diff --git a/auth-pam.c b/auth-pam.c index 7d8b2926b..bc8e5e02d 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -830,6 +830,8 @@ fake_password(const char *wire_password) fatal("%s: password length too long: %zu", __func__, l); ret = malloc(l + 1); + if (ret == NULL) + return NULL; for (i = 0; i < l; i++) ret[i] = junk[i % (sizeof(junk) - 1)]; ret[i] = '\0'; diff --git a/channels.c b/channels.c index ddd2b24a3..431e0ea78 100644 --- a/channels.c +++ b/channels.c @@ -4375,6 +4375,33 @@ connect_local_xsocket(u_int dnr) return connect_local_xsocket_path(buf); } +#ifdef __APPLE__ +static int +is_path_to_xsocket(const char *display, char *path, size_t pathlen) +{ + struct stat sbuf; + + if (strlcpy(path, display, pathlen) >= pathlen) { + error("%s: display path too long", __func__); + return 0; + } + if (display[0] != '/') + return 0; + if (stat(path, &sbuf) == 0) { + return 1; + } else { + char *dot = strrchr(path, '.'); + if (dot != NULL) { + *dot = '\0'; + if (stat(path, &sbuf) == 0) { + return 1; + } + } + } + return 0; +} +#endif + int x11_connect_display(void) { @@ -4396,15 +4423,22 @@ x11_connect_display(void) * connection to the real X server. */ - /* Check if the display is from launchd. */ #ifdef __APPLE__ - if (strncmp(display, "/tmp/launch", 11) == 0) { - sock = connect_local_xsocket_path(display); - if (sock < 0) - return -1; + /* Check if display is a path to a socket (as set by launchd). */ + { + char path[PATH_MAX]; - /* OK, we now have a connection to the display. */ - return sock; + if (is_path_to_xsocket(display, path, sizeof(path))) { + debug("x11_connect_display: $DISPLAY is launchd"); + + /* Create a socket. */ + sock = connect_local_xsocket_path(path); + if (sock < 0) + return -1; + + /* OK, we now have a connection to the display. */ + return sock; + } } #endif /* diff --git a/clientloop.c b/clientloop.c index 5a213878c..6f317e056 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.290 2017/01/29 21:35:23 dtucker Exp $ */ +/* $OpenBSD: clientloop.c,v 1.291 2017/03/10 05:01:13 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2394,6 +2394,26 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx) hostkeys_update_ctx_free(ctx); } +/* + * Returns non-zero if the key is accepted by HostkeyAlgorithms. + * Made slightly less trivial by the multiple RSA signature algorithm names. + */ +static int +key_accepted_by_hostkeyalgs(const struct sshkey *key) +{ + const char *ktype = sshkey_ssh_name(key); + const char *hostkeyalgs = options.hostkeyalgorithms != NULL ? + options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG; + + if (key == NULL || key->type == KEY_UNSPEC) + return 0; + if (key->type == KEY_RSA && + (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 || + match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1)) + return 1; + return match_pattern_list(ktype, hostkeyalgs, 0) == 1; +} + /* * Handle hostkeys-00@openssh.com global request to inform the client of all * the server's hostkeys. The keys are checked against the user's @@ -2440,10 +2460,7 @@ client_input_hostkeys(void) sshkey_type(key), fp); free(fp); - /* Check that the key is accepted in HostkeyAlgorithms */ - if (match_pattern_list(sshkey_ssh_name(key), - options.hostkeyalgorithms ? options.hostkeyalgorithms : - KEX_DEFAULT_PK_ALG, 0) != 1) { + if (!key_accepted_by_hostkeyalgs(key)) { debug3("%s: %s key not permitted by HostkeyAlgorithms", __func__, sshkey_ssh_name(key)); continue; diff --git a/digest-openssl.c b/digest-openssl.c index 13b63c2f0..c55ceb93f 100644 --- a/digest-openssl.c +++ b/digest-openssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: digest-openssl.c,v 1.5 2014/12/21 22:27:56 djm Exp $ */ +/* $OpenBSD: digest-openssl.c,v 1.6 2017/03/10 02:59:51 dtucker Exp $ */ /* * Copyright (c) 2013 Damien Miller * @@ -158,7 +158,7 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg); u_int l = dlen; - if (dlen > UINT_MAX) + if (digest == NULL || dlen > UINT_MAX) return SSH_ERR_INVALID_ARGUMENT; if (dlen < digest->digest_len) /* No truncation allowed */ return SSH_ERR_INVALID_ARGUMENT; diff --git a/hostfile.c b/hostfile.c index 6543ac8ad..0c05942b4 