summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2015-05-04 08:10:48 +0200
committerDamien Miller <djm@mindrot.org>2015-05-10 03:38:04 +0200
commite661a86353e11592c7ed6a847e19a83609f49e77 (patch)
tree5fe2c206d56dd4296a79e20ca6cfbbb83cb7c40c
parentupstream commit (diff)
downloadopenssh-e661a86353e11592c7ed6a847e19a83609f49e77.tar.xz
openssh-e661a86353e11592c7ed6a847e19a83609f49e77.zip
upstream commit
Remove pattern length argument from match_pattern_list(), we only ever use it for strlen(pattern). Prompted by hanno AT hboeck.de pointing an out-of-bound read error caused by an incorrect pattern length found using AFL and his own tools. ok markus@
-rw-r--r--auth2-hostbased.c5
-rw-r--r--auth2-pubkey.c6
-rw-r--r--clientloop.c5
-rw-r--r--compat.c5
-rw-r--r--groupaccess.c6
-rw-r--r--hostfile.c4
-rw-r--r--match.c14
-rw-r--r--match.h6
-rw-r--r--monitor.c11
-rw-r--r--readconf.c16
-rw-r--r--servconf.c9
-rw-r--r--ssh.c8
-rw-r--r--sshconnect2.c5
-rw-r--r--sshkey.c2
14 files changed, 43 insertions, 59 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index eebfe8fc3..e2327cf77 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.24 2015/01/28 22:36:00 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.25 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -109,8 +109,7 @@ userauth_hostbased(Authctxt *authctxt)
goto done;
}
if (match_pattern_list(sshkey_ssh_name(key),
- options.hostbased_key_types,
- strlen(options.hostbased_key_types), 0) != 1) {
+ options.hostbased_key_types, 0) != 1) {
logit("%s: key type %s not in HostbasedAcceptedKeyTypes",
__func__, sshkey_type(key));
goto done;
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index d943efa1e..e103b70af 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.47 2015/02/17 00:14:05 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.49 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -127,8 +127,8 @@ userauth_pubkey(Authctxt *authctxt)
logit("refusing previously-used %s key", key_type(key));
goto done;
}
- if (match_pattern_list(sshkey_ssh_name(key), options.pubkey_key_types,
- strlen(options.pubkey_key_types), 0) != 1) {
+ if (match_pattern_list(sshkey_ssh_name(key),
+ options.pubkey_key_types, 0) != 1) {
logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
__func__, sshkey_ssh_name(key));
goto done;
diff --git a/clientloop.c b/clientloop.c
index a9c8a90f0..040deb992 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.272 2015/02/25 19:54:02 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.273 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2352,8 +2352,7 @@ client_input_hostkeys(void)
/* Check that the key is accepted in HostkeyAlgorithms */
if (options.hostkeyalgorithms != NULL &&
match_pattern_list(sshkey_ssh_name(key),
- options.hostkeyalgorithms,
- strlen(options.hostkeyalgorithms), 0) != 1) {
+ options.hostkeyalgorithms, 0) != 1) {
debug3("%s: %s key not permitted by HostkeyAlgorithms",
__func__, sshkey_ssh_name(key));
continue;
diff --git a/compat.c b/compat.c
index 7836a86be..337bbe01e 100644
--- a/compat.c
+++ b/compat.c
@@ -192,8 +192,7 @@ compat_datafellows(const char *version)
/* process table, return first match */
for (i = 0; check[i].pat; i++) {
- if (match_pattern_list(version, check[i].pat,
- strlen(check[i].pat), 0) == 1) {
+ if (match_pattern_list(version, check[i].pat, 0) == 1) {
debug("match: %s pat %s compat 0x%08x",
version, check[i].pat, check[i].bugs);
datafellows = check[i].bugs; /* XXX for now */
@@ -251,7 +250,7 @@ filter_proposal(char *proposal, const char *filter)
buffer_init(&b);
tmp = orig_prop = xstrdup(proposal);
while ((cp = strsep(&tmp, ",")) != NULL) {
- if (match_pattern_list(cp, filter, strlen(cp), 0) != 1) {
+ if (match_pattern_list(cp, filter, 0) != 1) {
if (buffer_len(&b) > 0)
buffer_append(&b, ",", 1);
buffer_append(&b, cp, strlen(cp));
diff --git a/groupaccess.c b/groupaccess.c
index 4fca04471..2518c8487 100644
--- a/groupaccess.c
+++ b/groupaccess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: groupaccess.c,v 1.15 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: groupaccess.c,v 1.16 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 2001 Kevin Steves. All rights reserved.
