1 files changed, 93 insertions, 59 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 64ffec240..a222233d0 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: sshconnect.c,v 1.200 2006/10/10 10:12:45 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -13,12 +14,35 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.171 2005/12/06 22:38:27 reyk Exp $");
-#include <openssl/bn.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <ctype.h>
+#include <errno.h>
+#include <netdb.h>
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#include <pwd.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
-#include "ssh.h"
 #include "xmalloc.h"
+#include "key.h"
+#include "hostfile.h"
+#include "ssh.h"
 #include "rsa.h"
 #include "buffer.h"
 #include "packet.h"
@@ -32,6 +56,7 @@ RCSID("$OpenBSD: sshconnect.c,v 1.171 2005/12/06 22:38:27 reyk Exp $");
 #include "atomicio.h"
 #include "misc.h"
 #include "dns.h"
+#include "version.h"
 char *client_version_string = NULL;
 char *server_version_string = NULL;
@@ -62,7 +87,6 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
        int pin[2], pout[2];
        pid_t pid;
        char strport[NI_MAXSERV];
-        size_t len;
        /* Convert the port number into a string. */
        snprintf(strport, sizeof strport, "%hu", port);
@@ -74,10 +98,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
         * Use "exec" to avoid "sh -c" processes on some platforms
         * (e.g. Solaris)
         */
-        len = strlen(proxy_command) + 6;
+        xasprintf(&tmp, "exec %s", proxy_command);
-        tmp = xmalloc(len);
-        strlcpy(tmp, "exec ", len);
-        strlcat(tmp, proxy_command, len);
        command_string = percent_expand(tmp, "h", host,
            "p", strport, (char *)NULL);
        xfree(tmp);
@@ -94,8 +115,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
                char *argv[10];
                /* Child.  Permanently give up superuser privileges. */
-                seteuid(original_real_uid);
+                permanently_drop_suid(original_real_uid);
-                setuid(original_real_uid);
                /* Redirect stdin and stdout. */
                close(pin[1]);
@@ -205,7 +225,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
        fd_set *fdset;
        struct timeval tv;
        socklen_t optlen;
-        int fdsetsz, optval, rc, result = -1;
+        int optval, rc, result = -1;
        if (timeout <= 0)
                return (connect(sockfd, serv_addr, addrlen));
@@ -219,10 +239,8 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
        if (errno != EINPROGRESS)
                return (-1);
-        fdsetsz = howmany(sockfd + 1, NFDBITS) * sizeof(fd_mask);
+        fdset = (fd_set *)xcalloc(howmany(sockfd + 1, NFDBITS),
-        fdset = (fd_set *)xmalloc(fdsetsz);
+            sizeof(fd_mask));
-        memset(fdset, 0, fdsetsz);
        FD_SET(sockfd, fdset);
        tv.tv_sec = timeout;
        tv.tv_usec = 0;
@@ -305,17 +323,16 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
                fatal("%s: %.100s: %s", __progname, host,
                    gai_strerror(gaierr));
-        /*
+        for (attempt = 0; attempt < connection_attempts; attempt++) {
-         * Try to connect several times.  On some machines, the first time
+                if (attempt > 0) {
-         * will sometimes fail.  In general socket code appears to behave
+                        /* Sleep a moment before retrying. */
-         * quite magically on many machines.
+                        sleep(1);
-                 */
-        for (attempt = 0; ;) {
-                if (attempt > 0)
                        debug("Trying again...");
+                }
-                /* Loop through addresses for this host, and try each one in
+                /*
-                   sequence until the connection succeeds. */
+                 * Loop through addresses for this host, and try each one in
+                 * sequence until the connection succeeds.
+                 */
                for (ai = aitop; ai; ai = ai->ai_next) {
                        if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
                                continue;
@@ -342,29 +359,18 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
                        } else {
                                debug("connect to address %s port %s: %s",
                                    ntop, strport, strerror(errno));
-                                /*
-                                 * Close the failed socket; there appear to
-                                 * be some problems when reusing a socket for
-                                 * which connect() has already returned an
-                                 * error.
