From e40269be388972848aafcca7060111c70aab5b87 Mon Sep 17 00:00:00 2001 From: "millert@openbsd.org" Date: Wed, 8 Feb 2017 20:32:43 +0000 Subject: [PATCH 01/18] upstream commit Avoid printf %s NULL. From semarie@, OK djm@ Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c --- ssh-keygen.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index 2a7939bfc..ced047c06 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.292 2016/09/12 03:29:16 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.293 2017/02/08 20:32:43 millert Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1441,7 +1441,10 @@ do_change_comment(struct passwd *pw) sshkey_free(private); exit(1); } - printf("Key now has comment '%s'\n", comment); + if (comment) + printf("Key now has comment '%s'\n", comment); + else + printf("Key now has no comment\n"); if (identity_comment) { strlcpy(new_comment, identity_comment, sizeof(new_comment)); From a287c5ad1e0bf9811c7b9221979b969255076019 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 10 Feb 2017 03:36:40 +0000 Subject: [PATCH 02/18] upstream commit Sanitise escape sequences in key comments sent to printf but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@ Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e --- ssh-keygen.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index ced047c06..5e9f0879b 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.293 2017/02/08 20:32:43 millert Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.294 2017/02/10 03:36:40 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -37,6 +37,7 @@ #include #include #include +#include #include "xmalloc.h" #include "sshkey.h" @@ -57,6 +58,7 @@ #include "atomicio.h" #include "krl.h" #include "digest.h" +#include "utf8.h" #ifdef WITH_OPENSSL # define DEFAULT_KEY_TYPE_NAME "rsa" @@ -843,7 +845,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment) ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); if (fp == NULL || ra == NULL) fatal("%s: sshkey_fingerprint failed", __func__); - printf("%u %s %s (%s)\n", sshkey_size(public), fp, + mprintf("%u %s %s (%s)\n", sshkey_size(public), fp, comment ? comment : "no comment", sshkey_type(public)); if (log_level >= SYSLOG_LEVEL_VERBOSE) printf("%s\n", ra); @@ -1166,7 +1168,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) known_hosts_hash(l, ctx); else if (print_fingerprint) { fp = sshkey_fingerprint(l->key, fptype, rep); - printf("%s %s %s %s\n", ctx->host, + mprintf("%s %s %s %s\n", ctx->host, sshkey_type(l->key), fp, l->comment); free(fp); } else @@ -1317,7 +1319,7 @@ do_change_passphrase(struct passwd *pw) fatal("Failed to load key %s: %s", identity_file, ssh_err(r)); } if (comment) - printf("Key has comment '%s'\n", comment); + mprintf("Key has comment '%s'\n", comment); /* Ask the new passphrase (twice). */ if (identity_new_passphrase) { @@ -2283,6 +2285,8 @@ main(int argc, char **argv) seed_rng(); + msetlocale(); + /* we need this for the home * directory. */ pw = getpwuid(getuid()); if (!pw) From 155d540d00ff55f063421ec182ec8ff2b7ab6cbe Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 10 Feb 2017 04:34:50 +0000 Subject: [PATCH 03/18] upstream commit bring back r1.34 that was backed out for problems loading public keys: translate OpenSSL error codes to something more meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ with additional fix from Jakub Jelen to solve the backout. bz#2525 bz#2523 re-ok dtucker@ Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031 --- sshkey.