upstream commit

Remove pattern length argument from match_pattern_list(), we only ever use it for strlen(pattern). Prompted by hanno AT hboeck.de pointing an out-of-bound read error caused by an incorrect pattern length found using AFL and his own tools. ok markus@
author: djm@openbsd.org <djm@openbsd.org> 2015-05-04 06:10:48 +0000
committer: Damien Miller <djm@mindrot.org> 2015-05-10 11:38:04 +1000
commit: e661a86353e11592c7ed6a847e19a83609f49e77 (patch)
tree: 5fe2c206d56dd4296a79e20ca6cfbbb83cb7c40c
parent: 0ef1de742be2ee4b10381193fe90730925b7f027 (diff)
14 files changed, 43 insertions, 59 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index eebfe8fc3..e2327cf77 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.24 2015/01/28 22:36:00 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.25 2015/05/04 06:10:48 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -109,8 +109,7 @@ userauth_hostbased(Authctxt *authctxt)
                goto done;
        }
        if (match_pattern_list(sshkey_ssh_name(key),
-            options.hostbased_key_types,
+            options.hostbased_key_types, 0) != 1) {
-            strlen(options.hostbased_key_types), 0) != 1) {
                logit("%s: key type %s not in HostbasedAcceptedKeyTypes",
                    __func__, sshkey_type(key));
                goto done;
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index d943efa1e..e103b70af 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.47 2015/02/17 00:14:05 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.49 2015/05/04 06:10:48 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -127,8 +127,8 @@ userauth_pubkey(Authctxt *authctxt)
                logit("refusing previously-used %s key", key_type(key));
                goto done;
        }
-        if (match_pattern_list(sshkey_ssh_name(key), options.pubkey_key_types,
+        if (match_pattern_list(sshkey_ssh_name(key),
-            strlen(options.pubkey_key_types), 0) != 1) {
+            options.pubkey_key_types, 0) != 1) {
                logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
                    __func__, sshkey_ssh_name(key));
                goto done;
diff --git a/clientloop.c b/clientloop.c
index a9c8a90f0..040deb992 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.272 2015/02/25 19:54:02 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.273 2015/05/04 06:10:48 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2352,8 +2352,7 @@ client_input_hostkeys(void)
                /* Check that the key is accepted in HostkeyAlgorithms */
                if (options.hostkeyalgorithms != NULL &&
                    match_pattern_list(sshkey_ssh_name(key),
-                    options.hostkeyalgorithms,
+                    options.hostkeyalgorithms, 0) != 1) {
-                    strlen(options.hostkeyalgorithms), 0) != 1) {
                        debug3("%s: %s key not permitted by HostkeyAlgorithms",
                            __func__, sshkey_ssh_name(key));
                        continue;
diff --git a/compat.c b/compat.c
index 7836a86be..337bbe01e 100644
--- a/compat.c
+++ b/compat.c
@@ -192,8 +192,7 @@ compat_datafellows(const char *version)
        /* process table, return first match */
        for (i = 0; check[i].pat; i++) {
-                if (match_pattern_list(version, check[i].pat,
+                if (match_pattern_list(version, check[i].pat, 0) == 1) {
-                    strlen(check[i].pat), 0) == 1) {
                        debug("match: %s pat %s compat 0x%08x",
                            version, check[i].pat, check[i].bugs);
                        datafellows = check[i].bugs;    /* XXX for now */
@@ -251,7 +250,7 @@ filter_proposal(char *proposal, const char *filter)
        buffer_init(&b);
        tmp = orig_prop = xstrdup(proposal);
        while ((cp = strsep(&tmp, ",")) != NULL) {
-                if (match_pattern_list(cp, filter, strlen(cp), 0) != 1) {
+                if (match_pattern_list(cp, filter, 0) != 1) {
                        if (buffer_len(&b) > 0)
                                buffer_append(&b, ",", 1);
                        buffer_append(&b, cp, strlen(cp));
diff --git a/groupaccess.c b/groupaccess.c
index 4fca04471..2518c8487 100644
--- a/groupaccess.c
+++ b/groupaccess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: groupaccess.c,v 1.15 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: groupaccess.c,v 1.16 2015/05/04 06:10:48 djm Exp $ */
 /*
 * Copyright (c) 2001 Kevin Steves.  All rights reserved.
 *
@@ -97,11 +97,9 @@ int
 ga_match_pattern_list(const char *group_pattern)
 {
        int i, found = 0;
-        size_t len = strlen(group_pattern);
        for (i = 0; i < ngroups; i++) {
-                switch (match_pattern_list(groups_byname[i],
+                switch (match_pattern_list(groups_byname[i], group_pattern, 0)) {
-                    group_pattern, len, 0)) {
                case -1:
                        return 0;       /* Negated match wins */
                case 0:
diff --git a/hostfile.c b/hostfile.c
index d9fdcb872..2850a4793 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.65 2015/03/31 22:57:06 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.66 2015/05/04 06:10:48 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -663,7 +663,7 @@ match_maybe_hashed(const char *host, const char *names, int *was_hashed)
                return nlen == strlen(hashed_host) &&
                    strncmp(hashed_host, names, nlen) == 0;
        }
-        return match_hostname(host, names, nlen) == 1;
+        return match_hostname(host, names) == 1;
 }
 int
diff --git a/match.c b/match.c
index c35e32896..913b6bae0 100644
--- a/match.c
+++ b/match.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.c,v 1.29 2013/11/20 20:54:10 deraadt Exp $ */