-                                 */
                                close(sock);
+                                sock = -1;
                        }
                }
-                if (ai)
+                if (sock != -1)
                        break;  /* Successful connection. */
-                attempt++;
-                if (attempt >= connection_attempts)
-                        break;
-                /* Sleep a moment before retrying. */
-                sleep(1);
        }
        freeaddrinfo(aitop);
        /* Return failure if we didn't get a successful connection. */
-        if (attempt >= connection_attempts) {
+        if (sock == -1) {
                error("ssh: connect to host %s port %s: %s",
                    host, strport, strerror(errno));
                return (-1);
@@ -396,10 +402,10 @@ ssh_exchange_identification(void)
        int connection_in = packet_get_connection_in();
        int connection_out = packet_get_connection_out();
        int minor1 = PROTOCOL_MINOR_1;
-        u_int i;
+        u_int i, n;
        /* Read other side's version identification. */
-        for (;;) {
+        for (n = 0;;) {
                for (i = 0; i < sizeof(buf) - 1; i++) {
                        size_t len = atomicio(read, connection_in, &buf[i], 1);
@@ -416,6 +422,8 @@ ssh_exchange_identification(void)
                                buf[i + 1] = 0;
                                break;
                        }
+                        if (++n > 65536)
+                                fatal("ssh_exchange_identification: No banner received");
                }
                buf[sizeof(buf) - 1] = 0;
                if (strncmp(buf, "SSH-", 4) == 0)
@@ -517,13 +525,17 @@ confirm(const char *prompt)
 * check whether the supplied host key is valid, return -1 if the key
 * is not valid. the user_hostfile will not be updated if 'readonly' is true.
 */
+#define RDRW    0
+#define RDONLY  1
+#define ROQUIET 2
 static int
-check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
+check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
-    int readonly, const char *user_hostfile, const char *system_hostfile)
+    Key *host_key, int readonly, const char *user_hostfile,
+    const char *system_hostfile)
 {
        Key *file_key;
        const char *type = key_type(host_key);
-        char *ip = NULL;
+        char *ip = NULL, *host = NULL;
        char hostline[1000], *hostp, *fp;
        HostStatus host_status;
        HostStatus ip_status;
@@ -574,7 +586,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
                    NULL, 0, NI_NUMERICHOST) != 0)
                        fatal("check_host_key: getnameinfo failed");
-                ip = xstrdup(ntop);
+                ip = put_host_port(ntop, port);
        } else {
                ip = xstrdup("<no hostip for proxy command>");
        }
@@ -582,18 +594,21 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
         * Turn off check_host_ip if the connection is to localhost, via proxy
         * command or if we don't have a hostname to compare with
         */
-        if (options.check_host_ip &&
+        if (options.check_host_ip && (local ||
-            (local || strcmp(host, ip) == 0 || options.proxy_command != NULL))
+            strcmp(hostname, ip) == 0 || options.proxy_command != NULL))
                options.check_host_ip = 0;
        /*
-         * Allow the user to record the key under a different name. This is
+         * Allow the user to record the key under a different name or
-         * useful for ssh tunneling over forwarded connections or if you run
+         * differentiate a non-standard port.  This is useful for ssh
-         * multiple sshd's on different ports on the same machine.
+         * tunneling over forwarded connections or if you run multiple
+         * sshd's on different ports on the same machine.
         */
        if (options.host_key_alias != NULL) {
-                host = options.host_key_alias;
+                host = xstrdup(options.host_key_alias);
                debug("using hostkeyalias: %s", host);
+        } else {
+                host = put_host_port(hostname, port);
        }
        /*
@@ -662,6 +677,15 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                }
                break;
        case HOST_NEW:
+                if (options.host_key_alias == NULL && port != 0 &&
+                    port != SSH_DEFAULT_PORT) {
+                        debug("checking without port identifier");
+                        if (check_host_key(hostname, hostaddr, 0, host_key, 2,
+                            user_hostfile, system_hostfile) == 0) {
+                                debug("found matching key w/out port");
+                                break;
+                        }
+                }
                if (readonly)
                        goto fail;
                /* The host is new. */
@@ -741,6 +765,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                            "list of known hosts.", hostp, type);
                break;
        case HOST_CHANGED:
+                if (readonly == ROQUIET)
+                        goto fail;
                if (options.check_host_ip && host_ip_differ) {
                        char *key_msg;
                        if (ip_status == HOST_NEW)
@@ -779,7 +805,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                /*
                 * If strict host key checking has not been requested, allow
                 * the connection but without MITM-able authentication or
-                 * agent forwarding.
