From 8fb15311a011517eb2394bb95a467c209b8b336c Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 8 Mar 2017 12:07:47 +0000 Subject: [PATCH 01/20] upstream commit quote [host]:port in generated ProxyJump commandline; the [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri Tirkkonen via bugs@ Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182 --- ssh.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh.c b/ssh.c index 0b34edffa..1e222b384 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.449 2017/02/17 02:04:15 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.450 2017/03/08 12:07:47 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1103,7 +1103,7 @@ main(int ac, char **av) options.proxy_use_fdpass = 0; snprintf(port_s, sizeof(port_s), "%d", options.jump_port); xasprintf(&options.proxy_command, - "ssh%s%s%s%s%s%s%s%s%s%.*s -W [%%h]:%%p %s", + "ssh%s%s%s%s%s%s%s%s%s%.*s -W '[%%h]:%%p' %s", /* Optional "-l user" argument if jump_user set */ options.jump_user == NULL ? "" : " -l ", options.jump_user == NULL ? "" : options.jump_user, From da39b09d43b137a5a3d071b51589e3efb3701238 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 10 Mar 2017 13:22:32 +1100 Subject: [PATCH 02/20] If OSX is using launchd, remove screen no. Check for socket with and without screen number. From Apple and Jakob Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@ --- channels.c | 48 +++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 41 insertions(+), 7 deletions(-) diff --git a/channels.c b/channels.c index 398da9a89..d030fcdd9 100644 --- a/channels.c +++ b/channels.c @@ -4373,6 +4373,33 @@ connect_local_xsocket(u_int dnr) return connect_local_xsocket_path(buf); } +#ifdef __APPLE__ +static int +is_path_to_xsocket(const char *display, char *path, size_t pathlen) +{ + struct stat sbuf; + + if (strlcpy(path, display, pathlen) >= pathlen) { + error("%s: display path too long", __func__); + return 0; + } + if (display[0] != '/') + return 0; + if (stat(path, &sbuf) == 0) { + return 1; + } else { + char *dot = strrchr(path, '.'); + if (dot != NULL) { + *dot = '\0'; + if (stat(path, &sbuf) == 0) { + return 1; + } + } + } + return 0; +} +#endif + int x11_connect_display(void) { @@ -4394,15 +4421,22 @@ x11_connect_display(void) * connection to the real X server. */ - /* Check if the display is from launchd. */ #ifdef __APPLE__ - if (strncmp(display, "/tmp/launch", 11) == 0) { - sock = connect_local_xsocket_path(display); - if (sock < 0) - return -1; + /* Check if display is a path to a socket (as set by launchd). */ + { + char path[PATH_MAX]; - /* OK, we now have a connection to the display. */ - return sock; + if (is_path_to_xsocket(display, path, sizeof(path))) { + debug("x11_connect_display: $DISPLAY is launchd"); + + /* Create a socket. */ + sock = connect_local_xsocket_path(path); + if (sock < 0) + return -1; + + /* OK, we now have a connection to the display. */ + return sock; + } } #endif /* From bee0167be2340d8de4bdc1ab1064ec957c85a447 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 10 Mar 2017 13:40:18 +1100 Subject: [PATCH 03/20] Check for NULL from malloc. Part of bz#2687, from jjelen at redhat.com. --- auth-pam.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/auth-pam.c b/auth-pam.c index 7d8b2926b..bc8e5e02d 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -830,6 +830,8 @@ fake_password(const char *wire_password) fatal("%s: password length too long: %zu", __func__, l); ret = malloc(l + 1); + if (ret == NULL) + return NULL; for (i = 0; i < l; i++) ret[i] = junk[i % (sizeof(junk) - 1)]; ret[i] = '\0'; From 4a4b75adac862029a1064577eb5af299b1580cdd Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 10 Mar 2017 02:59:51 +0000 Subject: [PATCH 04/20] upstream commit Validate digest arg in ssh_digest_final; from jjelen at redhat.com via bz#2687, ok djm@ Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878 --- digest-openssl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/digest-openssl.c b/digest-openssl.c index 13b63c2f0..c55ceb93f 100644 --- a/digest-openssl.c +++ b/digest-openssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: digest-openssl.c,v 1.5 2014/12/21 22:27:56 djm Exp $ */ +/* $OpenBSD: digest-openssl.c,v 1.6 2017/03/10 02:59:51 dtucker Exp $ */ /* * Copyright (c) 2013 Damien Miller * @@ -158,7 +158,7 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg); u_int l = dlen; - if (dlen > UINT_MAX) + if (digest == NULL || dlen > UINT_MAX) return SSH_ERR_INVALID_ARGUMENT; if (dlen < digest->digest_len) /* No truncation allowed */ return SSH_ERR_INVALID_ARGUMENT; From 9747b9c742de409633d4753bf1a752cbd211e2d3 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 10 Mar 2017 03:15:58 +0000 Subject: [PATCH 05/20] upstream commit don't truncate off \r\n from long stderr lines; bz#2688, reported by Brian Dyson; ok dtucker@ Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4 --- log.