From 23cc2bfb8cf82d378c4e678b9505ec328998aee7 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Wed, 21 Oct 2015 22:05:50 +0800
Subject: [PATCH] don't silently ignore extra flag arguments

---
 cli-runopts.c | 8 ++++++--
 dbclient.1    | 2 +-
 dropbear.8    | 2 +-
 svr-runopts.c | 7 ++++++-
 4 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/cli-runopts.c b/cli-runopts.c
index 58b64cec..b251550f 100644
--- a/cli-runopts.c
+++ b/cli-runopts.c
@@ -218,8 +218,12 @@ void cli_getopts(int argc, char ** argv) {
 
 		if (argv[i][0] == '-') {
 			/* A flag *waves* */
-
-			switch (argv[i][1]) {
+			char c = argv[i][1];
+			if (strlen(argv[i]) != 2) {
+				/* Ensure only one flag per hyphen. '?' falls through to print help */
+				c = '?';
+			}
+			switch (c) {
 				case 'y': /* always accept the remote hostkey */
 					if (cli_opts.always_accept_key) {
 						/* twice means no checking at all */
diff --git a/dbclient.1 b/dbclient.1
index cf9c6477..c33f9554 100644
--- a/dbclient.1
+++ b/dbclient.1
@@ -3,7 +3,7 @@
 dbclient \- lightweight SSH client
 .SH SYNOPSIS
 .B dbclient
-[\-Tt] [\-p
+[flag arguments] [\-p
 .I port\fR] [\-i
 .I id\fR] [\-L
 .I l\fR:\fIh\fR:\fIr\fR] [\-R
diff --git a/dropbear.8 b/dropbear.8
index d129a5d3..501cecf8 100644
--- a/dropbear.8
+++ b/dropbear.8
@@ -3,7 +3,7 @@
 dropbear \- lightweight SSH server
 .SH SYNOPSIS
 .B dropbear
-[\-RFEmwsgjki] [\-b
+[flag arguments] [\-b
 .I banner\fR] 
 [\-r
 .I hostkeyfile\fR] [\-p
diff --git a/svr-runopts.c b/svr-runopts.c
index 09fc9af5..acb7cc1f 100644
--- a/svr-runopts.c
+++ b/svr-runopts.c
@@ -189,7 +189,12 @@ void svr_getopts(int argc, char ** argv) {
 		}
 
 		if (argv[i][0] == '-') {
-			switch (argv[i][1]) {
+			char c = argv[i][1];
+			if (strlen(argv[i]) != 2) {
+				/* Ensure only one flag per hyphen. '?' falls through to print help */
+				c = '?';
+			}
+			switch (c) {
 				case 'b':
 					next = &svr_opts.bannerfile;
 					break;
-- 
GitLab