From 89eac8010a80589bcd3abda8f253cd0cd3d2088c Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 2 Mar 2005 12:33:04 +1100
Subject:    - djm@cvs.openbsd.org 2005/03/02 01:27:41      [ssh-keygen.c]     
 ignore hostnames with metachars when hashing; ok deraadt@

---
 ChangeLog    |  5 ++++-
 ssh-keygen.c | 13 ++++++++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a5554745f..5ba0ac303 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -39,6 +39,9 @@
      [sshconnect.c]
      fix addition of new hashed hostnames when CheckHostIP=yes;
      found and ok dtucker@
+   - djm@cvs.openbsd.org 2005/03/02 01:27:41
+     [ssh-keygen.c]
+     ignore hostnames with metachars when hashing; ok deraadt@
 
 20050301
  - (djm) OpenBSD CVS sync:
@@ -2258,4 +2261,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3685 2005/03/02 01:06:51 djm Exp $
+$Id: ChangeLog,v 1.3686 2005/03/02 01:33:04 djm Exp $
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 00ddb90c8..a9931d4d8 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.119 2005/03/01 10:42:49 djm Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.120 2005/03/02 01:27:41 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -686,8 +686,15 @@ do_known_hosts(struct passwd *pw, const char *name)
 			} else if (hash_hosts) {
 				for(cp2 = strsep(&cp, ",");
 				    cp2 != NULL && *cp2 != '\0';
-				    cp2 = strsep(&cp, ","))
-					print_host(out, cp2, public, 1);
+				    cp2 = strsep(&cp, ",")) {
+					if (strcspn(cp2, "*?!") != strlen(cp2))
+						fprintf(stderr, "Warning: "
+						    "ignoring host name with "
+						    "metacharacters: %.64s\n",
+						    cp2);
+					else
+						print_host(out, cp2, public, 1);
+				}
 				has_unhashed = 1;
 			}
 		}
-- 
cgit v1.2.3