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.67 2016/09/17 18:00:27 tedu Exp $ */ +/* $OpenBSD: hostfile.c,v 1.68 2017/03/10 04:26:06 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -419,19 +419,24 @@ write_host_entry(FILE *f, const char *host, const char *ip, const struct sshkey *key, int store_hash) { int r, success = 0; - char *hashed_host = NULL; + char *hashed_host = NULL, *lhost; + + lhost = xstrdup(host); + lowercase(lhost); if (store_hash) { - if ((hashed_host = host_hash(host, NULL, 0)) == NULL) { + if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) { error("%s: host_hash failed", __func__); + free(lhost); return 0; } fprintf(f, "%s ", hashed_host); } else if (ip != NULL) - fprintf(f, "%s,%s ", host, ip); - else - fprintf(f, "%s ", host); - + fprintf(f, "%s,%s ", lhost, ip); + else { + fprintf(f, "%s ", lhost); + } + free(lhost); if ((r = sshkey_write(key, f)) == 0) success = 1; else diff --git a/kex.c b/kex.c index a30dabe5f..8ac00299c 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.128 2017/02/03 23:01:19 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.130 2017/03/10 04:07:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -178,7 +178,7 @@ kex_names_valid(const char *names) char * kex_names_cat(const char *a, const char *b) { - char *ret = NULL, *tmp = NULL, *cp, *p; + char *ret = NULL, *tmp = NULL, *cp, *p, *m; size_t len; if (a == NULL || *a == '\0') @@ -195,8 +195,10 @@ kex_names_cat(const char *a, const char *b) } strlcpy(ret, a, len); for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { - if (match_list(ret, p, NULL) != NULL) + if ((m = match_list(ret, p, NULL)) != NULL) { + free(m); continue; /* Algorithm already present */ + } if (strlcat(ret, ",", len) >= len || strlcat(ret, p, len) >= len) { free(tmp); @@ -348,7 +350,7 @@ kex_send_ext_info(struct ssh *ssh) int r; char *algs; - if ((algs = sshkey_alg_list(0, 1, ',')) == NULL) + if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || (r = sshpkt_put_u32(ssh, 1)) != 0 || @@ -651,8 +653,10 @@ choose_enc(struct sshenc *enc, char *client, char *server) if (name == NULL) return SSH_ERR_NO_CIPHER_ALG_MATCH; - if ((enc->cipher = cipher_by_name(name)) == NULL) + if ((enc->cipher = cipher_by_name(name)) == NULL) { + free(name); return SSH_ERR_INTERNAL_ERROR; + } enc->name = name; enc->enabled = 0; enc->iv = NULL; @@ -670,8 +674,10 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server) if (name == NULL) return SSH_ERR_NO_MAC_ALG_MATCH; - if (mac_setup(mac, name) < 0) + if (mac_setup(mac, name) < 0) { + free(name); return SSH_ERR_INTERNAL_ERROR; + } /* truncate the key */ if (ssh->compat & SSH_BUG_HMAC) mac->key_len = 16; @@ -695,6 +701,7 @@ choose_comp(struct sshcomp *comp, char *client, char *server) } else if (strcmp(name, "none") == 0) { comp->type = COMP_NONE; } else { + free(name); return SSH_ERR_INTERNAL_ERROR; } comp->name = name; diff --git a/log.c b/log.c index 53721f3bf..945fd9da5 100644 --- a/log.c +++ b/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.48 2016/07/15 05:01:58 dtucker Exp $ */ +/* $OpenBSD: log.c,v 1.49 2017/03/10 03:15:58 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -453,7 +453,8 @@ do_log(LogLevel level, const char *fmt, va_list args) tmp_handler(level, fmtbuf, log_handler_ctx); log_handler = tmp_handler; } else if (log_on_stderr) { - snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); + snprintf(msgbuf, sizeof msgbuf, "%.*s\r\n", + (int)sizeof msgbuf - 3, fmtbuf); #ifdef WINDOWS /* * In Windows, write is implemented as part of POSIX compat layer diff --git a/match.c b/match.c index ca93cb06e..3cf40306b 100644 --- a/match.c +++ b/match.c @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.35 2017/02/15 23:38:31 jsg Exp $ */ +/* $OpenBSD: match.c,v 1.37 2017/03/10 04:24:55 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,9 +42,11 @@ #include #include #include +#include #include "xmalloc.h" #include "match.h" +#include "misc.h" /* * Returns true if the given string matches the pattern (which may contain ? @@ -145,7 +147,7 @@ match_pattern_list(const char *string, const char *pattern, int dolower) if (subi >= sizeof(sub) - 