summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--auth2-pubkey.c26
-rw-r--r--authfile.c24
-rw-r--r--authfile.h3
3 files changed, 27 insertions, 26 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 65db116ed..d567f527c 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.92 2019/09/03 08:29:58 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.93 2019/09/03 08:30:47 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -539,28 +539,6 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
539} 539}
540 540
541/* 541/*
542 * Advanced *cpp past the end of key options, defined as the first unquoted
543 * whitespace character. Returns 0 on success or -1 on failure (e.g.
544 * unterminated quotes).
545 */
546static int
547advance_past_options(char **cpp)
548{
549 char *cp = *cpp;
550 int quoted = 0;
551
552 for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
553 if (*cp == '\\' && cp[1] == '"')
554 cp++; /* Skip both */
555 else if (*cp == '"')
556 quoted = !quoted;
557 }
558 *cpp = cp;
559 /* return failure for unterminated quotes */
560 return (*cp == '\0' && quoted) ? -1 : 0;
561}
562
563/*
564 * Check a single line of an authorized_keys-format file. Returns 0 if key 542 * Check a single line of an authorized_keys-format file. Returns 0 if key
565 * matches, -1 otherwise. Will return key/cert options via *authoptsp 543 * matches, -1 otherwise. Will return key/cert options via *authoptsp
566 * on success. "loc" is used as file/line location in log messages. 544 * on success. "loc" is used as file/line location in log messages.
@@ -590,7 +568,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
590 /* no key? check for options */ 568 /* no key? check for options */
591 debug2("%s: check options: '%s'", loc, cp); 569 debug2("%s: check options: '%s'", loc, cp);
592 key_options = cp; 570 key_options = cp;
593 if (advance_past_options(&cp) != 0) { 571 if (sshkey_advance_past_options(&cp) != 0) {
594 reason = "invalid key option string"; 572 reason = "invalid key option string";
595 goto fail_reason; 573 goto fail_reason;
596 } 574 }
diff --git a/authfile.c b/authfile.c
index 5e335ce43..37341189c 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.c,v 1.134 2019/08/05 11:50:33 dtucker Exp $ */ 1/* $OpenBSD: authfile.c,v 1.135 2019/09/03 08:30:47 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
4 * 4 *
@@ -528,3 +528,25 @@ sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file)
528 } 528 }
529} 529}
530 530
531/*
532 * Advanced *cpp past the end of key options, defined as the first unquoted
533 * whitespace character. Returns 0 on success or -1 on failure (e.g.
534 * unterminated quotes).
535 */
536int
537sshkey_advance_past_options(char **cpp)
538{
539 char *cp = *cpp;
540 int quoted = 0;
541
542 for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
543 if (*cp == '\\' && cp[1] == '"')
544 cp++; /* Skip both */
545 else if (*cp == '"')
546 quoted = !quoted;
547 }
548 *cpp = cp;
549 /* return failure for unterminated quotes */
550 return (*cp == '\0' && quoted) ? -1 : 0;
551}
552
diff --git a/authfile.h b/authfile.h
index 54df169b3..9c8a95a01 100644
--- a/authfile.h
+++ b/authfile.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.h,v 1.22 2019/08/05 11:50:33 dtucker Exp $ */ 1/* $OpenBSD: authfile.h,v 1.23 2019/09/03 08:30:47 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
@@ -48,5 +48,6 @@ int sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
48int sshkey_perm_ok(int, const char *); 48int sshkey_perm_ok(int, const char *);
49int sshkey_in_file(struct sshkey *, const char *, int, int); 49int sshkey_in_file(struct sshkey *, const char *, int, int);
50int sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file); 50int sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file);
51int sshkey_advance_past_options(char **cpp);
51 52
52#endif 53#endif