tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

Remove pattern length argument from match_pattern_list(), we
 only ever use it for strlen(pattern).

Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.

ok markus@
This commit is contained in:
djm@openbsd.org 2015-05-04 06:10:48 +00:00 committed by Damien Miller
parent 0ef1de742b
commit e661a86353
14 changed files with 43 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
auth2-hostbased.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-hostbased.c,v 1.24 2015/01/28 22:36:00 djm Exp $ */ /* $OpenBSD: auth2-hostbased.c,v 1.25 2015/05/04 06:10:48 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -109,8 +109,7 @@ userauth_hostbased(Authctxt *authctxt)
goto done; goto done;
} }
if (match_pattern_list(sshkey_ssh_name(key), if (match_pattern_list(sshkey_ssh_name(key),
options.hostbased_key_types, options.hostbased_key_types, 0) != 1) {
strlen(options.hostbased_key_types), 0) != 1) {
logit("%s: key type %s not in HostbasedAcceptedKeyTypes", logit("%s: key type %s not in HostbasedAcceptedKeyTypes",
__func__, sshkey_type(key)); __func__, sshkey_type(key));
goto done; goto done;

6
auth2-pubkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-pubkey.c,v 1.47 2015/02/17 00:14:05 djm Exp $ */ /* $OpenBSD: auth2-pubkey.c,v 1.49 2015/05/04 06:10:48 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -127,8 +127,8 @@ userauth_pubkey(Authctxt *authctxt)
logit("refusing previously-used %s key", key_type(key)); logit("refusing previously-used %s key", key_type(key));
goto done; goto done;
} }
if (match_pattern_list(sshkey_ssh_name(key), options.pubkey_key_types, if (match_pattern_list(sshkey_ssh_name(key),
strlen(options.pubkey_key_types), 0) != 1) { options.pubkey_key_types, 0) != 1) {
logit("%s: key type %s not in PubkeyAcceptedKeyTypes", logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
__func__, sshkey_ssh_name(key)); __func__, sshkey_ssh_name(key));
goto done; goto done;

5
clientloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.272 2015/02/25 19:54:02 djm Exp $ */ /* $OpenBSD: clientloop.c,v 1.273 2015/05/04 06:10:48 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -2352,8 +2352,7 @@ client_input_hostkeys(void)
/* Check that the key is accepted in HostkeyAlgorithms */ /* Check that the key is accepted in HostkeyAlgorithms */
if (options.hostkeyalgorithms != NULL && if (options.hostkeyalgorithms != NULL &&
match_pattern_list(sshkey_ssh_name(key), match_pattern_list(sshkey_ssh_name(key),
options.hostkeyalgorithms, options.hostkeyalgorithms, 0) != 1) {
strlen(options.hostkeyalgorithms), 0) != 1) {
debug3("%s: %s key not permitted by HostkeyAlgorithms", debug3("%s: %s key not permitted by HostkeyAlgorithms",
__func__, sshkey_ssh_name(key)); __func__, sshkey_ssh_name(key));
continue; continue;

5
compat.c
View File

@ -192,8 +192,7 @@ compat_datafellows(const char *version)
/* process table, return first match */ /* process table, return first match */
for (i = 0; check[i].pat; i++) { for (i = 0; check[i].pat; i++) {
if (match_pattern_list(version, check[i].pat, if (match_pattern_list(version, check[i].pat, 0) == 1) {
strlen(check[i].pat), 0) == 1) {
debug("match: %s pat %s compat 0x%08x", debug("match: %s pat %s compat 0x%08x",
version, check[i].pat, check[i].bugs); version, check[i].pat, check[i].bugs);
datafellows = check[i].bugs; /* XXX for now */ datafellows = check[i].bugs; /* XXX for now */
@ -251,7 +250,7 @@ filter_proposal(char *proposal, const char *filter)
buffer_init(&b); buffer_init(&b);
tmp = orig_prop = xstrdup(proposal); tmp = orig_prop = xstrdup(proposal);
while ((cp = strsep(&tmp, ",")) != NULL) { while ((cp = strsep(&tmp, ",")) != NULL) {
if (match_pattern_list(cp, filter, strlen(cp), 0) != 1) { if (match_pattern_list(cp, filter, 0) != 1) {
if (buffer_len(&b) > 0) if (buffer_len(&b) > 0)
buffer_append(&b, ",", 1); buffer_append(&b, ",", 1);
buffer_append(&b, cp, strlen(cp)); buffer_append(&b, cp, strlen(cp));

