From 7f90635216851f6cb4bf3999e98b825f85d604f8 Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Wed, 6 Jun 2018 18:29:18 +0000 Subject: [PATCH] upstream: switch config file parsing to getline(3) as this avoids static limits noted by gerhard@; ok dtucker@, djm@ OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c --- auth2-pubkey.c | 16 +++++++++++----- authfile.c | 22 +++++++++++----------- dh.c | 18 ++++++++++++------ hostfile.c | 15 +++++++++------ misc.c | 27 +-------------------------- misc.h | 3 +-- readconf.c | 10 +++++----- servconf.c | 10 +++++----- session.c | 11 ++++++----- ssh-keygen.c | 25 +++++++++++++++++-------- ssh-keyscan.c | 12 +++++------- ssh.h | 9 +-------- 12 files changed, 84 insertions(+), 94 deletions(-) diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 5603f5ef3..3ccc3a213 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.78 2018/06/01 03:33:53 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.79 2018/06/06 18:29:18 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -319,14 +319,16 @@ static int process_principals(struct ssh *ssh, FILE *f, const char *file, const struct sshkey_cert *cert, struct sshauthopt **authoptsp) { - char loc[256], line[SSH_MAX_PUBKEY_BYTES], *cp, *ep; + char loc[256], *line = NULL, *cp, *ep; + size_t linesize = 0; u_long linenum = 0; u_int found_principal = 0; if (authoptsp != NULL) *authoptsp = NULL; - while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { + while (getline(&line, &linesize, f) != -1) { + linenum++; /* Always consume entire input */ if (found_principal) continue; @@ -344,6 +346,7 @@ process_principals(struct ssh *ssh, FILE *f, const char *file, if (check_principals_line(ssh, cp, cert, loc, authoptsp) == 0) found_principal = 1; } + free(line); return found_principal; } @@ -687,14 +690,16 @@ static int check_authkeys_file(struct ssh *ssh, struct passwd *pw, FILE *f, char *file, struct sshkey *key, struct sshauthopt **authoptsp) { - char *cp, line[SSH_MAX_PUBKEY_BYTES], loc[256]; + char *cp, *line = NULL, loc[256]; + size_t linesize = 0; int found_key = 0; u_long linenum = 0; if (authoptsp != NULL) *authoptsp = NULL; - while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { + while (getline(&line, &linesize, f) != -1) { + linenum++; /* Always consume entire file */ if (found_key) continue; @@ -708,6 +713,7 @@ check_authkeys_file(struct ssh *ssh, struct passwd *pw, FILE *f, if (check_authkey_line(ssh, pw, key, cp, loc, authoptsp) == 0) found_key = 1; } + free(line); return found_key; } diff --git a/authfile.c b/authfile.c index 57dcd808c..c3a6345d3 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.128 2018/02/23 15:58:37 markus Exp $ */ +/* $OpenBSD: authfile.c,v 1.129 2018/06/06 18:29:18 markus Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -265,17 +265,15 @@ static int sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) { FILE *f; - char line[SSH_MAX_PUBKEY_BYTES]; - char *cp; - u_long linenum = 0; + char *line = NULL, *cp; + size_t linesize = 0; int r; if (commentp != NULL) *commentp = NULL; if ((f = fopen(filename, "r")) == NULL) return SSH_ERR_SYSTEM_ERROR; - while (read_keyfile_line(f, filename, line, sizeof(line), - &linenum) != -1) { + while (getline(&line, &linesize, f) != -1) { cp = line; switch (*cp) { case '#': @@ -299,11 +297,13 @@ sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) if (*commentp == NULL) r = SSH_ERR_ALLOC_FAIL; } + free(line); fclose(f); return r; } } } + free(line); fclose(f); return SSH_ERR_INVALID_FORMAT; } @@ -447,19 +447,18 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, int check_ca) { FILE *f; - char line[SSH_MAX_PUBKEY_BYTES]; - char *cp; - u_long linenum = 0; + char *line = NULL, *cp; + size_t linesize = 0; int r = 0; struct sshkey *pub = NULL; + int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) = strict_type ? sshkey_equal : sshkey_equal_public; if ((f = fopen(filename, "r")) == NULL) return SSH_ERR_SYSTEM_ERROR; - while (read_keyfile_line(f, filename, line, sizeof(line), - &linenum) != -1) { + while (getline(&line, &linesize, f) != -1) { cp = line; /* Skip leading whitespace. */ @@ -491,6 +490,7 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, } r = SSH_ERR_KEY_NOT_FOUND; out: + free(line); sshkey_free(pub); fclose(f); return r; diff --git a/dh.c b/dh.c index 46afba033..16eb13276 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.63 2018/02/07 02:06:50 jsing Exp $ */ +/* $OpenBSD: dh.c,v 1.64 2018/06/06 18:29:18 markus Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -145,9 +145,9 @@ DH * choose_dh(int min, int wantbits, int max) { FILE *f; - char line[4096]; - int best, bestcount, which; - int linenum; + char *line = NULL; + size_t linesize = 0; + int best, bestcount, which, linenum; struct dhgroup dhg; if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) { @@ -158,7 +158,7 @@ choose_dh(int min, int wantbits, int max) linenum = 0; best = bestcount = 0; - while (fgets(line, sizeof(line), f)) { + while (getline(&line, &linesize, f) != -1) { linenum++; if (!parse_prime(linenum, line, &dhg)) continue; @@ -176,6 +176,9 @@ choose_dh(int min, int wantbits, int max) if (dhg.size == best) bestcount++; } + free(line); + line = NULL; + linesize = 0; rewind(f); if (bestcount == 0) { @@ -186,7 +189,8 @@ choose_dh(int min, int wantbits, int max) linenum = 0; which = arc4random_uniform(bestcount); - while (fgets(line, sizeof(line), f)) { + while (getline(&line, &linesize, f) != -1) { + linenum++; if (!parse_prime(linenum, line, &dhg)) continue; if ((dhg.size > max || dhg.size < min) || @@ -198,6 +202,8 @@ choose_dh(int min, int wantbits, int max) } break; } + free(line); + line = NULL; fclose(f); if (linenum != which+1) { logit("WARNING: line %d disappeared in %s, giving up", diff --git a/hostfile.c b/hostfile.c index 12f174ff9..e08339379 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.71 2017/05/31 09:15:42 deraadt Exp $ */ +/* $OpenBSD: hostfile.c,v 1.72 2018/06/06 18:29:18 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -663,14 +663,14 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, const char *host, const char *ip, u_int options) { FILE *f; - char line[8192], oline[8192], ktype[128]; + char *line = NULL, ktype[128]; u_long linenum = 0; char *cp, *cp2; u_int kbits; int hashed; int s, r = 0; struct hostkey_foreach_line lineinfo; - size_t l; + size_t linesize = 0, l; memset(&lineinfo, 0, sizeof(lineinfo)); if (host == NULL && (options & HKF_WANT_MATCH) != 0) @@ -679,15 +679,16 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, return SSH_ERR_SYSTEM_ERROR; debug3("%s: reading file \"%s\"", __func__, path); - while (read_keyfile_line(f, path, line, sizeof(line), &linenum) == 0) { + while (getline(&line, &linesize, f) != -1) { + linenum++; line[strcspn(line, "\n")] = '\0'; - strlcpy(oline, line, sizeof(oline)); sshkey_free(lineinfo.key); memset(&lineinfo, 0, sizeof(lineinfo)); lineinfo.path = path; lineinfo.linenum = linenum; - lineinfo.line = oline; + free(lineinfo.line); + lineinfo.line = xstrdup(line); lineinfo.marker = MRK_NONE; lineinfo.status = HKF_STATUS_OK; lineinfo.keytype = KEY_UNSPEC; @@ -826,6 +827,8 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, break; } sshkey_free(lineinfo.key); + free(lineinfo.line); + free(line); fclose(f); return r; } diff --git a/misc.c b/misc.c index 874dcc8a2..3e62320ab 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.127 2018/03/12 00:52:01 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.128 2018/06/06 18:29:18 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -1005,31 +1005,6 @@ percent_expand(const char *string, ...) #undef EXPAND_MAX_KEYS } -/* - * Read an entire line from a public key file into a static buffer, discarding - * lines that exceed the buffer size. Returns 0 on success, -1 on failure. - */ -int -read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, - u_long *lineno) -{ - while (fgets(buf, bufsz, f) != NULL) { - if (buf[0] == '\0') - continue; - (*lineno)++; - if (buf[strlen(buf) - 1] == '\n' || feof(f)) { - return 0; - } else { - debug("%s: %s line %lu exceeds size limit", __func__, - filename, *lineno); - /* discard remainder of line */ - while (fgetc(f) != '\n' && !feof(f)) - ; /* nothing */ - } - } - return -1; -} - int tun_open(int tun, int mode, char **ifname) { diff --git a/misc.h b/misc.h index cdafea735..daa4abc4c 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.71 