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 46 insertions(+), 5 deletions(-) diff --git a/sshkey.c b/sshkey.c index c01da6c39..05675920f 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.41 2016/10/24 01:09:17 dtucker Exp $ */ +/* $OpenBSD: sshkey.c,v 1.42 2017/02/10 04:34:50 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -3786,7 +3786,44 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, (char *)passphrase)) == NULL) { - r = SSH_ERR_KEY_WRONG_PASSPHRASE; + unsigned long pem_err = ERR_peek_last_error(); + int pem_reason = ERR_GET_REASON(pem_err); + + /* + * Translate OpenSSL error codes to determine whether + * passphrase is required/incorrect. + */ + switch (ERR_GET_LIB(pem_err)) { + case ERR_LIB_PEM: + switch (pem_reason) { + case PEM_R_BAD_PASSWORD_READ: + case PEM_R_PROBLEMS_GETTING_PASSWORD: + case PEM_R_BAD_DECRYPT: + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + default: + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + case ERR_LIB_EVP: + switch (pem_reason) { + case EVP_R_BAD_DECRYPT: + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + case EVP_R_BN_DECODE_ERROR: + case EVP_R_DECODE_ERROR: + case EVP_R_PRIVATE_KEY_DECODE_ERROR: + r = SSH_ERR_INVALID_FORMAT; + goto out; + default: + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + case ERR_LIB_ASN1: + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } if (pk->type == EVP_PKEY_RSA && @@ -3860,6 +3897,8 @@ int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, const char *passphrase, struct sshkey **keyp, char **commentp) { + int r = SSH_ERR_INTERNAL_ERROR; + if (keyp != NULL) *keyp = NULL; if (commentp != NULL) @@ -3882,9 +3921,11 @@ sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, return sshkey_parse_private2(blob, type, passphrase, keyp, commentp); case KEY_UNSPEC: - if (sshkey_parse_private2(blob, type, passphrase, keyp, - commentp) == 0) - return 0; + r = sshkey_parse_private2(blob, type, passphrase, keyp, + commentp); + /* Do not fallback to PEM parser if only passphrase is wrong. */ + if (r == 0 || r == SSH_ERR_KEY_WRONG_PASSPHRASE) + return r; #ifdef WITH_OPENSSL return sshkey_parse_private_pem_fileblob(blob, type, passphrase, keyp); From bd5d7d239525d595ecea92765334af33a45d9d63 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 12 Feb 2017 15:45:15 +1100 Subject: [PATCH 04/18] ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out for the benefit of OpenSSL versions prior to that. --- sshkey.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sshkey.c b/sshkey.c index 05675920f..31710e59e 100644 --- a/sshkey.c +++ b/sshkey.c @@ -3812,7 +3812,9 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, goto out; case EVP_R_BN_DECODE_ERROR: case EVP_R_DECODE_ERROR: +#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR case EVP_R_PRIVATE_KEY_DECODE_ERROR: +#endif r = SSH_ERR_INVALID_FORMAT; goto out; default: From 6d5a41b38b55258213ecfaae9df7a758caa752a1 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 15 Feb 2017 01:46:47 +0000 Subject: [PATCH 05/18] upstream commit fix division by zero crash in "df" output when server returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok dtucker@ Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f --- sftp.c | 40 ++++++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/sftp.c b/sftp.c index 2b8fdabfb..76add3908 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.177 2016/10/18 12:41:22 millert Exp $ */ +/* $OpenBSD: sftp.c,v 1.178 2017/02/15 01:46:47 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -969,23 +969,34 @@ static int do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag) { struct sftp_statvfs st; - char s_used[FMT_SCALED_STRSIZE]; - char s_avail[FMT_SCALED_STRSIZE]; - char s_root[FMT_SCALED_STRSIZE]; - char s_total[FMT_SCALED_STRSIZE]; - unsigned long long ffree; + char s_used[FMT_SCALED_STRSIZE], s_avail[FMT_SCALED_STRSIZE]; + char s_root[FMT_SCALED_STRSIZE], s_total[FMT_SCALED_STRSIZE]; + char s_icapacity[16], s_dcapacity[16]; if (do_statvfs(conn, path, &st, 1) == -1) return -1; + if (st.f_files == 0) + strlcpy(s_icapacity, "ERR", sizeof(s_icapacity)); + else { + snprintf(s_icapacity, sizeof(s_icapacity), "%3llu%%", + (unsigned