diff options
author | Darren Tucker <dtucker@zip.com.au> | 2008-06-13 14:51:28 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2008-06-13 14:51:28 +1000 |
commit | 06db584e9de9d904a09300f09feed7f82026d241 (patch) | |
tree | bc1fbff35a49da3ceabd0637ae18265e15e4fa80 | |
parent | 7517b5bd3155a4e29beb6168129a60f022ea9e9f (diff) |
- djm@cvs.openbsd.org 2008/06/13 04:40:22
[auth2-pubkey.c auth-rhosts.c]
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not
regular files; report from Solar Designer via Colin Watson in bz#1471
ok dtucker@ deraadt@
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | auth-rhosts.c | 25 | ||||
-rw-r--r-- | auth2-pubkey.c | 32 |
3 files changed, 50 insertions, 14 deletions
@@ -157,6 +157,11 @@ | |||
157 | - dtucker@cvs.openbsd.org 2008/06/13 01:38:23 | 157 | - dtucker@cvs.openbsd.org 2008/06/13 01:38:23 |
158 | [misc.c] | 158 | [misc.c] |
159 | upcast uid to long with matching %ld, prevents warnings in portable | 159 | upcast uid to long with matching %ld, prevents warnings in portable |
160 | - djm@cvs.openbsd.org 2008/06/13 04:40:22 | ||
161 | [auth2-pubkey.c auth-rhosts.c] | ||
162 | refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not | ||
163 | regular files; report from Solar Designer via Colin Watson in bz#1471 | ||
164 | ok dtucker@ deraadt | ||
160 | - (dtucker) [clientloop.c serverloop.c] channel_register_filter now | 165 | - (dtucker) [clientloop.c serverloop.c] channel_register_filter now |
161 | takes 2 more args. with djm@ | 166 | takes 2 more args. with djm@ |
162 | - (dtucker) [defines.h] Bug #1112: __dead is, well dead. Based on a patch | 167 | - (dtucker) [defines.h] Bug #1112: __dead is, well dead. Based on a patch |
@@ -4328,4 +4333,4 @@ | |||
4328 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 4333 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
4329 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 4334 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
4330 | 4335 | ||
4331 | $Id: ChangeLog,v 1.5001 2008/06/13 04:48:59 dtucker Exp $ | 4336 | $Id: ChangeLog,v 1.5002 2008/06/13 04:51:28 dtucker Exp $ |
diff --git a/auth-rhosts.c b/auth-rhosts.c index cd0a7967a..bbddfb6df 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-rhosts.c,v 1.41 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth-rhosts.c,v 1.42 2008/06/13 04:40:22 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -26,6 +26,7 @@ | |||
26 | #include <stdio.h> | 26 | #include <stdio.h> |
27 | #include <string.h> | 27 | #include <string.h> |
28 | #include <stdarg.h> | 28 | #include <stdarg.h> |
29 | #include <fcntl.h> | ||
29 | 30 | ||
30 | #include "packet.h" | 31 | #include "packet.h" |
31 | #include "buffer.h" | 32 | #include "buffer.h" |
@@ -37,6 +38,7 @@ | |||
37 | #include "key.h" | 38 | #include "key.h" |
38 | #include "hostfile.h" | 39 | #include "hostfile.h" |
39 | #include "auth.h" | 40 | #include "auth.h" |
41 | #include "misc.h" | ||
40 | 42 | ||
41 | /* import */ | 43 | /* import */ |
42 | extern ServerOptions options; | 44 | extern ServerOptions options; |
@@ -55,12 +57,27 @@ check_rhosts_file(const char *filename, const char *hostname, | |||
55 | { | 57 | { |
56 | FILE *f; | 58 | FILE *f; |
57 | char buf[1024]; /* Must not be larger than host, user, dummy below. */ | 59 | char buf[1024]; /* Must not be larger than host, user, dummy below. */ |
60 | int fd; | ||
61 | struct stat st; | ||
58 | 62 | ||