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/log.c b/log.c index 2b59c4274..d0f86cf6f 100644 --- a/log.c +++ b/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.48 2016/07/15 05:01:58 dtucker Exp $ */ +/* $OpenBSD: log.c,v 1.49 2017/03/10 03:15:58 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -453,7 +453,8 @@ do_log(LogLevel level, const char *fmt, va_list args) tmp_handler(level, fmtbuf, log_handler_ctx); log_handler = tmp_handler; } else if (log_on_stderr) { - snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); + snprintf(msgbuf, sizeof msgbuf, "%.*s\r\n", + (int)sizeof msgbuf - 3, fmtbuf); (void)write(log_stderr_fd, msgbuf, strlen(msgbuf)); } else { #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) From 8a2834454c73dfc1eb96453c0e97690595f3f4c2 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 10 Mar 2017 03:18:24 +0000 Subject: [PATCH 06/20] upstream commit correctly hash hosts with a port number. Reported by Josh Powers in bz#2692; ok dtucker@ Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442 --- ssh-keyscan.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/ssh-keyscan.c b/ssh-keyscan.c index eea8d0a0a..e34286e47 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.107 2017/01/06 03:41:58 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.108 2017/03/10 03:18:24 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -321,16 +321,17 @@ keygrab_ssh2(con *c) } static void -keyprint_one(char *host, struct sshkey *key) +keyprint_one(const char *host, struct sshkey *key) { char *hostport; - - if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) - fatal("host_hash failed"); + const char *known_host, *hashed; hostport = put_host_port(host, ssh_port); + if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) + fatal("host_hash failed"); + known_host = hash_hosts ? hashed : hostport; if (!get_cert) - fprintf(stdout, "%s ", hostport); + fprintf(stdout, "%s ", known_host); sshkey_write(key, stdout); fputs("\n", stdout); free(hostport); From 566b3a46e89a2fda2db46f04f2639e92da64a120 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 10 Mar 2017 03:22:40 +0000 Subject: [PATCH 07/20] upstream commit Plug descriptor leaks of auth_sock. From jjelen at redhat.com via bz#2687, ok djm@ Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88 --- sshconnect.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sshconnect.c b/sshconnect.c index 96b91ce1a..948b638ad 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.272 2016/09/12 01:22:38 deraadt Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.273 2017/03/10 03:22:40 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1532,6 +1532,7 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment, if (options.add_keys_to_agent == 2 && !ask_permission("Add key %s (%s) to agent?", authfile, comment)) { debug3("user denied adding this key"); + close(auth_sock); return; } @@ -1540,4 +1541,5 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment, debug("identity added to agent: %s", authfile); else debug("could not add identity to agent: %s (%d)", authfile, r); + close(auth_sock); } From f6edbe9febff8121f26835996b1229b5064d31b7 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 10 Mar 2017 03:24:48 +0000 Subject: [PATCH 08/20] upstream commit Plug mem leak on GLOB_NOMATCH case. From jjelen at redhat.com via bz#2687, ok djm@ Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d --- readconf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/readconf.c b/readconf.c index e51481b10..c62c2eaba 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.268 2017/02/03 23:01:19 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.269 2017/03/10 03:24:48 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1500,6 +1500,7 @@ parse_keytypes: if (r == GLOB_NOMATCH) { debug("%.200s line %d: include %s matched no " "files",filename, linenum, arg2); + free(arg2); continue; } else if (r != 0 || gl.gl_pathc < 0) fatal("%.200s line %d: glob failed for %s.", From 5a06b9e019e2b0b0f65a223422935b66f3749de3 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 10 Mar 2017 03:45:40 +0000 Subject: [PATCH 09/20] upstream commit Plug some mem leaks mostly on error paths. From jjelen at redhat.com via bz#2687, ok djm@ Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2 --- kex.