long long)(100 * (st.f_files - st.f_ffree) / + st.f_files)); + } + if (st.f_blocks == 0) + strlcpy(s_dcapacity, "ERR", sizeof(s_dcapacity)); + else { + snprintf(s_dcapacity, sizeof(s_dcapacity), "%3llu%%", + (unsigned long long)(100 * (st.f_blocks - st.f_bfree) / + st.f_blocks)); + } if (iflag) { - ffree = st.f_files ? (100 * (st.f_files - st.f_ffree) / st.f_files) : 0; printf(" Inodes Used Avail " "(root) %%Capacity\n"); - printf("%11llu %11llu %11llu %11llu %3llu%%\n", + printf("%11llu %11llu %11llu %11llu %s\n", (unsigned long long)st.f_files, (unsigned long long)(st.f_files - st.f_ffree), (unsigned long long)st.f_favail, - (unsigned long long)st.f_ffree, ffree); + (unsigned long long)st.f_ffree, s_icapacity); } else if (hflag) { strlcpy(s_used, "error", sizeof(s_used)); strlcpy(s_avail, "error", sizeof(s_avail)); @@ -996,21 +1007,18 @@ do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag) fmt_scaled(st.f_bfree * st.f_frsize, s_root); fmt_scaled(st.f_blocks * st.f_frsize, s_total); printf(" Size Used Avail (root) %%Capacity\n"); - printf("%7sB %7sB %7sB %7sB %3llu%%\n", - s_total, s_used, s_avail, s_root, - (unsigned long long)(100 * (st.f_blocks - st.f_bfree) / - st.f_blocks)); + printf("%7sB %7sB %7sB %7sB %s\n", + s_total, s_used, s_avail, s_root, s_dcapacity); } else { printf(" Size Used Avail " "(root) %%Capacity\n"); - printf("%12llu %12llu %12llu %12llu %3llu%%\n", + printf("%12llu %12llu %12llu %12llu %s\n", (unsigned long long)(st.f_frsize * st.f_blocks / 1024), (unsigned long long)(st.f_frsize * (st.f_blocks - st.f_bfree) / 1024), (unsigned long long)(st.f_frsize * st.f_bavail / 1024), (unsigned long long)(st.f_frsize * st.f_bfree / 1024), - (unsigned long long)(100 * (st.f_blocks - st.f_bfree) / - st.f_blocks)); + s_dcapacity); } return 0; } From b2afdaf1b52231aa23d2153f4a8c5a60a694dda4 Mon Sep 17 00:00:00 2001 From: "jsg@openbsd.org" Date: Wed, 15 Feb 2017 23:38:31 +0000 Subject: [PATCH 06/18] upstream commit Fix memory leaks in match_filter_list() error paths. ok dtucker@ markus@ Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e --- match.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/match.c b/match.c index aeba4bb77..ca93cb06e 100644 --- a/match.c +++ b/match.c @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.34 2017/02/03 23:01:19 djm Exp $ */ +/* $OpenBSD: match.c,v 1.35 2017/02/15 23:38:31 jsg Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -297,8 +297,11 @@ match_filter_list(const char *proposal, const char *filter) char *orig_prop = strdup(proposal); char *cp, *tmp; - if (fix_prop == NULL || orig_prop == NULL) + if (fix_prop == NULL || orig_prop == NULL) { + free(orig_prop); + free(fix_prop); return NULL; + } tmp = orig_prop; *fix_prop = '\0'; From 10577c6d96a55b877a960b2d0b75edef1b9945af Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 17 Feb 2017 02:04:15 +0000 Subject: [PATCH 07/18] upstream commit For ProxyJump/-J, surround host name with brackets to allow literal IPv6 addresses. From Dick Visser; ok dtucker@ Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1 --- ssh.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh.c b/ssh.c index ee0b16dc2..0b34edffa 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.448 2016/12/06 07:48:01 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.449 2017/02/17 02:04:15 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1103,7 +1103,7 @@ main(int ac, char **av) options.proxy_use_fdpass = 0; snprintf(port_s, sizeof(port_s), "%d", options.jump_port); xasprintf(&options.proxy_command, - "ssh%s%s%s%s%s%s%s%s%s%.*s -W %%h:%%p %s", + "ssh%s%s%s%s%s%s%s%s%s%.