59 | /* Open the .rhosts file, deny if unreadable */ | 63 | /* Open the .rhosts file, deny if unreadable */ |
60 | f = fopen(filename, "r"); | 64 | if ((fd = open(filename, O_RDONLY|O_NONBLOCK)) == -1) |
61 | if (!f) | ||
62 | return 0; | 65 | return 0; |
63 | 66 | if (fstat(fd, &st) == -1) { | |
67 | close(fd); | ||
68 | return 0; | ||
69 | } | ||
70 | if (!S_ISREG(st.st_mode)) { | ||
71 | logit("User %s hosts file %s is not a regular file", | ||
72 | server_user, filename); | ||
73 | close(fd); | ||
74 | return 0; | ||
75 | } | ||
76 | unset_nonblock(fd); | ||
77 | if ((f = fdopen(fd, "r")) == NULL) { | ||
78 | close(fd); | ||
79 | return 0; | ||
80 | } | ||
64 | while (fgets(buf, sizeof(buf), f)) { | 81 | while (fgets(buf, sizeof(buf), f)) { |
65 | /* All three must be at least as big as buf to avoid overflows. */ | 82 | /* All three must be at least as big as buf to avoid overflows. */ |
66 | char hostbuf[1024], userbuf[1024], dummy[1024], *host, *user, *cp; | 83 | char hostbuf[1024], userbuf[1024], dummy[1024], *host, *user, *cp; |
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 9863cd9e6..7f7ddd8cf 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-pubkey.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.16 2008/06/13 04:40:22 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -28,6 +28,7 @@ | |||
28 | #include <sys/types.h> | 28 | #include <sys/types.h> |
29 | #include <sys/stat.h> | 29 | #include <sys/stat.h> |
30 | 30 | ||
31 | #include <fcntl.h> | ||
31 | #include <pwd.h> | 32 | #include <pwd.h> |
32 | #include <stdio.h> | 33 | #include <stdio.h> |
33 | #include <stdarg.h> | 34 | #include <stdarg.h> |
@@ -180,7 +181,7 @@ static int | |||
180 | user_key_allowed2(struct passwd *pw, Key *key, char *file) | 181 | user_key_allowed2(struct passwd *pw, Key *key, char *file) |
181 | { | 182 | { |
182 | char line[SSH_MAX_PUBKEY_BYTES]; | 183 | char line[SSH_MAX_PUBKEY_BYTES]; |
183 | int found_key = 0; | 184 | int found_key = 0, fd; |
184 | FILE *f; | 185 | FILE *f; |
185 | u_long linenum = 0; | 186 | u_long linenum = 0; |
186 | struct stat st; | 187 | struct stat st; |
@@ -192,16 +193,29 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) | |||
192 | 193 | ||
193 | debug("trying public key file %s", file); | 194 | debug("trying public key file %s", file); |
194 | 195 | ||
195 | /* Fail quietly if file does not exist */ | 196 | /* |
196 | if (stat(file, &st) < 0) { | 197 | * Open the file containing the authorized keys |
197 | /* Restore the privileged uid. */ | 198 | * Fail quietly if file does not exist |
199 | */ | ||
200 | if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) { | ||
198 | restore_uid(); | 201 | restore_uid(); |
199 | return 0; | 202 | return 0; |
200 | } | 203 | } |
201 | /* Open the file containing the authorized keys. */ | 204 | if (fstat(fd, &st) < 0) { |
202 | f = fopen(file, "r"); | 205 | close(fd); |
203 | if (!f) { | 206 | restore_uid(); |
204 | /* Restore the privileged uid. */ | 207 | return 0; |
208 | } | ||
209 | if (!S_ISREG(st.st_mode)) { | ||
210 | logit("User %s authorized keys %s is not a regular file", | ||
211 | pw->pw_name, file); | ||
212 | close(fd); | ||
213 | restore_uid(); | ||
214 | return 0; | ||
215 | } | ||
216 | unset_nonblock(fd); | ||
217 | if ((f = fdopen(fd, "r")) == NULL) { | ||
218 | close(fd); | ||
205 | restore_uid(); | 219 | restore_uid(); |
206 | return 0; | 220 | return 0; |
207 | } | 221 | } |