upstream: sshd: switch config to sshbuf API; ok djm@

OpenBSD-Commit-ID: 72b02017bac7feac48c9dceff8355056bea300bd
This commit is contained in:
markus@openbsd.org 2018-07-09 21:29:36 +00:00 committed by Damien Miller
parent 2808d18ca4
commit c3cb7790e9
3 changed files with 48 additions and 44 deletions

View File

@ -1,5 +1,5 @@
/* $OpenBSD: servconf.c,v 1.337 2018/07/09 13:37:10 sf Exp $ */ /* $OpenBSD: servconf.c,v 1.338 2018/07/09 21:29:36 markus Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -45,7 +45,7 @@
#include "xmalloc.h" #include "xmalloc.h"
#include "ssh.h" #include "ssh.h"
#include "log.h" #include "log.h"
#include "buffer.h" #include "sshbuf.h"
#include "misc.h" #include "misc.h"
#include "servconf.h" #include "servconf.h"
#include "compat.h" #include "compat.h"
@ -59,6 +59,7 @@
#include "groupaccess.h" #include "groupaccess.h"
#include "canohost.h" #include "canohost.h"
#include "packet.h" #include "packet.h"
#include "ssherr.h"
#include "hostfile.h" #include "hostfile.h"
#include "auth.h" #include "auth.h"
#include "myproposal.h" #include "myproposal.h"
@ -71,7 +72,7 @@ static void add_one_listen_addr(ServerOptions *, const char *,
/* Use of privilege separation or not */ /* Use of privilege separation or not */
extern int use_privsep; extern int use_privsep;
extern Buffer cfg; extern struct sshbuf *cfg;
/* Initializes the server options to their default values. */ /* Initializes the server options to their default values. */
@ -2163,19 +2164,19 @@ process_server_config_line(ServerOptions *options, char *line,
/* Reads the server configuration file. */ /* Reads the server configuration file. */
void void
load_server_config(const char *filename, Buffer *conf) load_server_config(const char *filename, struct sshbuf *conf)
{ {
char *line = NULL, *cp; char *line = NULL, *cp;
size_t linesize = 0; size_t linesize = 0;
FILE *f; FILE *f;
int lineno = 0; int r, lineno = 0;
debug2("%s: filename %s", __func__, filename); debug2("%s: filename %s", __func__, filename);
if ((f = fopen(filename, "r")) == NULL) { if ((f = fopen(filename, "r")) == NULL) {
perror(filename); perror(filename);
exit(1); exit(1);
} }
buffer_clear(conf); sshbuf_reset(conf);
while (getline(&line, &linesize, f) != -1) { while (getline(&line, &linesize, f) != -1) {
lineno++; lineno++;
/* /*
@ -2186,13 +2187,14 @@ load_server_config(const char *filename, Buffer *conf)
if ((cp = strchr(line, '#')) != NULL) if ((cp = strchr(line, '#')) != NULL)
memcpy(cp, "\n", 2); memcpy(cp, "\n", 2);
cp = line + strspn(line, " \t\r"); cp = line + strspn(line, " \t\r");
if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0)
buffer_append(conf, cp, strlen(cp)); fatal("%s: buffer error: %s", __func__, ssh_err(r));
} }
free(line); free(line);
buffer_append(conf, "\0", 1); if ((r = sshbuf_put_u8(conf, 0)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
fclose(f); fclose(f);
debug2("%s: done config len = %d", __func__, buffer_len(conf)); debug2("%s: done config len = %zu", __func__, sshbuf_len(conf));
} }
void void
@ -2202,7 +2204,7 @@ parse_server_match_config(ServerOptions *options,
ServerOptions mo; ServerOptions mo;
initialize_server_options(&mo); initialize_server_options(&mo);
parse_server_config(&mo, "reprocess config", &cfg, connectinfo); parse_server_config(&mo, "reprocess config", cfg, connectinfo);
copy_set_server_options(options, &mo, 0); copy_set_server_options(options, &mo, 0);
} }
@ -2346,13 +2348,13 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
#undef M_CP_STRARRAYOPT #undef M_CP_STRARRAYOPT
void void
parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, parse_server_config(ServerOptions *options, const char *filename,
struct connection_info *connectinfo) struct sshbuf *conf, struct connection_info *connectinfo)
{ {
int active, linenum, bad_options = 0; int active, linenum, bad_options = 0;
char *cp, *obuf, *cbuf; char *cp, *obuf, *cbuf;
debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf));
if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL)
fatal("%s: sshbuf_dup_string failed", __func__); fatal("%s: sshbuf_dup_string failed", __func__);

View File

@ -1,4 +1,4 @@
/* $OpenBSD: serverloop.c,v 1.206 2018/06/08 01:55:40 djm Exp $ */ /* $OpenBSD: serverloop.c,v 1.207 2018/07/09 21:29:36 markus Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -58,7 +58,7 @@
#include "openbsd-compat/sys-queue.h" #include "openbsd-compat/sys-queue.h"
#include "xmalloc.h" #include "xmalloc.h"
#include "packet.h" #include "packet.h"
#include "buffer.h" #include "sshbuf.h"
#include "log.h" #include "log.h"
#include "misc.h" #include "misc.h"
#include "servconf.h" #include "servconf.h"