+                 * forwarding.
                 */
                if (options.password_authentication) {
                        error("Password authentication is disabled to avoid "
@@ -814,6 +840,11 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                        options.num_local_forwards =
                            options.num_remote_forwards = 0;
                }
+                if (options.tun_open != SSH_TUNMODE_NO) {
+                        error("Tunnel forwarding is disabled to avoid "
+                            "man-in-the-middle attacks.");
+                        options.tun_open = SSH_TUNMODE_NO;
+                }
                /*
                 * XXX Should permit the user to change to use the new id.
                 * This could be done by converting the host key to an
@@ -855,10 +886,12 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
        }
        xfree(ip);
+        xfree(host);
        return 0;
 fail:
        xfree(ip);
+        xfree(host);
        return -1;
 }
@@ -892,12 +925,13 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
        /* return ok if the key can be found in an old keyfile */
        if (stat(options.system_hostfile2, &st) == 0 ||
            stat(options.user_hostfile2, &st) == 0) {
-                if (check_host_key(host, hostaddr, host_key, /*readonly*/ 1,
+                if (check_host_key(host, hostaddr, options.port, host_key,
-                    options.user_hostfile2, options.system_hostfile2) == 0)
+                    RDONLY, options.user_hostfile2,
+                    options.system_hostfile2) == 0)
                        return 0;
        }
-        return check_host_key(host, hostaddr, host_key, /*readonly*/ 0,
+        return check_host_key(host, hostaddr, options.port, host_key,
-            options.user_hostfile, options.system_hostfile);
+            RDRW, options.user_hostfile, options.system_hostfile);
 }
 /*
@@ -921,7 +955,7 @@ ssh_login(Sensitive *sensitive, const char *orighost,
        host = xstrdup(orighost);
        for (cp = host; *cp; cp++)
                if (isupper(*cp))
-                        *cp = tolower(*cp);
+                        *cp = (char)tolower(*cp);
        /* Exchange protocol version identification strings with the server. */
        ssh_exchange_identification();
@@ -938,6 +972,7 @@ ssh_login(Sensitive *sensitive, const char *orighost,
                ssh_kex(host, hostaddr);
                ssh_userauth1(local_user, server_user, host, sensitive);
        }
+        xfree(local_user);
 }
 void
@@ -951,8 +986,7 @@ ssh_put_password(char *password)
                return;
        }
        size = roundup(strlen(password) + 1, 32);
-        padded = xmalloc(size);
+        padded = xcalloc(1, size);
-        memset(padded, 0, size);
        strlcpy(padded, password, size);
        packet_put_string(padded, size);
        memset(padded, 0, size);

diff --git a/sshconnect.c b/sshconnect.c index 64ffec240..a222233d0 100644 --- a/sshconnect.c +++ b/sshconnect.c
@@ -1,3 +1,4 @@
		1	/* $OpenBSD: sshconnect.c,v 1.200 2006/10/10 10:12:45 markus Exp $ */
1	/*	2	/*
2	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -13,12 +14,35 @@
13	*/	14	*/
14		15
15	#include "includes.h"	16	#include "includes.h"
16	RCSID("$OpenBSD: sshconnect.c,v 1.171 2005/12/06 22:38:27 reyk Exp $");
17		17
18	#include <openssl/bn.h>	18	#include <sys/types.h>
		19	#include <sys/wait.h>
		20	#include <sys/stat.h>
		21	#include <sys/socket.h>
		22	#ifdef HAVE_SYS_TIME_H
		23	# include <sys/time.h>
		24	#endif
		25
		26	#include <netinet/in.h>
		27	#include <arpa/inet.h>
		28
		29	#include <ctype.h>
		30	#include <errno.h>
		31	#include <netdb.h>
		32	#ifdef HAVE_PATHS_H
		33	#include <paths.h>
		34	#endif
		35	#include <pwd.h>
		36	#include <stdarg.h>
		37	#include <stdio.h>
		38	#include <stdlib.h>
		39	#include <string.h>
		40	#include <unistd.h>
19		41
20	#include "ssh.h"
21	#include "xmalloc.h"	42	#include "xmalloc.h"
		43	#include "key.h"
		44	#include "hostfile.h"
