diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-10-05 15:52:03 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-10-20 12:01:02 +1100 |
| commit | dceabc7ad7ebc7769c8214a1647af64c9a1d92e5 (patch) | |
| tree | 513eb2c60aafcc240cd9bc2027a4f919a2934978 /sshd.c | |
| parent | 2b4f3ab050c2aaf6977604dd037041372615178d (diff) | |
upstream commit
replace statically-sized arrays in ServerOptions with
dynamic ones managed by xrecallocarray, removing some arbitrary (though
large) limits and saving a bit of memory; "much nicer" markus@
Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 54 |
1 files changed, 24 insertions, 30 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshd.c,v 1.492 2017/09/12 06:32:07 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.493 2017/10/05 15:52:03 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -467,7 +467,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) | |||
| 467 | void | 467 | void |
| 468 | destroy_sensitive_data(void) | 468 | destroy_sensitive_data(void) |
| 469 | { | 469 | { |
| 470 | int i; | 470 | u_int i; |
| 471 | 471 | ||
| 472 | for (i = 0; i < options.num_host_key_files; i++) { | 472 | for (i = 0; i < options.num_host_key_files; i++) { |
| 473 | if (sensitive_data.host_keys[i]) { | 473 | if (sensitive_data.host_keys[i]) { |
| @@ -486,7 +486,7 @@ void | |||
| 486 | demote_sensitive_data(void) | 486 | demote_sensitive_data(void) |
| 487 | { | 487 | { |
| 488 | struct sshkey *tmp; | 488 | struct sshkey *tmp; |
| 489 | int i; | 489 | u_int i; |
| 490 | 490 | ||
| 491 | for (i = 0; i < options.num_host_key_files; i++) { | 491 | for (i = 0; i < options.num_host_key_files; i++) { |
| 492 | if (sensitive_data.host_keys[i]) { | 492 | if (sensitive_data.host_keys[i]) { |
| @@ -685,7 +685,7 @@ list_hostkey_types(void) | |||
| 685 | Buffer b; | 685 | Buffer b; |
| 686 | const char *p; | 686 | const char *p; |
| 687 | char *ret; | 687 | char *ret; |
| 688 | int i; | 688 | u_int i; |
| 689 | struct sshkey *key; | 689 | struct sshkey *key; |
| 690 | 690 | ||
| 691 | buffer_init(&b); | 691 | buffer_init(&b); |
| @@ -745,7 +745,7 @@ list_hostkey_types(void) | |||
| 745 | static struct sshkey * | 745 | static struct sshkey * |
| 746 | get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh) | 746 | get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh) |
| 747 | { | 747 | { |
| 748 | int i; | 748 | u_int i; |
| 749 | struct sshkey *key; | 749 | struct sshkey *key; |
| 750 | 750 | ||
| 751 | for (i = 0; i < options.num_host_key_files; i++) { | 751 | for (i = 0; i < options.num_host_key_files; i++) { |
| @@ -785,7 +785,7 @@ get_hostkey_private_by_type(int type, int nid, struct ssh *ssh) | |||
| 785 | struct sshkey * | 785 | struct sshkey * |
| 786 | get_hostkey_by_index(int ind) | 786 | get_hostkey_by_index(int ind) |
| 787 | { | 787 | { |
| 788 | if (ind < 0 || ind >= options.num_host_key_files) | 788 | if (ind < 0 || (u_int)ind >= options.num_host_key_files) |
| 789 | return (NULL); | 789 | return (NULL); |
| 790 | return (sensitive_data.host_keys[ind]); | 790 | return (sensitive_data.host_keys[ind]); |
| 791 | } | 791 | } |
| @@ -793,7 +793,7 @@ get_hostkey_by_index(int ind) | |||
| 793 | struct sshkey * | 793 | struct sshkey * |