+/* $OpenBSD: match.c,v 1.30 2015/05/04 06:10:48 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -115,15 +115,13 @@ match_pattern(const char *s, const char *pattern)
 * indicate negation).  Returns -1 if negation matches, 1 if there is
 * a positive match, 0 if there is no match at all.
 */
 int
-match_pattern_list(const char *string, const char *pattern, u_int len,
+match_pattern_list(const char *string, const char *pattern, int dolower)
-    int dolower)
 {
        char sub[1024];
        int negated;
        int got_positive;
-        u_int i, subi;
+        u_int i, subi, len = strlen(pattern);
        got_positive = 0;
        for (i = 0; i < len;) {
@@ -177,9 +175,9 @@ match_pattern_list(const char *string, const char *pattern, u_int len,
 * a positive match, 0 if there is no match at all.
 */
 int
-match_hostname(const char *host, const char *pattern, u_int len)
+match_hostname(const char *host, const char *pattern)
 {
-        return match_pattern_list(host, pattern, len, 1);
+        return match_pattern_list(host, pattern, 1);
 }
 /*
@@ -200,7 +198,7 @@ match_host_and_ip(const char *host, const char *ipaddr,
                return 0;
        /* negative hostname match */
-        if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)
+        if ((mhost = match_hostname(host, patterns)) == -1)
                return 0;
        /* no match at all */
        if (mhost == 0 && mip == 0)
diff --git a/match.h b/match.h
index 3d7f70fc0..db97ca8f7 100644
--- a/match.h
+++ b/match.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.h,v 1.15 2010/02/26 20:29:54 djm Exp $ */
+/* $OpenBSD: match.h,v 1.16 2015/05/04 06:10:48 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -15,8 +15,8 @@
 #define MATCH_H
 int      match_pattern(const char *, const char *);
-int      match_pattern_list(const char *, const char *, u_int, int);
+int      match_pattern_list(const char *, const char *, int);
-int      match_hostname(const char *, const char *, u_int);
+int      match_hostname(const char *, const char *);
 int      match_host_and_ip(const char *, const char *, const char *);
 int      match_user(const char *, const char *, const char *, const char *);
 char    *match_list(const char *, const char *, u_int *);
diff --git a/monitor.c b/monitor.c
index 6908a0a6b..d0ee4f7a6 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.147 2015/04/27 01:52:30 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.149 2015/05/04 06:10:48 djm Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1215,9 +1215,9 @@ mm_answer_keyallowed(int sock, Buffer *m)
                        allowed = options.pubkey_authentication &&
                            !auth2_userkey_already_used(authctxt, key) &&
                            match_pattern_list(sshkey_ssh_name(key),
-                            options.pubkey_key_types,
+                            options.pubkey_key_types, 0) == 1 &&
-                            strlen(options.pubkey_key_types), 0) == 1 &&
+                            user_key_allowed(authctxt->pw, key,
-                            user_key_allowed(authctxt->pw, key);
+                            pubkey_auth_attempt);
                        pubkey_auth_info(authctxt, key, NULL);
                        auth_method = "publickey";
                        if (options.pubkey_authentication && allowed != 1)
@@ -1226,8 +1226,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
                case MM_HOSTKEY:
                        allowed = options.hostbased_authentication &&
                            match_pattern_list(sshkey_ssh_name(key),
-                            options.hostbased_key_types,
+                            options.hostbased_key_types, 0) == 1 &&
-                            strlen(options.hostbased_key_types), 0) == 1 &&
                            hostbased_key_allowed(authctxt->pw,
                            cuser, chost, key);
                        pubkey_auth_info(authctxt, key,
diff --git a/readconf.c b/readconf.c
index 66090e305..f40ec8f22 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.234 2015/04/24 01:36:00 deraadt Exp $ */
+/* $OpenBSD: readconf.c,v 1.235 2015/05/04 06:10:48 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -492,7 +492,6 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
        char *arg, *oattrib, *attrib, *cmd, *cp = *condition, *host, *criteria;
        const char *ruser;
        int r, port, this_result, result = 1, attributes = 0, negate;
-        size_t len;
        char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
        /*
@@ -545,25 +544,24 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
                        result = -1;
                        goto out;
                }
-                len = strlen(arg);
                if (strcasecmp(attrib, "host") == 0) {
                        criteria = xstrdup(host);
-                        r = match_hostname(host, arg, len) == 1;
+                        r = match_hostname(host, arg) == 1;
                        if (r == (negate ? 1 : 0))
                                this_result = result = 0;
                } else if (strcasecmp(attrib, "originalhost") == 0) {
                        criteria = xstrdup(original_host);
-                        r = match_hostname(original_host, arg, len) == 1;
+                        r = match_hostname(original_host, arg) == 1;
                        if (r == (negate ? 1 : 0))
                                this_result = result = 0;
                } else if (strcasecmp(attrib, "user") == 0) {
                        criteria = xstrdup(ruser);
-                        r = match_pattern_list(ruser, arg, len, 0) == 1;
+                        r = match_pattern_list(ruser, arg, 0) == 1;
