tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-30 09:14:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream: switch config file parsing to getline(3) as this avoids

Browse Source 
static limits noted by gerhard@; ok dtucker@, djm@

OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
This commit is contained in:
markus@openbsd.org 2018-06-06 18:29:18 +00:00 committed by Damien Miller
parent 392db2bc83
commit 7f90635216
12 changed files with 84 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
auth2-pubkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-pubkey.c,v 1.78 2018/06/01 03:33:53 djm Exp $ */ /* $OpenBSD: auth2-pubkey.c,v 1.79 2018/06/06 18:29:18 markus Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -319,14 +319,16 @@ static int
process_principals(struct ssh *ssh, FILE *f, const char *file, process_principals(struct ssh *ssh, FILE *f, const char *file,
const struct sshkey_cert *cert, struct sshauthopt **authoptsp) const struct sshkey_cert *cert, struct sshauthopt **authoptsp)
{ {
char loc[256], line[SSH_MAX_PUBKEY_BYTES], *cp, *ep; char loc[256], *line = NULL, *cp, *ep;
size_t linesize = 0;
u_long linenum = 0; u_long linenum = 0;
u_int found_principal = 0; u_int found_principal = 0;
if (authoptsp != NULL) if (authoptsp != NULL)
*authoptsp = NULL; *authoptsp = NULL;
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { while (getline(&line, &linesize, f) != -1) {
linenum++;
/* Always consume entire input */ /* Always consume entire input */
if (found_principal) if (found_principal)
continue; continue;
@ -344,6 +346,7 @@ process_principals(struct ssh *ssh, FILE *f, const char *file,
if (check_principals_line(ssh, cp, cert, loc, authoptsp) == 0) if (check_principals_line(ssh, cp, cert, loc, authoptsp) == 0)
found_principal = 1; found_principal = 1;
} }
free(line);
return found_principal; return found_principal;
} }
@ -687,14 +690,16 @@ static int
check_authkeys_file(struct ssh *ssh, struct passwd *pw, FILE *f, check_authkeys_file(struct ssh *ssh, struct passwd *pw, FILE *f,
char *file, struct sshkey *key, struct sshauthopt **authoptsp) char *file, struct sshkey *key, struct sshauthopt **authoptsp)
{ {
char *cp, line[SSH_MAX_PUBKEY_BYTES], loc[256]; char *cp, *line = NULL, loc[256];
size_t linesize = 0;
int found_key = 0; int found_key = 0;
u_long linenum = 0; u_long linenum = 0;
if (authoptsp != NULL) if (authoptsp != NULL)
*authoptsp = NULL; *authoptsp = NULL;
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { while (getline(&line, &linesize, f) != -1) {
linenum++;
/* Always consume entire file */ /* Always consume entire file */
if (found_key) if (found_key)
continue; continue;
@ -708,6 +713,7 @@ check_authkeys_file(struct ssh *ssh, struct passwd *pw, FILE *f,
if (check_authkey_line(ssh, pw, key, cp, loc, authoptsp) == 0) if (check_authkey_line(ssh, pw, key, cp, loc, authoptsp) == 0)
found_key = 1; found_key = 1;
} }
free(line);
return found_key; return found_key;
} }

