summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-04-12 23:39:26 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-04-12 23:39:26 +0000
commit19066a112baff6107781dc337b27e557f43098c2 (patch)
tree55200517aa7e6912f8d623b4b8ef340dc9de6495
parentd69dab3cde47c7e17382de556449bfda0fb28deb (diff)
- stevesk@cvs.openbsd.org 2001/04/12 20:09:38
[misc.c misc.h readconf.c servconf.c ssh.c sshd.c] robust port validation; ok markus@ jakob@
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--misc.c19
-rw-r--r--misc.h9
-rw-r--r--readconf.c14
-rw-r--r--servconf.c32
-rw-r--r--ssh.c14
-rw-r--r--sshd.c8
7 files changed, 67 insertions, 34 deletions
diff --git a/ChangeLog b/ChangeLog
index 50dfec1d5..574fb449d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,9 @@
16 - markus@cvs.openbsd.org 2001/04/12 19:39:27 16 - markus@cvs.openbsd.org 2001/04/12 19:39:27
17 [readconf.c] 17 [readconf.c]
18 typo 18 typo
19 - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
20 [misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
21 robust port validation; ok markus@ jakob@
19 - (bal) Added openbsd-compat/inet_ntop.[ch] since HP/UX (and others) 22 - (bal) Added openbsd-compat/inet_ntop.[ch] since HP/UX (and others)
20 lack it. 23 lack it.
21 24
@@ -5038,4 +5041,4 @@
5038 - Wrote replacements for strlcpy and mkdtemp 5041 - Wrote replacements for strlcpy and mkdtemp
5039 - Released 1.0pre1 5042 - Released 1.0pre1
5040 5043
5041$Id: ChangeLog,v 1.1104 2001/04/12 23:36:05 mouring Exp $ 5044$Id: ChangeLog,v 1.1105 2001/04/12 23:39:26 mouring Exp $
diff --git a/misc.c b/misc.c
index 495b0290d..feeacb859 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.c,v 1.4 2001/02/28 17:52:54 deraadt Exp $ */ 1/* $OpenBSD: misc.c,v 1.5 2001/04/12 20:09:37 stevesk Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: misc.c,v 1.4 2001/02/28 17:52:54 deraadt Exp $"); 28RCSID("$OpenBSD: misc.c,v 1.5 2001/04/12 20:09:37 stevesk Exp $");
29 29
30#include "misc.h" 30#include "misc.h"
31#include "log.h" 31#include "log.h"
@@ -116,6 +116,21 @@ pwcopy(struct passwd *pw)
116 return copy; 116 return copy;
117} 117}
118 118
119int a2port(const char *s)
120{
121 long port;
122 char *endp;
123
124 errno = 0;
125 port = strtol(s, &endp, 0);
126 if (s == endp || *endp != '\0' ||
127 (errno == ERANGE && (port == LONG_MIN || port == LONG_MAX)) ||
128 port <= 0 || port > 65535)
129 return 0;
130
131 return port;
132}
133
119mysig_t 134mysig_t
120mysignal(int sig, mysig_t act) 135mysignal(int sig, mysig_t act)
121{ 136{
diff --git a/misc.h b/misc.h
index 3204b626a..2346a5ea5 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.h,v 1.3 2001/02/22 21:59:44 markus Exp $ */ 1/* $OpenBSD: misc.h,v 1.4 2001/04/12 20:09:36 stevesk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -22,6 +22,13 @@ void set_nonblock(int fd);
22 22
23struct passwd * pwcopy(struct passwd *pw); 23struct passwd * pwcopy(struct passwd *pw);
24 24
25/*
26 * Convert ASCII string to TCP/IP port number.
27 * Port must be >0 and <=65535.
28 * Return 0 if invalid.