                        if (r == (negate ? 1 : 0))
                                this_result = result = 0;
                } else if (strcasecmp(attrib, "localuser") == 0) {
                        criteria = xstrdup(pw->pw_name);
-                        r = match_pattern_list(pw->pw_name, arg, len, 0) == 1;
+                        r = match_pattern_list(pw->pw_name, arg, 0) == 1;
                        if (r == (negate ? 1 : 0))
                                this_result = result = 0;
                } else if (strcasecmp(attrib, "exec") == 0) {
@@ -665,8 +663,8 @@ parse_token(const char *cp, const char *filename, int linenum,
        for (i = 0; keywords[i].name; i++)
                if (strcmp(cp, keywords[i].name) == 0)
                        return keywords[i].opcode;
-        if (ignored_unknown != NULL && match_pattern_list(cp, ignored_unknown,
+        if (ignored_unknown != NULL &&
-            strlen(ignored_unknown), 1) == 1)
+            match_pattern_list(cp, ignored_unknown, 1) == 1)
                return oIgnoredUnknownOption;
        error("%s: line %d: Bad configuration option: %s",
            filename, linenum, cp);
diff --git a/servconf.c b/servconf.c
index 29457b833..c0291947b 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,4 @@
+/* $OpenBSD: servconf.c,v 1.269 2015/05/04 06:10:48 djm Exp $ */
-/* $OpenBSD: servconf.c,v 1.266 2015/04/29 03:48:56 dtucker Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -754,7 +753,6 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
 {
        int result = 1, attributes = 0, port;
        char *arg, *attrib, *cp = *condition;
-        size_t len;
        if (ci == NULL)
                debug3("checking syntax for 'Match %s'", cp);
@@ -781,13 +779,12 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
                        error("Missing Match criteria for %s", attrib);
                        return -1;
                }
-                len = strlen(arg);
                if (strcasecmp(attrib, "user") == 0) {
                        if (ci == NULL || ci->user == NULL) {
                                result = 0;
                                continue;
                        }
-                        if (match_pattern_list(ci->user, arg, len, 0) != 1)
+                        if (match_pattern_list(ci->user, arg, 0) != 1)
                                result = 0;
                        else
                                debug("user %.100s matched 'User %.100s' at "
@@ -808,7 +805,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
                                result = 0;
                                continue;
                        }
-                        if (match_hostname(ci->host, arg, len) != 1)
+                        if (match_hostname(ci->host, arg) != 1)
                                result = 0;
                        else
                                debug("connection from %.100s matched 'Host "
diff --git a/ssh.c b/ssh.c
index ae4092544..3fd5a941f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.417 2015/04/17 13:16:48 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.418 2015/05/04 06:10:48 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -356,10 +356,8 @@ check_follow_cname(char **namep, const char *cname)
        debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname);
        for (i = 0; i < options.num_permitted_cnames; i++) {
                rule = options.permitted_cnames + i;
-                if (match_pattern_list(*namep, rule->source_list,
+                if (match_pattern_list(*namep, rule->source_list, 1) != 1 ||
-                    strlen(rule->source_list), 1) != 1 ||
+                    match_pattern_list(cname, rule->target_list, 1) != 1)
-                    match_pattern_list(cname, rule->target_list,
-                    strlen(rule->target_list), 1) != 1)
                        continue;
                verbose("Canonicalized DNS aliased hostname "
                    "\"%s\" => \"%s\"", *namep, cname);
diff --git a/sshconnect2.c b/sshconnect2.c
index ba56f6433..fcaed6b01 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.223 2015/01/30 11:43:14 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.224 2015/05/04 06:10:48 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1610,8 +1610,7 @@ userauth_hostbased(Authctxt *authctxt)
                                continue;
                        if (match_pattern_list(
                            sshkey_ssh_name(authctxt->sensitive->keys[i]),
-                            authctxt->active_ktype,
+                            authctxt->active_ktype, 0) != 1)
-                            strlen(authctxt->active_ktype), 0) != 1)
                                continue;
                        /* we take and free the key */
                        private = authctxt->sensitive->keys[i];
diff --git a/sshkey.c b/sshkey.c
index a36004671..83985ca54 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -251,7 +251,7 @@ sshkey_names_valid2(const char *names, int allow_wildcard)
                                        if (kt->type == KEY_RSA1)
                                                continue;
                                        if (match_pattern_list(kt->name,
-                                            p, strlen(p), 0) != 0)
+                                            p, 0) != 0)
                                                break;
                                }
                                if (kt->type != -1)
author	djm@openbsd.org <djm@openbsd.org>	2015-05-04 06:10:48 +0000
committer	Damien Miller <djm@mindrot.org>	2015-05-10 11:38:04 +1000
commit	e661a86353e11592c7ed6a847e19a83609f49e77 (patch)
tree	5fe2c206d56dd4296a79e20ca6cfbbb83cb7c40c
parent	0ef1de742be2ee4b10381193fe90730925b7f027 (diff)