		45	#include "ssh.h"
22	#include "rsa.h"	46	#include "rsa.h"
23	#include "buffer.h"	47	#include "buffer.h"
24	#include "packet.h"	48	#include "packet.h"
@@ -32,6 +56,7 @@ RCSID("$OpenBSD: sshconnect.c,v 1.171 2005/12/06 22:38:27 reyk Exp $");
32	#include "atomicio.h"	56	#include "atomicio.h"
33	#include "misc.h"	57	#include "misc.h"
34	#include "dns.h"	58	#include "dns.h"
		59	#include "version.h"
35		60
36	char *client_version_string = NULL;	61	char *client_version_string = NULL;
37	char *server_version_string = NULL;	62	char *server_version_string = NULL;
@@ -62,7 +87,6 @@ ssh_proxy_connect(const char host, u_short port, const char proxy_command)
62	int pin[2], pout[2];	87	int pin[2], pout[2];
63	pid_t pid;	88	pid_t pid;
64	char strport[NI_MAXSERV];	89	char strport[NI_MAXSERV];
65	size_t len;
66		90
67	/* Convert the port number into a string. */	91	/* Convert the port number into a string. */
68	snprintf(strport, sizeof strport, "%hu", port);	92	snprintf(strport, sizeof strport, "%hu", port);
@@ -74,10 +98,7 @@ ssh_proxy_connect(const char host, u_short port, const char proxy_command)
74	* Use "exec" to avoid "sh -c" processes on some platforms	98	* Use "exec" to avoid "sh -c" processes on some platforms
75	* (e.g. Solaris)	99	* (e.g. Solaris)
76	*/	100	*/
77	len = strlen(proxy_command) + 6;	101	xasprintf(&tmp, "exec %s", proxy_command);
78	tmp = xmalloc(len);
79	strlcpy(tmp, "exec ", len);
80	strlcat(tmp, proxy_command, len);
81	command_string = percent_expand(tmp, "h", host,	102	command_string = percent_expand(tmp, "h", host,
82	"p", strport, (char *)NULL);	103	"p", strport, (char *)NULL);
83	xfree(tmp);	104	xfree(tmp);
@@ -94,8 +115,7 @@ ssh_proxy_connect(const char host, u_short port, const char proxy_command)
94	char *argv[10];	115	char *argv[10];
95		116
96	/* Child. Permanently give up superuser privileges. */	117	/* Child. Permanently give up superuser privileges. */
97	seteuid(original_real_uid);	118	permanently_drop_suid(original_real_uid);
98	setuid(original_real_uid);
99		119
100	/* Redirect stdin and stdout. */	120	/* Redirect stdin and stdout. */
101	close(pin[1]);	121	close(pin[1]);
@@ -205,7 +225,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
205	fd_set *fdset;	225	fd_set *fdset;
206	struct timeval tv;	226	struct timeval tv;
207	socklen_t optlen;	227	socklen_t optlen;
208	int fdsetsz, optval, rc, result = -1;	228	int optval, rc, result = -1;
209		229
210	if (timeout <= 0)	230	if (timeout <= 0)
211	return (connect(sockfd, serv_addr, addrlen));	231	return (connect(sockfd, serv_addr, addrlen));
@@ -219,10 +239,8 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
219	if (errno != EINPROGRESS)	239	if (errno != EINPROGRESS)
220	return (-1);	240	return (-1);
221		241
222	fdsetsz = howmany(sockfd + 1, NFDBITS) * sizeof(fd_mask);	242	fdset = (fd_set *)xcalloc(howmany(sockfd + 1, NFDBITS),
223	fdset = (fd_set *)xmalloc(fdsetsz);	243	sizeof(fd_mask));
224
225	memset(fdset, 0, fdsetsz);
226	FD_SET(sockfd, fdset);	244	FD_SET(sockfd, fdset);
227	tv.tv_sec = timeout;	245	tv.tv_sec = timeout;
228	tv.tv_usec = 0;	246	tv.tv_usec = 0;
@@ -305,17 +323,16 @@ ssh_connect(const char host, struct sockaddr_storage hostaddr,
305	fatal("%s: %.100s: %s", __progname, host,	323	fatal("%s: %.100s: %s", __progname, host,
306	gai_strerror(gaierr));	324	gai_strerror(gaierr));
307		325
308	/*	326	for (attempt = 0; attempt < connection_attempts; attempt++) {
309	* Try to connect several times. On some machines, the first time	327	if (attempt > 0) {
310	* will sometimes fail. In general socket code appears to behave	328	/* Sleep a moment before retrying. */
311	* quite magically on many machines.	329	sleep(1);
312	*/
313	for (attempt = 0; ;) {
314	if (attempt > 0)
315	debug("Trying again...");	330	debug("Trying again...");
316		331	}
317	/* Loop through addresses for this host, and try each one in	332	/*
318	sequence until the connection succeeds. */	333	* Loop through addresses for this host, and try each one in
		334	* sequence until the connection succeeds.