1) return 0; - /* If the subpattern was terminated by a comma, skip the comma. */ + /* If the subpattern was terminated by a comma, then skip it. */ if (i < len && pattern[i] == ',') i++; @@ -177,7 +179,13 @@ match_pattern_list(const char *string, const char *pattern, int dolower) int match_hostname(const char *host, const char *pattern) { - return match_pattern_list(host, pattern, 1); + char *hostcopy = xstrdup(host); + int r; + + lowercase(hostcopy); + r = match_pattern_list(hostcopy, pattern, 1); + free(hostcopy); + return r; } /* diff --git a/readconf.c b/readconf.c index bfcd2b3f1..90ec46459 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.268 2017/02/03 23:01:19 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.270 2017/03/10 04:27:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1505,6 +1505,7 @@ parse_keytypes: if (r == GLOB_NOMATCH) { debug("%.200s line %d: include %s matched no " "files",filename, linenum, arg2); + free(arg2); continue; } else if (r != 0 || gl.gl_pathc < 0) fatal("%.200s line %d: glob failed for %s.", @@ -1724,7 +1725,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, int flags, int *activep, int depth) { FILE *f; - char line[1024]; + char line[4096]; int linenum; int bad_options = 0; @@ -1756,6 +1757,8 @@ read_config_file_depth(const char *filename, struct passwd *pw, while (fgets(line, sizeof(line), f)) { /* Update line number counter. */ linenum++; + if (strlen(line) == sizeof(line) - 1) + fatal("%s line %d too long", filename, linenum); if (process_config_line_depth(options, pw, host, original_host, line, filename, linenum, activep, flags, depth) != 0) bad_options++; diff --git a/servconf.c b/servconf.c index 12765b7cf..f9910e9fd 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.304 2017/02/03 23:01:19 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.305 2017/03/10 04:11:00 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -2164,8 +2164,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val) static void dump_cfg_string(ServerOpCodes code, const char *val) { - if (val == NULL) - return; printf("%s %s\n", lookup_opcode_name(code), val == NULL ? "none" : val); } diff --git a/ssh-keygen.c b/ssh-keygen.c index f9bccb2aa..6d0f032e6 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.298 2017/03/06 02:03:20 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.299 2017/03/10 04:26:06 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1119,6 +1119,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) */ ohosts = hosts = xstrdup(l->hosts); while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') { + lowercase(cp); if ((hashed = host_hash(cp, NULL, 0)) == NULL) fatal("hash_host failed"); fprintf(ctx->out, "%s %s\n", hashed, l->rawkey); diff --git a/ssh-keyscan.c b/ssh-keyscan.c index eea8d0a0a..1f95239a3 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.107 2017/01/06 03:41:58 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.109 2017/03/10 04:26:06 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -321,16 +321,18 @@ keygrab_ssh2(con *c) } static void -keyprint_one(char *host, struct sshkey *key) +keyprint_one(const char *host, struct sshkey *key) { char *hostport; - - if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) - fatal("host_hash failed"); + const char *known_host, *hashed; hostport = put_host_port(host, ssh_port); + lowercase(hostport); + if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) + fatal("host_hash failed"); + known_host = hash_hosts ? hashed : hostport; if (!get_cert) - fprintf(stdout, "%s ", hostport); + fprintf(stdout, "%s ", known_host); sshkey_write(key, stdout); fputs("\n", stdout); free(hostport); diff --git a/ssh.c b/ssh.c index 335e1e203..2abc23d7e 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.449 2017/02/17 02:04:15 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.451 2017/03/10 04:07:20 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -684,11 +684,11 @@ main(int ac, char **av) else if (strcmp(optarg, "kex") == 0) cp = kex_alg_list('\n'); else if (strcmp(optarg, "key") == 0) - cp = sshkey_alg_list(0, 0, '\n'); + cp = sshkey_alg_list(0, 0, 0, '\n'); else if (strcmp(optarg, "key-cert") == 0) - cp = sshkey_alg_list(1, 0, '\n'); + cp = sshkey_alg_list(1, 0, 0, '\n'); else if (strcmp(optarg, "key-plain") == 0) - cp = sshkey_alg_list(0, 1, '\n'); + cp = sshkey_alg_list(0, 1, 0, '\n'); else if (strcmp(optarg, "protocol-version") == 0) { #ifdef WITH_SSH1 cp = xstrdup("1\n2"); @@ -1103,7 +1103,7 @@ main(int ac, char **av) options.proxy_use_fdpass = 0; snprintf(port_s, sizeof(port_s), "%d", options.jump_port); xasprintf(&options.proxy_command, - "ssh%s%s%s%s%s%s%s%s%s%.