ssh-vulnkey handles options in authorized_keys (LP: #230029).

author: Colin Watson <cjwatson@debian.org> 2008-05-14 10:41:23 +0000
committer: Colin Watson <cjwatson@debian.org> 2008-05-14 10:41:23 +0000
commit: 566b9e890972bbae06b8ae6970be8ce799d48339 (patch)
tree: cf32893b722ebf7d1913fe7bcfe684f4f81ed672 /ssh-vulnkey.c
parent: 5e8773e2a2ec23ec130cf316d416a0d7c17d526a (diff)
1 files changed, 55 insertions, 41 deletions
diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c
index ba87cbd28..3297c431a 100644
--- a/ssh-vulnkey.c
+++ b/ssh-vulnkey.c
@@ -138,55 +138,69 @@ do_filename(const char *filename, int quiet_open)
                f = stdin;
        while (read_keyfile_line(f, filename, line, sizeof(line),
                    &linenum) != -1) {
-                cp = line;
+                int i;
-                switch (*cp) {
+                char *space;
-                case '#':
+                int type;
-                case '\n':
-                case '\0':
+                /* Chop trailing newline. */
-                        continue;
+                i = strlen(line) - 1;
-                }
+                if (line[i] == '\n')
-                /* Skip leading whitespace. */
+                        line[i] = '\0';
-                for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
+                /* Skip leading whitespace, empty and comment lines. */
+                for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
                        ;
-                /* Cope with ssh-keyscan output. */
+                if (!*cp || *cp == '\n' || *cp == '#')
-                comment = NULL;
+                        continue;
-                if (*cp) {
-                        char *space;
+                /* Cope with ssh-keyscan output and options in
-                        int type;
+                 * authorized_keys files.
+                 */
-                        space = strchr(cp, ' ');
+                space = strchr(cp, ' ');
-                        if (!space)
+                if (!space)
-                                continue;
+                        continue;
-                        *space = '\0';
+                *space = '\0';
-                        type = key_type_from_name(cp);
+                type = key_type_from_name(cp);
-                        if (type == KEY_UNSPEC) {
+                *space = ' ';
-                                comment = xstrdup(cp);
+                /* Leading number (RSA1) or valid type (RSA/DSA) indicates
-                                cp = space + 1;
+                 * that we have no host name or options to skip.
+                 */
+                if (atoi(cp) == 0 && type == KEY_UNSPEC) {
+                        int quoted = 0;
+                        for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
+                                if (*cp == '\\' && cp[1] == '"')
+                                        cp++;   /* Skip both */
+                                else if (*cp == '"')
+                                        quoted = !quoted;
                        }
-                        *space = ' ';
+                        /* Skip remaining whitespace. */
+                        for (; *cp == ' ' || *cp == '\t'; cp++)
+                                ;
+                        if (!*cp)
+                                continue;
                }
-                if (!comment)
-                        comment = xstrdup(filename);
+                /* Read and process the key itself. */
-                if (*cp) {
+                key = key_new(KEY_RSA1);
-                        key = key_new(KEY_RSA1);
+                if (key_read(key, &cp) == 1) {
+                        while (*cp == ' ' || *cp == '\t')
+                                cp++;
+                        if (!do_key(key, *cp ? cp : filename))
+                                ret = 0;
+                        found = 1;
+                } else {
+                        key_free(key);
+                        key = key_new(KEY_UNSPEC);
                        if (key_read(key, &cp) == 1) {
-                                if (!do_key(key, comment))
+                                while (*cp == ' ' || *cp == '\t')
