tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-29 16:54:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream: Be more paranoid with host/domain names coming from the

Browse Source 
never write a name with bad characters to a known_hosts file.

reported by David Leadbeater, ok deraadt@

OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
This commit is contained in:
djm@openbsd.org 2022-10-24 22:43:36 +00:00 committed by Damien Miller
parent 7190154de2
commit 445363433b
No known key found for this signature in database
2 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ssh.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.c,v 1.578 2022/10/13 09:09:28 jsg Exp $ */ /* $OpenBSD: ssh.c,v 1.579 2022/10/24 22:43:36 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -251,6 +251,7 @@ static struct addrinfo *
resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) resolve_host(const char *name, int port, int logerr, char *cname, size_t clen)
{ {
char strport[NI_MAXSERV]; char strport[NI_MAXSERV];
const char *errstr = NULL;
struct addrinfo hints, *res; struct addrinfo hints, *res;
int gaierr; int gaierr;
LogLevel loglevel = SYSLOG_LEVEL_DEBUG1; LogLevel loglevel = SYSLOG_LEVEL_DEBUG1;
@ -276,7 +277,10 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen)
return NULL; return NULL;
} }
if (cname != NULL && res->ai_canonname != NULL) { if (cname != NULL && res->ai_canonname != NULL) {
if (strlcpy(cname, res->ai_canonname, clen) >= clen) { if (!valid_domain(res->ai_canonname, 0, &errstr)) {
error("ignoring bad CNAME \"%s\" for host \"%s\": %s",
res->ai_canonname, name, errstr);
} else if (strlcpy(cname, res->ai_canonname, clen) >= clen) {
error_f("host \"%s\" cname \"%s\" too long (max %lu)", error_f("host \"%s\" cname \"%s\" too long (max %lu)",
name, res->ai_canonname, (u_long)clen); name, res->ai_canonname, (u_long)clen);
if (clen > 0) if (clen > 0)

11
sshconnect.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.c,v 1.358 2022/08/26 08:16:27 djm Exp $ */ /* $OpenBSD: sshconnect.c,v 1.359 2022/10/24 22:43:36 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -935,7 +935,7 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
char *ip = NULL, *host = NULL; char *ip = NULL, *host = NULL;
char hostline[1000], *hostp, *fp, *ra; char hostline[1000], *hostp, *fp, *ra;
char msg[1024]; char msg[1024];
const char *type, *fail_reason; const char *type, *fail_reason = NULL;
const struct hostkey_entry *host_found = NULL, *ip_found = NULL; const struct hostkey_entry *host_found = NULL, *ip_found = NULL;
int len, cancelled_forwarding = 0, confirmed; int len, cancelled_forwarding = 0, confirmed;
int local = sockaddr_is_local(hostaddr); int local = sockaddr_is_local(hostaddr);
@ -1018,6 +1018,13 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
(host_found != NULL && host_found->note != 0))) (host_found != NULL && host_found->note != 0)))
readonly = RDONLY; readonly = RDONLY;
/* Don't ever try to write an invalid name to a known hosts file */
if (!valid_domain(hostname, 0, &fail_reason)) {
debug_f("invalid hostname \"%s\"; will not record: %s",
hostname, fail_reason);
readonly = RDONLY;
}
/* /*
* Also perform check for the ip address, skip the check if we are * Also perform check for the ip address, skip the check if we are
* localhost, looking for a certificate, or the hostname was an ip * localhost, looking for a certificate, or the hostname was an ip