summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--monitor.c4
-rw-r--r--monitor_wrap.c10
-rw-r--r--servconf.c210
-rw-r--r--sshd.c54
4 files changed, 143 insertions, 135 deletions
diff --git a/monitor.c b/monitor.c
index f517da482..a0ad9857d 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.174 2017/10/02 19:33:20 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.175 2017/10/05 15:52:03 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -760,12 +760,10 @@ mm_answer_pwnamallow(int sock, Buffer *m)
760 for (i = 0; i < options.nx; i++) \ 760 for (i = 0; i < options.nx; i++) \
761 buffer_put_cstring(m, options.x[i]); \ 761 buffer_put_cstring(m, options.x[i]); \
762 } while (0) 762 } while (0)
763#define M_CP_STRARRAYOPT_ALLOC(x, nx) M_CP_STRARRAYOPT(x, nx)
764 /* See comment in servconf.h */ 763 /* See comment in servconf.h */
765 COPY_MATCH_STRING_OPTS(); 764 COPY_MATCH_STRING_OPTS();
766#undef M_CP_STROPT 765#undef M_CP_STROPT
767#undef M_CP_STRARRAYOPT 766#undef M_CP_STRARRAYOPT
768#undef M_CP_STRARRAYOPT_ALLOC
769 767
770 /* Create valid auth method lists */ 768 /* Create valid auth method lists */
771 if (auth2_setup_methods_lists(authctxt) != 0) { 769 if (auth2_setup_methods_lists(authctxt) != 0) {
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 69212aaf3..a46628fb1 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.94 2017/10/02 19:33:20 djm Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.95 2017/10/05 15:52:03 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -287,19 +287,15 @@ out:
287 newopts->x = buffer_get_string(&m, NULL); \ 287 newopts->x = buffer_get_string(&m, NULL); \
288 } while (0) 288 } while (0)
289#define M_CP_STRARRAYOPT(x, nx) do { \ 289#define M_CP_STRARRAYOPT(x, nx) do { \
290 for (i = 0; i < newopts->nx; i++) \
291 newopts->x[i] = buffer_get_string(&m, NULL); \
292 } while (0)
293#define M_CP_STRARRAYOPT_ALLOC(x, nx) do { \
294 newopts->x = newopts->nx == 0 ? \ 290 newopts->x = newopts->nx == 0 ? \
295 NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \ 291 NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \
296 M_CP_STRARRAYOPT(x, nx); \ 292 for (i = 0; i < newopts->nx; i++) \
293 newopts->x[i] = buffer_get_string(&m, NULL); \
297 } while (0) 294 } while (0)
298 /* See comment in servconf.h */ 295 /* See comment in servconf.h */
299 COPY_MATCH_STRING_OPTS(); 296 COPY_MATCH_STRING_OPTS();
300#undef M_CP_STROPT 297#undef M_CP_STROPT
301#undef M_CP_STRARRAYOPT 298#undef M_CP_STRARRAYOPT
302#undef M_CP_STRARRAYOPT_ALLOC
303 299
304 copy_set_server_options(&options, newopts, 1); 300 copy_set_server_options(&options, newopts, 1);
305 log_change_level(options.log_level); 301 log_change_level(options.log_level);
diff --git a/servconf.c b/servconf.c
index 956862959..a96df4f67 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.313 2017/10/04 18:49:30 djm Exp $ */ 2/* $OpenBSD: servconf.c,v 1.314 2017/10/05 15:52:03 djm Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -188,10 +188,45 @@ assemble_algorithms(ServerOptions *o)
188 fatal("kex_assemble_names failed"); 188 fatal("kex_assemble_names failed");
189} 189}
190 190
191static void
192array_append(const char *file, const int line, const char *directive,
193 char ***array, u_int *lp, const char *s)
194{
195
196 if (*lp >= INT_MAX)
197 fatal("%s line %d: Too many %s entries", file, line, directive);
198
199 *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));
200 (*array)[*lp] = xstrdup(s);
201 (*lp)++;
202}
203
204void
205servconf_add_hostkey(const char *file, const int line,
206 ServerOptions *options, const char *path)