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/kex.c b/kex.c index a30dabe5f..5b42518d3 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.128 2017/02/03 23:01:19 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.129 2017/03/10 03:45:40 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -178,7 +178,7 @@ kex_names_valid(const char *names) char * kex_names_cat(const char *a, const char *b) { - char *ret = NULL, *tmp = NULL, *cp, *p; + char *ret = NULL, *tmp = NULL, *cp, *p, *m; size_t len; if (a == NULL || *a == '\0') @@ -195,8 +195,10 @@ kex_names_cat(const char *a, const char *b) } strlcpy(ret, a, len); for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { - if (match_list(ret, p, NULL) != NULL) + if ((m = match_list(ret, p, NULL)) != NULL) { + free(m); continue; /* Algorithm already present */ + } if (strlcat(ret, ",", len) >= len || strlcat(ret, p, len) >= len) { free(tmp); @@ -651,8 +653,10 @@ choose_enc(struct sshenc *enc, char *client, char *server) if (name == NULL) return SSH_ERR_NO_CIPHER_ALG_MATCH; - if ((enc->cipher = cipher_by_name(name)) == NULL) + if ((enc->cipher = cipher_by_name(name)) == NULL) { + free(name); return SSH_ERR_INTERNAL_ERROR; + } enc->name = name; enc->enabled = 0; enc->iv = NULL; @@ -670,8 +674,10 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server) if (name == NULL) return SSH_ERR_NO_MAC_ALG_MATCH; - if (mac_setup(mac, name) < 0) + if (mac_setup(mac, name) < 0) { + free(name); return SSH_ERR_INTERNAL_ERROR; + } /* truncate the key */ if (ssh->compat & SSH_BUG_HMAC) mac->key_len = 16; @@ -695,6 +701,7 @@ choose_comp(struct sshcomp *comp, char *client, char *server) } else if (strcmp(name, "none") == 0) { comp->type = COMP_NONE; } else { + free(name); return SSH_ERR_INTERNAL_ERROR; } comp->name = name; From 7fadbb6da3f4122de689165651eb39985e1cba85 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 10 Mar 2017 03:48:57 +0000 Subject: [PATCH 10/20] upstream commit Check for NULL argument to sshkey_read. Patch from jjelen at redhat.com via bz#2687, ok djm@ Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e --- sshkey.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sshkey.c b/sshkey.c index 85fd1bd97..06e11c6c6 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.43 2017/02/17 02:31:14 dtucker Exp $ */ +/* $OpenBSD: sshkey.c,v 1.44 2017/03/10 03:48:57 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -1239,6 +1239,9 @@ sshkey_read(struct sshkey *ret, char **cpp) u_long bits; #endif /* WITH_SSH1 */ + if (ret == NULL) + return SSH_ERR_INVALID_ARGUMENT; + cp = *cpp; switch (ret->type) { From ec2892b5c7fea199914cb3a6afb3af38f84990bf Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 10 Mar 2017 03:52:48 +0000 Subject: [PATCH 11/20] upstream commit reword a comment to make it fit 80 columns Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349 --- match.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/match.c b/match.c index ca93cb06e..a7585e2bd 100644 --- a/match.c +++ b/match.c @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.35 2017/02/15 23:38:31 jsg Exp $ */ +/* $OpenBSD: match.c,v 1.36 2017/03/10 03:52:48 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -145,7 +145,7 @@ match_pattern_list(const char *string, const char *pattern, int dolower) if (subi >= sizeof(sub) - 1) return 0; - /* If the subpattern was terminated by a comma, skip the comma. */ + /* If the subpattern was terminated by a comma, then skip it. */ if (i < len && pattern[i] == ',') i++; From 66be4fe8c4435af5bbc82998501a142a831f1181 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 10 Mar 2017 03:53:11 +0000 Subject: [PATCH 12/20] upstream commit Check for NULL return value from key_new. Patch from jjelen at redhat.com via bz#2687, ok djm@ Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e --- sshconnect1.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sshconnect1.c b/sshconnect1.c index a04536184..dc00b4cd0 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.79 2016/09/19 07:52:42 natano Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.80 2017/03/10 03:53:11 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -520,7 +520,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr) cookie[i] = packet_get_char(); /* Get the public key. */ - server_key = key_new(KEY_RSA1); + if ((server_key = key_new(KEY_RSA1)) == NULL) + fatal("%s: key_new(KEY_RSA1) failed", __func__); bits = packet_get_int(); packet_get_bignum(server_key->rsa->e); packet_get_bignum(server_key->rsa->n); @@ -532,7 +533,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr) logit("Warning: This may be due to an old implementation of ssh."); } /* Get the host key. */ - host_key = key_new(KEY_RSA1); + if ((host_key = key_new(KEY_RSA1)) == NULL) + fatal("%s: key_new(KEY_RSA1) failed", __func__); bits = packet_get_int(); packet_get_bignum(host_key->rsa->e); packet_get_bignum(host_key->rsa->n); From 183ba55aaaecca0206184b854ad6155df237adbe Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 10 Mar 2017 04:07:20 +0000 Subject: [PATCH 13/20] upstream commit fix regression in 7.4 server-sig-algs, where we were accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno Goncalves; ok dtucker@ Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8 --- kex.c | 4 ++-- ssh.c | 8 ++++---- sshkey.c | 8 +++++--- sshkey.h | 4 ++-- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/kex.c b/kex.c index 5b42518d3..8ac00299c 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.129 2017/03/10 03:45:40 dtucker Exp $ */ +/* $OpenBSD: kex.c,v 1.130 2017/03/10 04:07:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -350,7 +350,7 @@ kex_send_ext_info(struct ssh *ssh) int r; char *algs; - if ((algs = sshkey_alg_list(0, 1, ',')) == NULL) + if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || (r = sshpkt_put_u32(ssh, 1)) != 0 || diff --git a/ssh.c b/ssh.c index 1e222b384..32b27bbc2 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.450 2017/03/08 12:07:47 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.451 2017/03/10 04:07:20 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -684,11 +684,11 @@ main(int ac, char **av) else if (strcmp(optarg, "kex") == 0) cp = kex_alg_list('\n'); else if (strcmp(optarg, "key") == 0) - cp = sshkey_alg_list(0, 0, '\n'); + cp = sshkey_alg_list(0, 0, 0, '\n'); else if (strcmp(optarg, "key-cert") == 0) - cp = sshkey_alg_list(1, 0, '\n'); + cp = sshkey_alg_list(1, 0, 0, '\n'); else if (strcmp(optarg, "key-plain") == 0) - cp = sshkey_alg_list(0, 1, '\n'); + cp = sshkey_alg_list(0, 1, 0, '\n'); else if (strcmp(optarg, "protocol-version") == 0) { #ifdef WITH_SSH1 cp = xstrdup("1\n2"); diff --git a/sshkey.c b/sshkey.c index 06e11c6c6..53a7674b5 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.44 2017/03/10 03:48:57 dtucker Exp $ */ +/* $OpenBSD: sshkey.c,v 1.45 2017/03/10 04:07:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -197,14 +197,16 @@ sshkey_ecdsa_nid_from_name(const char *name) } char * -sshkey_alg_list(int certs_only, int plain_only, char sep) +sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) { char *tmp, *ret = NULL; size_t nlen, rlen = 0; const struct keytype *kt; for (kt = keytypes; kt->type != -1; kt++) { - if (kt->name == NULL || kt->sigonly) + if (kt->name == NULL) + continue; + if (!include_sigonly && kt->sigonly) continue; if ((certs_only && !kt->cert) || (plain_only && kt->cert)) continue; diff --git a/sshkey.h b/sshkey.h index f39363842..1b9e42f45 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.14 2016/09/12 23:31:27 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.15 2017/03/10 04:07:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -156,7 +156,7 @@ int sshkey_ec_validate_private(const EC_KEY *); const char *sshkey_ssh_name(const struct sshkey *); const char *sshkey_ssh_name_plain(const struct sshkey *); int sshkey_names_valid2(const char *, int); -char *sshkey_alg_list(int, int, char); +char *sshkey_alg_list(int, int, int, char); int sshkey_from_blob(const u_char *, size_t, struct sshkey **); int sshkey_fromb(struct sshbuf *, struct sshkey **); From 67eed24bfa7645d88fa0b883745fccb22a0e527e Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 10 Mar 2017 04:11:00 +0000 Subject: [PATCH 14/20] upstream commit Remove old null check from config dumper. Patch from jjelen at redhat.com vi bz#2687, ok djm@ Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528 --- servconf.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/servconf.c b/servconf.c index 2f8e29d4c..725886e8c 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.304 2017/02/03 23:01:19 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.305 2017/03/10 04:11:00 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -2159,8 +2159,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val) static void dump_cfg_string(ServerOpCodes code, const char *val) { - if (val == NULL) - return; printf("%s %s\n", lookup_opcode_name(code), val == NULL ? "none" : val); } From df9936936c695f85c1038bd706d62edf752aca4b Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 10 Mar 2017 04:24:55 +0000 Subject: [PATCH 15/20] upstream commit make hostname matching really insensitive to case; bz#2685, reported by Petr Cerny; ok dtucker@ Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549 --- match.