8 files changed, 57 insertions, 20 deletions
diff --git a/ChangeLog b/ChangeLog
index ea529e794..513df22d0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,10 @@
     - describe ls flags as a list
     - other minor improvements
     ok jmc, djm
+   - dtucker@cvs.openbsd.org 2004/12/06 11:41:03
+     [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
+     Discard over-length authorized_keys entries rather than complaining when
+     they don't decode.  bz #884, with & ok djm@
 20041203
 - (dtucker) OpenBSD CVS Sync
@@ -1890,4 +1894,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3589 2004/12/06 11:46:45 dtucker Exp $
+$Id: ChangeLog,v 1.3590 2004/12/06 11:47:41 dtucker Exp $
diff --git a/auth-rsa.c b/auth-rsa.c
index 16369d47c..2060f8394 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.61 2004/12/06 11:41:03 dtucker Exp $");
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -49,7 +49,7 @@ extern u_char session_id[16];
 *   options bits e n comment
 * where bits, e and n are decimal numbers,
 * and comment is any string of characters up to newline.  The maximum
- * length of a line is 8000 characters.  See the documentation for a
+ * length of a line is SSH_MAX_PUBKEY_BYTES characters.  See sshd(8) for a
 * description of the options.
 */
@@ -152,7 +152,7 @@ auth_rsa_challenge_dialog(Key *key)
 int
 auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 {
-        char line[8192], *file;
+        char line[SSH_MAX_PUBKEY_BYTES], *file;
        int allowed = 0;
        u_int bits;
        FILE *f;
@@ -201,12 +201,10 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
         * found, perform a challenge-response dialog to verify that the
         * user really has the corresponding private key.
         */
-        while (fgets(line, sizeof(line), f)) {
+        while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                char *cp;
                char *key_options;
-                linenum++;
                /* Skip leading whitespace, empty and comment lines. */
                for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
                        ;
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index bafea09da..41e23bebd 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -23,8 +23,9 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth2-pubkey.c,v 1.7 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: auth2-pubkey.c,v 1.8 2004/12/06 11:41:03 dtucker Exp $");
+#include "ssh.h"
 #include "ssh2.h"
 #include "xmalloc.h"
 #include "packet.h"
@@ -167,7 +168,7 @@ done:
 static int
 user_key_allowed2(struct passwd *pw, Key *key, char *file)
 {
-        char line[8192];
+        char line[SSH_MAX_PUBKEY_BYTES];
        int found_key = 0;
        FILE *f;
        u_long linenum = 0;
@@ -204,9 +205,9 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
        found_key = 0;
        found = key_new(key->type);
-        while (fgets(line, sizeof(line), f)) {
+        while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                char *cp, *key_options = NULL;
-                linenum++;
                /* Skip leading whitespace, empty and comment lines. */
                for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
                        ;
diff --git a/authfile.c b/authfile.c
index 1c006c43d..4038ab692 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.58 2004/08/23 11:48:09 djm Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.59 2004/12/06 11:41:03 dtucker Exp $");
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -601,13 +601,14 @@ static int
 key_try_load_public(Key *k, const char *filename, char **commentp)
 {
        FILE *f;
-        char line[4096];
+        char line[SSH_MAX_PUBKEY_BYTES];
        char *cp;
+        int linenum = 0;
        f = fopen(filename, "r");
        if (f != NULL) {
-                while (fgets(line, sizeof(line), f)) {
+                while (read_keyfile_line(f, filename, line, sizeof(line),
-                        line[sizeof(line)-1] = '\0';
+                            &linenum) != -1) {
                        cp = line;
                        switch (*cp) {
                        case '#':
diff --git a/misc.c b/misc.c
index 8cb411ccc..d0cc53823 100644
--- a/misc.c
+++ b/misc.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.25 2004/08/11 21:43:05 avsm Exp $");
+RCSID("$OpenBSD: misc.c,v 1.26 2004/12/06 11:41:03 dtucker Exp $");
 #include "misc.h"
 #include "log.h"
@@ -332,3 +332,26 @@ addargs(arglist *args, char *fmt, ...)
        args->list[args->num++] = xstrdup(buf);
        args->list[args->num] = NULL;
 }
+/*
+ * Read an entire line from a public key file into a static buffer, discarding
+ * lines that exceed the buffer size.  Returns 0 on success, -1 on failure.
+ */
+int
+read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
+   int *lineno)
+{
+        while (fgets(buf, bufsz, f) != NULL) {
+                (*lineno)++;
+                if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
+                        return 0;
+                } else {
+                        debug("%s: %s line %d exceeds size limit", __func__,
+                            filename, lineno);
+                        /* discard remainder of line */
+                        while(fgetc(f) != '\n' && !feof(f))
+                                ;       /* nothing */
+                }
+        }
+        return -1;
+}
diff --git a/misc.h b/misc.h
index 0290a2d64..4aab2ca01 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: misc.h,v 1.18 2004/10/29 22:53:56 djm Exp $   */
+/*      $OpenBSD: misc.h,v 1.19 2004/12/06 11:41:03 dtucker Exp $       */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -47,3 +47,4 @@ char	*tilde_expand_filename(const char *, uid_t);
 char    *read_passphrase(const char *, int);
 int      ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
+int      read_keyfile_line(FILE *, const char *, char *, size_t, int *);
diff --git a/ssh.h b/ssh.h
index a3b2ebbb5..07592415b 100644
--- a/ssh.h
+++ b/ssh.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssh.h,v 1.75 2003/12/02 17:01:15 markus Exp $ */
+/*      $OpenBSD: ssh.h,v 1.76 2004/12/06 11:41:03 dtucker Exp $        */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -40,6 +40,13 @@
 #define SSH_MAX_IDENTITY_FILES          100
 /*
+ * Maximum length of lines in authorized_keys file.
+ * Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with
+ * some room for options and comments.
+ */
+#define SSH_MAX_PUBKEY_BYTES            8192
+/*
 * Major protocol version.  Different version indicates major incompatibility
 * that prevents communication.
 *
diff --git a/sshd.8 b/sshd.8
index 83d0f48d2..2ac7b7274 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.202 2004/08/26 16:00:55 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.203 2004/12/06 11:41:03 dtucker Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -420,7 +420,9 @@ or
 .Dq ssh-rsa .
 .Pp
 Note that lines in this file are usually several hundred bytes long
-(because of the size of the public key encoding).
+(because of the size of the public key encoding) up to a limit of
+8 kilobytes, which permits DSA keys up to 8 kilobits and RSA
+keys up to 16 kilobits.
 You don't want to type them in; instead, copy the
 .Pa identity.pub ,
 .Pa id_dsa.pub