6
groupaccess.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: groupaccess.c,v 1.15 2015/01/20 23:14:00 deraadt Exp $ */ /* $OpenBSD: groupaccess.c,v 1.16 2015/05/04 06:10:48 djm Exp $ */
/* /*
* Copyright (c) 2001 Kevin Steves. All rights reserved. * Copyright (c) 2001 Kevin Steves. All rights reserved.
* *
@ -97,11 +97,9 @@ int
ga_match_pattern_list(const char *group_pattern) ga_match_pattern_list(const char *group_pattern)
{ {
int i, found = 0; int i, found = 0;
size_t len = strlen(group_pattern);
for (i = 0; i < ngroups; i++) { for (i = 0; i < ngroups; i++) {
switch (match_pattern_list(groups_byname[i], switch (match_pattern_list(groups_byname[i], group_pattern, 0)) {
group_pattern, len, 0)) {
case -1: case -1:
return 0; /* Negated match wins */ return 0; /* Negated match wins */
case 0: case 0:

4
hostfile.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: hostfile.c,v 1.65 2015/03/31 22:57:06 djm Exp $ */ /* $OpenBSD: hostfile.c,v 1.66 2015/05/04 06:10:48 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -663,7 +663,7 @@ match_maybe_hashed(const char *host, const char *names, int *was_hashed)
return nlen == strlen(hashed_host) && return nlen == strlen(hashed_host) &&
strncmp(hashed_host, names, nlen) == 0; strncmp(hashed_host, names, nlen) == 0;
} }
return match_hostname(host, names, nlen) == 1; return match_hostname(host, names) == 1;
} }
int int

14
match.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: match.c,v 1.29 2013/11/20 20:54:10 deraadt Exp $ */ /* $OpenBSD: match.c,v 1.30 2015/05/04 06:10:48 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -115,15 +115,13 @@ match_pattern(const char *s, const char *pattern)
* indicate negation). Returns -1 if negation matches, 1 if there is * indicate negation). Returns -1 if negation matches, 1 if there is
* a positive match, 0 if there is no match at all. * a positive match, 0 if there is no match at all.
*/ */
int int
match_pattern_list(const char *string, const char *pattern, u_int len, match_pattern_list(const char *string, const char *pattern, int dolower)
int dolower)
{ {
char sub[1024]; char sub[1024];
int negated; int negated;
int got_positive; int got_positive;
u_int i, subi; u_int i, subi, len = strlen(pattern);
got_positive = 0; got_positive = 0;
for (i = 0; i < len;) { for (i = 0; i < len;) {
@ -177,9 +175,9 @@ match_pattern_list(const char *string, const char *pattern, u_int len,
* a positive match, 0 if there is no match at all. * a positive match, 0 if there is no match at all.
*/ */
int int
match_hostname(const char *host, const char *pattern, u_int len) match_hostname(const char *host, const char *pattern)
{ {
return match_pattern_list(host, pattern, len, 1); return match_pattern_list(host, pattern, 1);
} }
/* /*
@ -200,7 +198,7 @@ match_host_and_ip(const char *host, const char *ipaddr,
return 0; return 0;
/* negative hostname match */ /* negative hostname match */
if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1) if ((mhost = match_hostname(host, patterns)) == -1)
return 0; return 0;
/* no match at all */ /* no match at all */
if (mhost == 0 && mip == 0) if (mhost == 0 && mip == 0)

6
match.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: match.h,v 1.15 2010/02/26 20:29:54 djm Exp $ */ /* $OpenBSD: match.h,v 1.16 2015/05/04 06:10:48 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -15,8 +15,8 @@
#define MATCH_H #define MATCH_H
int match_pattern(const char *, const char *); int match_pattern(const char *, const char *);
int match_pattern_list(const char *, const char *, u_int, int); int match_pattern_list(const char *, const char *, int);
int match_hostname(const char *, const char *, u_int); int match_hostname(const char *, const char *);
int match_host_and_ip(const char *, const char *, const char *); int match_host_and_ip(const char *, const char *, const char *);
int match_user(const char *, const char *, const char *, const char *); int match_user(const char *, const char *, const char *, const char *);
char *match_list(const char *, const char *, u_int *); char *match_list(const char *, const char *, u_int *);

