ssh: Be more paranoid with host/domain names coming from the
never write a name with bad characters to a known_hosts file. replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters. Obtained from: OpenSSH-portable commit 445363433ba2 Obtained from: OpenSSH-portable commit 3cae9f92a318 Sponsored by: The FreeBSD Foundation
This commit is contained in:
Ed Maste
parent
2768d70567
commit
2e82822057
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ssh.c,v 1.576 2022/09/17 10:33:18 djm Exp $ */
|
||||
/* $OpenBSD: ssh.c,v 1.579 2022/10/24 22:43:36 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -251,6 +251,7 @@ static struct addrinfo *
|
||||
resolve_host(const char *name, int port, int logerr, char *cname, size_t clen)
|
||||
{
|
||||
char strport[NI_MAXSERV];
|
||||
const char *errstr = NULL;
|
||||
struct addrinfo hints, *res;
|
||||
int gaierr;
|
||||
LogLevel loglevel = SYSLOG_LEVEL_DEBUG1;
|
||||
@ -276,7 +277,10 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen)
|
||||
return NULL;
|
||||
}
|
||||
if (cname != NULL && res->ai_canonname != NULL) {
|
||||
if (strlcpy(cname, res->ai_canonname, clen) >= clen) {
|
||||
if (!valid_domain(res->ai_canonname, 0, &errstr)) {
|
||||
error("ignoring bad CNAME \"%s\" for host \"%s\": %s",
|
||||
res->ai_canonname, name, errstr);
|
||||
} else if (strlcpy(cname, res->ai_canonname, clen) >= clen) {
|
||||
error_f("host \"%s\" cname \"%s\" too long (max %lu)",
|
||||
name, res->ai_canonname, (u_long)clen);
|
||||
if (clen > 0)
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sshconnect.c,v 1.358 2022/08/26 08:16:27 djm Exp $ */
|
||||
/* $OpenBSD: sshconnect.c,v 1.360 2022/11/03 21:59:20 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -935,7 +935,7 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
|
||||
char *ip = NULL, *host = NULL;
|
||||
char hostline[1000], *hostp, *fp, *ra;
|
||||
char msg[1024];
|
||||
const char *type, *fail_reason;
|
||||
const char *type, *fail_reason = NULL;
|
||||
const struct hostkey_entry *host_found = NULL, *ip_found = NULL;
|
||||
int len, cancelled_forwarding = 0, confirmed;
|
||||
int local = sockaddr_is_local(hostaddr);
|
||||
@ -960,6 +960,17 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Don't ever try to write an invalid name to a known hosts file.
|
||||
* Note: do this before get_hostfile_hostname_ipaddr() to catch
|
||||
* '[' or ']' in the name before they are added.
|
||||
*/
|
||||
if (strcspn(hostname, "@?*#[]|'\'\"\\") != strlen(hostname)) {
|
||||
debug_f("invalid hostname \"%s\"; will not record: %s",
|
||||
hostname, fail_reason);
|
||||
readonly = RDONLY;
|
||||
}
|
||||
|
||||
/*
|
||||
* Prepare the hostname and address strings used for hostkey lookup.
|
||||
* In some cases, these will have a port number appended.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user