| 794 | get_hostkey_public_by_index(int ind, struct ssh *ssh) | 794 | get_hostkey_public_by_index(int ind, struct ssh *ssh) |
| 795 | { | 795 | { |
| 796 | if (ind < 0 || ind >= options.num_host_key_files) | 796 | if (ind < 0 || (u_int)ind >= options.num_host_key_files) |
| 797 | return (NULL); | 797 | return (NULL); |
| 798 | return (sensitive_data.host_pubkeys[ind]); | 798 | return (sensitive_data.host_pubkeys[ind]); |
| 799 | } | 799 | } |
| @@ -801,7 +801,7 @@ get_hostkey_public_by_index(int ind, struct ssh *ssh) | |||
| 801 | int | 801 | int |
| 802 | get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh) | 802 | get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh) |
| 803 | { | 803 | { |
| 804 | int i; | 804 | u_int i; |
| 805 | 805 | ||
| 806 | for (i = 0; i < options.num_host_key_files; i++) { | 806 | for (i = 0; i < options.num_host_key_files; i++) { |
| 807 | if (key_is_cert(key)) { | 807 | if (key_is_cert(key)) { |
| @@ -830,7 +830,8 @@ notify_hostkeys(struct ssh *ssh) | |||
| 830 | { | 830 | { |
| 831 | struct sshbuf *buf; | 831 | struct sshbuf *buf; |
| 832 | struct sshkey *key; | 832 | struct sshkey *key; |
| 833 | int i, nkeys, r; | 833 | u_int i, nkeys; |
| 834 | int r; | ||
| 834 | char *fp; | 835 | char *fp; |
| 835 | 836 | ||
| 836 | /* Some clients cannot cope with the hostkeys message, skip those. */ | 837 | /* Some clients cannot cope with the hostkeys message, skip those. */ |
| @@ -861,7 +862,7 @@ notify_hostkeys(struct ssh *ssh) | |||
| 861 | packet_put_string(sshbuf_ptr(buf), sshbuf_len(buf)); | 862 | packet_put_string(sshbuf_ptr(buf), sshbuf_len(buf)); |
| 862 | nkeys++; | 863 | nkeys++; |
| 863 | } | 864 | } |
| 864 | debug3("%s: sent %d hostkeys", __func__, nkeys); | 865 | debug3("%s: sent %u hostkeys", __func__, nkeys); |
| 865 | if (nkeys == 0) | 866 | if (nkeys == 0) |
| 866 | fatal("%s: no hostkeys", __func__); | 867 | fatal("%s: no hostkeys", __func__); |
| 867 | packet_send(); | 868 | packet_send(); |
| @@ -1357,13 +1358,12 @@ main(int ac, char **av) | |||
| 1357 | struct ssh *ssh = NULL; | 1358 | struct ssh *ssh = NULL; |
| 1358 | extern char *optarg; | 1359 | extern char *optarg; |
| 1359 | extern int optind; | 1360 | extern int optind; |
| 1360 | int r, opt, i, j, on = 1, already_daemon; | 1361 | int r, opt, on = 1, already_daemon, remote_port; |
| 1361 | int sock_in = -1, sock_out = -1, newsock = -1; | 1362 | int sock_in = -1, sock_out = -1, newsock = -1; |
| 1362 | const char *remote_ip; | 1363 | const char *remote_ip; |
| 1363 | int remote_port; | ||
| 1364 | char *fp, *line, *laddr, *logfile = NULL; | 1364 | char *fp, *line, *laddr, *logfile = NULL; |
| 1365 | int config_s[2] = { -1 , -1 }; | 1365 | int config_s[2] = { -1 , -1 }; |
| 1366 | u_int n; | 1366 | u_int i, j; |
| 1367 | u_int64_t ibytes, obytes; | 1367 | u_int64_t ibytes, obytes; |
| 1368 | mode_t new_umask; | 1368 | mode_t new_umask; |
| 1369 | struct sshkey *key; | 1369 | struct sshkey *key; |
| @@ -1416,12 +1416,8 @@ main(int ac, char **av) | |||
| 1416 | config_file_name = optarg; | 1416 | config_file_name = optarg; |
| 1417 | break; | 1417 | break; |
| 1418 | case 'c': | 1418 | case 'c': |
| 1419 | if (options.num_host_cert_files >= MAX_HOSTCERTS) { | 1419 | servconf_add_hostcert("[command-line]", 0, |
