From cf31f3863425453ffcda540fbefa9df80088c8d1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 24 Oct 2013 21:02:56 +1100 Subject: - dtucker@cvs.openbsd.org 2013/10/24 00:51:48 [readconf.c servconf.c ssh_config.5 sshd_config.5] Disallow empty Match statements and add "Match all" which matches everything. ok djm, man page help jmc@ --- readconf.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'readconf.c') diff --git a/readconf.c b/readconf.c index f18666786..63c0ba196 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.212 2013/10/23 03:05:19 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.213 2013/10/24 00:51:48 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -459,7 +459,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, { char *arg, *attrib, *cmd, *cp = *condition, *host; const char *ruser; - int r, port, result = 1; + int r, port, result = 1, attributes = 0; size_t len; char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; @@ -478,6 +478,19 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, debug3("checking match for '%s' host %s", cp, host); while ((attrib = strdelim(&cp)) && *attrib != '\0') { + attributes++; + if (strcasecmp(attrib, "all") == 0) { + if (attributes != 1 || + ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { + error("'all' cannot be combined with other " + "Match attributes"); + result = -1; + goto out; + } + *condition = cp; + result = 1; + goto out; + } if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { error("Missing Match criteria for %s", attrib); result = -1; @@ -544,6 +557,11 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, goto out; } } + if (attributes == 0) { + error("One or more attributes required for Match"); + result = -1; + goto out; + } debug3("match %sfound", result ? "" : "not "); *condition = cp; out: -- cgit v1.2.3