*
@@ -97,11 +97,9 @@ int
ga_match_pattern_list(const char *group_pattern)
{
int i, found = 0;
- size_t len = strlen(group_pattern);
for (i = 0; i < ngroups; i++) {
- switch (match_pattern_list(groups_byname[i],
- group_pattern, len, 0)) {
+ switch (match_pattern_list(groups_byname[i], group_pattern, 0)) {
case -1:
return 0; /* Negated match wins */
case 0:
diff --git a/hostfile.c b/hostfile.c
index d9fdcb872..2850a4793 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.65 2015/03/31 22:57:06 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.66 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -663,7 +663,7 @@ match_maybe_hashed(const char *host, const char *names, int *was_hashed)
return nlen == strlen(hashed_host) &&
strncmp(hashed_host, names, nlen) == 0;
}
- return match_hostname(host, names, nlen) == 1;
+ return match_hostname(host, names) == 1;
}
int
diff --git a/match.c b/match.c
index c35e32896..913b6bae0 100644
--- a/match.c
+++ b/match.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.c,v 1.29 2013/11/20 20:54:10 deraadt Exp $ */
+/* $OpenBSD: match.c,v 1.30 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -115,15 +115,13 @@ match_pattern(const char *s, const char *pattern)
* indicate negation). Returns -1 if negation matches, 1 if there is
* a positive match, 0 if there is no match at all.
*/
-
int
-match_pattern_list(const char *string, const char *pattern, u_int len,
- int dolower)
+match_pattern_list(const char *string, const char *pattern, int dolower)
{
char sub[1024];
int negated;
int got_positive;
- u_int i, subi;
+ u_int i, subi, len = strlen(pattern);
got_positive = 0;
for (i = 0; i < len;) {
@@ -177,9 +175,9 @@ match_pattern_list(const char *string, const char *pattern, u_int len,
* a positive match, 0 if there is no match at all.
*/
int
-match_hostname(const char *host, const char *pattern, u_int len)
+match_hostname(const char *host, const char *pattern)
{
- return match_pattern_list(host, pattern, len, 1);
+ return match_pattern_list(host, pattern, 1);
}
/*
@@ -200,7 +198,7 @@ match_host_and_ip(const char *host, const char *ipaddr,
return 0;
/* negative hostname match */
- if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)
+ if ((mhost = match_hostname(host, patterns)) == -1)
return 0;
/* no match at all */
if (mhost == 0 && mip == 0)
diff --git a/match.h b/match.h
index 3d7f70fc0..db97ca8f7 100644
--- a/match.h
+++ b/match.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.h,v 1.15 2010/02/26 20:29:54 djm Exp $ */
+/* $OpenBSD: match.h,v 1.16 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -15,8 +15,8 @@
#define MATCH_H
int match_pattern(const char *, const char *);
-int match_pattern_list(const char *, const char *, u_int, int);
-int match_hostname(const char *, const char *, u_int);
+int match_pattern_list(const char *, const char *, int);
+int match_hostname(const char *, const char *);
int match_host_and_ip(const char *, const char *, const char *);
int match_user(const char *, const char *, const char *, const char *);
char *match_list(const char *, const char *, u_int *);
diff --git a/monitor.c b/monitor.c
index 6908a0a6b..d0ee4f7a6 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.147 2015/04/27 01:52:30 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.149 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1215,9 +1215,9 @@ mm_answer_keyallowed(int sock, Buffer *m)
allowed = options.pubkey_authentication &&
!auth2_userkey_already_used(authctxt, key) &&
match_pattern_list(sshkey_ssh_name(key),
- options.pubkey_key_types,
- strlen(options.pubkey_key_types), 0) == 1 &&
- user_key_allowed(authctxt->pw, key);
+ options.pubkey_key_types, 0) == 1 &&
+ user_key_allowed(authctxt->pw, key,
+ pubkey_auth_attempt);
pubkey_auth_info(authctxt, key, NULL);
auth_method = "publickey";
if (options.pubkey_authentication && allowed != 1)
@@ -1226,8 +1226,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
case MM_HOSTKEY:
allowed = options.hostbased_authentication &&
match_pattern_list(sshkey_ssh_name(key),
- options.hostbased_key_types,
- strlen(options.hostbased_key_types), 0) == 1 &&
+ options.hostbased_key_types, 0) == 1 &&
hostbased_key_allowed(authctxt->pw,
cuser, chost, key);
pubkey_auth_info(authctxt, key,
diff --git a/readconf.c b/readconf.c
index 66090e305..f40ec8f22 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.234 2015/04/24 01:36:00 deraadt Exp $ */
+/* $OpenBSD: readconf.c,v 1.235 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -492,7 +492,6 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