*s -W [%%h]:%%p %s", + "ssh%s%s%s%s%s%s%s%s%s%.*s -W '[%%h]:%%p' %s", /* Optional "-l user" argument if jump_user set */ options.jump_user == NULL ? "" : " -l ", options.jump_user == NULL ? "" : options.jump_user, diff --git a/sshconnect.c b/sshconnect.c index ac3b40c26..e3ad04d3c 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.272 2016/09/12 01:22:38 deraadt Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.273 2017/03/10 03:22:40 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1553,6 +1553,7 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment, if (options.add_keys_to_agent == 2 && !ask_permission("Add key %s (%s) to agent?", authfile, comment)) { debug3("user denied adding this key"); + close(auth_sock); return; } @@ -1561,4 +1562,5 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment, debug("identity added to agent: %s", authfile); else debug("could not add identity to agent: %s (%d)", authfile, r); + close(auth_sock); } diff --git a/sshconnect1.c b/sshconnect1.c index a04536184..dc00b4cd0 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.79 2016/09/19 07:52:42 natano Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.80 2017/03/10 03:53:11 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -520,7 +520,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr) cookie[i] = packet_get_char(); /* Get the public key. */ - server_key = key_new(KEY_RSA1); + if ((server_key = key_new(KEY_RSA1)) == NULL) + fatal("%s: key_new(KEY_RSA1) failed", __func__); bits = packet_get_int(); packet_get_bignum(server_key->rsa->e); packet_get_bignum(server_key->rsa->n); @@ -532,7 +533,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr) logit("Warning: This may be due to an old implementation of ssh."); } /* Get the host key. */ - host_key = key_new(KEY_RSA1); + if ((host_key = key_new(KEY_RSA1)) == NULL) + fatal("%s: key_new(KEY_RSA1) failed", __func__); bits = packet_get_int(); packet_get_bignum(host_key->rsa->e); packet_get_bignum(host_key->rsa->n); diff --git a/sshkey.c b/sshkey.c index 85fd1bd97..53a7674b5 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.43 2017/02/17 02:31:14 dtucker Exp $ */ +/* $OpenBSD: sshkey.c,v 1.45 2017/03/10 04:07:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -197,14 +197,16 @@ sshkey_ecdsa_nid_from_name(const char *name) } char * -sshkey_alg_list(int certs_only, int plain_only, char sep) +sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) { char *tmp, *ret = NULL; size_t nlen, rlen = 0; const struct keytype *kt; for (kt = keytypes; kt->type != -1; kt++) { - if (kt->name == NULL || kt->sigonly) + if (kt->name == NULL) + continue; + if (!include_sigonly && kt->sigonly) continue; if ((certs_only && !kt->cert) || (plain_only && kt->cert)) continue; @@ -1239,6 +1241,9 @@ sshkey_read(struct sshkey *ret, char **cpp) u_long bits; #endif /* WITH_SSH1 */ + if (ret == NULL) + return SSH_ERR_INVALID_ARGUMENT; + cp = *cpp; switch (ret->type) { diff --git a/sshkey.h b/sshkey.h index f39363842..1b9e42f45 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.14 2016/09/12 23:31:27 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.15 2017/03/10 04:07:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -156,7 +156,7 @@ int sshkey_ec_validate_private(const EC_KEY *); const char *sshkey_ssh_name(const struct sshkey *); const char *sshkey_ssh_name_plain(const struct sshkey *); int sshkey_names_valid2(const char *, int); -char *sshkey_alg_list(int, int, char); +char *sshkey_alg_list(int, int, int, char); int sshkey_from_blob(const u_char *, size_t, struct sshkey **); int sshkey_fromb(struct sshbuf *, struct sshkey **);