From 7e8e820153a620ab1dcd81857a7de0969c41d043 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 16 Nov 1999 13:37:16 +1100 Subject: - Merged OpenBSD CVS changes: - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c] [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c] the keysize of rsa-parameter 'n' is passed implizit, a few more checks and warnings about 'pretended' keysizes. - [cipher.c cipher.h packet.c packet.h sshd.c] remove support for cipher RC4 - [ssh.c] a note for legay systems about secuity issues with permanently_set_uid(), the private hostkey and ptrace() - [sshconnect.c] more detailed messages about adding and checking hostkeys --- hostfile.c | 45 ++++++++++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 19 deletions(-) (limited to 'hostfile.c') diff --git a/hostfile.c b/hostfile.c index 0e65bfe5f..79ff7f988 100644 --- a/hostfile.c +++ b/hostfile.c @@ -14,7 +14,7 @@ Functions for manipulating the known hosts files. */ #include "includes.h" -RCSID("$Id: hostfile.c,v 1.2 1999/11/08 05:15:55 damien Exp $"); +RCSID("$Id: hostfile.c,v 1.3 1999/11/16 02:37:16 damien Exp $"); #include "packet.h" #include "ssh.h" @@ -166,29 +166,20 @@ match_hostname(const char *host, const char *pattern, unsigned int len) but used to have a different host key. */ HostStatus -check_host_in_hostfile(const char *filename, - const char *host, unsigned int bits, - BIGNUM *e, BIGNUM *n, - BIGNUM *ke, BIGNUM *kn) +check_host_in_hostfile(const char *filename, const char *host, + BIGNUM *e, BIGNUM *n, BIGNUM *ke, BIGNUM *kn) { FILE *f; char line[8192]; - unsigned int kbits, hostlen; + int linenum = 0; + unsigned int bits, kbits, hostlen; char *cp, *cp2; HostStatus end_return; - struct stat st; /* Open the file containing the list of known hosts. */ f = fopen(filename, "r"); if (!f) - { - if (stat(filename, &st) >= 0) - { - packet_send_debug("Could not open %.900s for reading.", filename); - packet_send_debug("If your home directory is on an NFS volume, it may need to be world-readable."); - } - return HOST_NEW; - } + return HOST_NEW; /* Cache the length of the host name. */ hostlen = strlen(host); @@ -198,10 +189,14 @@ check_host_in_hostfile(const char *filename, one. */ end_return = HOST_NEW; + /* size of modulus 'n' */ + bits = BN_num_bits(n); + /* Go trough the file. */ while (fgets(line, sizeof(line), f)) { cp = line; + linenum++; /* Skip any leading whitespace. */ for (; *cp == ' ' || *cp == '\t'; cp++) @@ -227,7 +222,15 @@ check_host_in_hostfile(const char *filename, if (!auth_rsa_read_key(&cp, &kbits, ke, kn)) continue; - /* Check if the current key is the same as the previous one. */ + if (kbits != BN_num_bits(kn)) { + error("Warning: error in %s, line %d: keysize mismatch for host %s: " + "actual size %d vs. announced %d.", + filename, linenum, host, BN_num_bits(kn), kbits); + error("Warning: replace %d with %d in %s, line %d.", + kbits, BN_num_bits(kn), filename, linenum); + } + + /* Check if the current key is the same as the given key. */ if (kbits == bits && BN_cmp(ke, e) == 0 && BN_cmp(kn, n) == 0) { /* Ok, they match. */ @@ -252,21 +255,25 @@ check_host_in_hostfile(const char *filename, int add_host_to_hostfile(const char *filename, const char *host, - unsigned int bits, BIGNUM *e, BIGNUM *n) + BIGNUM *e, BIGNUM *n) { FILE *f; char *buf; + unsigned int bits; /* Open the file for appending. */ f = fopen(filename, "a"); if (!f) return 0; + /* size of modulus 'n' */ + bits = BN_num_bits(n); + /* Print the host name and key to the file. */ fprintf(f, "%s %u ", host, bits); buf = BN_bn2dec(e); if (buf == NULL) { - error("add_host_to_hostfile: BN_bn2dec #1 failed"); + error("add_host_to_hostfile: BN_bn2dec(e) failed"); fclose(f); return 0; } @@ -274,7 +281,7 @@ add_host_to_hostfile(const char *filename, const char *host, free (buf); buf = BN_bn2dec(n); if (buf == NULL) { - error("add_host_to_hostfile: BN_bn2dec #2 failed"); + error("add_host_to_hostfile: BN_bn2dec(n) failed"); fclose(f); return 0; } -- cgit v1.2.3