summaryrefslogtreecommitdiff
path: root/auth-options.c
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-09-12 18:03:31 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-09-12 18:03:31 +0000
commitd71ba5771b5c67b4efd3294ecb85dc4d10d03265 (patch)
tree8e5906fe7b52c91f68572d6c092bde6951677d3b /auth-options.c
parent62c25a43dbdd0dddb872b997a6f82b4f73c79180 (diff)
- stevesk@cvs.openbsd.org 2001/08/30 20:36:34
[auth-options.c sshd.8] validate ports for permitopen key file option. add host/port alternative syntax for IPv6. ok markus@
Diffstat (limited to 'auth-options.c')
-rw-r--r--auth-options.c32
1 files changed, 15 insertions, 17 deletions
diff --git a/auth-options.c b/auth-options.c
index 83ef02c42..9f90437ca 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth-options.c,v 1.19 2001/06/24 05:25:09 markus Exp $"); 13RCSID("$OpenBSD: auth-options.c,v 1.20 2001/08/30 20:36:34 stevesk Exp $");
14 14
15#include "packet.h" 15#include "packet.h"
16#include "xmalloc.h" 16#include "xmalloc.h"
@@ -20,6 +20,7 @@ RCSID("$OpenBSD: auth-options.c,v 1.19 2001/06/24 05:25:09 markus Exp $");
20#include "channels.h" 20#include "channels.h"
21#include "auth-options.h" 21#include "auth-options.h"
22#include "servconf.h" 22#include "servconf.h"
23#include "misc.h"
23 24
24/* Flags set authorized_keys flags */ 25/* Flags set authorized_keys flags */
25int no_port_forwarding_flag = 0; 26int no_port_forwarding_flag = 0;
@@ -213,8 +214,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
213 } 214 }
214 cp = "permitopen=\""; 215 cp = "permitopen=\"";
215 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 216 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
217 char host[256], sport[6];
216 u_short port; 218 u_short port;
217 char *c, *ep;
218 char *patterns = xmalloc(strlen(opts) + 1); 219 char *patterns = xmalloc(strlen(opts) + 1);
219 220
220 opts += strlen(cp); 221 opts += strlen(cp);
@@ -239,28 +240,25 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
239 } 240 }
240 patterns[i] = 0; 241 patterns[i] = 0;
241 opts++; 242 opts++;
242 c = strchr(patterns, ':'); 243 if (sscanf(patterns, "%255[^:]:%5[0-9]", host, sport) != 2 &&
243 if (c == NULL) { 244 sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) {
244 debug("%.100s, line %lu: permitopen: missing colon <%.100s>", 245 debug("%.100s, line %lu: Bad permitopen specification "
245 file, linenum, patterns); 246 "<%.100s>", file, linenum, patterns);
246 packet_send_debug("%.100s, line %lu: missing colon", 247 packet_send_debug("%.100s, line %lu: "
247 file, linenum); 248 "Bad permitopen specification", file, linenum);
248 xfree(patterns); 249 xfree(patterns);
249 goto bad_option; 250 goto bad_option;
250 } 251 }
251 *c = 0; 252 if ((port = a2port(sport)) == 0) {
252 c++; 253 debug("%.100s, line %lu: Bad permitopen port <%.100s>",
253 port = strtol(c, &ep, 0); 254 file, linenum, sport);
254 if (c == ep) { 255 packet_send_debug("%.100s, line %lu: "
255 debug("%.100s, line %lu: permitopen: missing port <%.100s>", 256 "Bad permitopen port", file, linenum);
256 file, linenum, patterns);
257 packet_send_debug("%.100s, line %lu: missing port",
258 file, linenum);
259 xfree(patterns); 257 xfree(patterns);
260 goto bad_option; 258 goto bad_option;
261 } 259 }
262 if (options.allow_tcp_forwarding) 260 if (options.allow_tcp_forwarding)
263 channel_add_permitted_opens(patterns, port); 261 channel_add_permitted_opens(host, port);
264 xfree(patterns); 262 xfree(patterns);
265 goto next_option; 263 goto next_option;
266 } 264 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 18:57:35 +0000