[openssh-commits] [openssh] 02/04: upstream: Check that the addresses supplied to Match Address and
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Aug 31 14:34:48 AEST 2020
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 72730249b38a676da94a1366b54a6e96e6928bcb
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date: Fri Aug 28 03:15:52 2020 +0000
upstream: Check that the addresses supplied to Match Address and
Match LocalAddress are valid when parsing in config-test mode. This will
catch address/mask mismatches before they cause problems at runtime. Found by
Daniel Stocker, ok djm@
OpenBSD-Commit-ID: 2d0b10c69fad5d8fda4c703e7c6804935289378b
---
servconf.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/servconf.c b/servconf.c
index 1bc7ee31..2ce04cf1 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.368 2020/08/27 01:07:09 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.369 2020/08/28 03:15:52 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -1119,6 +1119,9 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
"%.100s' at line %d", ci->host, arg, line);
} else if (strcasecmp(attrib, "address") == 0) {
if (ci == NULL || (ci->test && ci->address == NULL)) {
+ if (addr_match_list(NULL, arg) != 0)
+ fatal("Invalid Match address argument "
+ "'%s' at line %d", arg, line);
result = 0;
continue;
}
@@ -1138,6 +1141,10 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
}
} else if (strcasecmp(attrib, "localaddress") == 0){
if (ci == NULL || (ci->test && ci->laddress == NULL)) {
+ if (addr_match_list(NULL, arg) != 0)
+ fatal("Invalid Match localaddress "
+ "argument '%s' at line %d", arg,
+ line);
result = 0;
continue;
}
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list