tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2014/02/26 20:18:37 

[ssh.c]
     bz#2205: avoid early hostname lookups unless canonicalisation is enabled;
     ok dtucker@ markus@
This commit is contained in:
Damien Miller 2014-02-27 10:17:13 +11:00
parent 13f97b2286
commit 08b57c67f3
2 changed files with 31 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,3 +1,10 @@
20140227
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2014/02/26 20:18:37
[ssh.c]
bz#2205: avoid early hostname lookups unless canonicalisation is enabled;
ok dtucker@ markus@
20140224 20140224
- OpenBSD CVS Sync - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2014/02/07 06:55:54 - djm@cvs.openbsd.org 2014/02/07 06:55:54

30
ssh.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.c,v 1.400 2014/02/23 20:11:36 djm Exp $ */ /* $OpenBSD: ssh.c,v 1.401 2014/02/26 20:18:37 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -899,12 +899,20 @@ main(int ac, char **av)
addrs = resolve_canonicalize(&host, options.port); addrs = resolve_canonicalize(&host, options.port);
/* /*
* If canonicalization not requested, or if it failed then try to * If CanonicalizePermittedCNAMEs have been specified but
* resolve the bare hostname name using the system resolver's usual * other canonicalization did not happen (by not being requested
* search rules. Skip the lookup if a ProxyCommand is being used * or by failing with fallback) then the hostname may still be changed
* unless the user has specifically requested canonicalisation. * as a result of CNAME following.
*
* Try to resolve the bare hostname name using the system resolver's
* usual search rules and then apply the CNAME follow rules.
*
* Skip the lookup if a ProxyCommand is being used unless the user
* has specifically requested canonicalisation for this case via
* CanonicalizeHostname=always
*/ */
if (addrs == NULL && (option_clear_or_none(options.proxy_command) || if (addrs == NULL && options.num_permitted_cnames != 0 &&
(option_clear_or_none(options.proxy_command) ||
options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) { options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) {
if ((addrs = resolve_host(host, options.port, 1, if ((addrs = resolve_host(host, options.port, 1,
cname, sizeof(cname))) == NULL) cname, sizeof(cname))) == NULL)
@ -1000,6 +1008,16 @@ main(int ac, char **av)
if (options.control_path != NULL) if (options.control_path != NULL)
muxclient(options.control_path); muxclient(options.control_path);
/*
* If hostname canonicalisation was not enabled, then we may not
* have yet resolved the hostname. Do so now.
*/
if (addrs == NULL && options.proxy_command == NULL) {
if ((addrs = resolve_host(host, options.port, 1,
cname, sizeof(cname))) == NULL)
cleanup_exit(255); /* resolve_host logs the error */
}
timeout_ms = options.connection_timeout * 1000; timeout_ms = options.connection_timeout * 1000;
/* Open a connection to the remote host. */ /* Open a connection to the remote host. */