*s -W [%%h]:%%p %s", /* Optional "-l user" argument if jump_user set */ options.jump_user == NULL ? "" : " -l ", options.jump_user == NULL ? "" : options.jump_user, From ecc35893715f969e98fee118481f404772de4132 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 17 Feb 2017 02:31:14 +0000 Subject: [PATCH 08/18] upstream commit ifdef out "rsa1" from the list of supported keytypes when compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@ Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f --- sshkey.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sshkey.c b/sshkey.c index 31710e59e..85fd1bd97 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.42 2017/02/10 04:34:50 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.43 2017/02/17 02:31:14 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -89,7 +89,9 @@ static const struct keytype keytypes[] = { { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", KEY_ED25519_CERT, 0, 1, 0 }, #ifdef WITH_OPENSSL +# ifdef WITH_SSH1 { NULL, "RSA1", KEY_RSA1, 0, 0, 0 }, +# endif { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 }, { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 }, { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 }, From 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 17 Feb 2017 02:32:05 +0000 Subject: [PATCH 09/18] upstream commit Do not show rsa1 key type in usage when compiled without SSH1 support. Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57 --- ssh-keygen.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index 5e9f0879b..33d405a0d 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.294 2017/02/10 03:36:40 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.295 2017/02/17 02:32:05 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -2208,11 +2208,17 @@ do_check_krl(struct passwd *pw, int argc, char **argv) exit(ret); } +#ifdef WITH_SSH1 +# define RSA1_USAGE " | rsa1" +#else +# define RSA1_USAGE "" +#endif + static void usage(void) { fprintf(stderr, - "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]\n" + "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n" " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" @@ -2220,7 +2226,7 @@ usage(void) " ssh-keygen -y [-f input_keyfile]\n" " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" - " ssh-keygen -B [-f input_keyfile]\n"); + " ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE); #ifdef ENABLE_PKCS11 fprintf(stderr, " ssh-keygen -D pkcs11\n"); From 0c4430a19b73058a569573492f55e4c9eeaae67b Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Tue, 7 Feb 2017 23:03:11 +0000 Subject: [PATCH 10/18] upstream commit Remove deprecated SSH1 options RSAAuthentication and RhostsRSAAuthentication from regression test sshd_config. Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491 --- regress/test-exec.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/regress/test-exec.sh b/regress/test-exec.sh index bfa48803b..dc033cd96 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.58 2016/12/16 01:06:27 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.59 2017/02/07 23:03:11 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -444,12 +444,10 @@ Host * User $USER GlobalKnownHostsFile $OBJ/known_hosts UserKnownHostsFile $OBJ/known_hosts - RSAAuthentication yes PubkeyAuthentication yes ChallengeResponseAuthentication no HostbasedAuthentication no PasswordAuthentication no - RhostsRSAAuthentication no BatchMode yes StrictHostKeyChecking yes LogLevel DEBUG3 From 011c8ffbb0275281a0cf330054cf21be10c43e37 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 19 Feb 2017 00:10:57 +0000 Subject: [PATCH 11/18] upstream commit Add a common nl_langinfo(CODESET) alias for US-ASCII "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@ Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719 --- utf8.