summaryrefslogtreecommitdiffstats
path: root/sshconnect.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2022-10-25 00:43:36 +0200
committerDamien Miller <djm@mindrot.org>2022-10-25 01:16:35 +0200
commit445363433ba20b8a3e655b113858c836da46a1cb (patch)
tree69b808a90d727bc1e2ea69259294dc8e3bf25d6a /sshconnect.c
parentupstream: regress test for unmatched glob characters; fails before (diff)
downloadopenssh-445363433ba20b8a3e655b113858c836da46a1cb.tar.xz
openssh-445363433ba20b8a3e655b113858c836da46a1cb.zip
upstream: Be more paranoid with host/domain names coming from the
never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
Diffstat (limited to 'sshconnect.c')
-rw-r--r--sshconnect.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 7b3f260ee..b67812610 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.358 2022/08/26 08:16:27 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.359 2022/10/24 22:43:36 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -935,7 +935,7 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
char *ip = NULL, *host = NULL;
char hostline[1000], *hostp, *fp, *ra;
char msg[1024];
- const char *type, *fail_reason;
+ const char *type, *fail_reason = NULL;
const struct hostkey_entry *host_found = NULL, *ip_found = NULL;
int len, cancelled_forwarding = 0, confirmed;
int local = sockaddr_is_local(hostaddr);
@@ -1018,6 +1018,13 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
(host_found != NULL && host_found->note != 0)))
readonly = RDONLY;
+ /* Don't ever try to write an invalid name to a known hosts file */
+ if (!valid_domain(hostname, 0, &fail_reason)) {
+ debug_f("invalid hostname \"%s\"; will not record: %s",
+ hostname, fail_reason);
+ readonly = RDONLY;
+ }
+
/*
* Also perform check for the ip address, skip the check if we are
* localhost, looking for a certificate, or the hostname was an ip