11
monitor.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.147 2015/04/27 01:52:30 djm Exp $ */ /* $OpenBSD: monitor.c,v 1.149 2015/05/04 06:10:48 djm Exp $ */
/* /*
* Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org> * Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -1215,9 +1215,9 @@ mm_answer_keyallowed(int sock, Buffer *m)
allowed = options.pubkey_authentication && allowed = options.pubkey_authentication &&
!auth2_userkey_already_used(authctxt, key) && !auth2_userkey_already_used(authctxt, key) &&
match_pattern_list(sshkey_ssh_name(key), match_pattern_list(sshkey_ssh_name(key),
options.pubkey_key_types, options.pubkey_key_types, 0) == 1 &&
strlen(options.pubkey_key_types), 0) == 1 && user_key_allowed(authctxt->pw, key,
user_key_allowed(authctxt->pw, key); pubkey_auth_attempt);
pubkey_auth_info(authctxt, key, NULL); pubkey_auth_info(authctxt, key, NULL);
auth_method = "publickey"; auth_method = "publickey";
if (options.pubkey_authentication && allowed != 1) if (options.pubkey_authentication && allowed != 1)
@ -1226,8 +1226,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
case MM_HOSTKEY: case MM_HOSTKEY:
allowed = options.hostbased_authentication && allowed = options.hostbased_authentication &&
match_pattern_list(sshkey_ssh_name(key), match_pattern_list(sshkey_ssh_name(key),
options.hostbased_key_types, options.hostbased_key_types, 0) == 1 &&
strlen(options.hostbased_key_types), 0) == 1 &&
hostbased_key_allowed(authctxt->pw, hostbased_key_allowed(authctxt->pw,
cuser, chost, key); cuser, chost, key);
pubkey_auth_info(authctxt, key, pubkey_auth_info(authctxt, key,

16
readconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.234 2015/04/24 01:36:00 deraadt Exp $ */ /* $OpenBSD: readconf.c,v 1.235 2015/05/04 06:10:48 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -492,7 +492,6 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
char *arg, *oattrib, *attrib, *cmd, *cp = *condition, *host, *criteria; char *arg, *oattrib, *attrib, *cmd, *cp = *condition, *host, *criteria;
const char *ruser; const char *ruser;
int r, port, this_result, result = 1, attributes = 0, negate; int r, port, this_result, result = 1, attributes = 0, negate;
size_t len;
char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
/* /*
@ -545,25 +544,24 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
result = -1; result = -1;
goto out; goto out;
} }
len = strlen(arg);
if (strcasecmp(attrib, "host") == 0) { if (strcasecmp(attrib, "host") == 0) {
criteria = xstrdup(host); criteria = xstrdup(host);
r = match_hostname(host, arg, len) == 1; r = match_hostname(host, arg) == 1;
if (r == (negate ? 1 : 0)) if (r == (negate ? 1 : 0))
this_result = result = 0; this_result = result = 0;
} else if (strcasecmp(attrib, "originalhost") == 0) { } else if (strcasecmp(attrib, "originalhost") == 0) {
criteria = xstrdup(original_host); criteria = xstrdup(original_host);
r = match_hostname(original_host, arg, len) == 1; r = match_hostname(original_host, arg) == 1;
if (r == (negate ? 1 : 0)) if (r == (negate ? 1 : 0))
this_result = result = 0; this_result = result = 0;
} else if (strcasecmp(attrib, "user") == 0) { } else if (strcasecmp(attrib, "user") == 0) {
criteria = xstrdup(ruser); criteria = xstrdup(ruser);
r = match_pattern_list(ruser, arg, len, 0) == 1; r = match_pattern_list(ruser, arg, 0) == 1;
if (r == (negate ? 1 : 0)) if (r == (negate ? 1 : 0))
this_result = result = 0; this_result = result = 0;
} else if (strcasecmp(attrib, "localuser") == 0) { } else if (strcasecmp(attrib, "localuser") == 0) {
criteria = xstrdup(pw->pw_name); criteria = xstrdup(pw->pw_name);
r = match_pattern_list(pw->pw_name, arg, len, 0) == 1; r = match_pattern_list(pw->pw_name, arg, 0) == 1;
if (r == (negate ? 1 : 0)) if (r == (negate ? 1 : 0))
this_result = result = 0; this_result = result = 0;
} else if (strcasecmp(attrib, "exec") == 0) { } else if (strcasecmp(attrib, "exec") == 0) {
@ -665,8 +663,8 @@ parse_token(const char *cp, const char *filename, int linenum,
for (i = 0; keywords[i].name; i++) for (i = 0; keywords[i].name; i++)
if (strcmp(cp, keywords[i].name) == 0) if (strcmp(cp, keywords[i].name) == 0)
return keywords[i].opcode; return keywords[i].opcode;
if (ignored_unknown != NULL && match_pattern_list(cp, ignored_unknown, if (ignored_unknown != NULL &&
strlen(ignored_unknown), 1) == 1) match_pattern_list(cp, ignored_unknown, 1) == 1)
return oIgnoredUnknownOption; return oIgnoredUnknownOption;
error("%s: line %d: Bad configuration option: %s", error("%s: line %d: Bad configuration option: %s",
filename, linenum, cp); filename, linenum, cp);