22
authfile.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfile.c,v 1.128 2018/02/23 15:58:37 markus Exp $ */ /* $OpenBSD: authfile.c,v 1.129 2018/06/06 18:29:18 markus Exp $ */
/* /*
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
* *
@ -265,17 +265,15 @@ static int
sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp)
{ {
FILE *f; FILE *f;
char line[SSH_MAX_PUBKEY_BYTES]; char *line = NULL, *cp;
char *cp; size_t linesize = 0;
u_long linenum = 0;
int r; int r;
if (commentp != NULL) if (commentp != NULL)
*commentp = NULL; *commentp = NULL;
if ((f = fopen(filename, "r")) == NULL) if ((f = fopen(filename, "r")) == NULL)
return SSH_ERR_SYSTEM_ERROR; return SSH_ERR_SYSTEM_ERROR;
while (read_keyfile_line(f, filename, line, sizeof(line), while (getline(&line, &linesize, f) != -1) {
&linenum) != -1) {
cp = line; cp = line;
switch (*cp) { switch (*cp) {
case '#': case '#':
@ -299,11 +297,13 @@ sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp)
if (*commentp == NULL) if (*commentp == NULL)
r = SSH_ERR_ALLOC_FAIL; r = SSH_ERR_ALLOC_FAIL;
} }
free(line);
fclose(f); fclose(f);
return r; return r;
} }
} }
} }
free(line);
fclose(f); fclose(f);
return SSH_ERR_INVALID_FORMAT; return SSH_ERR_INVALID_FORMAT;
} }
@ -447,19 +447,18 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
int check_ca) int check_ca)
{ {
FILE *f; FILE *f;
char line[SSH_MAX_PUBKEY_BYTES]; char *line = NULL, *cp;
char *cp; size_t linesize = 0;
u_long linenum = 0;
int r = 0; int r = 0;
struct sshkey *pub = NULL; struct sshkey *pub = NULL;
int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) = int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) =
strict_type ? sshkey_equal : sshkey_equal_public; strict_type ? sshkey_equal : sshkey_equal_public;
if ((f = fopen(filename, "r")) == NULL) if ((f = fopen(filename, "r")) == NULL)
return SSH_ERR_SYSTEM_ERROR; return SSH_ERR_SYSTEM_ERROR;
while (read_keyfile_line(f, filename, line, sizeof(line), while (getline(&line, &linesize, f) != -1) {
&linenum) != -1) {
cp = line; cp = line;
/* Skip leading whitespace. */ /* Skip leading whitespace. */
@ -491,6 +490,7 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type,
} }
r = SSH_ERR_KEY_NOT_FOUND; r = SSH_ERR_KEY_NOT_FOUND;
out: out:
free(line);
sshkey_free(pub); sshkey_free(pub);
fclose(f); fclose(f);
return r; return r;

18
dh.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dh.c,v 1.63 2018/02/07 02:06:50 jsing Exp $ */ /* $OpenBSD: dh.c,v 1.64 2018/06/06 18:29:18 markus Exp $ */
/* /*
* Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2000 Niels Provos. All rights reserved.
* *
@ -145,9 +145,9 @@ DH *
choose_dh(int min, int wantbits, int max) choose_dh(int min, int wantbits, int max)
{ {
FILE *f; FILE *f;
char line[4096]; char *line = NULL;
int best, bestcount, which; size_t linesize = 0;
int linenum; int best, bestcount, which, linenum;
struct dhgroup dhg; struct dhgroup dhg;
if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) { if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {
@ -158,7 +158,7 @@ choose_dh(int min, int wantbits, int max)
linenum = 0; linenum = 0;
best = bestcount = 0; best = bestcount = 0;
while (fgets(line, sizeof(line), f)) { while (getline(&line, &linesize, f) != -1) {
linenum++; linenum++;
if (!parse_prime(linenum, line, &dhg)) if (!parse_prime(linenum, line, &dhg))
continue; continue;
@ -176,6 +176,9 @@ choose_dh(int min, int wantbits, int max)
if (dhg.size == best) if (dhg.size == best)
bestcount++; bestcount++;
} }
free(line);
line = NULL;
linesize = 0;
rewind(f); rewind(f);
if (bestcount == 0) { if (bestcount == 0) {
@ -186,7 +189,8 @@ choose_dh(int min, int wantbits, int max)
linenum = 0; linenum = 0;
which = arc4random_uniform(bestcount); which = arc4random_uniform(bestcount);
while (fgets(line, sizeof(line), f)) { while (getline(&line, &linesize, f) != -1) {
linenum++;
if (!parse_prime(linenum, line, &dhg)) if (!parse_prime(linenum, line, &dhg))
continue; continue;
if ((dhg.size > max || dhg.size < min) || if ((dhg.size > max || dhg.size < min) ||
@ -198,6 +202,8 @@ choose_dh(int min, int wantbits, int max)
} }
break; break;
} }
free(line);
line = NULL;
fclose(f); fclose(f);
if (linenum != which+1) { if (linenum != which+1) {
logit("WARNING: line %d disappeared in %s, giving up", logit("WARNING: line %d disappeared in %s, giving up",