diff --git a/auth2-hostbased.c b/auth2-hostbased.c index eebfe8fc3..e2327cf77 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth2-hostbased.c,v 1.24 2015/01/28 22:36:00 djm Exp $ */	1	/* $OpenBSD: auth2-hostbased.c,v 1.25 2015/05/04 06:10:48 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -109,8 +109,7 @@ userauth_hostbased(Authctxt *authctxt)
109	goto done;	109	goto done;
110	}	110	}
111	if (match_pattern_list(sshkey_ssh_name(key),	111	if (match_pattern_list(sshkey_ssh_name(key),
112	options.hostbased_key_types,	112	options.hostbased_key_types, 0) != 1) {
113	strlen(options.hostbased_key_types), 0) != 1) {
114	logit("%s: key type %s not in HostbasedAcceptedKeyTypes",	113	logit("%s: key type %s not in HostbasedAcceptedKeyTypes",
115	__func__, sshkey_type(key));	114	__func__, sshkey_type(key));
116	goto done;	115	goto done;


diff --git a/auth2-pubkey.c b/auth2-pubkey.c index d943efa1e..e103b70af 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth2-pubkey.c,v 1.47 2015/02/17 00:14:05 djm Exp $ */	1	/* $OpenBSD: auth2-pubkey.c,v 1.49 2015/05/04 06:10:48 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -127,8 +127,8 @@ userauth_pubkey(Authctxt *authctxt)
127	logit("refusing previously-used %s key", key_type(key));	127	logit("refusing previously-used %s key", key_type(key));
128	goto done;	128	goto done;
129	}	129	}
130	if (match_pattern_list(sshkey_ssh_name(key), options.pubkey_key_types,	130	if (match_pattern_list(sshkey_ssh_name(key),
131	strlen(options.pubkey_key_types), 0) != 1) {	131	options.pubkey_key_types, 0) != 1) {
132	logit("%s: key type %s not in PubkeyAcceptedKeyTypes",	132	logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
133	__func__, sshkey_ssh_name(key));	133	__func__, sshkey_ssh_name(key));
134	goto done;	134	goto done;


diff --git a/clientloop.c b/clientloop.c index a9c8a90f0..040deb992 100644 --- a/clientloop.c +++ b/clientloop.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: clientloop.c,v 1.272 2015/02/25 19:54:02 djm Exp $ */	1	/* $OpenBSD: clientloop.c,v 1.273 2015/05/04 06:10:48 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2352,8 +2352,7 @@ client_input_hostkeys(void)
2352	/* Check that the key is accepted in HostkeyAlgorithms */	2352	/* Check that the key is accepted in HostkeyAlgorithms */
2353	if (options.hostkeyalgorithms != NULL &&	2353	if (options.hostkeyalgorithms != NULL &&
2354	match_pattern_list(sshkey_ssh_name(key),	2354	match_pattern_list(sshkey_ssh_name(key),
2355	options.hostkeyalgorithms,	2355	options.hostkeyalgorithms, 0) != 1) {
2356	strlen(options.hostkeyalgorithms), 0) != 1) {
2357	debug3("%s: %s key not permitted by HostkeyAlgorithms",	2356	debug3("%s: %s key not permitted by HostkeyAlgorithms",
2358	__func__, sshkey_ssh_name(key));	2357	__func__, sshkey_ssh_name(key));
2359	continue;	2358	continue;