9
servconf.c
View File

@ -1,5 +1,4 @@
/* $OpenBSD: servconf.c,v 1.269 2015/05/04 06:10:48 djm Exp $ */
/* $OpenBSD: servconf.c,v 1.266 2015/04/29 03:48:56 dtucker Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -754,7 +753,6 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
{ {
int result = 1, attributes = 0, port; int result = 1, attributes = 0, port;
char *arg, *attrib, *cp = *condition; char *arg, *attrib, *cp = *condition;
size_t len;
if (ci == NULL) if (ci == NULL)
debug3("checking syntax for 'Match %s'", cp); debug3("checking syntax for 'Match %s'", cp);
@ -781,13 +779,12 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
error("Missing Match criteria for %s", attrib); error("Missing Match criteria for %s", attrib);
return -1; return -1;
} }
len = strlen(arg);
if (strcasecmp(attrib, "user") == 0) { if (strcasecmp(attrib, "user") == 0) {
if (ci == NULL || ci->user == NULL) { if (ci == NULL || ci->user == NULL) {
result = 0; result = 0;
continue; continue;
} }
if (match_pattern_list(ci->user, arg, len, 0) != 1) if (match_pattern_list(ci->user, arg, 0) != 1)
result = 0; result = 0;
else else
debug("user %.100s matched 'User %.100s' at " debug("user %.100s matched 'User %.100s' at "
@ -808,7 +805,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
result = 0; result = 0;
continue; continue;
} }
if (match_hostname(ci->host, arg, len) != 1) if (match_hostname(ci->host, arg) != 1)
result = 0; result = 0;
else else
debug("connection from %.100s matched 'Host " debug("connection from %.100s matched 'Host "

8
ssh.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.c,v 1.417 2015/04/17 13:16:48 djm Exp $ */ /* $OpenBSD: ssh.c,v 1.418 2015/05/04 06:10:48 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -356,10 +356,8 @@ check_follow_cname(char **namep, const char *cname)
debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname); debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname);
for (i = 0; i < options.num_permitted_cnames; i++) { for (i = 0; i < options.num_permitted_cnames; i++) {
rule = options.permitted_cnames + i; rule = options.permitted_cnames + i;
if (match_pattern_list(*namep, rule->source_list, if (match_pattern_list(*namep, rule->source_list, 1) != 1 ||
strlen(rule->source_list), 1) != 1 || match_pattern_list(cname, rule->target_list, 1) != 1)
match_pattern_list(cname, rule->target_list,
strlen(rule->target_list), 1) != 1)
continue; continue;
verbose("Canonicalized DNS aliased hostname " verbose("Canonicalized DNS aliased hostname "
"\"%s\" => \"%s\"", *namep, cname); "\"%s\" => \"%s\"", *namep, cname);

5
sshconnect2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.223 2015/01/30 11:43:14 djm Exp $ */ /* $OpenBSD: sshconnect2.c,v 1.224 2015/05/04 06:10:48 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved.
@ -1610,8 +1610,7 @@ userauth_hostbased(Authctxt *authctxt)
continue; continue;
if (match_pattern_list( if (match_pattern_list(
sshkey_ssh_name(authctxt->sensitive->keys[i]), sshkey_ssh_name(authctxt->sensitive->keys[i]),
authctxt->active_ktype, authctxt->active_ktype, 0) != 1)
strlen(authctxt->active_ktype), 0) != 1)
continue; continue;
/* we take and free the key */ /* we take and free the key */
private = authctxt->sensitive->keys[i]; private = authctxt->sensitive->keys[i];

2
sshkey.c
View File

@ -251,7 +251,7 @@ sshkey_names_valid2(const char *names, int allow_wildcard)
if (kt->type == KEY_RSA1) if (kt->type == KEY_RSA1)
continue; continue;
if (match_pattern_list(kt->name, if (match_pattern_list(kt->name,
p, strlen(p), 0) != 0) p, 0) != 0)
break; break;
} }
if (kt->type != -1) if (kt->type != -1)