207{
208 char *apath = derelativise_path(path);
209
210 array_append(file, line, "HostKey",
211 &options->host_key_files, &options->num_host_key_files, apath);
212 free(apath);
213}
214
215void
216servconf_add_hostcert(const char *file, const int line,
217 ServerOptions *options, const char *path)
218{
219 char *apath = derelativise_path(path);
220
221 array_append(file, line, "HostCertificate",
222 &options->host_cert_files, &options->num_host_cert_files, apath);
223 free(apath);
224}
225
191void 226void
192fill_default_server_options(ServerOptions *options) 227fill_default_server_options(ServerOptions *options)
193{ 228{
194 int i; 229 u_int i;
195 230
196 /* Portable-specific options */ 231 /* Portable-specific options */
197 if (options->use_pam == -1) 232 if (options->use_pam == -1)
@@ -200,16 +235,16 @@ fill_default_server_options(ServerOptions *options)
200 /* Standard Options */ 235 /* Standard Options */
201 if (options->num_host_key_files == 0) { 236 if (options->num_host_key_files == 0) {
202 /* fill default hostkeys for protocols */ 237 /* fill default hostkeys for protocols */
203 options->host_key_files[options->num_host_key_files++] = 238 servconf_add_hostkey("[default]", 0, options,
204 _PATH_HOST_RSA_KEY_FILE; 239 _PATH_HOST_RSA_KEY_FILE);
205 options->host_key_files[options->num_host_key_files++] = 240 servconf_add_hostkey("[default]", 0, options,
206 _PATH_HOST_DSA_KEY_FILE; 241 _PATH_HOST_DSA_KEY_FILE);
207#ifdef OPENSSL_HAS_ECC 242#ifdef OPENSSL_HAS_ECC
208 options->host_key_files[options->num_host_key_files++] = 243 servconf_add_hostkey("[default]", 0, options,
209 _PATH_HOST_ECDSA_KEY_FILE; 244 _PATH_HOST_ECDSA_KEY_FILE);
210#endif 245#endif
211 options->host_key_files[options->num_host_key_files++] = 246 servconf_add_hostkey("[default]", 0, options,
212 _PATH_HOST_ED25519_KEY_FILE; 247 _PATH_HOST_ED25519_KEY_FILE);
213 } 248 }
214 /* No certificates by default */ 249 /* No certificates by default */
215 if (options->num_ports == 0) 250 if (options->num_ports == 0)
@@ -313,10 +348,14 @@ fill_default_server_options(ServerOptions *options)
313 if (options->client_alive_count_max == -1) 348 if (options->client_alive_count_max == -1)
314 options->client_alive_count_max = 3; 349 options->client_alive_count_max = 3;
315 if (options->num_authkeys_files == 0) { 350 if (options->num_authkeys_files == 0) {
316 options->authorized_keys_files[options->num_authkeys_files++] = 351 array_append("[default]", 0, "AuthorizedKeysFiles",
317 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); 352 &options->authorized_keys_files,
318 options->authorized_keys_files[options->num_authkeys_files++] = 353 &options->num_authkeys_files,
319 xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); 354 _PATH_SSH_USER_PERMITTED_KEYS);
355 array_append("[default]", 0, "AuthorizedKeysFiles",
356 &options->authorized_keys_files,
357 &options->num_authkeys_files,
358 _PATH_SSH_USER_PERMITTED_KEYS2);
320 } 359 }
321 if (options->permit_tun == -1) 360 if (options->permit_tun == -1)
322 options->permit_tun = SSH_TUNMODE_NO; 361 options->permit_tun = SSH_TUNMODE_NO;
@@ -1128,22 +1167,12 @@ process_server_config_line(ServerOptions *options, char *line,
1128 break; 1167 break;
1129 1168
1130 case sHostKeyFile: 1169 case sHostKeyFile:
1131 intptr = &options->num_host_key_files;
1132 if (*intptr >= MAX_HOSTKEYS)
1133 fatal("%s line %d: too many host keys specified (max %d).",
1134 filename, linenum, MAX_HOSTKEYS);
1135 charptr = &options->host_key_files[*intptr];
1136 parse_filename:
1137 arg = strdelim(&cp); 1170 arg = strdelim(&cp);
1138 if (!arg || *arg == '\0') 1171 if (!arg || *arg == '\0')
1139 fatal("%s line %d: missing file name.", 1172 fatal("%s line %d: missing file name.",
1140 filename, linenum); 1173 filename, linenum);
1141 if (*activep && *charptr == NULL) { 1174 if (*activep)
1142 *charptr = derelativise_path(arg); 1175 servconf_add_hostkey(filename, linenum, options, arg);
1143 /* increase optional counter */
1144 if (intptr != NULL)
1145 *intptr = *intptr + 1;
1146 }
1147 break; 1176 break;
1148 1177
1149 case sHostKeyAgent: 1178 case sHostKeyAgent:
@@ -1158,17 +1187,28 @@ process_server_config_line(ServerOptions *options, char *line,
1158 break; 1187 break;
1159 1188
1160 case sHostCertificate: 1189 case sHostCertificate:
1161 intptr = &options->num_host_cert_files; 1190 arg = strdelim(&cp);
1162 if (*intptr >= MAX_HOSTKEYS) 1191 if (!arg || *arg == '\0')
1163 fatal("%s line %d: too many host certificates " 1192 fatal("%s line %d: missing file name.",
1164 "specified (max %d).", filename, linenum, 1193 filename, linenum);
1165 MAX_HOSTCERTS); 1194 if (*activep)
1166 charptr = &options->host_cert_files[*intptr]; 1195 servconf_add_hostcert(filename, linenum, options, arg);
1167 goto parse_filename; 1196 break;
1168 1197
1169 case sPidFile: 1198 case sPidFile:
1170 charptr = &options->pid_file; 1199 charptr = &options->pid_file;
1171 goto parse_filename; 1200 parse_filename:
1201 arg = strdelim(&cp);
1202 if (!arg || *arg == '\0')
1203 fatal("%s line %d: missing file name.",
1204 filename, linenum);
1205 if (*activep && *charptr == NULL) {
1206 *charptr = derelativise_path(arg);
1207 /* increase optional counter */
1208 if (intptr != NULL)
1209 *intptr = *intptr + 1;
1210 }
1211 break;
1172 1212
1173 case sPermitRootLogin: 1213 case sPermitRootLogin:
1174 intptr = &options->permit_root_login; 1214 intptr = &options->permit_root_login;
@@ -1412,55 +1452,47 @@ process_server_config_line(ServerOptions *options, char *line,
1412 1452
1413 case sAllowUsers: 1453 case sAllowUsers:
1414 while ((arg = strdelim(&cp)) && *arg != '\0') { 1454 while ((arg = strdelim(&cp)) && *arg != '\0') {
1415 if (options->num_allow_users >= MAX_ALLOW_USERS)
1416 fatal("%s line %d: too many allow users.",
1417 filename, linenum);
1418 if (match_user(NULL, NULL, NULL, arg) == -1) 1455 if (match_user(NULL, NULL, NULL, arg) == -1)
1419 fatal("%s line %d: invalid AllowUsers pattern: " 1456 fatal("%s line %d: invalid AllowUsers pattern: "
1420 "\"%.100s\"", filename, linenum, arg); 1457 "\"%.100s\"", filename, linenum, arg);
1421 if (!*activep) 1458 if (!*activep)
1422 continue; 1459 continue;
1423 options->allow_users[options->num_allow_users++] = 1460 array_append(filename, linenum, "AllowUsers",
1424 xstrdup(arg); 1461 &options->allow_users, &options->num_allow_users,
1462 arg);
1425 } 1463 }
1426 break; 1464 break;
1427 1465
1428 case sDenyUsers: 1466 case sDenyUsers:
1429 while ((arg = strdelim(&cp)) && *arg != '\0') { 1467 while ((arg = strdelim(&cp)) && *arg != '\0') {
1430 if (options->num_deny_users >= MAX_DENY_USERS)
1431 fatal("%s line %d: too many deny users.",
1432 filename, linenum);
1433 if (match_user(NULL, NULL, NULL, arg) == -1) 1468 if (match_user(NULL, NULL, NULL, arg) == -1)
1434 fatal("%s line %d: invalid DenyUsers pattern: " 1469 fatal("%s line %d: invalid DenyUsers pattern: "
1435 "\"%.100s\"", filename, linenum, arg); 1470 "\"%.100s\"", filename, linenum, arg);
1436 if (!*activep) 1471 if (!*activep)
1437 continue; 1472 continue;
1438 options->deny_users[options->num_deny_users++] = 1473 array_append(filename, linenum, "DenyUsers",
1439 xstrdup(arg); 1474 &options->deny_users, &options->num_deny_users,
1475 arg);
1440 } 1476 }
1441 break; 1477 break;
1442 1478
1443 case sAllowGroups: 1479 case sAllowGroups:
1444 while ((arg = strdelim(&cp)) && *arg != '\0') { 1480 while ((arg = strdelim(&cp)) && *arg != '\0') {
1445 if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
1446 fatal("%s line %d: too many allow groups.",
1447 filename, linenum);
1448 if (!*activep) 1481 if (!*activep)
1449 continue; 1482 continue;
1450 options->allow_groups[options->num_allow_groups++] = 1483 array_append(filename, linenum, "AllowGroups",
1451 xstrdup(arg); 1484 &options->allow_groups, &options->num_allow_groups,
1485 arg);
1452 } 1486 }
1453 break; 1487 break;
1454 1488
1455 case sDenyGroups: 1489 case sDenyGroups:
1456 while ((arg = strdelim(&cp)) && *arg != '\0') { 1490 while ((arg = strdelim(&cp)) && *arg != '\0') {
1457 if (options->num_deny_groups >= MAX_DENY_GROUPS)
1458 fatal("%s line %d: too many deny groups.",
1459 filename, linenum);
1460 if (!*activep) 1491 if (!*activep)
1461 continue; 1492 continue;
1462 options->deny_groups[options->num_deny_groups++] = 1493 array_append(filename, linenum, "DenyGroups",
1463 xstrdup(arg); 1494 &options->deny_groups, &options->num_deny_groups,
1495 arg);
1464 } 1496 }
1465 break; 1497 break;
1466 1498
@@ -1579,14 +1611,12 @@ process_server_config_line(ServerOptions *options, char *line,
1579 case sAuthorizedKeysFile: 1611 case sAuthorizedKeysFile:
1580 if (*activep && options->num_authkeys_files == 0) { 1612 if (*activep && options->num_authkeys_files == 0) {
1581 while ((arg = strdelim(&cp)) && *arg != '\0') { 1613 while ((arg = strdelim(&cp)) && *arg != '\0') {
1582 if (options->num_authkeys_files >= 1614 arg = tilde_expand_filename(arg, getuid());
1583 MAX_AUTHKEYS_FILES) 1615 array_append(filename, linenum,
1584 fatal("%s line %d: " 1616 "AuthorizedKeysFile",
1585 "too many authorized keys files.", 1617 &options->authorized_keys_files,
1586 filename, linenum); 1618 &options->num_authkeys_files, arg);
1587 options->authorized_keys_files[ 1619 free(arg);
1588 options->num_authkeys_files++] =
1589 tilde_expand_filename(arg, getuid());
1590 } 1620 }
1591 } 1621 }
1592 return 0; 1622 return 0;
@@ -1618,13 +1648,11 @@ process_server_config_line(ServerOptions *options, char *line,
1618 if (strchr(arg, '=') != NULL) 1648 if (strchr(arg, '=') != NULL)
1619 fatal("%s line %d: Invalid environment name.", 1649 fatal("%s line %d: Invalid environment name.",
1620 filename, linenum); 1650 filename, linenum);
1621 if (options->num_accept_env >= MAX_ACCEPT_ENV)
1622 fatal("%s line %d: too many allow env.",
1623 filename, linenum);
1624 if (!*activep) 1651 if (!*activep)
1625 continue; 1652 continue;
1626 options->accept_env[options->num_accept_env++] = 1653 array_append(filename, linenum, "AcceptEnv",
1627 xstrdup(arg); 1654 &options->accept_env, &options->num_accept_env,
1655 arg);
1628 } 1656 }
1629 break; 1657 break;
1630 1658
@@ -1684,15 +1712,12 @@ process_server_config_line(ServerOptions *options, char *line,
1684 fatal("%s line %d: bad port number in " 1712 fatal("%s line %d: bad port number in "
1685 "PermitOpen", filename, linenum); 1713 "PermitOpen", filename, linenum);
1686 if (*activep && value == 0) { 1714 if (*activep && value == 0) {
1687 options->permitted_opens = xrecallocarray( 1715 array_append(filename, linenum,
1688 options->permitted_opens, 1716 "PermitOpen",
1689 options->num_permitted_opens, 1717 &options->permitted_opens,
1690 options->num_permitted_opens + 1, 1718 &options->num_permitted_opens, arg2);
1691 sizeof(*options->permitted_opens)); 1719 }
1692 i = options->num_permitted_opens++; 1720 free(arg2);
1693 options->permitted_opens[i] = arg2;
1694 } else
1695 free(arg2);
1696 } 1721 }
1697 break; 1722 break;
1698 1723
@@ -1815,11 +1840,6 @@ process_server_config_line(ServerOptions *options, char *line,
1815 value = 0; /* seen "any" pseudo-method */ 1840 value = 0; /* seen "any" pseudo-method */
1816 value2 = 0; /* sucessfully parsed any method */ 1841 value2 = 0; /* sucessfully parsed any method */
1817 while ((arg = strdelim(&cp)) && *arg != '\0') { 1842 while ((arg = strdelim(&cp)) && *arg != '\0') {
1818 if (options->num_auth_methods >=
1819 MAX_AUTH_METHODS)
1820 fatal("%s line %d: "
1821 "too many authentication methods.",
1822 filename, linenum);
1823 if (strcmp(arg, "any") == 0) { 1843 if (strcmp(arg, "any") == 0) {
1824 if (options->num_auth_methods > 0) { 1844 if (options->num_auth_methods > 0) {
1825 fatal("%s line %d: \"any\" " 1845 fatal("%s line %d: \"any\" "
@@ -1840,8 +1860,10 @@ process_server_config_line(ServerOptions *options, char *line,
1840 value2 = 1; 1860 value2 = 1;
1841 if (!*activep) 1861 if (!*activep)
1842 continue; 1862 continue;
1843 options->auth_methods[ 1863 array_append(filename, linenum,
1844 options->num_auth_methods++] = xstrdup(arg); 1864 "AuthenticationMethods",
1865 &options->auth_methods,
1866 &options->num_auth_methods, arg);
1845 } 1867 }
1846 if (value2 == 0) { 1868 if (value2 == 0) {
1847 fatal("%s line %d: no AuthenticationMethods " 1869 fatal("%s line %d: no AuthenticationMethods "
@@ -2057,17 +2079,16 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
2057 dst->n = src->n; \ 2079 dst->n = src->n; \
2058 } \ 2080 } \
2059} while(0) 2081} while(0)
2060#define M_CP_STRARRAYOPT(n, num_n) do {\ 2082#define M_CP_STRARRAYOPT(s, num_s) do {\
2061 if (src->num_n != 0) { \ 2083 u_int i; \
2062 for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \ 2084 if (src->num_s != 0) { \
2063 dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \ 2085 for (i = 0; i < dst->num_s; i++) \
2064 } \ 2086 free(dst->s[i]); \
2065} while(0) 2087 free(dst->s); \
2066#define M_CP_STRARRAYOPT_ALLOC(n, num_n) do { \ 2088 dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \
2067 if (src->num_n != 0) { \ 2089 for (i = 0; i < src->num_s; i++) \
2068 dst->n = xcalloc(src->num_n, sizeof(*dst->n)); \ 2090 dst->s[i] = xstrdup(src->s[i]); \
2069 M_CP_STRARRAYOPT(n, num_n); \ 2091 dst->num_s = src->num_s; \
2070 dst->num_n = src->num_n; \
2071 } \ 2092 } \
2072} while(0) 2093} while(0)
2073 2094
@@ -2100,7 +2121,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
2100#undef M_CP_INTOPT 2121#undef M_CP_INTOPT
2101#undef M_CP_STROPT 2122#undef M_CP_STROPT
2102#undef M_CP_STRARRAYOPT 2123#undef M_CP_STRARRAYOPT
2103#undef M_CP_STRARRAYOPT_ALLOC
2104 2124
2105void 2125void
2106parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, 2126parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
diff --git a/sshd.c b/sshd.c
index 51a1aaf6e..2ff385552 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.492 2017/09/12 06:32:07 djm Exp $ */ 1/* $OpenBSD: sshd.c,v 1.493 2017/10/05 15:52:03 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -467,7 +467,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
467void 467void
468destroy_sensitive_data(void) 468destroy_sensitive_data(void)
469{ 469{
470 int i; 470 u_int i;
471 471
472 for (i = 0; i < options.num_host_key_files; i++) { 472 for (i = 0; i < options.num_host_key_files; i++) {
473 if (sensitive_data.host_keys[i]) { 473 if (sensitive_data.host_keys[i]) {
@@ -486,7 +486,7 @@ void
486demote_sensitive_data(void) 486demote_sensitive_data(void)
487{ 487{
488 struct sshkey *tmp; 488 struct sshkey *tmp;
489 int i; 489 u_int i;
490 490
491 for (i = 0; i < options.num_host_key_files; i++) { 491 for (i = 0; i < options.num_host_key_files; i++) {
492 if (sensitive_data.host_keys[i]) { 492 if (sensitive_data.host_keys[i]) {
@@ -685,7 +685,7 @@ list_hostkey_types(void)
685 Buffer b; 685 Buffer b;
686 const char *p; 686 const char *p;
687 char *ret; 687 char *ret;
688 int i; 688 u_int i;
689 struct sshkey *key; 689 struct sshkey *key;
690 690
691 buffer_init(&b); 691 buffer_init(&b);
@@ -745,7 +745,7 @@ list_hostkey_types(void)
745static struct sshkey * 745static struct sshkey *
746get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh) 746get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh)
747{ 747{
748 int i; 748 u_int i;
749 struct sshkey *key; 749 struct sshkey *key;
750 750
751 for (i = 0; i < options.num_host_key_files; i++) { 751 for (i = 0; i < options.num_host_key_files; i++) {
@@ -785,7 +785,7 @@ get_hostkey_private_by_type(int type, int nid, struct ssh *ssh)
785struct sshkey * 785struct sshkey *
786get_hostkey_by_index(int ind) 786get_hostkey_by_index(int ind)
787{ 787{
788 if (ind < 0 || ind >= options.num_host_key_files) 788 if (ind < 0 || (u_int)ind >= options.num_host_key_files)
789 return (NULL); 789 return (NULL);
790 return (sensitive_data.host_keys[ind]); 790 return (sensitive_data.host_keys[ind]);
791} 791}
@@ -793,7 +793,7 @@ get_hostkey_by_index(int ind)
793struct sshkey * 793struct sshkey *
794get_hostkey_public_by_index(int ind, struct ssh *ssh) 794get_hostkey_public_by_index(int ind, struct ssh *ssh)
795{ 795{
796 if (ind < 0 || ind >= options.num_host_key_files) 796 if (ind < 0 || (u_int)ind >= options.num_host_key_files)
797 return (NULL); 797 return (NULL);
798 return (sensitive_data.host_pubkeys[ind]); 798 return (sensitive_data.host_pubkeys[ind]);
799} 799}
@@ -801,7 +801,7 @@ get_hostkey_public_by_index(int ind, struct ssh *ssh)
801int 801int
802get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh) 802get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh)
803{ 803{
804 int i; 804 u_int i;
805 805
806 for (i = 0; i < options.num_host_key_files; i++) { 806 for (i = 0; i < options.num_host_key_files; i++) {
807 if (key_is_cert(key)) { 807 if (key_is_cert(key)) {
@@ -830,7 +830,8 @@ notify_hostkeys(struct ssh *ssh)
830{ 830{
831 struct sshbuf *buf; 831 struct sshbuf *buf;
832 struct sshkey *key; 832 struct sshkey *key;
833 int i, nkeys, r; 833 u_int i, nkeys;
834 int r;
834 char *fp; 835 char *fp;
835 836
836 /* Some clients cannot cope with the hostkeys message, skip those. */ 837 /* Some clients cannot cope with the hostkeys message, skip those. */
@@ -861,7 +862,7 @@ notify_hostkeys(struct ssh *ssh)
861 packet_put_string(sshbuf_ptr(buf), sshbuf_len(buf)); 862 packet_put_string(sshbuf_ptr(buf), sshbuf_len(buf));
862 nkeys++; 863 nkeys++;
863 } 864 }
864 debug3("%s: sent %d hostkeys", __func__, nkeys); 865 debug3("%s: sent %u hostkeys", __func__, nkeys);
865 if (nkeys == 0) 866 if (nkeys == 0)
866 fatal("%s: no hostkeys", __func__); 867 fatal("%s: no hostkeys", __func__);
867 packet_send(); 868 packet_send();
@@ -1357,13 +1358,12 @@ main(int ac, char **av)
1357 struct ssh *ssh = NULL; 1358 struct ssh *ssh = NULL;
1358 extern char *optarg; 1359 extern char *optarg;
1359 extern int optind; 1360 extern int optind;
1360 int r, opt, i, j, on = 1, already_daemon; 1361 int r, opt, on = 1, already_daemon, remote_port;
1361 int sock_in = -1, sock_out = -1, newsock = -1; 1362 int sock_in = -1, sock_out = -1, newsock = -1;
1362 const char *remote_ip; 1363 const char *remote_ip;
1363 int remote_port;
1364 char *fp, *line, *laddr, *logfile = NULL; 1364 char *fp, *line, *laddr, *logfile = NULL;
1365 int config_s[2] = { -1 , -1 }; 1365 int config_s[2] = { -1 , -1 };
1366 u_int n; 1366 u_int i, j;
1367 u_int64_t ibytes, obytes; 1367 u_int64_t ibytes, obytes;
1368 mode_t new_umask; 1368 mode_t new_umask;
1369 struct sshkey *key; 1369 struct sshkey *key;
@@ -1416,12 +1416,8 @@ main(int ac, char **av)
1416 config_file_name = optarg; 1416 config_file_name = optarg;
1417 break; 1417 break;
1418 case 'c': 1418 case 'c':
1419 if (options.num_host_cert_files >= MAX_HOSTCERTS) { 1419 servconf_add_hostcert("[command-line]", 0,
1420 fprintf(stderr, "too many host certificates.\n"); 1420 &options, optarg);
1421 exit(1);
1422 }
1423 options.host_cert_files[options.num_host_cert_files++] =
1424 derelativise_path(optarg);
1425 break; 1421 break;
1426 case 'd': 1422 case 'd':
1427 if (debug_flag == 0) { 1423 if (debug_flag == 0) {
@@ -1480,12 +1476,8 @@ main(int ac, char **av)
1480 /* protocol 1, ignored */ 1476 /* protocol 1, ignored */
1481 break; 1477 break;
1482 case 'h': 1478 case 'h':
1483 if (options.num_host_key_files >= MAX_HOSTKEYS) { 1479 servconf_add_hostkey("[command-line]", 0,
1484 fprintf(stderr, "too many host keys.\n"); 1480 &options, optarg);
1485 exit(1);
1486 }
1487 options.host_key_files[options.num_host_key_files++] =
1488 derelativise_path(optarg);
1489 break; 1481 break;
1490 case 't': 1482 case 't':
1491 test_flag = 1; 1483 test_flag = 1;
@@ -1611,12 +1603,12 @@ main(int ac, char **av)
1611 * and warns for trivial misconfigurations that could break login. 1603 * and warns for trivial misconfigurations that could break login.
1612 */ 1604 */
1613 if (options.num_auth_methods != 0) { 1605 if (options.num_auth_methods != 0) {
1614 for (n = 0; n < options.num_auth_methods; n++) { 1606 for (i = 0; i < options.num_auth_methods; i++) {
1615 if (auth2_methods_valid(options.auth_methods[n], 1607 if (auth2_methods_valid(options.auth_methods[i],
1616 1) == 0) 1608 1) == 0)
1617 break; 1609 break;
1618 } 1610 }
1619 if (n >= options.num_auth_methods) 1611 if (i >= options.num_auth_methods)
1620 fatal("AuthenticationMethods cannot be satisfied by " 1612 fatal("AuthenticationMethods cannot be satisfied by "
1621 "enabled authentication methods"); 1613 "enabled authentication methods");
1622 } 1614 }
@@ -1752,7 +1744,7 @@ main(int ac, char **av)
1752 continue; 1744 continue;
1753 } 1745 }
1754 sensitive_data.host_certificates[j] = key; 1746 sensitive_data.host_certificates[j] = key;
1755 debug("host certificate: #%d type %d %s", j, key->type, 1747 debug("host certificate: #%u type %d %s", j, key->type,
1756 key_type(key)); 1748 key_type(key));
1757 } 1749 }
1758 1750
@@ -1796,8 +1788,10 @@ main(int ac, char **av)
1796 debug("setgroups() failed: %.200s", strerror(errno)); 1788 debug("setgroups() failed: %.200s", strerror(errno));
1797 1789
1798 if (rexec_flag) { 1790 if (rexec_flag) {
1791 if (rexec_argc < 0)
1792 fatal("rexec_argc %d < 0", rexec_argc);
1799 rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); 1793 rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));
1800 for (i = 0; i < rexec_argc; i++) { 1794 for (i = 0; i < (u_int)rexec_argc; i++) {
1801 debug("rexec_argv[%d]='%s'", i, saved_argv[i]); 1795 debug("rexec_argv[%d]='%s'", i, saved_argv[i]);
1802 rexec_argv[i] = saved_argv[i]; 1796 rexec_argv[i] = saved_argv[i];
1803 } 1797 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 16:42:12 +0000