29 */
30int a2port(const char *s);
31
25/* wrapper for signal interface */ 32/* wrapper for signal interface */
26typedef void (*mysig_t)(int); 33typedef void (*mysig_t)(int);
27mysig_t mysignal(int sig, mysig_t act); 34mysig_t mysignal(int sig, mysig_t act);
diff --git a/readconf.c b/readconf.c
index 144a7602b..241185c65 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: readconf.c,v 1.73 2001/04/12 19:39:27 markus Exp $"); 15RCSID("$OpenBSD: readconf.c,v 1.74 2001/04/12 20:09:37 stevesk Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -555,10 +555,10 @@ parse_int:
555 arg = strdelim(&s); 555 arg = strdelim(&s);
556 if (!arg || *arg == '\0') 556 if (!arg || *arg == '\0')
557 fatal("%.200s line %d: Missing argument.", filename, linenum); 557 fatal("%.200s line %d: Missing argument.", filename, linenum);
558 if (arg[0] < '0' || arg[0] > '9') 558 fwd_port = a2port(arg);
559 if (fwd_port == 0)
559 fatal("%.200s line %d: Badly formatted port number.", 560 fatal("%.200s line %d: Badly formatted port number.",
560 filename, linenum); 561 filename, linenum);
561 fwd_port = atoi(arg);
562 arg = strdelim(&s); 562 arg = strdelim(&s);
563 if (!arg || *arg == '\0') 563 if (!arg || *arg == '\0')
564 fatal("%.200s line %d: Missing second argument.", 564 fatal("%.200s line %d: Missing second argument.",
@@ -574,10 +574,10 @@ parse_int:
574 arg = strdelim(&s); 574 arg = strdelim(&s);
575 if (!arg || *arg == '\0') 575 if (!arg || *arg == '\0')
576 fatal("%.200s line %d: Missing argument.", filename, linenum); 576 fatal("%.200s line %d: Missing argument.", filename, linenum);
577 if (arg[0] < '0' || arg[0] > '9') 577 fwd_port = a2port(arg);
578 if (fwd_port == 0)
578 fatal("%.200s line %d: Badly formatted port number.", 579 fatal("%.200s line %d: Badly formatted port number.",
579 filename, linenum); 580 filename, linenum);
580 fwd_port = atoi(arg);
581 arg = strdelim(&s); 581 arg = strdelim(&s);
582 if (!arg || *arg == '\0') 582 if (!arg || *arg == '\0')
583 fatal("%.200s line %d: Missing second argument.", 583 fatal("%.200s line %d: Missing second argument.",
@@ -594,10 +594,10 @@ parse_int:
594 if (!arg || *arg == '\0') 594 if (!arg || *arg == '\0')
595 fatal("%.200s line %d: Missing port argument.", 595 fatal("%.200s line %d: Missing port argument.",
596 filename, linenum); 596 filename, linenum);
597 if (arg[0] < '0' || arg[0] > '9') 597 fwd_port = a2port(arg);
598 if (fwd_port == 0)
598 fatal("%.200s line %d: Badly formatted port number.", 599 fatal("%.200s line %d: Badly formatted port number.",
599 filename, linenum); 600 filename, linenum);
600 fwd_port = atoi(arg);
601 add_local_forward(options, fwd_port, "socks4", 0); 601 add_local_forward(options, fwd_port, "socks4", 0);
602 break; 602 break;
603 603
diff --git a/servconf.c b/servconf.c
index 8e876d1f1..f3d5068c0 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: servconf.c,v 1.75 2001/04/12 19:15:25 markus Exp $"); 13RCSID("$OpenBSD: servconf.c,v 1.76 2001/04/12 20:09:37 stevesk Exp $");
14 14
15#ifdef KRB4 15#ifdef KRB4
16#include <krb.h> 16#include <krb.h>
@@ -31,8 +31,7 @@ RCSID("$OpenBSD: servconf.c,v 1.75 2001/04/12 19:15:25 markus Exp $");
31#include "kex.h" 31#include "kex.h"
32#include "mac.h" 32#include "mac.h"
33 33
