case sensitive hostname matching
Petr Cerny
pcerny at suse.cz
Sat Mar 4 00:06:35 AEDT 2017
Hi,
as recently noticed by one of our customers, ssh tends to perform
hostname matching in a case sensitive manner since the lowercasing has
been delayed till after configuration parsing (by commits
d56b44d2dfa093883a5c4e91be3f72d99946b170 and
eb6d870a0ea8661299bb2ea8f013d3ace04e2024).
Given that hostnames are ususally interpreted in a case insensitive way
(and the code actually expects the input to be lowercased anyway) it
might be good to perform the comparisons as such. We can either make
sure match_hostname() receives a lowercased string indeed or perform the
lowercasing there (carefully as not to introduce side effects).
One question is, whether *any* hostname matching should be case
insensitive or whether originalhost is better left alone (I can think of
reasons for case sensitive matching there, yet they seem to be bordering
on misuse of the code).
I've also opened https://bugzilla.mindrot.org/show_bug.cgi?id=2685
(patch is attached there as well).
Thanks
Kind regards
Petr
--
Petr Cerny
Mozilla/OpenSSH maintainer for SUSE Linux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-ssh_case_insensitive_host_matching.patch
Type: text/x-patch
Size: 1565 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20170303/18824394/attachment.bin>
More information about the openssh-unix-dev
mailing list