Fix ssh-keyscan to correctly hash hosts with a port number (closes: #857736, LP: #1670745).

author: Colin Watson <cjwatson@debian.org> 2017-03-14 13:41:34 +0000
committer: Colin Watson <cjwatson@debian.org> 2017-03-14 13:43:04 +0000
commit: 4b128b76f5e0e41c3edb950ec503cf04bdd83028 (patch)
tree: 2faa96a0c1ff1a6019f0a007bb69599edccc0531
parent: 5e90171e0d3f39624c922a06e434423b31f6f9b9 (diff)
parent: a0f9daa9c3cc2b37b9707b228263eb717d201371 (diff)
5 files changed, 59 insertions, 7 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm
index 0acd19a85..9ddb5b008 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-78800aa252da1ebbfb55f7e593f43c337e694cc3
+a0f9daa9c3cc2b37b9707b228263eb717d201371
-78800aa252da1ebbfb55f7e593f43c337e694cc3
+a0f9daa9c3cc2b37b9707b228263eb717d201371
 971a7653746a6972b907dfe0ce139c06e4a6f482
 971a7653746a6972b907dfe0ce139c06e4a6f482
 openssh_7.4p1.orig.tar.gz
diff --git a/debian/changelog b/debian/changelog
index 0920286dd..b0a965c15 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ openssh (1:7.4p1-8) UNRELEASED; urgency=medium
  * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
    already-hashed entries (closes: #851734, LP: #1668093).
+  * Fix ssh-keyscan to correctly hash hosts with a port number (closes:
+    #857736, LP: #1670745).
 -- Colin Watson <cjwatson@debian.org>  Thu, 09 Mar 2017 11:25:55 +0000
diff --git a/debian/patches/series b/debian/patches/series
index 7ddc4a772..2d9d2bc12 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -31,3 +31,4 @@ sandbox-x32-workaround.patch
 no-dsa-host-key-by-default.patch
 restore-authorized_keys2.patch
 ssh-keygen-hash-corruption.patch
+ssh-keyscan-hash-port.patch
diff --git a/debian/patches/ssh-keyscan-hash-port.patch b/debian/patches/ssh-keyscan-hash-port.patch
new file mode 100644
index 000000000..32a2f6a01
--- /dev/null
+++ b/debian/patches/ssh-keyscan-hash-port.patch
@@ -0,0 +1,48 @@
+From a0f9daa9c3cc2b37b9707b228263eb717d201371 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 10 Mar 2017 03:18:24 +0000
+Subject: upstream commit
+correctly hash hosts with a port number. Reported by Josh
+Powers in bz#2692; ok dtucker@
+Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
+Origin: https://anongit.mindrot.org/openssh.git/commit/?id=8a2834454c73dfc1eb96453c0e97690595f3f4c2
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2692
+Bug-Debian: https://bugs.debian.org/857736
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1670745
+Last-Update: 2017-03-14
+Patch-Name: ssh-keyscan-hash-port.patch
+---
+ ssh-keyscan.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+diff --git a/ssh-keyscan.c b/ssh-keyscan.c
+index c30d54e6..24b51ff1 100644
+--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
+@@ -321,16 +321,17 @@ keygrab_ssh2(con *c)
+ }
+ 
+ static void
+-keyprint_one(char *host, struct sshkey *key)
+keyprint_one(const char *host, struct sshkey *key)
+ {
+        char *hostport;
+-
+-       if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
+-               fatal("host_hash failed");
+       const char *known_host, *hashed;
+ 
+        hostport = put_host_port(host, ssh_port);
+       if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL)
+               fatal("host_hash failed");
+       known_host = hash_hosts ? hashed : hostport;
+        if (!get_cert)
+-               fprintf(stdout, "%s ", hostport);
+               fprintf(stdout, "%s ", known_host);
+        sshkey_write(key, stdout);
+        fputs("\n", stdout);
+        free(hostport);
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index c30d54e62..24b51ff12 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -321,16 +321,17 @@ keygrab_ssh2(con *c)
 }
 static void
-keyprint_one(char *host, struct sshkey *key)
+keyprint_one(const char *host, struct sshkey *key)
 {
        char *hostport;
+        const char *known_host, *hashed;
-        if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
-                fatal("host_hash failed");
        hostport = put_host_port(host, ssh_port);
+        if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL)
+                fatal("host_hash failed");
+        known_host = hash_hosts ? hashed : hostport;
        if (!get_cert)
-                fprintf(stdout, "%s ", hostport);
+                fprintf(stdout, "%s ", known_host);
        sshkey_write(key, stdout);
        fputs("\n", stdout);
        free(hostport);
author	Colin Watson <cjwatson@debian.org>	2017-03-14 13:41:34 +0000
committer	Colin Watson <cjwatson@debian.org>	2017-03-14 13:43:04 +0000
commit	4b128b76f5e0e41c3edb950ec503cf04bdd83028 (patch)
tree	2faa96a0c1ff1a6019f0a007bb69599edccc0531
parent	5e90171e0d3f39624c922a06e434423b31f6f9b9 (diff)
parent	a0f9daa9c3cc2b37b9707b228263eb717d201371 (diff)