15
hostfile.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: hostfile.c,v 1.71 2017/05/31 09:15:42 deraadt Exp $ */ /* $OpenBSD: hostfile.c,v 1.72 2018/06/06 18:29:18 markus Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -663,14 +663,14 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
const char *host, const char *ip, u_int options) const char *host, const char *ip, u_int options)
{ {
FILE *f; FILE *f;
char line[8192], oline[8192], ktype[128]; char *line = NULL, ktype[128];
u_long linenum = 0; u_long linenum = 0;
char *cp, *cp2; char *cp, *cp2;
u_int kbits; u_int kbits;
int hashed; int hashed;
int s, r = 0; int s, r = 0;
struct hostkey_foreach_line lineinfo; struct hostkey_foreach_line lineinfo;
size_t l; size_t linesize = 0, l;
memset(&lineinfo, 0, sizeof(lineinfo)); memset(&lineinfo, 0, sizeof(lineinfo));
if (host == NULL && (options & HKF_WANT_MATCH) != 0) if (host == NULL && (options & HKF_WANT_MATCH) != 0)
@ -679,15 +679,16 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
return SSH_ERR_SYSTEM_ERROR; return SSH_ERR_SYSTEM_ERROR;
debug3("%s: reading file \"%s\"", __func__, path); debug3("%s: reading file \"%s\"", __func__, path);
while (read_keyfile_line(f, path, line, sizeof(line), &linenum) == 0) { while (getline(&line, &linesize, f) != -1) {
linenum++;
line[strcspn(line, "\n")] = '\0'; line[strcspn(line, "\n")] = '\0';
strlcpy(oline, line, sizeof(oline));
sshkey_free(lineinfo.key); sshkey_free(lineinfo.key);
memset(&lineinfo, 0, sizeof(lineinfo)); memset(&lineinfo, 0, sizeof(lineinfo));
lineinfo.path = path; lineinfo.path = path;
lineinfo.linenum = linenum; lineinfo.linenum = linenum;
lineinfo.line = oline; free(lineinfo.line);
lineinfo.line = xstrdup(line);
lineinfo.marker = MRK_NONE; lineinfo.marker = MRK_NONE;
lineinfo.status = HKF_STATUS_OK; lineinfo.status = HKF_STATUS_OK;
lineinfo.keytype = KEY_UNSPEC; lineinfo.keytype = KEY_UNSPEC;
@ -826,6 +827,8 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
break; break;
} }
sshkey_free(lineinfo.key); sshkey_free(lineinfo.key);
free(lineinfo.line);
free(line);
fclose(f); fclose(f);
return r; return r;
} }

27
misc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.c,v 1.127 2018/03/12 00:52:01 djm Exp $ */ /* $OpenBSD: misc.c,v 1.128 2018/06/06 18:29:18 markus Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@ -1005,31 +1005,6 @@ percent_expand(const char *string, ...)
#undef EXPAND_MAX_KEYS #undef EXPAND_MAX_KEYS
} }
/*
* Read an entire line from a public key file into a static buffer, discarding
* lines that exceed the buffer size. Returns 0 on success, -1 on failure.
*/
int
read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
u_long *lineno)
{
while (fgets(buf, bufsz, f) != NULL) {
if (buf[0] == '\0')
continue;
(*lineno)++;
if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
return 0;
} else {
debug("%s: %s line %lu exceeds size limit", __func__,
filename, *lineno);
/* discard remainder of line */
while (fgetc(f) != '\n' && !feof(f))
; /* nothing */
}
}
return -1;
}
int int
tun_open(int tun, int mode, char **ifname) tun_open(int tun, int mode, char **ifname)
{ {

3
misc.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.h,v 1.71 2018/03/12 00:52:01 djm Exp $ */ /* $OpenBSD: misc.h,v 1.72 2018/06/06 18:29:18 markus Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -166,7 +166,6 @@ int safe_path_fd(int, const char *, struct passwd *,
char *read_passphrase(const char *, int); char *read_passphrase(const char *, int);
int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))