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/utf8.c b/utf8.c index ba60d61f2..f2c89a26b 100644 --- a/utf8.c +++ b/utf8.c @@ -1,4 +1,4 @@ -/* $OpenBSD: utf8.c,v 1.4 2017/02/02 10:54:25 jsg Exp $ */ +/* $OpenBSD: utf8.c,v 1.5 2017/02/19 00:10:57 djm Exp $ */ /* * Copyright (c) 2016 Ingo Schwarze * @@ -60,7 +60,8 @@ dangerous_locale(void) { char *loc; loc = nl_langinfo(CODESET); - return strcmp(loc, "US-ASCII") && strcmp(loc, "UTF-8"); + return strcmp(loc, "US-ASCII") != 0 && strcmp(loc, "UTF-8") != 0 && + strcmp(loc, "ANSI_X3.4-1968") != 0; } static int From d5499190559ebe374bcdfa8805408646ceffad64 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 19 Feb 2017 00:11:29 +0000 Subject: [PATCH 12/18] upstream commit add test cases for C locale; ok schwarze@ Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87 --- regress/unittests/utf8/tests.c | 65 ++++++++++++++++++++++------------ 1 file changed, 42 insertions(+), 23 deletions(-) diff --git a/regress/unittests/utf8/tests.c b/regress/unittests/utf8/tests.c index 31f9fe9c3..f0bbca509 100644 --- a/regress/unittests/utf8/tests.c +++ b/regress/unittests/utf8/tests.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.3 2016/12/19 04:55:18 djm Exp $ */ +/* $OpenBSD: tests.c,v 1.4 2017/02/19 00:11:29 djm Exp $ */ /* * Regress test for the utf8.h *mprintf() API * @@ -15,10 +15,7 @@ #include "utf8.h" -void badarg(void); -void one(const char *, const char *, int, int, int, const char *); - -void +static void badarg(void) { char buf[16]; @@ -33,8 +30,8 @@ badarg(void) TEST_DONE(); } -void -one(const char *name, const char *mbs, int width, +static void +one(int utf8, const char *name, const char *mbs, int width, int wantwidth, int wantlen, const char *wants) { char buf[16]; @@ -43,7 +40,7 @@ one(const char *name, const char *mbs, int width, if (wantlen == -2) wantlen = strlen(wants); - (void)strlcpy(buf, "utf8_", sizeof(buf)); + (void)strlcpy(buf, utf8 ? "utf8_" : "c_", sizeof(buf)); (void)strlcat(buf, name, sizeof(buf)); TEST_START(buf); wp = wantwidth == -2 ? NULL : &width; @@ -65,19 +62,41 @@ tests(void) TEST_DONE(); badarg(); - one("empty", "", 2, 0, 0, ""); - one("ascii", "x", -2, -2, -2, "x"); - one("newline", "a\nb", -2, -2, -2, "a\nb"); - one("cr", "a\rb", -2, -2, -2, "a\rb"); - one("tab", "a\tb", -2, -2, -2, "a\tb"); - one("esc", "\033x", -2, -2, -2, "\\033x"); - one("inv_badbyte", "\377x", -2, -2, -2, "\\377x"); - one("inv_nocont", "\341x", -2, -2, -2, "\\341x"); - one("inv_nolead", "a\200b", -2, -2, -2, "a\\200b"); - one("sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345"); - one("sz_esc", "123456789012\033", -2, -2, 16, "123456789012"); - one("width_ascii", "123", 2, 2, -1, "12"); - one("width_double", "a\343\201\201", 2, 1, -1, "a"); - one("double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201"); - one("double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201"); + one(1, "empty", "", 2, 0, 0, ""); + one(1, "ascii", "x", -2, -2, -2, "x"); + one(1, "newline", "a\nb", -2, -2, -2, "a\nb"); + one(1, "cr", "a\rb", -2, -2, -2, "a\rb"); + one(1, "tab", "a\tb", -2, -2, -2, "a\tb"); + one(1, "esc", "\033x", -2, -2, -2, "\\033x"); + one(1, "inv_badbyte", "\377x", -2, -2, -2, "\\377x"); + one(1, "inv_nocont", "\341x", -2, -2, -2, "\\341x"); + one(1, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b"); + one(1, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345"); + one(1, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012"); + one(1, "width_ascii", "123", 2, 2, -1, "12"); + one(1, "width_double", "a\343\201\201", 2, 1, -1, "a"); + one(1, "double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201"); + one(1, "double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201"); + + TEST_START("C_setlocale"); + loc = setlocale(LC_CTYPE, "C"); + ASSERT_PTR_NE(loc, NULL); + TEST_DONE(); + + badarg(); + one(0, "empty", "", 2, 0, 