2018/03/12 00:52:01 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.72 2018/06/06 18:29:18 markus Exp $ */ /* * Author: Tatu Ylonen @@ -166,7 +166,6 @@ int safe_path_fd(int, const char *, struct passwd *, char *read_passphrase(const char *, int); int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); -int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) diff --git a/readconf.c b/readconf.c index 9c4a234b5..733b67f76 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.288 2018/06/01 03:33:53 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.289 2018/06/06 18:29:18 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1728,7 +1728,8 @@ read_config_file_depth(const char *filename, struct passwd *pw, int flags, int *activep, int depth) { FILE *f; - char line[4096]; + char *line = NULL; + size_t linesize = 0; int linenum; int bad_options = 0; @@ -1755,15 +1756,14 @@ read_config_file_depth(const char *filename, struct passwd *pw, * on/off by Host specifications. */ linenum = 0; - while (fgets(line, sizeof(line), f)) { + while (getline(&line, &linesize, f) != -1) { /* Update line number counter. */ linenum++; - if (strlen(line) == sizeof(line) - 1) - fatal("%s line %d too long", filename, linenum); if (process_config_line_depth(options, pw, host, original_host, line, filename, linenum, activep, flags, depth) != 0) bad_options++; } + free(line); fclose(f); if (bad_options > 0) fatal("%s: terminating, %d bad configuration options", diff --git a/servconf.c b/servconf.c index 3c41490b3..f55b66736 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.330 2018/06/06 18:23:32 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.331 2018/06/06 18:29:18 markus Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -2103,7 +2103,8 @@ process_server_config_line(ServerOptions *options, char *line, void load_server_config(const char *filename, Buffer *conf) { - char line[4096], *cp; + char *line = NULL, *cp; + size_t linesize = 0; FILE *f; int lineno = 0; @@ -2113,10 +2114,8 @@ load_server_config(const char *filename, Buffer *conf) exit(1); } buffer_clear(conf); - while (fgets(line, sizeof(line), f)) { + while (getline(&line, &linesize, f) != -1) { lineno++; - if (strlen(line) == sizeof(line) - 1) - fatal("%s line %d too long", filename, lineno); /* * Trim out comments and strip whitespace * NB - preserve newlines, they are needed to reproduce @@ -2128,6 +2127,7 @@ load_server_config(const char *filename, Buffer *conf) buffer_append(conf, cp, strlen(cp)); } + free(line); buffer_append(conf, "\0", 1); fclose(f); debug2("%s: done config len = %d", __func__, buffer_len(conf)); diff --git a/session.c b/session.c index e72fcb0a8..511fc4e87 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.297 2018/06/06 18:23:32 djm Exp $ */ +/* $OpenBSD: session.c,v 1.298 2018/06/06 18:29:18 markus Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -873,18 +873,18 @@ read_environment_file(char ***env, u_int *envsize, const char *filename) { FILE *f; - char buf[4096]; - char *cp, *value; + char *line = NULL, *cp, *value; + size_t linesize = 0; u_int lineno = 0; f = fopen(filename, "r"); if (!f) return; - while (fgets(buf, sizeof(buf), f)) { + while (getline(&line, &linesize, f) != -1) { if (++lineno > 1000) fatal("Too many lines in environment file %s", filename); - for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) + for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; if (!*cp || *cp == '#' || *cp == '\n') continue; @@ -905,6 +905,7 @@ read_environment_file(char ***env, u_int *envsize, value++; child_set_env(env, envsize, cp, value); } + free(line); fclose(f); } diff --git a/ssh-keygen.c b/ssh-keygen.c index 2568c00e8..ccebbaf76 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.316 2018/06/01 04:21:29 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.317 2018/06/06 18:29:18 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -870,7 +870,8 @@ do_fingerprint(struct passwd *pw) { FILE *f; struct sshkey *public = NULL; - char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; + char *comment = NULL, *cp, *ep, *line = NULL; + size_t linesize = 0; int i, invalid = 1; const char *path; u_long