From 445363433ba20b8a3e655b113858c836da46a1cb Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 24 Oct 2022 22:43:36 +0000 Subject: upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad --- sshconnect.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'sshconnect.c') diff --git a/sshconnect.c b/sshconnect.c index 7b3f260ee..b67812610 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.358 2022/08/26 08:16:27 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.359 2022/10/24 22:43:36 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -935,7 +935,7 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, char *ip = NULL, *host = NULL; char hostline[1000], *hostp, *fp, *ra; char msg[1024]; - const char *type, *fail_reason; + const char *type, *fail_reason = NULL; const struct hostkey_entry *host_found = NULL, *ip_found = NULL; int len, cancelled_forwarding = 0, confirmed; int local = sockaddr_is_local(hostaddr); @@ -1018,6 +1018,13 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, (host_found != NULL && host_found->note != 0))) readonly = RDONLY; + /* Don't ever try to write an invalid name to a known hosts file */ + if (!valid_domain(hostname, 0, &fail_reason)) { + debug_f("invalid hostname \"%s\"; will not record: %s", + hostname, fail_reason); + readonly = RDONLY; + } + /* * Also perform check for the ip address, skip the check if we are * localhost, looking for a certificate, or the hostname was an ip -- cgit v1.2.3