34/* add listen address */ 34void add_listen_addr(ServerOptions *options, char *addr, u_short port);
35void add_listen_addr(ServerOptions *options, char *addr, char *port);
36void add_one_listen_addr(ServerOptions *options, char *addr, u_short port); 35void add_one_listen_addr(ServerOptions *options, char *addr, u_short port);
37 36
38/* AF_UNSPEC or AF_INET or AF_INET6 */ 37/* AF_UNSPEC or AF_INET or AF_INET6 */
@@ -117,7 +116,7 @@ fill_default_server_options(ServerOptions *options)
117 if (options->num_ports == 0) 116 if (options->num_ports == 0)
118 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 117 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
119 if (options->listen_addrs == NULL) 118 if (options->listen_addrs == NULL)
120 add_listen_addr(options, NULL, NULL); 119 add_listen_addr(options, NULL, 0);
121 if (options->pid_file == NULL) 120 if (options->pid_file == NULL)
122 options->pid_file = _PATH_SSH_DAEMON_PID_FILE; 121 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
123 if (options->server_key_bits == -1) 122 if (options->server_key_bits == -1)
@@ -312,21 +311,18 @@ parse_token(const char *cp, const char *filename,
312 return sBadOption; 311 return sBadOption;
313} 312}
314 313
315/*
316 * add listen address
317 */
318void 314void
319add_listen_addr(ServerOptions *options, char *addr, char *port) 315add_listen_addr(ServerOptions *options, char *addr, u_short port)
320{ 316{
321 int i; 317 int i;
322 318
323 if (options->num_ports == 0) 319 if (options->num_ports == 0)
324 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 320 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
325 if (port == NULL) 321 if (port == 0)
326 for (i = 0; i < options->num_ports; i++) 322 for (i = 0; i < options->num_ports; i++)
327 add_one_listen_addr(options, addr, options->ports[i]); 323 add_one_listen_addr(options, addr, options->ports[i]);
328 else 324 else
329 add_one_listen_addr(options, addr, atoi(port)); 325 add_one_listen_addr(options, addr, port);
330} 326}
331 327
332void 328void
@@ -400,7 +396,10 @@ read_server_config(ServerOptions *options, const char *filename)
400 if (!arg || *arg == '\0') 396 if (!arg || *arg == '\0')
401 fatal("%s line %d: missing port number.", 397 fatal("%s line %d: missing port number.",
402 filename, linenum); 398 filename, linenum);
403 options->ports[options->num_ports++] = atoi(arg); 399 options->ports[options->num_ports++] = a2port(arg);
400 if (options->ports[options->num_ports-1] == 0)
401 fatal("%s line %d: Badly formatted port number.",
402 filename, linenum);
404 break; 403 break;
405 404
406 case sServerKeyBits: 405 case sServerKeyBits:
@@ -438,20 +437,25 @@ parse_int:
438 memmove(p, p+1, strlen(p+1)+1); 437 memmove(p, p+1, strlen(p+1)+1);
439 } else if (((p = strchr(arg, ':')) == NULL) || 438 } else if (((p = strchr(arg, ':')) == NULL) ||
440 (strchr(p+1, ':') != NULL)) { 439 (strchr(p+1, ':') != NULL)) {
441 add_listen_addr(options, arg, NULL); 440 add_listen_addr(options, arg, 0);
442 break; 441 break;
443 } 442 }
444 if (*p == ':') { 443 if (*p == ':') {
444 u_short port;
445
445 p++; 446 p++;
446 if (*p == '\0') 447 if (*p == '\0')
447 fatal("%s line %d: bad inet addr:port usage.", 448 fatal("%s line %d: bad inet addr:port usage.",