10
readconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.288 2018/06/01 03:33:53 djm Exp $ */ /* $OpenBSD: readconf.c,v 1.289 2018/06/06 18:29:18 markus Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1728,7 +1728,8 @@ read_config_file_depth(const char *filename, struct passwd *pw,
int flags, int *activep, int depth) int flags, int *activep, int depth)
{ {
FILE *f; FILE *f;
char line[4096]; char *line = NULL;
size_t linesize = 0;
int linenum; int linenum;
int bad_options = 0; int bad_options = 0;
@ -1755,15 +1756,14 @@ read_config_file_depth(const char *filename, struct passwd *pw,
* on/off by Host specifications. * on/off by Host specifications.
*/ */
linenum = 0; linenum = 0;
while (fgets(line, sizeof(line), f)) { while (getline(&line, &linesize, f) != -1) {
/* Update line number counter. */ /* Update line number counter. */
linenum++; linenum++;
if (strlen(line) == sizeof(line) - 1)
fatal("%s line %d too long", filename, linenum);
if (process_config_line_depth(options, pw, host, original_host, if (process_config_line_depth(options, pw, host, original_host,
line, filename, linenum, activep, flags, depth) != 0) line, filename, linenum, activep, flags, depth) != 0)
bad_options++; bad_options++;
} }
free(line);
fclose(f); fclose(f);
if (bad_options > 0) if (bad_options > 0)
fatal("%s: terminating, %d bad configuration options", fatal("%s: terminating, %d bad configuration options",

10
servconf.c
View File

@ -1,5 +1,5 @@
/* $OpenBSD: servconf.c,v 1.330 2018/06/06 18:23:32 djm Exp $ */ /* $OpenBSD: servconf.c,v 1.331 2018/06/06 18:29:18 markus Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -2103,7 +2103,8 @@ process_server_config_line(ServerOptions *options, char *line,
void void
load_server_config(const char *filename, Buffer *conf) load_server_config(const char *filename, Buffer *conf)
{ {
char line[4096], *cp; char *line = NULL, *cp;
size_t linesize = 0;
FILE *f; FILE *f;
int lineno = 0; int lineno = 0;
@ -2113,10 +2114,8 @@ load_server_config(const char *filename, Buffer *conf)
exit(1); exit(1);
} }
buffer_clear(conf); buffer_clear(conf);
while (fgets(line, sizeof(line), f)) { while (getline(&line, &linesize, f) != -1) {
lineno++; lineno++;
if (strlen(line) == sizeof(line) - 1)
fatal("%s line %d too long", filename, lineno);
/* /*
* Trim out comments and strip whitespace * Trim out comments and strip whitespace
* NB - preserve newlines, they are needed to reproduce * NB - preserve newlines, they are needed to reproduce
@ -2128,6 +2127,7 @@ load_server_config(const char *filename, Buffer *conf)
buffer_append(conf, cp, strlen(cp)); buffer_append(conf, cp, strlen(cp));
} }
free(line);
buffer_append(conf, "\0", 1); buffer_append(conf, "\0", 1);
fclose(f); fclose(f);
debug2("%s: done config len = %d", __func__, buffer_len(conf)); debug2("%s: done config len = %d", __func__, buffer_len(conf));

11
session.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: session.c,v 1.297 2018/06/06 18:23:32 djm Exp $ */ /* $OpenBSD: session.c,v 1.298 2018/06/06 18:29:18 markus Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -873,18 +873,18 @@ read_environment_file(char ***env, u_int *envsize,
const char *filename) const char *filename)
{ {
FILE *f; FILE *f;
char buf[4096]; char *line = NULL, *cp, *value;
char *cp, *value; size_t linesize = 0;
u_int lineno = 0; u_int lineno = 0;
f = fopen(filename, "r"); f = fopen(filename, "r");
if (!f) if (!f)
return; return;
while (fgets(buf, sizeof(buf), f)) { while (getline(&line, &linesize, f) != -1) {
if (++lineno > 1000) if (++lineno > 1000)
fatal("Too many lines in environment file %s", filename); fatal("Too many lines in environment file %s", filename);
for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
; ;
if (!*cp || *cp == '#' || *cp == '\n') if (!*cp || *cp == '#' || *cp == '\n')
continue; continue;
@ -905,6 +905,7 @@ read_environment_file(char ***env, u_int *envsize,
value++; value++;
child_set_env(env, envsize, cp, value); child_set_env(env, envsize, cp, value);
} }
free(line);
fclose(f); fclose(f);
} }

