summaryrefslogtreecommitdiffstats
path: root/auth-rhosts.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2022-02-23 12:15:57 +0100
committerDamien Miller <djm@mindrot.org>2022-02-23 12:19:56 +0100
commitbf114d6f0a9df0b8369823d9a0daa6c72b0c4cc9 (patch)
tree518e29d2d93c7b200f9b447ee9e8aaa4f4bcfb62 /auth-rhosts.c
parentupstream: openssh-8.9 (diff)
downloadopenssh-bf114d6f0a9df0b8369823d9a0daa6c72b0c4cc9.tar.xz
openssh-bf114d6f0a9df0b8369823d9a0daa6c72b0c4cc9.zip
upstream: use asprintf to construct .rhosts paths
OpenBSD-Commit-ID: 8286e8d3d2c6ff916ff13d041d1713073f738a8b
Diffstat (limited to '')
-rw-r--r--auth-rhosts.c36
1 files changed, 23 insertions, 13 deletions
diff --git a/auth-rhosts.c b/auth-rhosts.c
index c055b14f3..cac5cd84d 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.54 2022/02/01 23:32:51 djm Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.55 2022/02/23 11:15:57 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,6 +34,7 @@
#include "pathnames.h"
#include "log.h"
#include "misc.h"
+#include "xmalloc.h"
#include "sshbuf.h"
#include "sshkey.h"
#include "servconf.h"
@@ -189,12 +190,13 @@ int
auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
const char *ipaddr)
{
- char buf[1024];
+ char *path = NULL;
struct stat st;
static const char * const rhosts_files[] = {".shosts", ".rhosts", NULL};
u_int rhosts_file_index;
+ int r;
- debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s",
+ debug2_f("clientuser %s hostname %s ipaddr %s",
client_user, hostname, ipaddr);
/* Switch to the user's uid. */
@@ -208,9 +210,11 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];
rhosts_file_index++) {
/* Check users .rhosts or .shosts. */
- snprintf(buf, sizeof buf, "%.500s/%.100s",
- pw->pw_dir, rhosts_files[rhosts_file_index]);
- if (stat(buf, &st) >= 0)
+ xasprintf(&path, "%s/%s",
+ pw->pw_dir, rhosts_files[rhosts_file_index]);
+ r = stat(path, &st);
+ free(path);
+ if (r >= 0)
break;
}
/* Switch back to privileged uid. */
@@ -275,10 +279,12 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];
rhosts_file_index++) {
/* Check users .rhosts or .shosts. */
- snprintf(buf, sizeof buf, "%.500s/%.100s",
- pw->pw_dir, rhosts_files[rhosts_file_index]);
- if (stat(buf, &st) == -1)
+ xasprintf(&path, "%s/%s",
+ pw->pw_dir, rhosts_files[rhosts_file_index]);
+ if (stat(path, &st) == -1) {
+ free(path);
continue;
+ }
/*
* Make sure that the file is either owned by the user or by
@@ -289,9 +295,10 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
if (options.strict_modes &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0)) {
- logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
- pw->pw_name, buf);
- auth_debug_add("Bad file modes for %.200s", buf);
+ logit("Rhosts authentication refused for %.100s: "
+ "bad modes for %.200s", pw->pw_name, path);
+ auth_debug_add("Bad file modes for %.200s", path);
+ free(path);
continue;
}
/*
@@ -303,10 +310,11 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
strcmp(rhosts_files[rhosts_file_index], ".shosts") != 0)) {
auth_debug_add("Server has been configured to "
"ignore %.100s.", rhosts_files[rhosts_file_index]);
+ free(path);
continue;
}
/* Check if authentication is permitted by the file. */
- if (check_rhosts_file(buf, hostname, ipaddr,
+ if (check_rhosts_file(path, hostname, ipaddr,
client_user, pw->pw_name)) {
auth_debug_add("Accepted by %.100s.",
rhosts_files[rhosts_file_index]);
@@ -315,8 +323,10 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
auth_debug_add("Accepted host %s ip %s client_user "
"%s server_user %s", hostname, ipaddr,
client_user, pw->pw_name);
+ free(path);
return 1;
}
+ free(path);
}
/* Restore the privileged uid. */