diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2024-09-25 03:24:04 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2024-09-25 03:27:24 +0200 |
| commit | 3f02368e8e9121847727c46b280efc280e5eb615 (patch) | |
| tree | 7f8661317ba20a4141982af3c1cfefd3c8bee938 /readconf.c | |
| parent | upstream: some extra paranoia, reminded by jsg@ (diff) | |
| download | openssh-3f02368e8e9121847727c46b280efc280e5eb615.tar.xz openssh-3f02368e8e9121847727c46b280efc280e5eb615.zip | |
upstream: fix regression introduced when I switched the "Match"
criteria tokeniser to a more shell-like one. Apparently the old tokeniser
(accidentally?) allowed "Match criteria=argument" as well as the "Match
criteria argument" syntax that we tested for.
People were using this syntax so this adds back support for
"Match criteria=argument"
bz3739 ok dtucker
OpenBSD-Commit-ID: d1eebedb8c902002b75b75debfe1eeea1801f58a
Diffstat (limited to 'readconf.c')
| -rw-r--r-- | readconf.c | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/readconf.c b/readconf.c index 3d9cc6dbb..de42fb6ff 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.390 2024/09/15 00:57:36 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.391 2024/09/25 01:24:04 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -710,7 +710,7 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, struct passwd *pw, const char *host_arg, const char *original_host, int final_pass, int *want_final_pass, const char *filename, int linenum) { - char *arg, *oattrib, *attrib, *cmd, *host, *criteria; + char *arg, *oattrib, *attrib = NULL, *cmd, *host, *criteria; const char *ruser; int r, this_result, result = 1, attributes = 0, negate; @@ -731,7 +731,8 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, debug2("checking match for '%s' host %s originally %s", full_line, host, original_host); - while ((oattrib = attrib = argv_next(acp, avp)) != NULL) { + while ((oattrib = argv_next(acp, avp)) != NULL) { + attrib = xstrdup(oattrib); /* Terminate on comment */ if (*attrib == '#') { argv_consume(acp); @@ -777,9 +778,23 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, this_result ? "" : "not ", oattrib); continue; } + + /* Keep this list in sync with below */ + if (strprefix(attrib, "host=", 1) != NULL || + strprefix(attrib, "originalhost=", 1) != NULL || + strprefix(attrib, "user=", 1) != NULL || + strprefix(attrib, "localuser=", 1) != NULL || + strprefix(attrib, "localnetwork=", 1) != NULL || + strprefix(attrib, "tagged=", 1) != NULL || + strprefix(attrib, "exec=", 1) != NULL) { + arg = strchr(attrib, '='); + *(arg++) = '\0'; + } else { + arg = argv_next(acp, avp); + } + /* All other criteria require an argument */ - if ((arg = argv_next(acp, avp)) == NULL || - *arg == '\0' || *arg == '#') { + if (arg == NULL || *arg == '\0' || *arg == '#') { error("Missing Match criteria for %s", attrib); result = -1; goto out; @@ -856,6 +871,8 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, criteria == NULL ? "" : criteria, criteria == NULL ? "" : "\""); free(criteria); + free(attrib); + attrib = NULL; } if (attributes == 0) { error("One or more attributes required for Match"); @@ -865,6 +882,7 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, out: if (result != -1) debug2("match %sfound", result ? "" : "not "); + free(attrib); free(host); return result; } |