25
ssh-keygen.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keygen.c,v 1.316 2018/06/01 04:21:29 djm Exp $ */ /* $OpenBSD: ssh-keygen.c,v 1.317 2018/06/06 18:29:18 markus Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -870,7 +870,8 @@ do_fingerprint(struct passwd *pw)
{ {
FILE *f; FILE *f;
struct sshkey *public = NULL; struct sshkey *public = NULL;
char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; char *comment = NULL, *cp, *ep, *line = NULL;
size_t linesize = 0;
int i, invalid = 1; int i, invalid = 1;
const char *path; const char *path;
u_long lnum = 0; u_long lnum = 0;
@ -885,7 +886,8 @@ do_fingerprint(struct passwd *pw)
} else if ((f = fopen(path, "r")) == NULL) } else if ((f = fopen(path, "r")) == NULL)
fatal("%s: %s: %s", __progname, path, strerror(errno)); fatal("%s: %s: %s", __progname, path, strerror(errno));
while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) { while (getline(&line, &linesize, f) != -1) {
lnum++;
cp = line; cp = line;
cp[strcspn(cp, "\n")] = '\0'; cp[strcspn(cp, "\n")] = '\0';
/* Trim leading space and comments */ /* Trim leading space and comments */
@ -905,6 +907,7 @@ do_fingerprint(struct passwd *pw)
*/ */
if (lnum == 1 && strcmp(identity_file, "-") != 0 && if (lnum == 1 && strcmp(identity_file, "-") != 0 &&
strstr(cp, "PRIVATE KEY") != NULL) { strstr(cp, "PRIVATE KEY") != NULL) {
free(line);
fclose(f); fclose(f);
fingerprint_private(path); fingerprint_private(path);
exit(0); exit(0);
@ -951,6 +954,7 @@ do_fingerprint(struct passwd *pw)
invalid = 0; /* One good key in the file is sufficient */ invalid = 0; /* One good key in the file is sufficient */
} }
fclose(f); fclose(f);
free(line);
if (invalid) if (invalid)
fatal("%s is not a public key file.", path); fatal("%s is not a public key file.", path);
@ -2004,8 +2008,9 @@ do_show_cert(struct passwd *pw)
struct stat st; struct stat st;
int r, is_stdin = 0, ok = 0; int r, is_stdin = 0, ok = 0;
FILE *f; FILE *f;
char *cp, line[SSH_MAX_PUBKEY_BYTES]; char *cp, *line = NULL;
const char *path; const char *path;
size_t linesize = 0;
u_long lnum = 0; u_long lnum = 0;
if (!have_identity) if (!have_identity)
@ -2021,7 +2026,8 @@ do_show_cert(struct passwd *pw)
} else if ((f = fopen(identity_file, "r")) == NULL) } else if ((f = fopen(identity_file, "r")) == NULL)
fatal("fopen %s: %s", identity_file, strerror(errno)); fatal("fopen %s: %s", identity_file, strerror(errno));
while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) { while (getline(&line, &linesize, f) != -1) {
lnum++;
sshkey_free(key); sshkey_free(key);
key = NULL; key = NULL;
/* Trim leading space and comments */ /* Trim leading space and comments */
@ -2046,6 +2052,7 @@ do_show_cert(struct passwd *pw)
printf("%s:%lu:\n", path, lnum); printf("%s:%lu:\n", path, lnum);
print_cert(key); print_cert(key);
} }
free(line);
sshkey_free(key); sshkey_free(key);
fclose(f); fclose(f);
exit(ok ? 0 : 1); exit(ok ? 0 : 1);
@ -2077,7 +2084,8 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca,
{ {
struct sshkey *key = NULL; struct sshkey *key = NULL;
u_long lnum = 0; u_long lnum = 0;
char *path, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; char *path, *cp, *ep, *line = NULL;
size_t linesize = 0;
unsigned long long serial, serial2; unsigned long long serial, serial2;
int i, was_explicit_key, was_sha1, r; int i, was_explicit_key, was_sha1, r;
FILE *krl_spec; FILE *krl_spec;
@ -2092,8 +2100,8 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca,
if (!quiet) if (!quiet)
printf("Revoking from %s\n", path); printf("Revoking from %s\n", path);
while (read_keyfile_line(krl_spec, path, line, sizeof(line), while (getline(&line, &linesize, krl_spec) != -1) {
&lnum) == 0) { lnum++;
was_explicit_key = was_sha1 = 0; was_explicit_key = was_sha1 = 0;
cp = line + strspn(line, " \t"); cp = line + strspn(line, " \t");
/* Trim trailing space, comments and strip \n */ /* Trim trailing space, comments and strip \n */
@ -2193,6 +2201,7 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca,
} }
if (strcmp(path, "-") != 0) if (strcmp(path, "-") != 0)
fclose(krl_spec); fclose(krl_spec);
free(line);
free(path); free(path);
} }

