From 22cc741096c85ff211dfc4c910fd28ec4858ba83 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Dec 2004 22:47:41 +1100 Subject: - dtucker@cvs.openbsd.org 2004/12/06 11:41:03 [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8] Discard over-length authorized_keys entries rather than complaining when they don't decode. bz #884, with & ok djm@ --- auth-rsa.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'auth-rsa.c') diff --git a/auth-rsa.c b/auth-rsa.c index 16369d47c..2060f8394 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.61 2004/12/06 11:41:03 dtucker Exp $"); #include #include @@ -49,7 +49,7 @@ extern u_char session_id[16]; * options bits e n comment * where bits, e and n are decimal numbers, * and comment is any string of characters up to newline. The maximum - * length of a line is 8000 characters. See the documentation for a + * length of a line is SSH_MAX_PUBKEY_BYTES characters. See sshd(8) for a * description of the options. */ @@ -152,7 +152,7 @@ auth_rsa_challenge_dialog(Key *key) int auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) { - char line[8192], *file; + char line[SSH_MAX_PUBKEY_BYTES], *file; int allowed = 0; u_int bits; FILE *f; @@ -201,12 +201,10 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) * found, perform a challenge-response dialog to verify that the * user really has the corresponding private key. */ - while (fgets(line, sizeof(line), f)) { + while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp; char *key_options; - linenum++; - /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; -- cgit v1.2.3 From f0f90989fa7c22ab86ae7957b3af539584be375c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 11 Dec 2004 13:39:50 +1100 Subject: - dtucker@cvs.openbsd.org 2004/12/11 01:48:56 [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h] Fix debug call in error path of authorized_keys processing and fix related warnings; ok djm@ --- ChangeLog | 6 +++++- auth-rsa.c | 3 ++- auth2-pubkey.c | 3 ++- authfile.c | 5 +++-- misc.c | 8 ++++---- misc.h | 4 ++-- 6 files changed, 18 insertions(+), 11 deletions(-) (limited to 'auth-rsa.c') diff --git a/ChangeLog b/ChangeLog index 8c4cca4ba..cf68f4fb3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,10 @@ ignore). - don't do extra do_lstat() if we only have one matching file. djm@ ok + - dtucker@cvs.openbsd.org 2004/12/11 01:48:56 + [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h] + Fix debug call in error path of authorized_keys processing and fix related + warnings; ok djm@ 20041208 - (tim) [configure.ac] Comment some non obvious platforms in the @@ -1942,4 +1946,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3602 2004/12/11 02:37:22 dtucker Exp $ +$Id: ChangeLog,v 1.3603 2004/12/11 02:39:50 dtucker Exp $ diff --git a/auth-rsa.c b/auth-rsa.c index 2060f8394..4378008d3 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.61 2004/12/06 11:41:03 dtucker Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.62 2004/12/11 01:48:56 dtucker Exp $"); #include #include @@ -33,6 +33,7 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.61 2004/12/06 11:41:03 dtucker Exp $"); #include "hostfile.h" #include "monitor_wrap.h" #include "ssh.h" +#include "misc.h" /* import */ extern ServerOptions options; diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 41e23bebd..a97d0f430 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-pubkey.c,v 1.8 2004/12/06 11:41:03 dtucker Exp $"); +RCSID("$OpenBSD: auth2-pubkey.c,v 1.9 2004/12/11 01:48:56 dtucker Exp $"); #include "ssh.h" #include "ssh2.h" @@ -41,6 +41,7 @@ RCSID("$OpenBSD: auth2-pubkey.c,v 1.8 2004/12/06 11:41:03 dtucker Exp $"); #include "auth-options.h" #include "canohost.h" #include "monitor_wrap.h" +#include "misc.h" /* import */ extern ServerOptions options; diff --git a/authfile.c b/authfile.c index 4038ab692..6a04cd7a9 100644 --- a/authfile.c +++ b/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.59 2004/12/06 11:41:03 dtucker Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $"); #include #include @@ -51,6 +51,7 @@ RCSID("$OpenBSD: authfile.c,v 1.59 2004/12/06 11:41:03 dtucker Exp $"); #include "log.h" #include "authfile.h" #include "rsa.h" +#include "misc.h" /* Version identification string for SSH v1 identity files. */ static const char authfile_id_string[] = @@ -603,7 +604,7 @@ key_try_load_public(Key *k, const char *filename, char **commentp) FILE *f; char line[SSH_MAX_PUBKEY_BYTES]; char *cp; - int linenum = 0; + u_long linenum = 0; f = fopen(filename, "r"); if (f != NULL) { diff --git a/misc.c b/misc.c index d0cc53823..a90125505 100644 --- a/misc.c +++ b/misc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.26 2004/12/06 11:41:03 dtucker Exp $"); +RCSID("$OpenBSD: misc.c,v 1.27 2004/12/11 01:48:56 dtucker Exp $"); #include "misc.h" #include "log.h" @@ -339,15 +339,15 @@ addargs(arglist *args, char *fmt, ...) */ int read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, - int *lineno) + u_long *lineno) { while (fgets(buf, bufsz, f) != NULL) { (*lineno)++; if (buf[strlen(buf) - 1] == '\n' || feof(f)) { return 0; } else { - debug("%s: %s line %d exceeds size limit", __func__, - filename, lineno); + debug("%s: %s line %lu exceeds size limit", __func__, + filename, *lineno); /* discard remainder of line */ while(fgetc(f) != '\n' && !feof(f)) ; /* nothing */ diff --git a/misc.h b/misc.h index 4aab2ca01..193216fa9 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.19 2004/12/06 11:41:03 dtucker Exp $ */ +/* $OpenBSD: misc.h,v 1.20 2004/12/11 01:48:56 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -47,4 +47,4 @@ char *tilde_expand_filename(const char *, uid_t); char *read_passphrase(const char *, int); int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); -int read_keyfile_line(FILE *, const char *, char *, size_t, int *); +int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); -- cgit v1.2.3