[openssh-commits] [openssh] 01/04: upstream: Switch hpdelim interface to accept only ":" as delimiter.
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Feb 10 15:17:35 AEDT 2022
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 45279abceb37c3cbfac8ba36dde8b2c8cdd63d32
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date: Tue Feb 8 08:59:12 2022 +0000
upstream: Switch hpdelim interface to accept only ":" as delimiter.
Historicallly, hpdelim accepted ":" or "/" as a port delimiter between
hosts (or addresses) and ports. These days most of the uses for "/"
are no longer accepted, so there are several places where it checks the
delimiter to disallow it. Make hpdelim accept only ":" and use hpdelim2
in the other cases. ok djm@
OpenBSD-Commit-ID: 7e6420bd1be87590b6840973f5ad5305804e3102
---
auth-options.c | 4 ++--
misc.c | 10 ++++++++--
readconf.c | 9 ++++-----
servconf.c | 21 +++++++++------------
session.c | 4 ++--
ssh.c | 9 ++++-----
6 files changed, 29 insertions(+), 28 deletions(-)
diff --git a/auth-options.c b/auth-options.c
index 335f0323..7cb2a640 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.97 2021/07/24 01:55:19 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.98 2022/02/08 08:59:12 dtucker Exp $ */
/*
* Copyright (c) 2018 Damien Miller <djm at mindrot.org>
*
@@ -282,7 +282,7 @@ handle_permit(const char **optsp, int allow_bare_port,
}
cp = tmp;
/* validate syntax before recording it. */
- host = hpdelim(&cp);
+ host = hpdelim2(&cp, NULL);
if (host == NULL || strlen(host) >= NI_MAXHOST) {
free(tmp);
free(opt);
diff --git a/misc.c b/misc.c
index c22d7c68..dd1922e9 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.172 2022/01/08 07:32:45 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.173 2022/02/08 08:59:12 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005-2020 Damien Miller. All rights reserved.
@@ -719,10 +719,16 @@ hpdelim2(char **cp, char *delim)
return old;
}
+/* The common case: only accept colon as delimiter. */
char *
hpdelim(char **cp)
{
- return hpdelim2(cp, NULL);
+ char *r, delim;
+
+ r = hpdelim2(cp, &delim);
+ if (delim == '/')
+ return NULL;
+ return r;
}
char *
diff --git a/readconf.c b/readconf.c
index 79584e21..ef6bcfea 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.365 2022/02/04 02:49:17 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.366 2022/02/08 08:59:12 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -943,7 +943,7 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
const char *original_host, char *line, const char *filename,
int linenum, int *activep, int flags, int *want_final_pass, int depth)
{
- char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *p, ch;
+ char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *p;
char **cpptr, ***cppptr, fwdarg[256];
u_int i, *uintptr, uvalue, max_entries = 0;
int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0;
@@ -1584,9 +1584,8 @@ parse_pubkey_algos:
}
while ((arg = argv_next(&ac, &av)) != NULL) {
arg2 = xstrdup(arg);
- ch = '\0';
- p = hpdelim2(&arg, &ch);
- if (p == NULL || ch == '/') {
+ p = hpdelim(&arg);
+ if (p == NULL) {
fatal("%s line %d: missing host in %s",
filename, linenum,
lookup_opcode_name(opcode));
diff --git a/servconf.c b/servconf.c
index b2fbf0b2..90316962 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.382 2021/09/06 00:36:01 millert Exp $ */
+/* $OpenBSD: servconf.c,v 1.383 2022/02/08 08:59:12 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -895,7 +895,7 @@ process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,
{
u_int i;
int port;
- char *host, *arg, *oarg, ch;
+ char *host, *arg, *oarg;
int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE;
const char *what = lookup_opcode_name(opcode);
@@ -913,9 +913,8 @@ process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,
/* Otherwise treat it as a list of permitted host:port */
for (i = 0; i < num_opens; i++) {
oarg = arg = xstrdup(opens[i]);
- ch = '\0';
- host = hpdelim2(&arg, &ch);
- if (host == NULL || ch == '/')
+ host = hpdelim(&arg);
+ if (host == NULL)
fatal_f("missing host in %s", what);
host = cleanhostname(host);
if (arg == NULL || ((port = permitopen_port(arg)) < 0))
@@ -1261,7 +1260,7 @@ process_server_config_line_depth(ServerOptions *options, char *line,
struct connection_info *connectinfo, int *inc_flags, int depth,
struct include_list *includes)
{
- char ch, *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword;
+ char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword;
int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found;
SyslogFacility *log_facility_ptr;
LogLevel *log_level_ptr;
@@ -1380,9 +1379,8 @@ process_server_config_line_depth(ServerOptions *options, char *line,
p = arg;
} else {
arg2 = NULL;
- ch = '\0';
- p = hpdelim2(&arg, &ch);
- if (p == NULL || ch == '/')
+ p = hpdelim(&arg);
+ if (p == NULL)
fatal("%s line %d: bad address:port usage",
filename, linenum);
p = cleanhostname(p);
@@ -2211,9 +2209,8 @@ process_server_config_line_depth(ServerOptions *options, char *line,
xasprintf(&arg2, "*:%s", arg);
} else {
arg2 = xstrdup(arg);
- ch = '\0';
- p = hpdelim2(&arg, &ch);
- if (p == NULL || ch == '/') {
+ p = hpdelim(&arg);
+ if (p == NULL) {
fatal("%s line %d: %s missing host",
filename, linenum, keyword);
}
diff --git a/session.c b/session.c
index fb2d7009..e67d24d2 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.329 2021/08/11 05:20:17 djm Exp $ */
+/* $OpenBSD: session.c,v 1.330 2022/02/08 08:59:12 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -303,7 +303,7 @@ set_fwdpermit_from_authopts(struct ssh *ssh, const struct sshauthopt *opts)
for (i = 0; i < auth_opts->npermitopen; i++) {
tmp = cp = xstrdup(auth_opts->permitopen[i]);
/* This shouldn't fail as it has already been checked */
- if ((host = hpdelim(&cp)) == NULL)
+ if ((host = hpdelim2(&cp, NULL)) == NULL)
fatal_f("internal error: hpdelim");
host = cleanhostname(host);
if (cp == NULL || (port = permitopen_port(cp)) < 0)
diff --git a/ssh.c b/ssh.c
index 372f928f..8ff97881 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.572 2022/01/06 22:04:20 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.573 2022/02/08 08:59:12 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1887,7 +1887,7 @@ ssh_init_forward_permissions(struct ssh *ssh, const char *what, char **opens,
{
u_int i;
int port;
- char *addr, *arg, *oarg, ch;
+ char *addr, *arg, *oarg;
int where = FORWARD_LOCAL;
channel_clear_permission(ssh, FORWARD_ADM, where);
@@ -1904,9 +1904,8 @@ ssh_init_forward_permissions(struct ssh *ssh, const char *what, char **opens,
/* Otherwise treat it as a list of permitted host:port */
for (i = 0; i < num_opens; i++) {
oarg = arg = xstrdup(opens[i]);
- ch = '\0';
- addr = hpdelim2(&arg, &ch);
- if (addr == NULL || ch == '/')
+ addr = hpdelim(&arg);
+ if (addr == NULL)
fatal_f("missing host in %s", what);
addr = cleanhostname(addr);
if (arg == NULL || ((port = permitopen_port(arg)) < 0))
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list