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/match.c b/match.c index a7585e2bd..3cf40306b 100644 --- a/match.c +++ b/match.c @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.36 2017/03/10 03:52:48 djm Exp $ */ +/* $OpenBSD: match.c,v 1.37 2017/03/10 04:24:55 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,9 +42,11 @@ #include #include #include +#include #include "xmalloc.h" #include "match.h" +#include "misc.h" /* * Returns true if the given string matches the pattern (which may contain ? @@ -177,7 +179,13 @@ match_pattern_list(const char *string, const char *pattern, int dolower) int match_hostname(const char *host, const char *pattern) { - return match_pattern_list(host, pattern, 1); + char *hostcopy = xstrdup(host); + int r; + + lowercase(hostcopy); + r = match_pattern_list(hostcopy, pattern, 1); + free(hostcopy); + return r; } /* From db2597207e69912f2592cd86a1de8e948a9d7ffb Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 10 Mar 2017 04:26:06 +0000 Subject: [PATCH 16/20] upstream commit ensure hostname is lower-case before hashing it; bz#2591 reported by Griff Miller II; ok dtucker@ Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17 --- hostfile.c | 19 ++++++++++++------- ssh-keygen.c | 3 ++- ssh-keyscan.c | 3 ++- 3 files changed, 16 insertions(+), 9 deletions(-) diff --git a/hostfile.c b/hostfile.c index 4548fbab3..e23faa969 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.67 2016/09/17 18:00:27 tedu Exp $ */ +/* $OpenBSD: hostfile.c,v 1.68 2017/03/10 04:26:06 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -419,19 +419,24 @@ write_host_entry(FILE *f, const char *host, const char *ip, const struct sshkey *key, int store_hash) { int r, success = 0; - char *hashed_host = NULL; + char *hashed_host = NULL, *lhost; + + lhost = xstrdup(host); + lowercase(lhost); if (store_hash) { - if ((hashed_host = host_hash(host, NULL, 0)) == NULL) { + if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) { error("%s: host_hash failed", __func__); + free(lhost); return 0; } fprintf(f, "%s ", hashed_host); } else if (ip != NULL) - fprintf(f, "%s,%s ", host, ip); - else - fprintf(f, "%s ", host); - + fprintf(f, "%s,%s ", lhost, ip); + else { + fprintf(f, "%s ", lhost); + } + free(lhost); if ((r = sshkey_write(key, f)) == 0) success = 1; else diff --git a/ssh-keygen.c b/ssh-keygen.c index 6fd1f0348..f17af036b 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.298 2017/03/06 02:03:20 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.299 2017/03/10 04:26:06 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1108,6 +1108,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) */ ohosts = hosts = xstrdup(l->hosts); while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') { + lowercase(cp); if ((hashed = host_hash(cp, NULL, 0)) == NULL) fatal("hash_host failed"); fprintf(ctx->out, "%s %s\n", hashed, l->rawkey); diff --git a/ssh-keyscan.c b/ssh-keyscan.c index e34286e47..1f95239a3 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.108 2017/03/10 03:18:24 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.109 2017/03/10 04:26:06 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -327,6 +327,7 @@ keyprint_one(const char *host, struct sshkey *key) const char *known_host, *hashed; hostport = put_host_port(host, ssh_port); + lowercase(hostport); if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) fatal("host_hash failed"); known_host = hash_hosts ? hashed : hostport; From 61b8ef6a66efaec07e023342cb94a10bdc2254dc Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 10 Mar 2017 04:27:32 +0000 Subject: [PATCH 17/20] upstream commit better match sshd config parser behaviour: fatal() if line is overlong, increase line buffer to match sshd's; bz#2651 reported by Don Fong; ok dtucker@ Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18 --- readconf.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/readconf.c b/readconf.c index c62c2eaba..9d59493f0 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.269 2017/03/10 03:24:48 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.270 2017/03/10 04:27:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1720,7 +1720,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, int flags, int *activep, int depth) { FILE *f; - char line[1024]; + char line[4096]; int linenum; int bad_options = 0; @@ -1750,6 +1750,8 @@ read_config_file_depth(const char *filename, struct passwd *pw, while (fgets(line, sizeof(line), f)) { /* Update line number counter. */ linenum++; + if (strlen(line) == sizeof(line) - 1) + fatal("%s line %d too long", filename, linenum); if (process_config_line_depth(options, pw, host, original_host, line, filename, linenum, activep, flags, depth) != 0) bad_options++; From 77a9be9446697fe8b5499fe651f4a82a71a4b51f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 10 Mar 2017 03:52:48 +0000 Subject: [PATCH 18/20] upstream commit reword a comment to make it fit 80 columns Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4 --- match.