diff --git a/ChangeLog b/ChangeLog index ea529e794..513df22d0 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -17,6 +17,10 @@
17	- describe ls flags as a list	17	- describe ls flags as a list
18	- other minor improvements	18	- other minor improvements
19	ok jmc, djm	19	ok jmc, djm
		20	- dtucker@cvs.openbsd.org 2004/12/06 11:41:03
		21	[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
		22	Discard over-length authorized_keys entries rather than complaining when
		23	they don't decode. bz #884, with & ok djm@
20		24
21	20041203	25	20041203
22	- (dtucker) OpenBSD CVS Sync	26	- (dtucker) OpenBSD CVS Sync
@@ -1890,4 +1894,4 @@
1890	- (djm) Trim deprecated options from INSTALL. Mention UsePAM	1894	- (djm) Trim deprecated options from INSTALL. Mention UsePAM
1891	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu	1895	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
1892		1896
1893	$Id: ChangeLog,v 1.3589 2004/12/06 11:46:45 dtucker Exp $	1897	$Id: ChangeLog,v 1.3590 2004/12/06 11:47:41 dtucker Exp $


diff --git a/auth-rsa.c b/auth-rsa.c index 16369d47c..2060f8394 100644 --- a/auth-rsa.c +++ b/auth-rsa.c
@@ -14,7 +14,7 @@
14	*/	14	*/
15		15
16	#include "includes.h"	16	#include "includes.h"
17	RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");	17	RCSID("$OpenBSD: auth-rsa.c,v 1.61 2004/12/06 11:41:03 dtucker Exp $");
18		18
19	#include <openssl/rsa.h>	19	#include <openssl/rsa.h>
20	#include <openssl/md5.h>	20	#include <openssl/md5.h>
@@ -49,7 +49,7 @@ extern u_char session_id[16];
49	* options bits e n comment	49	* options bits e n comment
50	* where bits, e and n are decimal numbers,	50	* where bits, e and n are decimal numbers,
51	* and comment is any string of characters up to newline. The maximum	51	* and comment is any string of characters up to newline. The maximum
52	* length of a line is 8000 characters. See the documentation for a	52	* length of a line is SSH_MAX_PUBKEY_BYTES characters. See sshd(8) for a
53	* description of the options.	53	* description of the options.
54	*/	54	*/
55		55
@@ -152,7 +152,7 @@ auth_rsa_challenge_dialog(Key *key)
152	int	152	int
153	auth_rsa_key_allowed(struct passwd pw, BIGNUM client_n, Key **rkey)	153	auth_rsa_key_allowed(struct passwd pw, BIGNUM client_n, Key **rkey)
154	{	154	{
155	char line[8192], *file;	155	char line[SSH_MAX_PUBKEY_BYTES], *file;
156	int allowed = 0;	156	int allowed = 0;
157	u_int bits;	157	u_int bits;
158	FILE *f;	158	FILE *f;
@@ -201,12 +201,10 @@ auth_rsa_key_allowed(struct passwd pw, BIGNUM client_n, Key **rkey)
201	* found, perform a challenge-response dialog to verify that the	201	* found, perform a challenge-response dialog to verify that the
202	* user really has the corresponding private key.	202	* user really has the corresponding private key.
203	*/	203	*/
204	while (fgets(line, sizeof(line), f)) {	204	while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
205	char *cp;	205	char *cp;