char *arg, *oattrib, *attrib, *cmd, *cp = *condition, *host, *criteria;
const char *ruser;
int r, port, this_result, result = 1, attributes = 0, negate;
- size_t len;
char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
/*
@@ -545,25 +544,24 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
result = -1;
goto out;
}
- len = strlen(arg);
if (strcasecmp(attrib, "host") == 0) {
criteria = xstrdup(host);
- r = match_hostname(host, arg, len) == 1;
+ r = match_hostname(host, arg) == 1;
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "originalhost") == 0) {
criteria = xstrdup(original_host);
- r = match_hostname(original_host, arg, len) == 1;
+ r = match_hostname(original_host, arg) == 1;
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "user") == 0) {
criteria = xstrdup(ruser);
- r = match_pattern_list(ruser, arg, len, 0) == 1;
+ r = match_pattern_list(ruser, arg, 0) == 1;
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "localuser") == 0) {
criteria = xstrdup(pw->pw_name);
- r = match_pattern_list(pw->pw_name, arg, len, 0) == 1;
+ r = match_pattern_list(pw->pw_name, arg, 0) == 1;
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "exec") == 0) {
@@ -665,8 +663,8 @@ parse_token(const char *cp, const char *filename, int linenum,
for (i = 0; keywords[i].name; i++)
if (strcmp(cp, keywords[i].name) == 0)
return keywords[i].opcode;
- if (ignored_unknown != NULL && match_pattern_list(cp, ignored_unknown,
- strlen(ignored_unknown), 1) == 1)
+ if (ignored_unknown != NULL &&
+ match_pattern_list(cp, ignored_unknown, 1) == 1)
return oIgnoredUnknownOption;
error("%s: line %d: Bad configuration option: %s",
filename, linenum, cp);
diff --git a/servconf.c b/servconf.c
index 29457b833..c0291947b 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,4 @@
-
-/* $OpenBSD: servconf.c,v 1.266 2015/04/29 03:48:56 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.269 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -754,7 +753,6 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
{
int result = 1, attributes = 0, port;
char *arg, *attrib, *cp = *condition;
- size_t len;
if (ci == NULL)
debug3("checking syntax for 'Match %s'", cp);
@@ -781,13 +779,12 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
error("Missing Match criteria for %s", attrib);
return -1;
}
- len = strlen(arg);
if (strcasecmp(attrib, "user") == 0) {
if (ci == NULL || ci->user == NULL) {
result = 0;
continue;
}
- if (match_pattern_list(ci->user, arg, len, 0) != 1)
+ if (match_pattern_list(ci->user, arg, 0) != 1)
result = 0;
else
debug("user %.100s matched 'User %.100s' at "
@@ -808,7 +805,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
result = 0;
continue;
}
- if (match_hostname(ci->host, arg, len) != 1)
+ if (match_hostname(ci->host, arg) != 1)
result = 0;
else
debug("connection from %.100s matched 'Host "
diff --git a/ssh.c b/ssh.c
index ae4092544..3fd5a941f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.417 2015/04/17 13:16:48 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.418 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -356,10 +356,8 @@ check_follow_cname(char **namep, const char *cname)
debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname);
for (i = 0; i < options.num_permitted_cnames; i++) {
rule = options.permitted_cnames + i;
- if (match_pattern_list(*namep, rule->source_list,
- strlen(rule->source_list), 1) != 1 ||
- match_pattern_list(cname, rule->target_list,
- strlen(rule->target_list), 1) != 1)
+ if (match_pattern_list(*namep, rule->source_list, 1) != 1 ||
+ match_pattern_list(cname, rule->target_list, 1) != 1)
continue;
verbose("Canonicalized DNS aliased hostname "
"\"%s\" => \"%s\"", *namep, cname);
diff --git a/sshconnect2.c b/sshconnect2.c
index ba56f6433..fcaed6b01 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.223 2015/01/30 11:43:14 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.224 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1610,8 +1610,7 @@ userauth_hostbased(Authctxt *authctxt)
continue;
if (match_pattern_list(
sshkey_ssh_name(authctxt->sensitive->keys[i]),
- authctxt->active_ktype,
- strlen(authctxt->active_ktype), 0) != 1)
+ authctxt->active_ktype, 0) != 1)
continue;
/* we take and free the key */
private = authctxt->sensitive->keys[i];
diff --git a/sshkey.c b/sshkey.c
index a36004671..83985ca54 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -251,7 +251,7 @@ sshkey_names_valid2(const char *names, int allow_wildcard)
if (kt->type == KEY_RSA1)
continue;
if (match_pattern_list(kt->name,
- p, strlen(p), 0) != 0)
+ p, 0) != 0)
break;
}
if (kt->type != -1)