tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: make authorized_keys environment="..." directives 

first-match-wins and more strictly limit their maximum number; prompted by
OOM reported by OSS-fuzz (35470).

feedback and ok dtucker@

OpenBSD-Commit-ID: 01f63fc10dcd995e7aed9c378ad879161af83121
This commit is contained in:
djm@openbsd.org 2021-07-23 03:57:20 +00:00 committed by Damien Miller
parent d0bb1ce731
commit e3957e21ff
2 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
auth-options.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-options.c,v 1.95 2021/04/03 06:18:40 djm Exp $ */ /* $OpenBSD: auth-options.c,v 1.96 2021/07/23 03:57:20 djm Exp $ */
/* /*
* Copyright (c) 2018 Damien Miller <djm@mindrot.org> * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
* *
@ -324,6 +324,7 @@ sshauthopt_parse(const char *opts, const char **errstrp)
struct sshauthopt *ret = NULL; struct sshauthopt *ret = NULL;
const char *errstr = "unknown error"; const char *errstr = "unknown error";
uint64_t valid_before; uint64_t valid_before;
size_t i, l;
if (errstrp != NULL) if (errstrp != NULL)
*errstrp = NULL; *errstrp = NULL;
@ -397,7 +398,7 @@ sshauthopt_parse(const char *opts, const char **errstrp)
valid_before < ret->valid_before) valid_before < ret->valid_before)
ret->valid_before = valid_before; ret->valid_before = valid_before;
} else if (opt_match(&opts, "environment")) { } else if (opt_match(&opts, "environment")) {
if (ret->nenv > INT_MAX) { if (ret->nenv > SSH_AUTHOPT_ENV_MAX) {
errstr = "too many environment strings"; errstr = "too many environment strings";
goto fail; goto fail;
} }
@ -411,23 +412,35 @@ sshauthopt_parse(const char *opts, const char **errstrp)
} }
if ((cp = strdup(opt)) == NULL) if ((cp = strdup(opt)) == NULL)
goto alloc_fail; goto alloc_fail;
cp[tmp - opt] = '\0'; /* truncate at '=' */ l = (size_t)(tmp - opt);
cp[l] = '\0'; /* truncate at '=' */
if (!valid_env_name(cp)) { if (!valid_env_name(cp)) {
free(cp); free(cp);
free(opt); free(opt);
errstr = "invalid environment string"; errstr = "invalid environment string";
goto fail; goto fail;
} }
free(cp); /* Check for duplicates; XXX O(n*log(n)) */
/* Append it. */ for (i = 0; i < ret->nenv; i++) {
oarray = ret->env; if (strncmp(ret->env[i], cp, l) == 0 &&
if ((ret->env = recallocarray(ret->env, ret->nenv, ret->env[i][l] == '=')
ret->nenv + 1, sizeof(*ret->env))) == NULL) { break;
free(opt); }
ret->env = oarray; /* put it back for cleanup */ free(cp);
goto alloc_fail; /* First match wins */
if (i >= ret->nenv) {
/* Append it. */
oarray = ret->env;
if ((ret->env = recallocarray(ret->env,
ret->nenv, ret->nenv + 1,
sizeof(*ret->env))) == NULL) {
free(opt);
/* put it back for cleanup */
ret->env = oarray;
goto alloc_fail;
}
ret->env[ret->nenv++] = opt;
} }
ret->env[ret->nenv++] = opt;
} else if (opt_match(&opts, "permitopen")) { } else if (opt_match(&opts, "permitopen")) {
if (handle_permit(&opts, 0, &ret->permitopen, if (handle_permit(&opts, 0, &ret->permitopen,
&ret->npermitopen, &errstr) != 0) &ret->npermitopen, &errstr) != 0)

7
auth-options.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-options.h,v 1.30 2020/08/27 01:07:09 djm Exp $ */ /* $OpenBSD: auth-options.h,v 1.31 2021/07/23 03:57:20 djm Exp $ */
/* /*
* Copyright (c) 2018 Damien Miller <djm@mindrot.org> * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
@ -23,7 +23,10 @@ struct passwd;
struct sshkey; struct sshkey;
/* Maximum number of permitopen/permitlisten directives to accept */ /* Maximum number of permitopen/permitlisten directives to accept */
#define SSH_AUTHOPT_PERMIT_MAX 4096 #define SSH_AUTHOPT_PERMIT_MAX 4096
/* Maximum number of environment directives to accept */
#define SSH_AUTHOPT_ENV_MAX 1024
/* /*
* sshauthopt represents key options parsed from authorized_keys or * sshauthopt represents key options parsed from authorized_keys or