206	char *key_options;	206	char *key_options;
207		207
208	linenum++;
209
210	/* Skip leading whitespace, empty and comment lines. */	208	/* Skip leading whitespace, empty and comment lines. */
211	for (cp = line; cp == ' ' \|\| cp == '\t'; cp++)	209	for (cp = line; cp == ' ' \|\| cp == '\t'; cp++)
212	;	210	;


diff --git a/auth2-pubkey.c b/auth2-pubkey.c index bafea09da..41e23bebd 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c
@@ -23,8 +23,9 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: auth2-pubkey.c,v 1.7 2004/06/21 17:36:31 avsm Exp $");	26	RCSID("$OpenBSD: auth2-pubkey.c,v 1.8 2004/12/06 11:41:03 dtucker Exp $");
27		27
		28	#include "ssh.h"
28	#include "ssh2.h"	29	#include "ssh2.h"
29	#include "xmalloc.h"	30	#include "xmalloc.h"
30	#include "packet.h"	31	#include "packet.h"
@@ -167,7 +168,7 @@ done:
167	static int	168	static int
168	user_key_allowed2(struct passwd pw, Key key, char *file)	169	user_key_allowed2(struct passwd pw, Key key, char *file)
169	{	170	{
170	char line[8192];	171	char line[SSH_MAX_PUBKEY_BYTES];
171	int found_key = 0;	172	int found_key = 0;
172	FILE *f;	173	FILE *f;
173	u_long linenum = 0;	174	u_long linenum = 0;
@@ -204,9 +205,9 @@ user_key_allowed2(struct passwd pw, Key key, char *file)
204	found_key = 0;	205	found_key = 0;
205	found = key_new(key->type);	206	found = key_new(key->type);
206		207
207	while (fgets(line, sizeof(line), f)) {	208	while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
208	char cp, key_options = NULL;	209	char cp, key_options = NULL;
209	linenum++;	210
210	/* Skip leading whitespace, empty and comment lines. */	211	/* Skip leading whitespace, empty and comment lines. */
211	for (cp = line; cp == ' ' \|\| cp == '\t'; cp++)	212	for (cp = line; cp == ' ' \|\| cp == '\t'; cp++)
212	;	213	;


diff --git a/authfile.c b/authfile.c index 1c006c43d..4038ab692 100644 --- a/authfile.c +++ b/authfile.c
@@ -36,7 +36,7 @@
36	*/	36	*/
37		37
38	#include "includes.h"	38	#include "includes.h"
39	RCSID("$OpenBSD: authfile.c,v 1.58 2004/08/23 11:48:09 djm Exp $");	39	RCSID("$OpenBSD: authfile.c,v 1.59 2004/12/06 11:41:03 dtucker Exp $");
40		40
41	#include <openssl/err.h>	41	#include <openssl/err.h>
42	#include <openssl/evp.h>	42	#include <openssl/evp.h>
@@ -601,13 +601,14 @@ static int
601	key_try_load_public(Key k, const char filename, char **commentp)	601	key_try_load_public(Key k, const char filename, char **commentp)
602	{	602	{
603	FILE *f;	603	FILE *f;
604	char line[4096];	604	char line[SSH_MAX_PUBKEY_BYTES];
605	char *cp;	605	char *cp;
		606	int linenum = 0;
606		607
607	f = fopen(filename, "r");	608	f = fopen(filename, "r");
608	if (f != NULL) {	609	if (f != NULL) {
609	while (fgets(line, sizeof(line), f)) {	610	while (read_keyfile_line(f, filename, line, sizeof(line),
610	line[sizeof(line)-1] = '\0';	611	&linenum) != -1) {
611	cp = line;	612	cp = line;
612	switch (*cp) {	613	switch (*cp) {
613	case '#':	614	case '#':