diff --git a/compat.c b/compat.c index 7836a86be..337bbe01e 100644 --- a/compat.c +++ b/compat.c
@@ -192,8 +192,7 @@ compat_datafellows(const char *version)
192		192
193	/* process table, return first match */	193	/* process table, return first match */
194	for (i = 0; check[i].pat; i++) {	194	for (i = 0; check[i].pat; i++) {
195	if (match_pattern_list(version, check[i].pat,	195	if (match_pattern_list(version, check[i].pat, 0) == 1) {
196	strlen(check[i].pat), 0) == 1) {
197	debug("match: %s pat %s compat 0x%08x",	196	debug("match: %s pat %s compat 0x%08x",
198	version, check[i].pat, check[i].bugs);	197	version, check[i].pat, check[i].bugs);
199	datafellows = check[i].bugs; /* XXX for now */	198	datafellows = check[i].bugs; /* XXX for now */
@@ -251,7 +250,7 @@ filter_proposal(char proposal, const char filter)
251	buffer_init(&b);	250	buffer_init(&b);
252	tmp = orig_prop = xstrdup(proposal);	251	tmp = orig_prop = xstrdup(proposal);
253	while ((cp = strsep(&tmp, ",")) != NULL) {	252	while ((cp = strsep(&tmp, ",")) != NULL) {
254	if (match_pattern_list(cp, filter, strlen(cp), 0) != 1) {	253	if (match_pattern_list(cp, filter, 0) != 1) {
255	if (buffer_len(&b) > 0)	254	if (buffer_len(&b) > 0)
256	buffer_append(&b, ",", 1);	255	buffer_append(&b, ",", 1);
257	buffer_append(&b, cp, strlen(cp));	256	buffer_append(&b, cp, strlen(cp));


diff --git a/groupaccess.c b/groupaccess.c index 4fca04471..2518c8487 100644 --- a/groupaccess.c +++ b/groupaccess.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: groupaccess.c,v 1.15 2015/01/20 23:14:00 deraadt Exp $ */	1	/* $OpenBSD: groupaccess.c,v 1.16 2015/05/04 06:10:48 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2001 Kevin Steves. All rights reserved.	3	* Copyright (c) 2001 Kevin Steves. All rights reserved.
4	*	4	*
@@ -97,11 +97,9 @@ int
97	ga_match_pattern_list(const char *group_pattern)	97	ga_match_pattern_list(const char *group_pattern)
98	{	98	{
99	int i, found = 0;	99	int i, found = 0;
100	size_t len = strlen(group_pattern);
101		100
102	for (i = 0; i < ngroups; i++) {	101	for (i = 0; i < ngroups; i++) {
103	switch (match_pattern_list(groups_byname[i],	102	switch (match_pattern_list(groups_byname[i], group_pattern, 0)) {
104	group_pattern, len, 0)) {
105	case -1:	103	case -1:
106	return 0; /* Negated match wins */	104	return 0; /* Negated match wins */
107	case 0:	105	case 0:


diff --git a/hostfile.c b/hostfile.c index d9fdcb872..2850a4793 100644 --- a/hostfile.c +++ b/hostfile.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: hostfile.c,v 1.65 2015/03/31 22:57:06 djm Exp $ */	1	/* $OpenBSD: hostfile.c,v 1.66 2015/05/04 06:10:48 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -663,7 +663,7 @@ match_maybe_hashed(const char host, const char names, int *was_hashed)
663	return nlen == strlen(hashed_host) &&	663	return nlen == strlen(hashed_host) &&
664	strncmp(hashed_host, names, nlen) == 0;	664	strncmp(hashed_host, names, nlen) == 0;
665	}	665	}
666	return match_hostname(host, names, nlen) == 1;	666	return match_hostname(host, names) == 1;
667	}	667	}
668		668
669	int	669	int