		335	*/
319	for (ai = aitop; ai; ai = ai->ai_next) {	336	for (ai = aitop; ai; ai = ai->ai_next) {
320	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)	337	if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
321	continue;	338	continue;
@@ -342,29 +359,18 @@ ssh_connect(const char host, struct sockaddr_storage hostaddr,
342	} else {	359	} else {
343	debug("connect to address %s port %s: %s",	360	debug("connect to address %s port %s: %s",
344	ntop, strport, strerror(errno));	361	ntop, strport, strerror(errno));
345	/*
346	* Close the failed socket; there appear to
347	* be some problems when reusing a socket for
348	* which connect() has already returned an
349	* error.
350	*/
351	close(sock);	362	close(sock);
		363	sock = -1;
352	}	364	}
353	}	365	}
354	if (ai)	366	if (sock != -1)
355	break; /* Successful connection. */	367	break; /* Successful connection. */
356
357	attempt++;
358	if (attempt >= connection_attempts)
359	break;
360	/* Sleep a moment before retrying. */
361	sleep(1);
362	}	368	}
363		369
364	freeaddrinfo(aitop);	370	freeaddrinfo(aitop);
365		371
366	/* Return failure if we didn't get a successful connection. */	372	/* Return failure if we didn't get a successful connection. */
367	if (attempt >= connection_attempts) {	373	if (sock == -1) {
368	error("ssh: connect to host %s port %s: %s",	374	error("ssh: connect to host %s port %s: %s",
369	host, strport, strerror(errno));	375	host, strport, strerror(errno));
370	return (-1);	376	return (-1);
@@ -396,10 +402,10 @@ ssh_exchange_identification(void)
396	int connection_in = packet_get_connection_in();	402	int connection_in = packet_get_connection_in();
397	int connection_out = packet_get_connection_out();	403	int connection_out = packet_get_connection_out();
398	int minor1 = PROTOCOL_MINOR_1;	404	int minor1 = PROTOCOL_MINOR_1;
399	u_int i;	405	u_int i, n;
400		406
401	/* Read other side's version identification. */	407	/* Read other side's version identification. */
402	for (;;) {	408	for (n = 0;;) {
403	for (i = 0; i < sizeof(buf) - 1; i++) {	409	for (i = 0; i < sizeof(buf) - 1; i++) {
404	size_t len = atomicio(read, connection_in, &buf[i], 1);	410	size_t len = atomicio(read, connection_in, &buf[i], 1);
405		411
@@ -416,6 +422,8 @@ ssh_exchange_identification(void)
416	buf[i + 1] = 0;	422	buf[i + 1] = 0;
417	break;	423	break;
418	}	424	}
		425	if (++n > 65536)
		426	fatal("ssh_exchange_identification: No banner received");
419	}	427	}
420	buf[sizeof(buf) - 1] = 0;	428	buf[sizeof(buf) - 1] = 0;
421	if (strncmp(buf, "SSH-", 4) == 0)	429	if (strncmp(buf, "SSH-", 4) == 0)
@@ -517,13 +525,17 @@ confirm(const char *prompt)
517	* check whether the supplied host key is valid, return -1 if the key	525	* check whether the supplied host key is valid, return -1 if the key
518	* is not valid. the user_hostfile will not be updated if 'readonly' is true.	526	* is not valid. the user_hostfile will not be updated if 'readonly' is true.
