From 1338b9e067055259033a05e14db0bc2ad5536482 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 2 Oct 2011 18:57:35 +1100 Subject: - dtucker@cvs.openbsd.org 2011/09/23 00:22:04 [channels.c auth-options.c servconf.c channels.h sshd.8] Add wildcard support to PermitOpen, allowing things like "PermitOpen localhost:*". bz #1857, ok djm markus. --- auth-options.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'auth-options.c') diff --git a/auth-options.c b/auth-options.c index eae45cf2b..b3c19c1c0 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.54 2010/12/24 21:41:48 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.55 2011/09/23 00:22:04 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -341,7 +341,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) goto bad_option; } host = cleanhostname(host); - if (p == NULL || (port = a2port(p)) <= 0) { + if (p == NULL || (port = permitopen_port(p)) < 0) { debug("%.100s, line %lu: Bad permitopen port " "<%.100s>", file, linenum, p ? p : ""); auth_debug_add("%.100s, line %lu: " -- cgit v1.2.3 From c51a5ab2c6f7ea4ae42e70d1d00bdf57c28f8c36 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 18 Oct 2011 16:06:14 +1100 Subject: - djm@cvs.openbsd.org 2011/10/18 04:58:26 [auth-options.c key.c] remove explict search for \0 in packet strings, this job is now done implicitly by buffer_get_cstring; ok markus --- ChangeLog | 4 ++++ auth-options.c | 16 +--------------- key.c | 7 +------ 3 files changed, 6 insertions(+), 21 deletions(-) (limited to 'auth-options.c') diff --git a/ChangeLog b/ChangeLog index c3eb5757a..583f88f22 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,10 @@ - stsp@cvs.openbsd.org 2011/10/16 15:51:39 [moduli.c] add missing includes to unbreak tree; fix from rpointel + - djm@cvs.openbsd.org 2011/10/18 04:58:26 + [auth-options.c key.c] + remove explict search for \0 in packet strings, this job is now done + implicitly by buffer_get_cstring; ok markus 20111001 - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm diff --git a/auth-options.c b/auth-options.c index b3c19c1c0..0e67bd8c0 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.55 2011/09/23 00:22:04 dtucker Exp $ */ +/* $OpenBSD: auth-options.c,v 1.56 2011/10/18 04:58:26 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -452,10 +452,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, buffer_append(&data, data_blob, dlen); debug3("found certificate option \"%.100s\" len %u", name, dlen); - if (strlen(name) != nlen) { - error("Certificate constraint name contains \\0"); - goto out; - } found = 0; if ((which & OPTIONS_EXTENSIONS) != 0) { if (strcmp(name, "permit-X11-forwarding") == 0) { @@ -485,11 +481,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, "corrupt", name); goto out; } - if (strlen(command) != clen) { - error("force-command constraint " - "contains \\0"); - goto out; - } if (*cert_forced_command != NULL) { error("Certificate has multiple " "force-command options"); @@ -506,11 +497,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, "\"%s\" corrupt", name); goto out; } - if (strlen(allowed) != clen) { - error("source-address constraint " - "contains \\0"); - goto out; - } if ((*cert_source_address_done)++) { error("Certificate has multiple " "source-address options"); diff --git a/key.c b/key.c index 498cf5a60..5cc4132c0 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.97 2011/05/17 07:13:31 djm Exp $ */ +/* $OpenBSD: key.c,v 1.98 2011/10/18 04:58:26 djm Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1356,11 +1356,6 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) goto out; } - if (kidlen != strlen(key->cert->key_id)) { - error("%s: key ID contains \\0 character", __func__); - goto out; - } - /* Signature is left in the buffer so we can calculate this length */ signed_len = buffer_len(&key->cert->certblob) - buffer_len(b); -- cgit v1.2.3