448 filename, linenum); 449 filename, linenum);
449 else { 450 else {
450 *(p-1) = '\0'; 451 *(p-1) = '\0';
451 add_listen_addr(options, arg, p); 452 if ((port = a2port(p)) == 0)
453 fatal("%s line %d: bad port number.",
454 filename, linenum);
455 add_listen_addr(options, arg, port);
452 } 456 }
453 } else if (*p == '\0') 457 } else if (*p == '\0')
454 add_listen_addr(options, arg, NULL); 458 add_listen_addr(options, arg, 0);
455 else 459 else
456 fatal("%s line %d: bad inet addr usage.", 460 fatal("%s line %d: bad inet addr usage.",
457 filename, linenum); 461 filename, linenum);
diff --git a/ssh.c b/ssh.c
index f14fbac23..eda443751 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
39 */ 39 */
40 40
41#include "includes.h" 41#include "includes.h"
42RCSID("$OpenBSD: ssh.c,v 1.112 2001/04/12 19:15:25 markus Exp $"); 42RCSID("$OpenBSD: ssh.c,v 1.113 2001/04/12 20:09:37 stevesk Exp $");
43 43
44#include <openssl/evp.h> 44#include <openssl/evp.h>
45#include <openssl/err.h> 45#include <openssl/err.h>
@@ -247,7 +247,7 @@ main(int ac, char **av)
247{ 247{
248 int i, opt, optind, exit_status, ok; 248 int i, opt, optind, exit_status, ok;
249 u_short fwd_port, fwd_host_port; 249 u_short fwd_port, fwd_host_port;
250 char *optarg, *cp, *endofnumber, buf[256]; 250 char *optarg, *cp, buf[256];
251 struct stat st; 251 struct stat st;
252 struct passwd *pw; 252 struct passwd *pw;
253 int dummy; 253 int dummy;
@@ -460,8 +460,8 @@ main(int ac, char **av)
460 } 460 }
461 break; 461 break;
462 case 'p': 462 case 'p':
463 options.port = strtol(optarg, &endofnumber, 0); 463 options.port = a2port(optarg);
464 if (optarg == endofnumber) { 464 if (options.port == 0) {
465 fprintf(stderr, "Bad port '%s'\n", optarg); 465 fprintf(stderr, "Bad port '%s'\n", optarg);
466 exit(1); 466 exit(1);
467 } 467 }
@@ -493,9 +493,9 @@ main(int ac, char **av)
493 break; 493 break;
494 494
495 case 'D': 495 case 'D':
496 fwd_port = strtol(optarg, &endofnumber, 0); 496 fwd_port = a2port(optarg);
497 if (optarg == endofnumber) { 497 if (fwd_port == 0) {
498 fprintf(stderr, "Bad port '%s'\n", optarg); 498 fprintf(stderr, "Bad dynamic port '%s'\n", optarg);
499 exit(1); 499 exit(1);
500 } 500 }
501 add_local_forward(&options, fwd_port, "socks4", 0); 501 add_local_forward(&options, fwd_port, "socks4", 0);
diff --git a/sshd.c b/sshd.c
index bde1ac344..eaf3d322a 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: sshd.c,v 1.192 2001/04/11 16:25:30 lebel Exp $"); 43RCSID("$OpenBSD: sshd.c,v 1.193 2001/04/12 20:09:38 stevesk Exp $");
44 44
45#include <openssl/dh.h> 45#include <openssl/dh.h>
46#include <openssl/bn.h> 46#include <openssl/bn.h>
@@ -611,7 +611,11 @@ main(int ac, char **av)
611 fprintf(stderr, "too many ports.\n"); 611 fprintf(stderr, "too many ports.\n");
612 exit(1); 612 exit(1);
613 } 613 }
614 options.ports[options.num_ports++] = atoi(optarg); 614 options.ports[options.num_ports++] = a2port(optarg);
615 if (options.ports[options.num_ports-1] == 0) {
616 fprintf(stderr, "Bad port number.\n");
617 exit(1);
618 }
615 break; 619 break;
616 case 'g': 620 case 'g':
617 options.login_grace_time = atoi(optarg); 621 options.login_grace_time = atoi(optarg);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 02:55:55 +0000