[openssh-commits] [openssh] 03/03: upstream: Dynamically allocate encoded HashKnownHosts and free as

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Oct 6 14:40:45 AEDT 2021 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 57680a2ab43518c5ccbd8242c40482106cde6ac1
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Sat Oct 2 03:17:01 2021 +0000

    upstream: Dynamically allocate encoded HashKnownHosts and free as
    
    appropriate. Saves 1k of static storage and prevents snprintf "possible
    truncation" warnings from newer compilers (although in this case it's false
    positive since the actual sizes are limited by the output size of the SHA1).
    ok djm@
    
    OpenBSD-Commit-ID: e254ae723f7e3dce352c7d5abc4b6d87faf61bf4
---
 hostfile.c    | 20 +++++++++++---------
 ssh-keygen.c  |  3 ++-
 ssh-keyscan.c |  7 ++++---
 3 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/hostfile.c b/hostfile.c
index ce00cd71..a035b381 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.91 2021/07/05 01:16:46 dtucker Exp $ */
+/* $OpenBSD: hostfile.c,v 1.92 2021/10/02 03:17:01 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -118,7 +118,7 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
 	struct ssh_hmac_ctx *ctx;
 	u_char salt[256], result[256];
 	char uu_salt[512], uu_result[512];
-	static char encoded[1024];
+	char *encoded = NULL;
 	u_int len;
 
 	len = ssh_digest_bytes(SSH_DIGEST_SHA1);
@@ -143,9 +143,8 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
 	if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 ||
 	    __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1)
 		fatal_f("__b64_ntop failed");
-
-	snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt,
-	    HASH_DELIM, uu_result);
+	xasprintf(&encoded, "%s%s%c%s", HASH_MAGIC, uu_salt, HASH_DELIM,
+	    uu_result);
 
 	return (encoded);
 }
@@ -456,6 +455,7 @@ write_host_entry(FILE *f, const char *host, const char *ip,
 	else {
 		fprintf(f, "%s ", lhost);
 	}
+	free(hashed_host);
 	free(lhost);
 	if ((r = sshkey_write(key, f)) == 0)
 		success = 1;
@@ -730,8 +730,8 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
 static int
 match_maybe_hashed(const char *host, const char *names, int *was_hashed)
 {
-	int hashed = *names == HASH_DELIM;
-	const char *hashed_host;
+	int hashed = *names == HASH_DELIM, ret;
+	char *hashed_host = NULL;
 	size_t nlen = strlen(names);
 
 	if (was_hashed != NULL)
@@ -739,8 +739,10 @@ match_maybe_hashed(const char *host, const char *names, int *was_hashed)
 	if (hashed) {
 		if ((hashed_host = host_hash(host, names, nlen)) == NULL)
 			return -1;
-		return nlen == strlen(hashed_host) &&
-		    strncmp(hashed_host, names, nlen) == 0;
+		ret = (nlen == strlen(hashed_host) &&
+		    strncmp(hashed_host, names, nlen) == 0);
+		free(hashed_host);
+		return ret;
 	}
 	return match_hostname(host, names) == 1;
 }
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 4b40768d..9b912f0a 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.437 2021/09/08 03:23:44 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.438 2021/10/02 03:17:01 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1203,6 +1203,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
 			if ((hashed = host_hash(cp, NULL, 0)) == NULL)
 				fatal("hash_host failed");
 			fprintf(ctx->out, "%s %s\n", hashed, l->rawkey);
+			free(hashed);
 			ctx->has_unhashed = 1;
 		}
 		free(ohosts);
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 7abbcbff..d688b3c3 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.139 2021/01/27 09:26:54 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.140 2021/10/02 03:17:01 dtucker Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm at lcs.mit.edu>.
  *
@@ -305,8 +305,8 @@ keygrab_ssh2(con *c)
 static void
 keyprint_one(const char *host, struct sshkey *key)
 {
-	char *hostport;
-	const char *known_host, *hashed;
+	char *hostport = NULL, *hashed = NULL;
+	const char *known_host;
 
 	found_one = 1;
 
@@ -324,6 +324,7 @@ keyprint_one(const char *host, struct sshkey *key)
 		fprintf(stdout, "%s ", known_host);
 	sshkey_write(key, stdout);
 	fputs("\n", stdout);
+	free(hashed);
 	free(hostport);
 }
 

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list