diff --git a/debian/.git-dpm b/debian/.git-dpm index 0acd19a85..9ddb5b008 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
1	# see git-dpm(1) from git-dpm package	1	# see git-dpm(1) from git-dpm package
2	78800aa252da1ebbfb55f7e593f43c337e694cc3	2	a0f9daa9c3cc2b37b9707b228263eb717d201371
3	78800aa252da1ebbfb55f7e593f43c337e694cc3	3	a0f9daa9c3cc2b37b9707b228263eb717d201371
4	971a7653746a6972b907dfe0ce139c06e4a6f482	4	971a7653746a6972b907dfe0ce139c06e4a6f482
5	971a7653746a6972b907dfe0ce139c06e4a6f482	5	971a7653746a6972b907dfe0ce139c06e4a6f482
6	openssh_7.4p1.orig.tar.gz	6	openssh_7.4p1.orig.tar.gz


diff --git a/debian/changelog b/debian/changelog index 0920286dd..b0a965c15 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -2,6 +2,8 @@ openssh (1:7.4p1-8) UNRELEASED; urgency=medium
2		2
3	* Fix ssh-keygen -H accidentally corrupting known_hosts that contained	3	* Fix ssh-keygen -H accidentally corrupting known_hosts that contained
4	already-hashed entries (closes: #851734, LP: #1668093).	4	already-hashed entries (closes: #851734, LP: #1668093).
		5	* Fix ssh-keyscan to correctly hash hosts with a port number (closes:
		6	#857736, LP: #1670745).
5		7
6	-- Colin Watson <cjwatson@debian.org> Thu, 09 Mar 2017 11:25:55 +0000	8	-- Colin Watson <cjwatson@debian.org> Thu, 09 Mar 2017 11:25:55 +0000
7		9


diff --git a/debian/patches/series b/debian/patches/series index 7ddc4a772..2d9d2bc12 100644 --- a/debian/patches/series +++ b/debian/patches/series
@@ -31,3 +31,4 @@ sandbox-x32-workaround.patch
31	no-dsa-host-key-by-default.patch	31	no-dsa-host-key-by-default.patch
32	restore-authorized_keys2.patch	32	restore-authorized_keys2.patch
33	ssh-keygen-hash-corruption.patch	33	ssh-keygen-hash-corruption.patch
		34	ssh-keyscan-hash-port.patch


diff --git a/debian/patches/ssh-keyscan-hash-port.patch b/debian/patches/ssh-keyscan-hash-port.patch new file mode 100644 index 000000000..32a2f6a01 --- /dev/null +++ b/debian/patches/ssh-keyscan-hash-port.patch
@@ -0,0 +1,48 @@
		1	From a0f9daa9c3cc2b37b9707b228263eb717d201371 Mon Sep 17 00:00:00 2001
		2	From: "djm@openbsd.org" <djm@openbsd.org>
		3	Date: Fri, 10 Mar 2017 03:18:24 +0000
		4	Subject: upstream commit
		5
		6	correctly hash hosts with a port number. Reported by Josh
		7	Powers in bz#2692; ok dtucker@
		8
		9	Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
		10
		11	Origin: https://anongit.mindrot.org/openssh.git/commit/?id=8a2834454c73dfc1eb96453c0e97690595f3f4c2
		12	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2692
		13	Bug-Debian: https://bugs.debian.org/857736
		14	Bug-Ubuntu: https://bugs.launchpad.net/bugs/1670745
		15	Last-Update: 2017-03-14
		16
		17	Patch-Name: ssh-keyscan-hash-port.patch
		18	---
		19	ssh-keyscan.c \| 11 ++++++-----
		20	1 file changed, 6 insertions(+), 5 deletions(-)
		21
		22	diff --git a/ssh-keyscan.c b/ssh-keyscan.c
		23	index c30d54e6..24b51ff1 100644
		24	--- a/ssh-keyscan.c
		25	+++ b/ssh-keyscan.c
		26	@@ -321,16 +321,17 @@ keygrab_ssh2(con *c)
		27	}
		28
		29	static void
		30	-keyprint_one(char host, struct sshkey key)
		31	+keyprint_one(const char host, struct sshkey key)
		32	{
		33	char *hostport;
		34	-
		35	- if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
		36	- fatal("host_hash failed");
		37	+ const char known_host, hashed;
		38
		39	hostport = put_host_port(host, ssh_port);
		40	+ if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL)
		41	+ fatal("host_hash failed");
		42	+ known_host = hash_hosts ? hashed : hostport;
		43	if (!get_cert)
		44	- fprintf(stdout, "%s ", hostport);
		45	+ fprintf(stdout, "%s ", known_host);
		46	sshkey_write(key, stdout);
		47	fputs("\n", stdout);
		48	free(hostport);


diff --git a/ssh-keyscan.c b/ssh-keyscan.c index c30d54e62..24b51ff12 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c
@@ -321,16 +321,17 @@ keygrab_ssh2(con *c)
321	}	321	}
322		322
323	static void	323	static void
324	keyprint_one(char host, struct sshkey key)	324	keyprint_one(const char host, struct sshkey key)
325	{	325	{
326	char *hostport;	326	char *hostport;
327		327	const char known_host, hashed;
328	if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
329	fatal("host_hash failed");
330		328
331	hostport = put_host_port(host, ssh_port);	329	hostport = put_host_port(host, ssh_port);
		330	if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL)
		331	fatal("host_hash failed");
		332	known_host = hash_hosts ? hashed : hostport;
332	if (!get_cert)	333	if (!get_cert)
333	fprintf(stdout, "%s ", hostport);	334	fprintf(stdout, "%s ", known_host);
334	sshkey_write(key, stdout);	335	sshkey_write(key, stdout);
335	fputs("\n", stdout);	336	fputs("\n", stdout);
336	free(hostport);	337	free(hostport);