519	*/	527	*/
		528	#define RDRW 0
		529	#define RDONLY 1
		530	#define ROQUIET 2
520	static int	531	static int
521	check_host_key(char host, struct sockaddr hostaddr, Key *host_key,	532	check_host_key(char hostname, struct sockaddr hostaddr, u_short port,
522	int readonly, const char user_hostfile, const char system_hostfile)	533	Key host_key, int readonly, const char user_hostfile,
		534	const char *system_hostfile)
523	{	535	{
524	Key *file_key;	536	Key *file_key;
525	const char *type = key_type(host_key);	537	const char *type = key_type(host_key);
526	char *ip = NULL;	538	char ip = NULL, host = NULL;
527	char hostline[1000], hostp, fp;	539	char hostline[1000], hostp, fp;
528	HostStatus host_status;	540	HostStatus host_status;
529	HostStatus ip_status;	541	HostStatus ip_status;
@@ -574,7 +586,7 @@ check_host_key(char host, struct sockaddr hostaddr, Key *host_key,
574	if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),	586	if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
575	NULL, 0, NI_NUMERICHOST) != 0)	587	NULL, 0, NI_NUMERICHOST) != 0)
576	fatal("check_host_key: getnameinfo failed");	588	fatal("check_host_key: getnameinfo failed");
577	ip = xstrdup(ntop);	589	ip = put_host_port(ntop, port);
578	} else {	590	} else {
579	ip = xstrdup("<no hostip for proxy command>");	591	ip = xstrdup("<no hostip for proxy command>");
580	}	592	}
@@ -582,18 +594,21 @@ check_host_key(char host, struct sockaddr hostaddr, Key *host_key,
582	* Turn off check_host_ip if the connection is to localhost, via proxy	594	* Turn off check_host_ip if the connection is to localhost, via proxy
583	* command or if we don't have a hostname to compare with	595	* command or if we don't have a hostname to compare with
584	*/	596	*/
585	if (options.check_host_ip &&	597	if (options.check_host_ip && (local \|\|
586	(local \|\| strcmp(host, ip) == 0 \|\| options.proxy_command != NULL))	598	strcmp(hostname, ip) == 0 \|\| options.proxy_command != NULL))
587	options.check_host_ip = 0;	599	options.check_host_ip = 0;
588		600
589	/*	601	/*
590	* Allow the user to record the key under a different name. This is	602	* Allow the user to record the key under a different name or
591	* useful for ssh tunneling over forwarded connections or if you run	603	* differentiate a non-standard port. This is useful for ssh
592	* multiple sshd's on different ports on the same machine.	604	* tunneling over forwarded connections or if you run multiple
		605	* sshd's on different ports on the same machine.
593	*/	606	*/
594	if (options.host_key_alias != NULL) {	607	if (options.host_key_alias != NULL) {
595	host = options.host_key_alias;	608	host = xstrdup(options.host_key_alias);
596	debug("using hostkeyalias: %s", host);	609	debug("using hostkeyalias: %s", host);
		610	} else {
		611	host = put_host_port(hostname, port);
597	}	612	}
598		613
599	/*	614	/*
@@ -662,6 +677,15 @@ check_host_key(char host, struct sockaddr hostaddr, Key *host_key,
662	}	677	}
663	break;	678	break;
664	case HOST_NEW:	679	case HOST_NEW:
		680	if (options.host_key_alias == NULL && port != 0 &&
		681	port != SSH_DEFAULT_PORT) {
		682	debug("checking without port identifier");
		683	if (check_host_key(hostname, hostaddr, 0, host_key, 2,
		684	user_hostfile, system_hostfile) == 0) {
		685	debug("found matching key w/out port");
		686	break;
		687	}
		688	}
665	if (readonly)	689	if (readonly)
666	goto fail;	690	goto fail;
667	/* The host is new. */	691	/* The host is new. */
@@ -741,6 +765,8 @@ check_host_key(char host, struct sockaddr hostaddr, Key *host_key,
741	"list of known hosts.", hostp, type);	765	"list of known hosts.", hostp, type);
742	break;	766	break;
743	case HOST_CHANGED:	767	case HOST_CHANGED:
		768	if (readonly == ROQUIET)
		769	goto fail;
744	if (options.check_host_ip && host_ip_differ) {	770	if (options.check_host_ip && host_ip_differ) {
745	char *key_msg;	771	char *key_msg;
746	if (ip_status == HOST_NEW)	772	if (ip_status == HOST_NEW)
@@ -779,7 +805,7 @@ check_host_key(char host, struct sockaddr hostaddr, Key *host_key,
779	/*	805	/*
780	* If strict host key checking has not been requested, allow	806	* If strict host key checking has not been requested, allow
781	* the connection but without MITM-able authentication or	807	* the connection but without MITM-able authentication or
782	* agent forwarding.	808	* forwarding.