58
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.510 2018/07/09 21:26:02 markus Exp $ */ /* $OpenBSD: sshd.c,v 1.511 2018/07/09 21:29:36 markus Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -91,7 +91,7 @@
#include "sshpty.h" #include "sshpty.h"
#include "packet.h" #include "packet.h"
#include "log.h" #include "log.h"
#include "buffer.h" #include "sshbuf.h"
#include "misc.h" #include "misc.h"
#include "match.h" #include "match.h"
#include "servconf.h" #include "servconf.h"
@ -237,7 +237,7 @@ Authctxt *the_authctxt = NULL;
struct sshauthopt *auth_opts = NULL; struct sshauthopt *auth_opts = NULL;
/* sshd_config buffer */ /* sshd_config buffer */
Buffer cfg; struct sshbuf *cfg;
/* message to be displayed after login */ /* message to be displayed after login */
struct sshbuf *loginmsg; struct sshbuf *loginmsg;
@ -958,31 +958,33 @@ send_rexec_state(int fd, struct sshbuf *conf)
} }
static void static void
recv_rexec_state(int fd, Buffer *conf) recv_rexec_state(int fd, struct sshbuf *conf)
{ {
Buffer m; struct sshbuf *m;
char *cp; u_char *cp, ver;
u_int len; size_t len;
int r;
debug3("%s: entering fd = %d", __func__, fd); debug3("%s: entering fd = %d", __func__, fd);
buffer_init(&m); if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if (ssh_msg_recv(fd, &m) == -1) if (ssh_msg_recv(fd, m) == -1)
fatal("%s: ssh_msg_recv failed", __func__); fatal("%s: ssh_msg_recv failed", __func__);
if (buffer_get_char(&m) != 0) if ((r = sshbuf_get_u8(m, &ver)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (ver != 0)
fatal("%s: rexec version mismatch", __func__); fatal("%s: rexec version mismatch", __func__);
if ((r = sshbuf_get_string(m, &cp, &len)) != 0)
cp = buffer_get_string(&m, &len); fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (conf != NULL) if (conf != NULL && (r = sshbuf_put(conf, cp, len)))
buffer_append(conf, cp, len); fatal("%s: buffer error: %s", __func__, ssh_err(r));
free(cp);
#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
rexec_recv_rng_seed(&m); rexec_recv_rng_seed(m);
#endif #endif
buffer_free(&m); free(cp);
sshbuf_free(m);
debug3("%s: done", __func__); debug3("%s: done", __func__);
} }
@ -1263,8 +1265,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
startup_pipe = -1; startup_pipe = -1;
pid = getpid(); pid = getpid();
if (rexec_flag) { if (rexec_flag) {
send_rexec_state(config_s[0], send_rexec_state(config_s[0], cfg);
&cfg);
close(config_s[0]); close(config_s[0]);
} }
break; break;
@ -1310,7 +1311,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
close(startup_p[1]); close(startup_p[1]);
if (rexec_flag) { if (rexec_flag) {
send_rexec_state(config_s[0], &cfg); send_rexec_state(config_s[0], cfg);
close(config_s[0]); close(config_s[0]);
close(config_s[1]); close(config_s[1]);
} }
@ -1662,14 +1663,15 @@ main(int ac, char **av)
"test mode (-T)"); "test mode (-T)");
/* Fetch our configuration */ /* Fetch our configuration */
buffer_init(&cfg); if ((cfg = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if (rexeced_flag) if (rexeced_flag)
recv_rexec_state(REEXEC_CONFIG_PASS_FD, &cfg); recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg);
else if (strcasecmp(config_file_name, "none") != 0) else if (strcasecmp(config_file_name, "none") != 0)
load_server_config(config_file_name, &cfg); load_server_config(config_file_name, cfg);
parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
&cfg, NULL); cfg, NULL);
seed_rng(); seed_rng();
@ -1770,7 +1772,7 @@ main(int ac, char **av)
keytype = pubkey->type; keytype = pubkey->type;
} else if (key != NULL) { } else if (key != NULL) {
keytype = key->type; keytype = key->type;
accumulate_host_timing_secret(&cfg, key); accumulate_host_timing_secret(cfg, key);
} else { } else {
error("Could not load host key: %s", error("Could not load host key: %s",
options.host_key_files[i]); options.host_key_files[i]);
@ -1796,7 +1798,7 @@ main(int ac, char **av)
key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp); key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp);
free(fp); free(fp);
} }
accumulate_host_timing_secret(&cfg, NULL); accumulate_host_timing_secret(cfg, NULL);
if (!sensitive_data.have_ssh2_key) { if (!sensitive_data.have_ssh2_key) {
logit("sshd: no hostkeys available -- exiting."); logit("sshd: no hostkeys available -- exiting.");
exit(1); exit(1);