Import openssh_8.0p1.orig.tar.gz

1 files changed, 44 insertions, 26 deletions

diff --git a/servconf.c b/servconf.c
index 932d363bb..ffac5d2c7 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.342 2018/09/20 23:40:16 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.350 2019/03/25 22:33:44 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -221,26 +221,40 @@ assemble_algorithms(ServerOptions *o)
 }
 
 static void
-array_append(const char *file, const int line, const char *directive,
-    char ***array, u_int *lp, const char *s)
+array_append2(const char *file, const int line, const char *directive,
+    char ***array, int **iarray, u_int *lp, const char *s, int i)
 {
 
         if (*lp >= INT_MAX)
                 fatal("%s line %d: Too many %s entries", file, line, directive);
 
+        if (iarray != NULL) {
+                *iarray = xrecallocarray(*iarray, *lp, *lp + 1,
+                    sizeof(**iarray));
+                (*iarray)[*lp] = i;
+        }
+
         *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));
         (*array)[*lp] = xstrdup(s);
         (*lp)++;
 }
 
+static void
+array_append(const char *file, const int line, const char *directive,
+    char ***array, u_int *lp, const char *s)
+{
+        array_append2(file, line, directive, array, NULL, lp, s, 0);
+}
+
 void
 servconf_add_hostkey(const char *file, const int line,
-    ServerOptions *options, const char *path)
+    ServerOptions *options, const char *path, int userprovided)
 {
         char *apath = derelativise_path(path);
 
-        array_append(file, line, "HostKey",
-            &options->host_key_files, &options->num_host_key_files, apath);
+        array_append2(file, line, "HostKey",
+            &options->host_key_files, &options->host_key_file_userprovided,
+            &options->num_host_key_files, apath, userprovided);
         free(apath);
 }
 
@@ -268,16 +282,16 @@ fill_default_server_options(ServerOptions *options)
         if (options->num_host_key_files == 0) {
                 /* fill default hostkeys for protocols */
                 servconf_add_hostkey("[default]", 0, options,
-                    _PATH_HOST_RSA_KEY_FILE);
+                    _PATH_HOST_RSA_KEY_FILE, 0);
 #ifdef OPENSSL_HAS_ECC
                 servconf_add_hostkey("[default]", 0, options,
-                    _PATH_HOST_ECDSA_KEY_FILE);
+                    _PATH_HOST_ECDSA_KEY_FILE, 0);
 #endif
                 servconf_add_hostkey("[default]", 0, options,
-                    _PATH_HOST_ED25519_KEY_FILE);
+                    _PATH_HOST_ED25519_KEY_FILE, 0);
 #ifdef WITH_XMSS
                 servconf_add_hostkey("[default]", 0, options,
-                    _PATH_HOST_XMSS_KEY_FILE);
+                    _PATH_HOST_XMSS_KEY_FILE, 0);
 #endif /* WITH_XMSS */
         }
         /* No certificates by default */
@@ -456,7 +470,6 @@ fill_default_server_options(ServerOptions *options)
                 options->compression = 0;
         }
 #endif
-
 }
 
 /* Keyword tokens. */
@@ -702,7 +715,7 @@ derelativise_path(const char *path)
         if (strcasecmp(path, "none") == 0)
                 return xstrdup("none");
         expanded = tilde_expand_filename(path, getuid());
-        if (*expanded == '/')
+        if (path_absolute(expanded))
                 return expanded;
         if (getcwd(cwd, sizeof(cwd)) == NULL)
                 fatal("%s: getcwd: %s", __func__, strerror(errno));
@@ -864,7 +877,7 @@ process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,
 {
         u_int i;
         int port;
-        char *host, *arg, *oarg;
+        char *host, *arg, *oarg, ch;
         int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE;
         const char *what = lookup_opcode_name(opcode);
 
@@ -882,8 +895,9 @@ process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,
         /* Otherwise treat it as a list of permitted host:port */
         for (i = 0; i < num_opens; i++) {
                 oarg = arg = xstrdup(opens[i]);
-                host = hpdelim(&arg);
-                if (host == NULL)
+                ch = '\0';
+                host = hpdelim2(&arg, &ch);
+                if (host == NULL || ch == '/')
                         fatal("%s: missing host in %s", __func__, what);
                 host = cleanhostname(host);
                 if (arg == NULL || ((port = permitopen_port(arg)) < 0))
@@ -909,12 +923,11 @@ process_permitopen(struct ssh *ssh, ServerOptions *options)
 }
 
 struct connection_info *
-get_connection_info(int populate, int use_dns)
+get_connection_info(struct ssh *ssh, int populate, int use_dns)
 {
-        struct ssh *ssh = active_state; /* XXX */
         static struct connection_info ci;
 
-        if (!populate)
+        if (ssh == NULL || !populate)
                 return &ci;
         ci.host = auth_get_canonical_hostname(ssh, use_dns);
         ci.address = ssh_remote_ipaddr(ssh);
@@ -1035,7 +1048,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
                         }
                         if (ci->user == NULL)
                                 match_test_missing_fatal("User", "user");
-                        if (match_pattern_list(ci->user, arg, 0) != 1)
+                        if (match_usergroup_pattern_list(ci->user, arg) != 1)
                                 result = 0;
                         else
                                 debug("user %.100s matched 'User %.100s' at "
@@ -1201,7 +1214,7 @@ process_server_config_line(ServerOptions *options, char *line,
     const char *filename, int linenum, int *activep,
     struct connection_info *connectinfo)
 {
-        char *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;
+        char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;
         int cmdline = 0, *intptr, value, value2, n, port;
         SyslogFacility *log_facility_ptr;
         LogLevel *log_level_ptr;
@@ -1301,8 +1314,10 @@ process_server_config_line(ServerOptions *options, char *line,
                         port = 0;
                         p = arg;
                 } else {
-                        p = hpdelim(&arg);
-                        if (p == NULL)
+                        arg2 = NULL;
+                        ch = '\0';
+                        p = hpdelim2(&arg, &ch);
+                        if (p == NULL || ch == '/')
                                 fatal("%s line %d: bad address:port usage",
                                     filename, linenum);
                         p = cleanhostname(p);
@@ -1355,8 +1370,10 @@ process_server_config_line(ServerOptions *options, char *line,
                 if (!arg || *arg == '\0')
                         fatal("%s line %d: missing file name.",
                             filename, linenum);
-                if (*activep)
-                        servconf_add_hostkey(filename, linenum, options, arg);
+                if (*activep) {
+                        servconf_add_hostkey(filename, linenum,
+                            options, arg, 1);
+                }
                 break;
 
         case sHostKeyAgent:
@@ -1928,8 +1945,9 @@ process_server_config_line(ServerOptions *options, char *line,
                                 xasprintf(&arg2, "*:%s", arg);
                         } else {
                                 arg2 = xstrdup(arg);
-                                p = hpdelim(&arg);
-                                if (p == NULL) {
+                                ch = '\0';
+                                p = hpdelim2(&arg, &ch);
+                                if (p == NULL || ch == '/') {
                                         fatal("%s line %d: missing host in %s",
                                             filename, linenum,
                                             lookup_opcode_name(opcode));