lnum = 0; @@ -885,7 +886,8 @@ do_fingerprint(struct passwd *pw) } else if ((f = fopen(path, "r")) == NULL) fatal("%s: %s: %s", __progname, path, strerror(errno)); - while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) { + while (getline(&line, &linesize, f) != -1) { + lnum++; cp = line; cp[strcspn(cp, "\n")] = '\0'; /* Trim leading space and comments */ @@ -905,6 +907,7 @@ do_fingerprint(struct passwd *pw) */ if (lnum == 1 && strcmp(identity_file, "-") != 0 && strstr(cp, "PRIVATE KEY") != NULL) { + free(line); fclose(f); fingerprint_private(path); exit(0); @@ -951,6 +954,7 @@ do_fingerprint(struct passwd *pw) invalid = 0; /* One good key in the file is sufficient */ } fclose(f); + free(line); if (invalid) fatal("%s is not a public key file.", path); @@ -2004,8 +2008,9 @@ do_show_cert(struct passwd *pw) struct stat st; int r, is_stdin = 0, ok = 0; FILE *f; - char *cp, line[SSH_MAX_PUBKEY_BYTES]; + char *cp, *line = NULL; const char *path; + size_t linesize = 0; u_long lnum = 0; if (!have_identity) @@ -2021,7 +2026,8 @@ do_show_cert(struct passwd *pw) } else if ((f = fopen(identity_file, "r")) == NULL) fatal("fopen %s: %s", identity_file, strerror(errno)); - while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) { + while (getline(&line, &linesize, f) != -1) { + lnum++; sshkey_free(key); key = NULL; /* Trim leading space and comments */ @@ -2046,6 +2052,7 @@ do_show_cert(struct passwd *pw) printf("%s:%lu:\n", path, lnum); print_cert(key); } + free(line); sshkey_free(key); fclose(f); exit(ok ? 0 : 1); @@ -2077,7 +2084,8 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, { struct sshkey *key = NULL; u_long lnum = 0; - char *path, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; + char *path, *cp, *ep, *line = NULL; + size_t linesize = 0; unsigned long long serial, serial2; int i, was_explicit_key, was_sha1, r; FILE *krl_spec; @@ -2092,8 +2100,8 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, if (!quiet) printf("Revoking from %s\n", path); - while (read_keyfile_line(krl_spec, path, line, sizeof(line), - &lnum) == 0) { + while (getline(&line, &linesize, krl_spec) != -1) { + lnum++; was_explicit_key = was_sha1 = 0; cp = line + strspn(line, " \t"); /* Trim trailing space, comments and strip \n */ @@ -2193,6 +2201,7 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, } if (strcmp(path, "-") != 0) fclose(krl_spec); + free(line); free(path); } diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 381fb0844..38b1c548b 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.119 2018/03/02 21:40:15 jmc Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.120 2018/06/06 18:29:18 markus Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -646,9 +646,9 @@ main(int argc, char **argv) { int debug_flag = 0, log_level = SYSLOG_LEVEL_INFO; int opt, fopt_count = 0, j; - char *tname, *cp, line[NI_MAXHOST]; + char *tname, *cp, *line = NULL; + size_t linesize = 0; FILE *fp; - u_long linenum; extern int optind; extern char *optarg; @@ -769,11 +769,8 @@ main(int argc, char **argv) else if ((fp = fopen(argv[j], "r")) == NULL) fatal("%s: %s: %s", __progname, argv[j], strerror(errno)); - linenum = 0; - while (read_keyfile_line(fp, - argv[j] == NULL ? "(stdin)" : argv[j], line, sizeof(line), - &linenum) != -1) { + while (getline(&line, &linesize, fp) != -1) { /* Chomp off trailing whitespace and comments */ if ((cp = strchr(line, '#')) == NULL) cp = line + strlen(line) - 1; @@ -798,6 +795,7 @@ main(int argc, char **argv) fclose(fp); } + free(line); while (optind < argc) do_host(argv[optind++]); diff --git a/ssh.h b/ssh.h index 12d800922..5abfd7a68 100644 --- a/ssh.h +++ b/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.87 2017/05/07 23:15:59 djm Exp $ */ +/* $OpenBSD: ssh.h,v 1.88 2018/06/06 18:29:18 markus Exp $ */ /* * Author: Tatu Ylonen @@ -30,13 +30,6 @@ */ #define SSH_MAX_IDENTITY_FILES 100 -/* - * Maximum length of lines in authorized_keys file. - * Current value permits 16kbit RSA keys and 8kbit DSA keys, with - * some room for options and comments. - */ -#define SSH_MAX_PUBKEY_BYTES 16384 - /* * Major protocol version. Different version indicates major incompatibility * that prevents communication.