diff --git a/misc.c b/misc.c index 8cb411ccc..d0cc53823 100644 --- a/misc.c +++ b/misc.c
@@ -23,7 +23,7 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: misc.c,v 1.25 2004/08/11 21:43:05 avsm Exp $");	26	RCSID("$OpenBSD: misc.c,v 1.26 2004/12/06 11:41:03 dtucker Exp $");
27		27
28	#include "misc.h"	28	#include "misc.h"
29	#include "log.h"	29	#include "log.h"
@@ -332,3 +332,26 @@ addargs(arglist args, char fmt, ...)
332	args->list[args->num++] = xstrdup(buf);	332	args->list[args->num++] = xstrdup(buf);
333	args->list[args->num] = NULL;	333	args->list[args->num] = NULL;
334	}	334	}
		335
		336	/*
		337	* Read an entire line from a public key file into a static buffer, discarding
		338	* lines that exceed the buffer size. Returns 0 on success, -1 on failure.
		339	*/
		340	int
		341	read_keyfile_line(FILE f, const char filename, char *buf, size_t bufsz,
		342	int *lineno)
		343	{
		344	while (fgets(buf, bufsz, f) != NULL) {
		345	(*lineno)++;
		346	if (buf[strlen(buf) - 1] == '\n' \|\| feof(f)) {
		347	return 0;
		348	} else {
		349	debug("%s: %s line %d exceeds size limit", __func__,
		350	filename, lineno);
		351	/* discard remainder of line */
		352	while(fgetc(f) != '\n' && !feof(f))
		353	; /* nothing */
		354	}
		355	}
		356	return -1;
		357	}


diff --git a/misc.h b/misc.h index 0290a2d64..4aab2ca01 100644 --- a/misc.h +++ b/misc.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: misc.h,v 1.18 2004/10/29 22:53:56 djm Exp $ */	1	/* $OpenBSD: misc.h,v 1.19 2004/12/06 11:41:03 dtucker Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -47,3 +47,4 @@ char tilde_expand_filename(const char , uid_t);
47		47
48	char read_passphrase(const char , int);	48	char read_passphrase(const char , int);
49	int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));	49	int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
		50	int read_keyfile_line(FILE , const char , char , size_t, int );


diff --git a/ssh.h b/ssh.h index a3b2ebbb5..07592415b 100644 --- a/ssh.h +++ b/ssh.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh.h,v 1.75 2003/12/02 17:01:15 markus Exp $ */	1	/* $OpenBSD: ssh.h,v 1.76 2004/12/06 11:41:03 dtucker Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -40,6 +40,13 @@
40	#define SSH_MAX_IDENTITY_FILES 100	40	#define SSH_MAX_IDENTITY_FILES 100
41		41
42	/*	42	/*
		43	* Maximum length of lines in authorized_keys file.
		44	* Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with
		45	* some room for options and comments.
		46	*/
		47	#define SSH_MAX_PUBKEY_BYTES 8192
		48
		49	/*
43	* Major protocol version. Different version indicates major incompatibility	50	* Major protocol version. Different version indicates major incompatibility
44	* that prevents communication.	51	* that prevents communication.
45	*	52	*


diff --git a/sshd.8 b/sshd.8 index 83d0f48d2..2ac7b7274 100644 --- a/sshd.8 +++ b/sshd.8
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd.8,v 1.202 2004/08/26 16:00:55 markus Exp $	37	.\" $OpenBSD: sshd.8,v 1.203 2004/12/06 11:41:03 dtucker Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSHD 8	39	.Dt SSHD 8
40	.Os	40	.Os
@@ -420,7 +420,9 @@ or
420	.Dq ssh-rsa .	420	.Dq ssh-rsa .
421	.Pp	421	.Pp
422	Note that lines in this file are usually several hundred bytes long	422	Note that lines in this file are usually several hundred bytes long
423	(because of the size of the public key encoding).	423	(because of the size of the public key encoding) up to a limit of
		424	8 kilobytes, which permits DSA keys up to 8 kilobits and RSA
		425	keys up to 16 kilobits.
424	You don't want to type them in; instead, copy the	426	You don't want to type them in; instead, copy the
425	.Pa identity.pub ,	427	.Pa identity.pub ,
426	.Pa id_dsa.pub	428	.Pa id_dsa.pub