diff --git a/match.c b/match.c index c35e32896..913b6bae0 100644 --- a/match.c +++ b/match.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: match.c,v 1.29 2013/11/20 20:54:10 deraadt Exp $ */	1	/* $OpenBSD: match.c,v 1.30 2015/05/04 06:10:48 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -115,15 +115,13 @@ match_pattern(const char s, const char pattern)
115	* indicate negation). Returns -1 if negation matches, 1 if there is	115	* indicate negation). Returns -1 if negation matches, 1 if there is
116	* a positive match, 0 if there is no match at all.	116	* a positive match, 0 if there is no match at all.
117	*/	117	*/
118
119	int	118	int
120	match_pattern_list(const char string, const char pattern, u_int len,	119	match_pattern_list(const char string, const char pattern, int dolower)
121	int dolower)
122	{	120	{
123	char sub[1024];	121	char sub[1024];
124	int negated;	122	int negated;
125	int got_positive;	123	int got_positive;
126	u_int i, subi;	124	u_int i, subi, len = strlen(pattern);
127		125
128	got_positive = 0;	126	got_positive = 0;
129	for (i = 0; i < len;) {	127	for (i = 0; i < len;) {
@@ -177,9 +175,9 @@ match_pattern_list(const char string, const char pattern, u_int len,
177	* a positive match, 0 if there is no match at all.	175	* a positive match, 0 if there is no match at all.
178	*/	176	*/
179	int	177	int
180	match_hostname(const char host, const char pattern, u_int len)	178	match_hostname(const char host, const char pattern)
181	{	179	{
182	return match_pattern_list(host, pattern, len, 1);	180	return match_pattern_list(host, pattern, 1);
183	}	181	}
184		182
185	/*	183	/*
@@ -200,7 +198,7 @@ match_host_and_ip(const char host, const char ipaddr,
200	return 0;	198	return 0;
201		199
202	/* negative hostname match */	200	/* negative hostname match */
203	if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)	201	if ((mhost = match_hostname(host, patterns)) == -1)
204	return 0;	202	return 0;
205	/* no match at all */	203	/* no match at all */
206	if (mhost == 0 && mip == 0)	204	if (mhost == 0 && mip == 0)


diff --git a/match.h b/match.h index 3d7f70fc0..db97ca8f7 100644 --- a/match.h +++ b/match.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: match.h,v 1.15 2010/02/26 20:29:54 djm Exp $ */	1	/* $OpenBSD: match.h,v 1.16 2015/05/04 06:10:48 djm Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -15,8 +15,8 @@
15	#define MATCH_H	15	#define MATCH_H
16		16
17	int match_pattern(const char , const char );	17	int match_pattern(const char , const char );
18	int match_pattern_list(const char , const char , u_int, int);	18	int match_pattern_list(const char , const char , int);
19	int match_hostname(const char , const char , u_int);	19	int match_hostname(const char , const char );
20	int match_host_and_ip(const char , const char , const char *);	20	int match_host_and_ip(const char , const char , const char *);
21	int match_user(const char , const char , const char , const char );	21	int match_user(const char , const char , const char , const char );
22	char match_list(const char , const char , u_int );	22	char match_list(const char , const char , u_int );


diff --git a/monitor.c b/monitor.c index 6908a0a6b..d0ee4f7a6 100644 --- a/monitor.c +++ b/monitor.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: monitor.c,v 1.147 2015/04/27 01:52:30 djm Exp $ */	1	/* $OpenBSD: monitor.c,v 1.149 2015/05/04 06:10:48 djm Exp $ */
2	/*	2	/*
3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>	3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>
4	* Copyright 2002 Markus Friedl <markus@openbsd.org>	4	* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1215,9 +1215,9 @@ mm_answer_keyallowed(int sock, Buffer *m)
1215	allowed = options.pubkey_authentication &&	1215	allowed = options.pubkey_authentication &&
1216	!auth2_userkey_already_used(authctxt, key) &&	1216	!auth2_userkey_already_used(authctxt, key) &&
1217	match_pattern_list(sshkey_ssh_name(key),	1217	match_pattern_list(sshkey_ssh_name(key),
1218	options.pubkey_key_types,	1218	options.pubkey_key_types, 0) == 1 &&
1219	strlen(options.pubkey_key_types), 0) == 1 &&	1219	user_key_allowed(authctxt->pw, key,
1220	user_key_allowed(authctxt->pw, key);	1220	pubkey_auth_attempt);
1221	pubkey_auth_info(authctxt, key, NULL);	1221	pubkey_auth_info(authctxt, key, NULL);
1222	auth_method = "publickey";	1222	auth_method = "publickey";
1223	if (options.pubkey_authentication && allowed != 1)	1223	if (options.pubkey_authentication && allowed != 1)
@@ -1226,8 +1226,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
1226	case MM_HOSTKEY:	1226	case MM_HOSTKEY:
1227	allowed = options.hostbased_authentication &&	1227	allowed = options.hostbased_authentication &&
1228	match_pattern_list(sshkey_ssh_name(key),	1228	match_pattern_list(sshkey_ssh_name(key),
1229	options.hostbased_key_types,	1229	options.hostbased_key_types, 0) == 1 &&
1230	strlen(options.hostbased_key_types), 0) == 1 &&
1231	hostbased_key_allowed(authctxt->pw,	1230	hostbased_key_allowed(authctxt->pw,
1232	cuser, chost, key);	1231	cuser, chost, key);
1233	pubkey_auth_info(authctxt, key,	1232	pubkey_auth_info(authctxt, key,