+                                        cp++;
+                                if (!do_key(key, *cp ? cp : filename))
                                        ret = 0;
-                                key_free(key);
                                found = 1;
-                        } else {
-                                key_free(key);
-                                key = key_new(KEY_UNSPEC);
-                                if (key_read(key, &cp) == 1) {
-                                        if (!do_key(key, comment))
-                                                ret = 0;
-                                        key_free(key);
-                                        found = 1;
-                                }
                        }
                }
-                xfree(comment);
+                key_free(key);
-                comment = NULL;
        }
        if (f != stdin)
                fclose(f);
author	Colin Watson <cjwatson@debian.org>	2008-05-14 10:41:23 +0000
committer	Colin Watson <cjwatson@debian.org>	2008-05-14 10:41:23 +0000
commit	566b9e890972bbae06b8ae6970be8ce799d48339 (patch)
tree	cf32893b722ebf7d1913fe7bcfe684f4f81ed672 /ssh-vulnkey.c
parent	5e8773e2a2ec23ec130cf316d416a0d7c17d526a (diff)

diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c index ba87cbd28..3297c431a 100644 --- a/ssh-vulnkey.c +++ b/ssh-vulnkey.c
@@ -138,55 +138,69 @@ do_filename(const char *filename, int quiet_open)
138	f = stdin;	138	f = stdin;
139	while (read_keyfile_line(f, filename, line, sizeof(line),	139	while (read_keyfile_line(f, filename, line, sizeof(line),
140	&linenum) != -1) {	140	&linenum) != -1) {
141	cp = line;	141	int i;
142	switch (*cp) {	142	char *space;
143	case '#':	143	int type;
144	case '\n':	144
145	case '\0':	145	/* Chop trailing newline. */
146	continue;	146	i = strlen(line) - 1;
147	}	147	if (line[i] == '\n')
148	/* Skip leading whitespace. */	148	line[i] = '\0';
149	for (; cp && (cp == ' ' \|\| *cp == '\t'); cp++)	149
		150	/* Skip leading whitespace, empty and comment lines. */
		151	for (cp = line; cp == ' ' \|\| cp == '\t'; cp++)
150	;	152	;
151	/* Cope with ssh-keyscan output. */	153	if (!cp \|\| cp == '\n' \|\| *cp == '#')
152	comment = NULL;	154	continue;
153	if (*cp) {	155
154	char *space;	156	/* Cope with ssh-keyscan output and options in
155	int type;	157	* authorized_keys files.
156		158	*/
157	space = strchr(cp, ' ');	159	space = strchr(cp, ' ');
158	if (!space)	160	if (!space)
159	continue;	161	continue;
160	*space = '\0';	162	*space = '\0';
161	type = key_type_from_name(cp);	163	type = key_type_from_name(cp);
162	if (type == KEY_UNSPEC) {	164	*space = ' ';
163	comment = xstrdup(cp);	165	/* Leading number (RSA1) or valid type (RSA/DSA) indicates
164	cp = space + 1;	166	* that we have no host name or options to skip.
		167	*/
		168	if (atoi(cp) == 0 && type == KEY_UNSPEC) {
		169	int quoted = 0;
		170
		171	for (; cp && (quoted \|\| (cp != ' ' && *cp != '\t')); cp++) {
		172	if (*cp == '\\' && cp[1] == '"')
		173	cp++; /* Skip both */
		174	else if (*cp == '"')
		175	quoted = !quoted;
165	}	176	}
166	*space = ' ';	177	/* Skip remaining whitespace. */
		178	for (; cp == ' ' \|\| cp == '\t'; cp++)
		179	;
		180	if (!*cp)
		181	continue;
167	}	182	}
168	if (!comment)	183
169	comment = xstrdup(filename);	184	/* Read and process the key itself. */
170	if (*cp) {	185	key = key_new(KEY_RSA1);
171	key = key_new(KEY_RSA1);	186	if (key_read(key, &cp) == 1) {
		187	while (cp == ' ' \|\| cp == '\t')
		188	cp++;
		189	if (!do_key(key, *cp ? cp : filename))
		190	ret = 0;
		191	found = 1;
		192	} else {
		193	key_free(key);
		194	key = key_new(KEY_UNSPEC);
172	if (key_read(key, &cp) == 1) {	195	if (key_read(key, &cp) == 1) {
173	if (!do_key(key, comment))	196	while (cp == ' ' \|\| cp == '\t')
		197	cp++;
		198	if (!do_key(key, *cp ? cp : filename))
174	ret = 0;	199	ret = 0;
175	key_free(key);
176	found = 1;	200	found = 1;
177	} else {
178	key_free(key);
179	key = key_new(KEY_UNSPEC);
180	if (key_read(key, &cp) == 1) {
181	if (!do_key(key, comment))
182	ret = 0;
183	key_free(key);
184	found = 1;
185	}
186	}	201	}
187	}	202	}
188	xfree(comment);	203	key_free(key);
189	comment = NULL;
190	}	204	}
191	if (f != stdin)	205	if (f != stdin)
192	fclose(f);	206	fclose(f);