From 14c9a4b9efbad54b3f4275b0d0678a688eb3f77b Mon Sep 17 00:00:00 2001
From: Mattias Andrée <m@maandree.se>
Date: Sat, 8 Feb 2025 15:28:43 +0100
Subject: Forbid - and variable assigment formatted command
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <m@maandree.se>
---
 sshexec.1 | 10 +++++++++-
 sshexec.c |  5 +++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/sshexec.1 b/sshexec.1
index 6e087fa..b17cc82 100644
--- a/sshexec.1
+++ b/sshexec.1
@@ -211,6 +211,12 @@ utility forces the remote shell to treat each of the
 as separate arguments and cause the shell to executing
 them as a non-builtin command.
 
+.I command
+must not contain an equals sign
+.RB ( = )
+or be just a dash
+.RB (\(dq - \(dq).
+
 .SH STDIN
 The
 .B sshexec
@@ -272,7 +278,9 @@ None.
 None.
 
 .SH RATIONALE
-None.
+The restrictions on
+.I command
+is in place to avoid unspecified behaviour.
 
 .SH NOTES
 None.
diff --git a/sshexec.c b/sshexec.c
index 987511d..9306c5c 100644
--- a/sshexec.c
+++ b/sshexec.c
@@ -235,6 +235,11 @@ main(int argc_unused, char *argv[])
 	if (!destination || !*argv)
 		usage();
 
+	if (!strcmp(*argv, "-"))
+		exitf("%s: the command argument must not be \"-\"\n", argv0);
+	else if (strchr(*argv, '='))
+		exitf("%s: the command argument must contain an \'=\'\n", argv0);
+
 	if (dir) {
 		build_command_asis("cd -- ");
 		build_command_escape(dir);
-- 
cgit v1.2.3-70-g09d2