| 1420 | fprintf(stderr, "too many host certificates.\n"); | 1420 | &options, optarg); |
| 1421 | exit(1); | ||
| 1422 | } | ||
| 1423 | options.host_cert_files[options.num_host_cert_files++] = | ||
| 1424 | derelativise_path(optarg); | ||
| 1425 | break; | 1421 | break; |
| 1426 | case 'd': | 1422 | case 'd': |
| 1427 | if (debug_flag == 0) { | 1423 | if (debug_flag == 0) { |
| @@ -1480,12 +1476,8 @@ main(int ac, char **av) | |||
| 1480 | /* protocol 1, ignored */ | 1476 | /* protocol 1, ignored */ |
| 1481 | break; | 1477 | break; |
| 1482 | case 'h': | 1478 | case 'h': |
| 1483 | if (options.num_host_key_files >= MAX_HOSTKEYS) { | 1479 | servconf_add_hostkey("[command-line]", 0, |
| 1484 | fprintf(stderr, "too many host keys.\n"); | 1480 | &options, optarg); |
| 1485 | exit(1); | ||
| 1486 | } | ||
| 1487 | options.host_key_files[options.num_host_key_files++] = | ||
| 1488 | derelativise_path(optarg); | ||
| 1489 | break; | 1481 | break; |
| 1490 | case 't': | 1482 | case 't': |
| 1491 | test_flag = 1; | 1483 | test_flag = 1; |
| @@ -1611,12 +1603,12 @@ main(int ac, char **av) | |||
| 1611 | * and warns for trivial misconfigurations that could break login. | 1603 | * and warns for trivial misconfigurations that could break login. |
| 1612 | */ | 1604 | */ |
| 1613 | if (options.num_auth_methods != 0) { | 1605 | if (options.num_auth_methods != 0) { |
| 1614 | for (n = 0; n < options.num_auth_methods; n++) { | 1606 | for (i = 0; i < options.num_auth_methods; i++) { |
| 1615 | if (auth2_methods_valid(options.auth_methods[n], | 1607 | if (auth2_methods_valid(options.auth_methods[i], |
| 1616 | 1) == 0) | 1608 | 1) == 0) |
| 1617 | break; | 1609 | break; |
| 1618 | } | 1610 | } |
| 1619 | if (n >= options.num_auth_methods) | 1611 | if (i >= options.num_auth_methods) |
| 1620 | fatal("AuthenticationMethods cannot be satisfied by " | 1612 | fatal("AuthenticationMethods cannot be satisfied by " |
| 1621 | "enabled authentication methods"); | 1613 | "enabled authentication methods"); |
| 1622 | } | 1614 | } |
| @@ -1752,7 +1744,7 @@ main(int ac, char **av) | |||
| 1752 | continue; | 1744 | continue; |
| 1753 | } | 1745 | } |
| 1754 | sensitive_data.host_certificates[j] = key; | 1746 | sensitive_data.host_certificates[j] = key; |
| 1755 | debug("host certificate: #%d type %d %s", j, key->type, | 1747 | debug("host certificate: #%u type %d %s", j, key->type, |
| 1756 | key_type(key)); | 1748 | key_type(key)); |
| 1757 | } | 1749 | } |
| 1758 | 1750 | ||
| @@ -1796,8 +1788,10 @@ main(int ac, char **av) | |||
| 1796 | debug("setgroups() failed: %.200s", strerror(errno)); | 1788 | debug("setgroups() failed: %.200s", strerror(errno)); |
| 1797 | 1789 | ||
| 1798 | if (rexec_flag) { | 1790 | if (rexec_flag) { |
| 1791 | if (rexec_argc < 0) | ||
| 1792 | fatal("rexec_argc %d < 0", rexec_argc); | ||
| 1799 | rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); | 1793 | rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); |
| 1800 | for (i = 0; i < rexec_argc; i++) { | 1794 | for (i = 0; i < (u_int)rexec_argc; i++) { |
| 1801 | debug("rexec_argv[%d]='%s'", i, saved_argv[i]); | 1795 | debug("rexec_argv[%d]='%s'", i, saved_argv[i]); |
| 1802 | rexec_argv[i] = saved_argv[i]; | 1796 | rexec_argv[i] = saved_argv[i]; |
| 1803 | } | 1797 | } |