783	*/	809	*/
784	if (options.password_authentication) {	810	if (options.password_authentication) {
785	error("Password authentication is disabled to avoid "	811	error("Password authentication is disabled to avoid "
@@ -814,6 +840,11 @@ check_host_key(char host, struct sockaddr hostaddr, Key *host_key,
814	options.num_local_forwards =	840	options.num_local_forwards =
815	options.num_remote_forwards = 0;	841	options.num_remote_forwards = 0;
816	}	842	}
		843	if (options.tun_open != SSH_TUNMODE_NO) {
		844	error("Tunnel forwarding is disabled to avoid "
		845	"man-in-the-middle attacks.");
		846	options.tun_open = SSH_TUNMODE_NO;
		847	}
817	/*	848	/*
818	* XXX Should permit the user to change to use the new id.	849	* XXX Should permit the user to change to use the new id.
819	* This could be done by converting the host key to an	850	* This could be done by converting the host key to an
@@ -855,10 +886,12 @@ check_host_key(char host, struct sockaddr hostaddr, Key *host_key,
855	}	886	}
856		887
857	xfree(ip);	888	xfree(ip);
		889	xfree(host);
858	return 0;	890	return 0;
859		891
860	fail:	892	fail:
861	xfree(ip);	893	xfree(ip);
		894	xfree(host);
862	return -1;	895	return -1;
863	}	896	}
864		897
@@ -892,12 +925,13 @@ verify_host_key(char host, struct sockaddr hostaddr, Key *host_key)
892	/* return ok if the key can be found in an old keyfile */	925	/* return ok if the key can be found in an old keyfile */
893	if (stat(options.system_hostfile2, &st) == 0 \|\|	926	if (stat(options.system_hostfile2, &st) == 0 \|\|
894	stat(options.user_hostfile2, &st) == 0) {	927	stat(options.user_hostfile2, &st) == 0) {
895	if (check_host_key(host, hostaddr, host_key, /readonly/ 1,	928	if (check_host_key(host, hostaddr, options.port, host_key,
896	options.user_hostfile2, options.system_hostfile2) == 0)	929	RDONLY, options.user_hostfile2,
		930	options.system_hostfile2) == 0)
897	return 0;	931	return 0;
898	}	932	}
899	return check_host_key(host, hostaddr, host_key, /readonly/ 0,	933	return check_host_key(host, hostaddr, options.port, host_key,
900	options.user_hostfile, options.system_hostfile);	934	RDRW, options.user_hostfile, options.system_hostfile);
901	}	935	}
902		936
903	/*	937	/*
@@ -921,7 +955,7 @@ ssh_login(Sensitive sensitive, const char orighost,
921	host = xstrdup(orighost);	955	host = xstrdup(orighost);
922	for (cp = host; *cp; cp++)	956	for (cp = host; *cp; cp++)
923	if (isupper(*cp))	957	if (isupper(*cp))
924	cp = tolower(cp);	958	cp = (char)tolower(cp);
925		959
926	/* Exchange protocol version identification strings with the server. */	960	/* Exchange protocol version identification strings with the server. */
927	ssh_exchange_identification();	961	ssh_exchange_identification();
@@ -938,6 +972,7 @@ ssh_login(Sensitive sensitive, const char orighost,
938	ssh_kex(host, hostaddr);	972	ssh_kex(host, hostaddr);
939	ssh_userauth1(local_user, server_user, host, sensitive);	973	ssh_userauth1(local_user, server_user, host, sensitive);
940	}	974	}
		975	xfree(local_user);
941	}	976	}
942		977
943	void	978	void
@@ -951,8 +986,7 @@ ssh_put_password(char *password)
951	return;	986	return;
952	}	987	}
953	size = roundup(strlen(password) + 1, 32);	988	size = roundup(strlen(password) + 1, 32);
954	padded = xmalloc(size);	989	padded = xcalloc(1, size);
955	memset(padded, 0, size);
956	strlcpy(padded, password, size);	990	strlcpy(padded, password, size);
957	packet_put_string(padded, size);	991	packet_put_string(padded, size);
958	memset(padded, 0, size);	992	memset(padded, 0, size);