0, ""); + one(0, "ascii", "x", -2, -2, -2, "x"); + one(0, "newline", "a\nb", -2, -2, -2, "a\nb"); + one(0, "cr", "a\rb", -2, -2, -2, "a\rb"); + one(0, "tab", "a\tb", -2, -2, -2, "a\tb"); + one(0, "esc", "\033x", -2, -2, -2, "\\033x"); + one(0, "inv_badbyte", "\377x", -2, -2, -2, "\\377x"); + one(0, "inv_nocont", "\341x", -2, -2, -2, "\\341x"); + one(0, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b"); + one(0, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345"); + one(0, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012"); + one(0, "width_ascii", "123", 2, 2, -1, "12"); + one(0, "width_double", "a\343\201\201", 2, 1, -1, "a"); + one(0, "double_fit", "a\343\201\201", 7, 5, -1, "a\\343"); + one(0, "double_spc", "a\343\201\201", 13, 13, 13, "a\\343\\201\\201"); } From 8071a6924c12bb51406a9a64a4b2892675112c87 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 24 Feb 2017 03:16:34 +0000 Subject: [PATCH 13/18] upstream commit might as well set the listener socket CLOEXEC Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57 --- sshd.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sshd.c b/sshd.c index c2c1cc8a6..df694fe3d 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.482 2017/02/06 09:22:51 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.483 2017/02/24 03:16:34 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1046,6 +1046,11 @@ server_listen(void) close(listen_sock); continue; } + if (fcntl(listen_sock, F_SETFD, FD_CLOEXEC) == -1) { + verbose("socket: CLOEXEC: %s", strerror(errno)); + close(listen_sock); + continue; + } /* * Set socket options. * Allow local port reuse in TIME_WAIT. From 78142e3ab3887e53a968d6e199bcb18daaf2436e Mon Sep 17 00:00:00 2001 From: "jmc@openbsd.org" Date: Mon, 27 Feb 2017 14:30:33 +0000 Subject: [PATCH 14/18] upstream commit errant dot; from klemens nanni Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921 --- ssh_config.5 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ssh_config.5 b/ssh_config.5 index 016adbc73..532745b2f 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.241 2017/02/03 23:01:19 djm Exp $ -.Dd $Mdocdate: February 3 2017 $ +.\" $OpenBSD: ssh_config.5,v 1.242 2017/02/27 14:30:33 jmc Exp $ +.Dd $Mdocdate: February 27 2017 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1147,7 +1147,7 @@ However, this option disables host authentication for localhost. The argument to this keyword must be .Cm yes or -.Cm no . +.Cm no (the default). .It Cm NumberOfPasswordPrompts Specifies the number of password prompts before giving up. From d7abb771bd5a941b26144ba400a34563a1afa589 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 28 Feb 2017 06:10:08 +0000 Subject: [PATCH 15/18] upstream commit small memleak: free fd_set on connection timeout (though we are heading to exit anyway). From Tom Rix in bz#2683 Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4 --- packet.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/packet.c b/packet.c index 94e8460ca..01e2d45bd 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.245 2017/02/03 23:03:33 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.246 2017/02/28 06:10:08 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1466,8 +1466,10 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) break; } } - if (r == 0) - return SSH_ERR_CONN_TIMEOUT; + if (r == 0) { + r = SSH_ERR_CONN_TIMEOUT; + goto out; + } /* Read data from the socket. */ len = read(state->connection_in, buf, sizeof(buf)); if (len == 0) { From 12d3767ba4c84c32150cbe6ff6494498780f12c9 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 3 Mar 2017 06:13:11 +0000 Subject: [PATCH 16/18] upstream commit fix ssh-keygen -H accidentally corrupting known_hosts that contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by hostkeys_foreach() when hostname matching is in use, so we need to look for the hash marker explicitly. Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528 --- ssh-keygen.