summaryrefslogtreecommitdiff
path: root/auth-options.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2010-03-04 21:51:11 +1100
committerDamien Miller <djm@mindrot.org>2010-03-04 21:51:11 +1100
commit41396573afc94d64973d9eb824ca510d39260b3e (patch)
tree4aa4eeda0157ac9d415c1221fa3e79bb971c358a /auth-options.c
parente1abf4d6bc4bea0bb76e6ff89ca6048122e90d81 (diff)
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/03/03 01:44:36 [auth-options.c key.c] reject strings with embedded ASCII nul chars in certificate key IDs, principal names and constraints
Diffstat (limited to 'auth-options.c')
-rw-r--r--auth-options.c28
1 files changed, 20 insertions, 8 deletions
diff --git a/auth-options.c b/auth-options.c
index 396bda62f..d14624bf4 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-options.c,v 1.45 2010/02/26 20:29:54 djm Exp $ */ 1/* $OpenBSD: auth-options.c,v 1.46 2010/03/03 01:44:36 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -391,7 +391,7 @@ int
391auth_cert_constraints(Buffer *c_orig, struct passwd *pw) 391auth_cert_constraints(Buffer *c_orig, struct passwd *pw)
392{ 392{
393 u_char *name = NULL, *data_blob = NULL; 393 u_char *name = NULL, *data_blob = NULL;
394 u_int len; 394 u_int nlen, dlen, clen;
395 Buffer c, data; 395 Buffer c, data;
396 int ret = -1; 396 int ret = -1;
397 397
@@ -410,14 +410,18 @@ auth_cert_constraints(Buffer *c_orig, struct passwd *pw)
410 buffer_append(&c, buffer_ptr(c_orig), buffer_len(c_orig)); 410 buffer_append(&c, buffer_ptr(c_orig), buffer_len(c_orig));
411 411
412 while (buffer_len(&c) > 0) { 412 while (buffer_len(&c) > 0) {
413 if ((name = buffer_get_string_ret(&c, NULL)) == NULL || 413 if ((name = buffer_get_string_ret(&c, &nlen)) == NULL ||
414 (data_blob = buffer_get_string_ret(&c, &len)) == NULL) { 414 (data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) {
415 error("Certificate constraints corrupt"); 415 error("Certificate constraints corrupt");
416 goto out; 416 goto out;
417 } 417 }
418 buffer_append(&data, data_blob, len); 418 buffer_append(&data, data_blob, dlen);
419 debug3("found certificate constraint \"%.100s\" len %u", 419 debug3("found certificate constraint \"%.100s\" len %u",
420 name, len); 420 name, dlen);
421 if (strlen(name) != nlen) {
422 error("Certificate constraint name contains \\0");
423 goto out;
424 }
421 if (strcmp(name, "permit-X11-forwarding") == 0) 425 if (strcmp(name, "permit-X11-forwarding") == 0)
422 cert_no_x11_forwarding_flag = 0; 426 cert_no_x11_forwarding_flag = 0;
423 else if (strcmp(name, "permit-agent-forwarding") == 0) 427 else if (strcmp(name, "permit-agent-forwarding") == 0)
@@ -429,13 +433,17 @@ auth_cert_constraints(Buffer *c_orig, struct passwd *pw)
429 else if (strcmp(name, "permit-user-rc") == 0) 433 else if (strcmp(name, "permit-user-rc") == 0)
430 cert_no_user_rc = 0; 434 cert_no_user_rc = 0;
431 else if (strcmp(name, "force-command") == 0) { 435 else if (strcmp(name, "force-command") == 0) {
432 char *command = buffer_get_string_ret(&data, NULL); 436 char *command = buffer_get_string_ret(&data, &clen);
433 437
434 if (command == NULL) { 438 if (command == NULL) {
435 error("Certificate constraint \"%s\" corrupt", 439 error("Certificate constraint \"%s\" corrupt",
436 name); 440 name);
437 goto out; 441 goto out;
438 } 442 }
443 if (strlen(command) != clen) {
444 error("force-command constrain contains \\0");
445 goto out;
446 }
439 if (cert_forced_command != NULL) { 447 if (cert_forced_command != NULL) {
440 error("Certificate has multiple " 448 error("Certificate has multiple "
441 "forced-command constraints"); 449 "forced-command constraints");
@@ -444,7 +452,7 @@ auth_cert_constraints(Buffer *c_orig, struct passwd *pw)
444 } 452 }
445 cert_forced_command = command; 453 cert_forced_command = command;
446 } else if (strcmp(name, "source-address") == 0) { 454 } else if (strcmp(name, "source-address") == 0) {
447 char *allowed = buffer_get_string_ret(&data, NULL); 455 char *allowed = buffer_get_string_ret(&data, &clen);
448 const char *remote_ip = get_remote_ipaddr(); 456 const char *remote_ip = get_remote_ipaddr();
449 457
450 if (allowed == NULL) { 458 if (allowed == NULL) {
@@ -452,6 +460,10 @@ auth_cert_constraints(Buffer *c_orig, struct passwd *pw)
452 name); 460 name);
453 goto out; 461 goto out;
454 } 462 }
463 if (strlen(allowed) != clen) {
464 error("source-address constrain contains \\0");
465 goto out;
466 }
455 if (cert_source_address_done++) { 467 if (cert_source_address_done++) {
456 error("Certificate has multiple " 468 error("Certificate has multiple "
457 "source-address constraints"); 469 "source-address constraints");