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/match.c b/match.c index 3cf40306b..a7585e2bd 100644 --- a/match.c +++ b/match.c @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.37 2017/03/10 04:24:55 djm Exp $ */ +/* $OpenBSD: match.c,v 1.36 2017/03/10 03:52:48 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,11 +42,9 @@ #include #include #include -#include #include "xmalloc.h" #include "match.h" -#include "misc.h" /* * Returns true if the given string matches the pattern (which may contain ? @@ -179,13 +177,7 @@ match_pattern_list(const char *string, const char *pattern, int dolower) int match_hostname(const char *host, const char *pattern) { - char *hostcopy = xstrdup(host); - int r; - - lowercase(hostcopy); - r = match_pattern_list(hostcopy, pattern, 1); - free(hostcopy); - return r; + return match_pattern_list(host, pattern, 1); } /* From dd3e2298663f4cc1a06bc69582d00dcfee27d73c Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 10 Mar 2017 04:24:55 +0000 Subject: [PATCH 19/20] upstream commit make hostname matching really insensitive to case; bz#2685, reported by Petr Cerny; ok dtucker@ Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253 --- match.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/match.c b/match.c index a7585e2bd..3cf40306b 100644 --- a/match.c +++ b/match.c @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.36 2017/03/10 03:52:48 djm Exp $ */ +/* $OpenBSD: match.c,v 1.37 2017/03/10 04:24:55 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -42,9 +42,11 @@ #include #include #include +#include #include "xmalloc.h" #include "match.h" +#include "misc.h" /* * Returns true if the given string matches the pattern (which may contain ? @@ -177,7 +179,13 @@ match_pattern_list(const char *string, const char *pattern, int dolower) int match_hostname(const char *host, const char *pattern) { - return match_pattern_list(host, pattern, 1); + char *hostcopy = xstrdup(host); + int r; + + lowercase(hostcopy); + r = match_pattern_list(hostcopy, pattern, 1); + free(hostcopy); + return r; } /* From 894221a63fa061e52e414ca58d47edc5fe645968 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 10 Mar 2017 05:01:13 +0000 Subject: [PATCH 20/20] upstream commit When updating hostkeys, accept RSA keys if HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok dtucker@ Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2 --- clientloop.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/clientloop.c b/clientloop.c index c6a41386d..064816234 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.290 2017/01/29 21:35:23 dtucker Exp $ */ +/* $OpenBSD: clientloop.c,v 1.291 2017/03/10 05:01:13 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2390,6 +2390,26 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx) hostkeys_update_ctx_free(ctx); } +/* + * Returns non-zero if the key is accepted by HostkeyAlgorithms. + * Made slightly less trivial by the multiple RSA signature algorithm names. + */ +static int +key_accepted_by_hostkeyalgs(const struct sshkey *key) +{ + const char *ktype = sshkey_ssh_name(key); + const char *hostkeyalgs = options.hostkeyalgorithms != NULL ? + options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG; + + if (key == NULL || key->type == KEY_UNSPEC) + return 0; + if (key->type == KEY_RSA && + (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 || + match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1)) + return 1; + return match_pattern_list(ktype, hostkeyalgs, 0) == 1; +} + /* * Handle hostkeys-00@openssh.com global request to inform the client of all * the server's hostkeys. The keys are checked against the user's @@ -2436,10 +2456,7 @@ client_input_hostkeys(void) sshkey_type(key), fp); free(fp); - /* Check that the key is accepted in HostkeyAlgorithms */ - if (match_pattern_list(sshkey_ssh_name(key), - options.hostkeyalgorithms ? options.hostkeyalgorithms : - KEX_DEFAULT_PK_ALG, 0) != 1) { + if (!key_accepted_by_hostkeyalgs(key)) { debug3("%s: %s key not permitted by HostkeyAlgorithms", __func__, sshkey_ssh_name(key)); continue;