diff --git a/readconf.c b/readconf.c index 66090e305..f40ec8f22 100644 --- a/readconf.c +++ b/readconf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: readconf.c,v 1.234 2015/04/24 01:36:00 deraadt Exp $ */	1	/* $OpenBSD: readconf.c,v 1.235 2015/05/04 06:10:48 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -492,7 +492,6 @@ match_cfg_line(Options options, char condition, struct passwd pw,
492	char arg, oattrib, attrib, cmd, cp = condition, host, criteria;	492	char arg, oattrib, attrib, cmd, cp = condition, host, criteria;
493	const char *ruser;	493	const char *ruser;
494	int r, port, this_result, result = 1, attributes = 0, negate;	494	int r, port, this_result, result = 1, attributes = 0, negate;
495	size_t len;
496	char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];	495	char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
497		496
498	/*	497	/*
@@ -545,25 +544,24 @@ match_cfg_line(Options options, char condition, struct passwd pw,
545	result = -1;	544	result = -1;
546	goto out;	545	goto out;
547	}	546	}
548	len = strlen(arg);
549	if (strcasecmp(attrib, "host") == 0) {	547	if (strcasecmp(attrib, "host") == 0) {
550	criteria = xstrdup(host);	548	criteria = xstrdup(host);
551	r = match_hostname(host, arg, len) == 1;	549	r = match_hostname(host, arg) == 1;
552	if (r == (negate ? 1 : 0))	550	if (r == (negate ? 1 : 0))
553	this_result = result = 0;	551	this_result = result = 0;
554	} else if (strcasecmp(attrib, "originalhost") == 0) {	552	} else if (strcasecmp(attrib, "originalhost") == 0) {
555	criteria = xstrdup(original_host);	553	criteria = xstrdup(original_host);
556	r = match_hostname(original_host, arg, len) == 1;	554	r = match_hostname(original_host, arg) == 1;
557	if (r == (negate ? 1 : 0))	555	if (r == (negate ? 1 : 0))
558	this_result = result = 0;	556	this_result = result = 0;
559	} else if (strcasecmp(attrib, "user") == 0) {	557	} else if (strcasecmp(attrib, "user") == 0) {
560	criteria = xstrdup(ruser);	558	criteria = xstrdup(ruser);
561	r = match_pattern_list(ruser, arg, len, 0) == 1;	559	r = match_pattern_list(ruser, arg, 0) == 1;
562	if (r == (negate ? 1 : 0))	560	if (r == (negate ? 1 : 0))
563	this_result = result = 0;	561	this_result = result = 0;
564	} else if (strcasecmp(attrib, "localuser") == 0) {	562	} else if (strcasecmp(attrib, "localuser") == 0) {
565	criteria = xstrdup(pw->pw_name);	563	criteria = xstrdup(pw->pw_name);
566	r = match_pattern_list(pw->pw_name, arg, len, 0) == 1;	564	r = match_pattern_list(pw->pw_name, arg, 0) == 1;
567	if (r == (negate ? 1 : 0))	565	if (r == (negate ? 1 : 0))
568	this_result = result = 0;	566	this_result = result = 0;
569	} else if (strcasecmp(attrib, "exec") == 0) {	567	} else if (strcasecmp(attrib, "exec") == 0) {
@@ -665,8 +663,8 @@ parse_token(const char cp, const char filename, int linenum,
665	for (i = 0; keywords[i].name; i++)	663	for (i = 0; keywords[i].name; i++)
666	if (strcmp(cp, keywords[i].name) == 0)	664	if (strcmp(cp, keywords[i].name) == 0)
667	return keywords[i].opcode;	665	return keywords[i].opcode;
668	if (ignored_unknown != NULL && match_pattern_list(cp, ignored_unknown,	666	if (ignored_unknown != NULL &&
669	strlen(ignored_unknown), 1) == 1)	667	match_pattern_list(cp, ignored_unknown, 1) == 1)
670	return oIgnoredUnknownOption;	668	return oIgnoredUnknownOption;
671	error("%s: line %d: Bad configuration option: %s",	669	error("%s: line %d: Bad configuration option: %s",
672	filename, linenum, cp);	670	filename, linenum, cp);


