diff options
author | djm@openbsd.org <djm@openbsd.org> | 2022-02-23 12:15:57 +0100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2022-02-23 12:19:56 +0100 |
commit | bf114d6f0a9df0b8369823d9a0daa6c72b0c4cc9 (patch) | |
tree | 518e29d2d93c7b200f9b447ee9e8aaa4f4bcfb62 /auth-rhosts.c | |
parent | upstream: openssh-8.9 (diff) | |
download | openssh-bf114d6f0a9df0b8369823d9a0daa6c72b0c4cc9.tar.xz openssh-bf114d6f0a9df0b8369823d9a0daa6c72b0c4cc9.zip |
upstream: use asprintf to construct .rhosts paths
OpenBSD-Commit-ID: 8286e8d3d2c6ff916ff13d041d1713073f738a8b
Diffstat (limited to '')
-rw-r--r-- | auth-rhosts.c | 36 |
1 files changed, 23 insertions, 13 deletions
diff --git a/auth-rhosts.c b/auth-rhosts.c index c055b14f3..cac5cd84d 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.54 2022/02/01 23:32:51 djm Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.55 2022/02/23 11:15:57 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -34,6 +34,7 @@ #include "pathnames.h" #include "log.h" #include "misc.h" +#include "xmalloc.h" #include "sshbuf.h" #include "sshkey.h" #include "servconf.h" @@ -189,12 +190,13 @@ int auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, const char *ipaddr) { - char buf[1024]; + char *path = NULL; struct stat st; static const char * const rhosts_files[] = {".shosts", ".rhosts", NULL}; u_int rhosts_file_index; + int r; - debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s", + debug2_f("clientuser %s hostname %s ipaddr %s", client_user, hostname, ipaddr); /* Switch to the user's uid. */ @@ -208,9 +210,11 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; rhosts_file_index++) { /* Check users .rhosts or .shosts. */ - snprintf(buf, sizeof buf, "%.500s/%.100s", - pw->pw_dir, rhosts_files[rhosts_file_index]); - if (stat(buf, &st) >= 0) + xasprintf(&path, "%s/%s", + pw->pw_dir, rhosts_files[rhosts_file_index]); + r = stat(path, &st); + free(path); + if (r >= 0) break; } /* Switch back to privileged uid. */ @@ -275,10 +279,12 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; rhosts_file_index++) { /* Check users .rhosts or .shosts. */ - snprintf(buf, sizeof buf, "%.500s/%.100s", - pw->pw_dir, rhosts_files[rhosts_file_index]); - if (stat(buf, &st) == -1) + xasprintf(&path, "%s/%s", + pw->pw_dir, rhosts_files[rhosts_file_index]); + if (stat(path, &st) == -1) { + free(path); continue; + } /* * Make sure that the file is either owned by the user or by @@ -289,9 +295,10 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, if (options.strict_modes && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || (st.st_mode & 022) != 0)) { - logit("Rhosts authentication refused for %.100s: bad modes for %.200s", - pw->pw_name, buf); - auth_debug_add("Bad file modes for %.200s", buf); + logit("Rhosts authentication refused for %.100s: " + "bad modes for %.200s", pw->pw_name, path); + auth_debug_add("Bad file modes for %.200s", path); + free(path); continue; } /* @@ -303,10 +310,11 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, strcmp(rhosts_files[rhosts_file_index], ".shosts") != 0)) { auth_debug_add("Server has been configured to " "ignore %.100s.", rhosts_files[rhosts_file_index]); + free(path); continue; } /* Check if authentication is permitted by the file. */ - if (check_rhosts_file(buf, hostname, ipaddr, + if (check_rhosts_file(path, hostname, ipaddr, client_user, pw->pw_name)) { auth_debug_add("Accepted by %.100s.", rhosts_files[rhosts_file_index]); @@ -315,8 +323,10 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, auth_debug_add("Accepted host %s ip %s client_user " "%s server_user %s", hostname, ipaddr, client_user, pw->pw_name); + free(path); return 1; } + free(path); } /* Restore the privileged uid. */ |