From c3cb7790e9efb14ba74b2d9f543ad593b3d55b31 Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Mon, 9 Jul 2018 21:29:36 +0000 Subject: [PATCH] upstream: sshd: switch config to sshbuf API; ok djm@ OpenBSD-Commit-ID: 72b02017bac7feac48c9dceff8355056bea300bd --- servconf.c | 30 ++++++++++++++------------- serverloop.c | 4 ++-- sshd.c | 58 +++++++++++++++++++++++++++------------------------- 3 files changed, 48 insertions(+), 44 deletions(-) diff --git a/servconf.c b/servconf.c index 97c268e3c..7ca67ce6b 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.337 2018/07/09 13:37:10 sf Exp $ */ +/* $OpenBSD: servconf.c,v 1.338 2018/07/09 21:29:36 markus Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -45,7 +45,7 @@ #include "xmalloc.h" #include "ssh.h" #include "log.h" -#include "buffer.h" +#include "sshbuf.h" #include "misc.h" #include "servconf.h" #include "compat.h" @@ -59,6 +59,7 @@ #include "groupaccess.h" #include "canohost.h" #include "packet.h" +#include "ssherr.h" #include "hostfile.h" #include "auth.h" #include "myproposal.h" @@ -71,7 +72,7 @@ static void add_one_listen_addr(ServerOptions *, const char *, /* Use of privilege separation or not */ extern int use_privsep; -extern Buffer cfg; +extern struct sshbuf *cfg; /* Initializes the server options to their default values. */ @@ -2163,19 +2164,19 @@ process_server_config_line(ServerOptions *options, char *line, /* Reads the server configuration file. */ void -load_server_config(const char *filename, Buffer *conf) +load_server_config(const char *filename, struct sshbuf *conf) { char *line = NULL, *cp; size_t linesize = 0; FILE *f; - int lineno = 0; + int r, lineno = 0; debug2("%s: filename %s", __func__, filename); if ((f = fopen(filename, "r")) == NULL) { perror(filename); exit(1); } - buffer_clear(conf); + sshbuf_reset(conf); while (getline(&line, &linesize, f) != -1) { lineno++; /* @@ -2186,13 +2187,14 @@ load_server_config(const char *filename, Buffer *conf) if ((cp = strchr(line, '#')) != NULL) memcpy(cp, "\n", 2); cp = line + strspn(line, " \t\r"); - - buffer_append(conf, cp, strlen(cp)); + if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } free(line); - buffer_append(conf, "\0", 1); + if ((r = sshbuf_put_u8(conf, 0)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); fclose(f); - debug2("%s: done config len = %d", __func__, buffer_len(conf)); + debug2("%s: done config len = %zu", __func__, sshbuf_len(conf)); } void @@ -2202,7 +2204,7 @@ parse_server_match_config(ServerOptions *options, ServerOptions mo; initialize_server_options(&mo); - parse_server_config(&mo, "reprocess config", &cfg, connectinfo); + parse_server_config(&mo, "reprocess config", cfg, connectinfo); copy_set_server_options(options, &mo, 0); } @@ -2346,13 +2348,13 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) #undef M_CP_STRARRAYOPT void -parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, - struct connection_info *connectinfo) +parse_server_config(ServerOptions *options, const char *filename, + struct sshbuf *conf, struct connection_info *connectinfo) { int active, linenum, bad_options = 0; char *cp, *obuf, *cbuf; - debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); + debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf)); if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) fatal("%s: sshbuf_dup_string failed", __func__); diff --git a/serverloop.c b/serverloop.c index 5ecafded8..f1b676f82 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.206 2018/06/08 01:55:40 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.207 2018/07/09 21:29:36 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -58,7 +58,7 @@ #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "packet.h" -#include "buffer.h" +#include "sshbuf.h" #include "log.h" #include "misc.h" #include "servconf.h" diff --git a/sshd.c b/sshd.c index 4777eb217..81f694aec 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.510 2018/07/09 21:26:02 markus Exp $ */ +/* $OpenBSD: sshd.c,v 1.511 2018/07/09 21:29:36 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -91,7 +91,7 @@ #include "sshpty.h" #include "packet.h" #include "log.h" -#include "buffer.h" +#include "sshbuf.h" #include "misc.h" #include "match.h" #include "servconf.h" @@ -237,7 +237,7 @@ Authctxt *the_authctxt = NULL; struct sshauthopt *auth_opts = NULL; /* sshd_config buffer */ -Buffer cfg; +struct sshbuf *cfg; /* message to be displayed after login */ struct sshbuf *loginmsg; @@ -958,31 +958,33 @@ send_rexec_state(int fd, struct sshbuf *conf) } static void -recv_rexec_state(int fd, Buffer *conf) +recv_rexec_state(int fd, struct sshbuf *conf) { - Buffer m; - char *cp; - u_int len; + struct sshbuf *m; + u_char *cp, ver; + size_t len; + int r; debug3("%s: entering fd = %d", __func__, fd); - buffer_init(&m); - - if (ssh_msg_recv(fd, &m) == -1) + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if (ssh_msg_recv(fd, m) == -1) fatal("%s: ssh_msg_recv failed", __func__); - if (buffer_get_char(&m) != 0) + if ((r = sshbuf_get_u8(m, &ver)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (ver != 0) fatal("%s: rexec version mismatch", __func__); - - cp = buffer_get_string(&m, &len); - if (conf != NULL) - buffer_append(conf, cp, len); - free(cp); - + if ((r = sshbuf_get_string(m, &cp, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (conf != NULL && (r = sshbuf_put(conf, cp, len))) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) - rexec_recv_rng_seed(&m); + rexec_recv_rng_seed(m); #endif - buffer_free(&m); + free(cp); + sshbuf_free(m); debug3("%s: done", __func__); } @@ -1263,8 +1265,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) startup_pipe = -1; pid = getpid(); if (rexec_flag) { - send_rexec_state(config_s[0], - &cfg); + send_rexec_state(config_s[0], cfg); close(config_s[0]); } break; @@ -1310,7 +1311,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) close(startup_p[1]); if (rexec_flag) { - send_rexec_state(config_s[0], &cfg); + send_rexec_state(config_s[0], cfg); close(config_s[0]); close(config_s[1]); } @@ -1662,14 +1663,15 @@ main(int ac, char **av) "test mode (-T)"); /* Fetch our configuration */ - buffer_init(&cfg); + if ((cfg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); if (rexeced_flag) - recv_rexec_state(REEXEC_CONFIG_PASS_FD, &cfg); + recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg); else if (strcasecmp(config_file_name, "none") != 0) - load_server_config(config_file_name, &cfg); + load_server_config(config_file_name, cfg); parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, - &cfg, NULL); + cfg, NULL); seed_rng(); @@ -1770,7 +1772,7 @@ main(int ac, char **av) keytype = pubkey->type; } else if (key != NULL) { keytype = key->type; - accumulate_host_timing_secret(&cfg, key); + accumulate_host_timing_secret(cfg, key); } else { error("Could not load host key: %s", options.host_key_files[i]); @@ -1796,7 +1798,7 @@ main(int ac, char **av) key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp); free(fp); } - accumulate_host_timing_secret(&cfg, NULL); + accumulate_host_timing_secret(cfg, NULL); if (!sensitive_data.have_ssh2_key) { logit("sshd: no hostkeys available -- exiting."); exit(1);