diff --git a/servconf.c b/servconf.c index 29457b833..c0291947b 100644 --- a/servconf.c +++ b/servconf.c
@@ -1,5 +1,4 @@
1		1	/* $OpenBSD: servconf.c,v 1.269 2015/05/04 06:10:48 djm Exp $ */
2	/* $OpenBSD: servconf.c,v 1.266 2015/04/29 03:48:56 dtucker Exp $ */
3	/*	2	/*
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5	* All rights reserved	4	* All rights reserved
@@ -754,7 +753,6 @@ match_cfg_line(char *condition, int line, struct connection_info ci)
754	{	753	{
755	int result = 1, attributes = 0, port;	754	int result = 1, attributes = 0, port;
756	char arg, attrib, cp = condition;	755	char arg, attrib, cp = condition;
757	size_t len;
758		756
759	if (ci == NULL)	757	if (ci == NULL)
760	debug3("checking syntax for 'Match %s'", cp);	758	debug3("checking syntax for 'Match %s'", cp);
@@ -781,13 +779,12 @@ match_cfg_line(char *condition, int line, struct connection_info ci)
781	error("Missing Match criteria for %s", attrib);	779	error("Missing Match criteria for %s", attrib);
782	return -1;	780	return -1;
783	}	781	}
784	len = strlen(arg);
785	if (strcasecmp(attrib, "user") == 0) {	782	if (strcasecmp(attrib, "user") == 0) {
786	if (ci == NULL \|\| ci->user == NULL) {	783	if (ci == NULL \|\| ci->user == NULL) {
787	result = 0;	784	result = 0;
788	continue;	785	continue;
789	}	786	}
790	if (match_pattern_list(ci->user, arg, len, 0) != 1)	787	if (match_pattern_list(ci->user, arg, 0) != 1)
791	result = 0;	788	result = 0;
792	else	789	else
793	debug("user %.100s matched 'User %.100s' at "	790	debug("user %.100s matched 'User %.100s' at "
@@ -808,7 +805,7 @@ match_cfg_line(char *condition, int line, struct connection_info ci)
808	result = 0;	805	result = 0;
809	continue;	806	continue;
810	}	807	}
811	if (match_hostname(ci->host, arg, len) != 1)	808	if (match_hostname(ci->host, arg) != 1)
812	result = 0;	809	result = 0;
813	else	810	else
814	debug("connection from %.100s matched 'Host "	811	debug("connection from %.100s matched 'Host "


diff --git a/ssh.c b/ssh.c index ae4092544..3fd5a941f 100644 --- a/ssh.c +++ b/ssh.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh.c,v 1.417 2015/04/17 13:16:48 djm Exp $ */	1	/* $OpenBSD: ssh.c,v 1.418 2015/05/04 06:10:48 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -356,10 +356,8 @@ check_follow_cname(char *namep, const char cname)
356	debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname);	356	debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname);
357	for (i = 0; i < options.num_permitted_cnames; i++) {	357	for (i = 0; i < options.num_permitted_cnames; i++) {
358	rule = options.permitted_cnames + i;	358	rule = options.permitted_cnames + i;
359	if (match_pattern_list(*namep, rule->source_list,	359	if (match_pattern_list(*namep, rule->source_list, 1) != 1 \|\|
360	strlen(rule->source_list), 1) != 1 \|\|	360	match_pattern_list(cname, rule->target_list, 1) != 1)
361	match_pattern_list(cname, rule->target_list,
362	strlen(rule->target_list), 1) != 1)
363	continue;	361	continue;
364	verbose("Canonicalized DNS aliased hostname "	362	verbose("Canonicalized DNS aliased hostname "
365	"\"%s\" => \"%s\"", *namep, cname);	363	"\"%s\" => \"%s\"", *namep, cname);


diff --git a/sshconnect2.c b/sshconnect2.c index ba56f6433..fcaed6b01 100644 --- a/sshconnect2.c +++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshconnect2.c,v 1.223 2015/01/30 11:43:14 djm Exp $ */	1	/* $OpenBSD: sshconnect2.c,v 1.224 2015/05/04 06:10:48 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	* Copyright (c) 2008 Damien Miller. All rights reserved.	4	* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1610,8 +1610,7 @@ userauth_hostbased(Authctxt *authctxt)
1610	continue;	1610	continue;
1611	if (match_pattern_list(	1611	if (match_pattern_list(
1612	sshkey_ssh_name(authctxt->sensitive->keys[i]),	1612	sshkey_ssh_name(authctxt->sensitive->keys[i]),
1613	authctxt->active_ktype,	1613	authctxt->active_ktype, 0) != 1)
1614	strlen(authctxt->active_ktype), 0) != 1)
1615	continue;	1614	continue;
1616	/* we take and free the key */	1615	/* we take and free the key */
1617	private = authctxt->sensitive->keys[i];	1616	private = authctxt->sensitive->keys[i];


diff --git a/sshkey.c b/sshkey.c index a36004671..83985ca54 100644 --- a/sshkey.c +++ b/sshkey.c
@@ -251,7 +251,7 @@ sshkey_names_valid2(const char *names, int allow_wildcard)
251	if (kt->type == KEY_RSA1)	251	if (kt->type == KEY_RSA1)
252	continue;	252	continue;
253	if (match_pattern_list(kt->name,	253	if (match_pattern_list(kt->name,
254	p, strlen(p), 0) != 0)	254	p, 0) != 0)
255	break;	255	break;
256	}	256	}
257	if (kt->type != -1)	257	if (kt->type != -1)