12
ssh-keyscan.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keyscan.c,v 1.119 2018/03/02 21:40:15 jmc Exp $ */ /* $OpenBSD: ssh-keyscan.c,v 1.120 2018/06/06 18:29:18 markus Exp $ */
/* /*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
* *
@ -646,9 +646,9 @@ main(int argc, char **argv)
{ {
int debug_flag = 0, log_level = SYSLOG_LEVEL_INFO; int debug_flag = 0, log_level = SYSLOG_LEVEL_INFO;
int opt, fopt_count = 0, j; int opt, fopt_count = 0, j;
char *tname, *cp, line[NI_MAXHOST]; char *tname, *cp, *line = NULL;
size_t linesize = 0;
FILE *fp; FILE *fp;
u_long linenum;
extern int optind; extern int optind;
extern char *optarg; extern char *optarg;
@ -769,11 +769,8 @@ main(int argc, char **argv)
else if ((fp = fopen(argv[j], "r")) == NULL) else if ((fp = fopen(argv[j], "r")) == NULL)
fatal("%s: %s: %s", __progname, argv[j], fatal("%s: %s: %s", __progname, argv[j],
strerror(errno)); strerror(errno));
linenum = 0;
while (read_keyfile_line(fp, while (getline(&line, &linesize, fp) != -1) {
argv[j] == NULL ? "(stdin)" : argv[j], line, sizeof(line),
&linenum) != -1) {
/* Chomp off trailing whitespace and comments */ /* Chomp off trailing whitespace and comments */
if ((cp = strchr(line, '#')) == NULL) if ((cp = strchr(line, '#')) == NULL)
cp = line + strlen(line) - 1; cp = line + strlen(line) - 1;
@ -798,6 +795,7 @@ main(int argc, char **argv)
fclose(fp); fclose(fp);
} }
free(line);
while (optind < argc) while (optind < argc)
do_host(argv[optind++]); do_host(argv[optind++]);

9
ssh.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.h,v 1.87 2017/05/07 23:15:59 djm Exp $ */ /* $OpenBSD: ssh.h,v 1.88 2018/06/06 18:29:18 markus Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -30,13 +30,6 @@
*/ */
#define SSH_MAX_IDENTITY_FILES 100 #define SSH_MAX_IDENTITY_FILES 100
/*
* Maximum length of lines in authorized_keys file.
* Current value permits 16kbit RSA keys and 8kbit DSA keys, with
* some room for options and comments.
*/
#define SSH_MAX_PUBKEY_BYTES 16384
/* /*
* Major protocol version. Different version indicates major incompatibility * Major protocol version. Different version indicates major incompatibility
* that prevents communication. * that prevents communication.