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index 33d405a0d..2259b340d 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.295 2017/02/17 02:32:05 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.296 2017/03/03 06:13:11 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1084,6 +1084,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; char *hashed, *cp, *hosts, *ohosts; int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts); + int was_hashed = l->hosts[0] == HASH_DELIM; switch (l->status) { case HKF_STATUS_OK: @@ -1092,8 +1093,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) * Don't hash hosts already already hashed, with wildcard * characters or a CA/revocation marker. */ - if ((l->match & HKF_MATCH_HOST_HASHED) != 0 || - has_wild || l->marker != MRK_NONE) { + if (was_hashed || has_wild || l->marker != MRK_NONE) { fprintf(ctx->out, "%s\n", l->line); if (has_wild && !find_host) { logit("%s:%ld: ignoring host name " From d072370793f1a20f01ad827ba8fcd3b8f2c46165 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Mon, 6 Mar 2017 00:44:51 +0000 Subject: [PATCH 17/18] upstream commit linenum is unsigned long so use %lu in log formats. ok deraadt@ Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08 --- ssh-keygen.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index 2259b340d..ca94fe44f 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.296 2017/03/03 06:13:11 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.297 2017/03/06 00:44:51 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1096,7 +1096,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) if (was_hashed || has_wild || l->marker != MRK_NONE) { fprintf(ctx->out, "%s\n", l->line); if (has_wild && !find_host) { - logit("%s:%ld: ignoring host name " + logit("%s:%lu: ignoring host name " "with wildcard: %.64s", l->path, l->linenum, l->hosts); } @@ -1118,7 +1118,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) case HKF_STATUS_INVALID: /* Retain invalid lines, but mark file as invalid. */ ctx->invalid = 1; - logit("%s:%ld: invalid line", l->path, l->linenum); + logit("%s:%lu: invalid line", l->path, l->linenum); /* FALLTHROUGH */ default: fprintf(ctx->out, "%s\n", l->line); @@ -1152,14 +1152,14 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) */ ctx->found_key = 1; if (!quiet) - printf("# Host %s found: line %ld\n", + printf("# Host %s found: line %lu\n", ctx->host, l->linenum); } return 0; } else if (find_host) { ctx->found_key = 1; if (!quiet) { - printf("# Host %s found: line %ld %s\n", + printf("# Host %s found: line %lu %s\n", ctx->host, l->linenum, l->marker == MRK_CA ? "CA" : (l->marker == MRK_REVOKE ? "REVOKED" : "")); @@ -1179,7 +1179,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) /* Retain non-matching hosts when deleting */ if (l->status == HKF_STATUS_INVALID) { ctx->invalid = 1; - logit("%s:%ld: invalid line", l->path, l->linenum); + logit("%s:%lu: invalid line", l->path, l->linenum); } fprintf(ctx->out, "%s\n", l->line); } From 18501151cf272a15b5f2c5e777f2e0933633c513 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Mon, 6 Mar 2017 02:03:20 +0000 Subject: [PATCH 18/18] upstream commit Check l->hosts before dereferencing; fixes potential null pointer deref. ok djm@ Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301 --- ssh-keygen.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index ca94fe44f..6fd1f0348 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.297 2017/03/06 00:44:51 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.298 2017/03/06 02:03:20 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1084,7 +1084,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; char *hashed, *cp, *hosts, *ohosts; int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts); - int was_hashed = l->hosts[0] == HASH_DELIM; + int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM; switch (l->status) { case HKF_STATUS_OK: