1 files changed, 36 insertions, 22 deletions
diff --git a/authfile.c b/authfile.c
index b1c92f4ad..37341189c 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.135 2019/09/03 08:30:47 djm Exp $ */
 /*
 * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
 *
@@ -57,7 +57,7 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
 {
        int fd, oerrno;
-        if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0)
+        if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) == -1)
                return SSH_ERR_SYSTEM_ERROR;
        if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf),
            sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
@@ -74,7 +74,7 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
 int
 sshkey_save_private(struct sshkey *key, const char *filename,
    const char *passphrase, const char *comment,
-    int force_new_format, const char *new_format_cipher, int new_format_rounds)
+    int format, const char *openssh_format_cipher, int openssh_format_rounds)
 {
        struct sshbuf *keyblob = NULL;
        int r;
@@ -82,7 +82,7 @@ sshkey_save_private(struct sshkey *key, const char *filename,
        if ((keyblob = sshbuf_new()) == NULL)
                return SSH_ERR_ALLOC_FAIL;
        if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,
-            force_new_format, new_format_cipher, new_format_rounds)) != 0)
+            format, openssh_format_cipher, openssh_format_rounds)) != 0)
                goto out;
        if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)
                goto out;
@@ -101,7 +101,7 @@ sshkey_load_file(int fd, struct sshbuf *blob)
        struct stat st;
        int r;
-        if (fstat(fd, &st) < 0)
+        if (fstat(fd, &st) == -1)
                return SSH_ERR_SYSTEM_ERROR;
        if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
            st.st_size > MAX_KEY_FILE_SIZE)
@@ -141,7 +141,7 @@ sshkey_perm_ok(int fd, const char *filename)
 {
        struct stat st;
-        if (fstat(fd, &st) < 0)
+        if (fstat(fd, &st) == -1)
                return SSH_ERR_SYSTEM_ERROR;
        /*
         * if a key owned by the user is accessed, then we check the
@@ -164,10 +164,9 @@ sshkey_perm_ok(int fd, const char *filename)
        return 0;
 }
-/* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */
 int
 sshkey_load_private_type(int type, const char *filename, const char *passphrase,
-    struct sshkey **keyp, char **commentp, int *perm_ok)
+    struct sshkey **keyp, char **commentp)
 {
        int fd, r;
@@ -176,19 +175,12 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase,
        if (commentp != NULL)
                *commentp = NULL;
-        if ((fd = open(filename, O_RDONLY)) < 0) {
+        if ((fd = open(filename, O_RDONLY)) == -1)
-                if (perm_ok != NULL)
-                        *perm_ok = 0;
                return SSH_ERR_SYSTEM_ERROR;
-        }
-        if (sshkey_perm_ok(fd, filename) != 0) {
+        r = sshkey_perm_ok(fd, filename);
-                if (perm_ok != NULL)
+        if (r != 0)
-                        *perm_ok = 0;
-                r = SSH_ERR_KEY_BAD_PERMISSIONS;
                goto out;
-        }
-        if (perm_ok != NULL)
-                *perm_ok = 1;
        r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
        if (r == 0 && keyp && *keyp)
@@ -236,7 +228,7 @@ sshkey_load_private(const char *filename, const char *passphrase,
        if (commentp != NULL)
                *commentp = NULL;
-        if ((fd = open(filename, O_RDONLY)) < 0)
+        if ((fd = open(filename, O_RDONLY)) == -1)
                return SSH_ERR_SYSTEM_ERROR;
        if (sshkey_perm_ok(fd, filename) != 0) {
                r = SSH_ERR_KEY_BAD_PERMISSIONS;
@@ -387,7 +379,7 @@ sshkey_load_cert(const char *filename, struct sshkey **keyp)
 /* Load private key and certificate */
 int
 sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
-    struct sshkey **keyp, int *perm_ok)
+    struct sshkey **keyp)
 {
        struct sshkey *key = NULL, *cert = NULL;
        int r;
@@ -410,7 +402,7 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
        }
        if ((r = sshkey_load_private_type(type, filename,
-            passphrase, &key, NULL, perm_ok)) != 0 ||
+            passphrase, &key, NULL)) != 0 ||
            (r = sshkey_load_cert(filename, &cert)) != 0)
                goto out;
@@ -536,3 +528,25 @@ sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file)
        }
 }
+/*
+ * Advanced *cpp past the end of key options, defined as the first unquoted
+ * whitespace character. Returns 0 on success or -1 on failure (e.g.
+ * unterminated quotes).
+ */
+int
+sshkey_advance_past_options(char **cpp)
+{
+        char *cp = *cpp;
+        int quoted = 0;
+        for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
+                if (*cp == '\\' && cp[1] == '"')
+                        cp++;   /* Skip both */
+                else if (*cp == '"')
+                        quoted = !quoted;
+        }
+        *cpp = cp;
+        /* return failure for unterminated quotes */
+        return (*cp == '\0' && quoted) ? -1 : 0;
+}

diff --git a/authfile.c b/authfile.c index b1c92f4ad..37341189c 100644 --- a/authfile.c +++ b/authfile.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */	1	/* $OpenBSD: authfile.c,v 1.135 2019/09/03 08:30:47 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
4	*	4	*
@@ -57,7 +57,7 @@ sshkey_save_private_blob(struct sshbuf keybuf, const char filename)
57	{	57	{
58	int fd, oerrno;	58	int fd, oerrno;
59		59
60	if ((fd = open(filename, O_WRONLY \| O_CREAT \| O_TRUNC, 0600)) < 0)	60	if ((fd = open(filename, O_WRONLY \| O_CREAT \| O_TRUNC, 0600)) == -1)
61	return SSH_ERR_SYSTEM_ERROR;	61	return SSH_ERR_SYSTEM_ERROR;
62	if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf),	62	if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf),
63	sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {	63	sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
@@ -74,7 +74,7 @@ sshkey_save_private_blob(struct sshbuf keybuf, const char filename)
74	int	74	int
75	sshkey_save_private(struct sshkey key, const char filename,	75	sshkey_save_private(struct sshkey key, const char filename,
76	const char passphrase, const char comment,	76	const char passphrase, const char comment,
77	int force_new_format, const char *new_format_cipher, int new_format_rounds)	77	int format, const char *openssh_format_cipher, int openssh_format_rounds)
78	{	78	{
79	struct sshbuf *keyblob = NULL;	79	struct sshbuf *keyblob = NULL;
80	int r;	80	int r;
@@ -82,7 +82,7 @@ sshkey_save_private(struct sshkey key, const char filename,
82	if ((keyblob = sshbuf_new()) == NULL)	82	if ((keyblob = sshbuf_new()) == NULL)
83	return SSH_ERR_ALLOC_FAIL;	83	return SSH_ERR_ALLOC_FAIL;
84	if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,	84	if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,
85	force_new_format, new_format_cipher, new_format_rounds)) != 0)	85	format, openssh_format_cipher, openssh_format_rounds)) != 0)
86	goto out;	86	goto out;
87	if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)	87	if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)
88	goto out;	88	goto out;
@@ -101,7 +101,7 @@ sshkey_load_file(int fd, struct sshbuf *blob)
101	struct stat st;	101	struct stat st;
102	int r;	102	int r;
103		103
104	if (fstat(fd, &st) < 0)	104	if (fstat(fd, &st) == -1)
105	return SSH_ERR_SYSTEM_ERROR;	105	return SSH_ERR_SYSTEM_ERROR;
106	if ((st.st_mode & (S_IFSOCK\|S_IFCHR\|S_IFIFO)) == 0 &&	106	if ((st.st_mode & (S_IFSOCK\|S_IFCHR\|S_IFIFO)) == 0 &&
107	st.st_size > MAX_KEY_FILE_SIZE)	107	st.st_size > MAX_KEY_FILE_SIZE)
@@ -141,7 +141,7 @@ sshkey_perm_ok(int fd, const char *filename)
141	{	141	{
142	struct stat st;	142	struct stat st;
143		143
144	if (fstat(fd, &st) < 0)	144	if (fstat(fd, &st) == -1)
145	return SSH_ERR_SYSTEM_ERROR;	145	return SSH_ERR_SYSTEM_ERROR;
146	/*	146	/*
147	* if a key owned by the user is accessed, then we check the	147	* if a key owned by the user is accessed, then we check the
@@ -164,10 +164,9 @@ sshkey_perm_ok(int fd, const char *filename)
164	return 0;	164	return 0;
165	}	165	}
166		166
167	/* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */
168	int	167	int
169	sshkey_load_private_type(int type, const char filename, const char passphrase,	168	sshkey_load_private_type(int type, const char filename, const char passphrase,
170	struct sshkey keyp, char commentp, int *perm_ok)	169	struct sshkey keyp, char commentp)
171	{	170	{
172	int fd, r;	171	int fd, r;
173		172
@@ -176,19 +175,12 @@ sshkey_load_private_type(int type, const char filename, const char passphrase,
176	if (commentp != NULL)	175	if (commentp != NULL)
177	*commentp = NULL;	176	*commentp = NULL;
178		177
179	if ((fd = open(filename, O_RDONLY)) < 0) {	178	if ((fd = open(filename, O_RDONLY)) == -1)
180	if (perm_ok != NULL)
181	*perm_ok = 0;
182	return SSH_ERR_SYSTEM_ERROR;	179	return SSH_ERR_SYSTEM_ERROR;
183	}	180
184	if (sshkey_perm_ok(fd, filename) != 0) {	181	r = sshkey_perm_ok(fd, filename);
185	if (perm_ok != NULL)	182	if (r != 0)
186	*perm_ok = 0;
187	r = SSH_ERR_KEY_BAD_PERMISSIONS;
188	goto out;	183	goto out;
189	}
190	if (perm_ok != NULL)
191	*perm_ok = 1;
192		184
193	r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);	185	r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
194	if (r == 0 && keyp && *keyp)	186	if (r == 0 && keyp && *keyp)
@@ -236,7 +228,7 @@ sshkey_load_private(const char filename, const char passphrase,
236	if (commentp != NULL)	228	if (commentp != NULL)
237	*commentp = NULL;	229	*commentp = NULL;
238		230
239	if ((fd = open(filename, O_RDONLY)) < 0)	231	if ((fd = open(filename, O_RDONLY)) == -1)
240	return SSH_ERR_SYSTEM_ERROR;	232	return SSH_ERR_SYSTEM_ERROR;
241	if (sshkey_perm_ok(fd, filename) != 0) {	233	if (sshkey_perm_ok(fd, filename) != 0) {
242	r = SSH_ERR_KEY_BAD_PERMISSIONS;	234	r = SSH_ERR_KEY_BAD_PERMISSIONS;
@@ -387,7 +379,7 @@ sshkey_load_cert(const char filename, struct sshkey *keyp)
387	/* Load private key and certificate */	379	/* Load private key and certificate */
388	int	380	int
389	sshkey_load_private_cert(int type, const char filename, const char passphrase,	381	sshkey_load_private_cert(int type, const char filename, const char passphrase,
390	struct sshkey *keyp, int perm_ok)	382	struct sshkey **keyp)
391	{	383	{
392	struct sshkey key = NULL, cert = NULL;	384	struct sshkey key = NULL, cert = NULL;
393	int r;	385	int r;
@@ -410,7 +402,7 @@ sshkey_load_private_cert(int type, const char filename, const char passphrase,
410	}	402	}
411		403
412	if ((r = sshkey_load_private_type(type, filename,	404	if ((r = sshkey_load_private_type(type, filename,
413	passphrase, &key, NULL, perm_ok)) != 0 \|\|	405	passphrase, &key, NULL)) != 0 \|\|
414	(r = sshkey_load_cert(filename, &cert)) != 0)	406	(r = sshkey_load_cert(filename, &cert)) != 0)
415	goto out;	407	goto out;
416		408
@@ -536,3 +528,25 @@ sshkey_check_revoked(struct sshkey key, const char revoked_keys_file)
536	}	528	}
537	}	529	}
538		530
		531	/*
		532	* Advanced *cpp past the end of key options, defined as the first unquoted
		533	* whitespace character. Returns 0 on success or -1 on failure (e.g.
		534	* unterminated quotes).
		535	*/
		536	int
		537	sshkey_advance_past_options(char **cpp)
		538	{
		539	char cp = cpp;
		540	int quoted = 0;
		541
		542	for (; cp && (quoted \|\| (cp != ' ' && *cp != '\t')); cp++) {
		543	if (*cp == '\\' && cp[1] == '"')
		544	cp++; /* Skip both */
		545	else if (*cp == '"')
		546	quoted = !quoted;
		547	}
		548	*cpp = cp;
		549	/* return failure for unterminated quotes */
		550	return (*cp == '\0' && quoted) ? -1 : 0;
		551	}
		552