From 3a7db919d5dd09f797971b3cf8ee301767459774 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Tue, 23 Apr 2019 11:56:41 +0000 Subject: upstream: Use the LogLevel typdef instead of int where appropriate. Patch from Markus Schmidt via openssh-unix-dev, ok markus@ OpenBSD-Commit-ID: 4c0f0f458e3da7807806b35e3eb5c1e8403c968a --- ssh.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'ssh.c') diff --git a/ssh.c b/ssh.c index 91e7c3511..f46a3b262 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.500 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.501 2019/04/23 11:56:41 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -236,7 +236,8 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) { char strport[NI_MAXSERV]; struct addrinfo hints, *res; - int gaierr, loglevel = SYSLOG_LEVEL_DEBUG1; + int gaierr; + LogLevel loglevel = SYSLOG_LEVEL_DEBUG1; if (port <= 0) port = default_ssh_port(); -- cgit v1.2.3 From 0323d9b619d512f80c57575b810a05791891f657 Mon Sep 17 00:00:00 2001 From: "otto@openbsd.org" Date: Thu, 6 Jun 2019 05:13:13 +0000 Subject: upstream: Replace calls to ssh_malloc_init() by a static init of malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@ OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b --- sftp-server-main.c | 3 +-- sftp-server.c | 3 +-- sftp.c | 3 +-- ssh-add.c | 3 +-- ssh-agent.c | 3 +-- ssh-keygen.c | 3 +-- ssh-keyscan.c | 3 +-- ssh-keysign.c | 3 +-- ssh-pkcs11-helper.c | 3 +-- ssh.c | 3 +-- sshd.c | 4 +--- xmalloc.c | 10 ++-------- 12 files changed, 13 insertions(+), 31 deletions(-) (limited to 'ssh.c') diff --git a/sftp-server-main.c b/sftp-server-main.c index 6230d897d..06566d36e 100644 --- a/sftp-server-main.c +++ b/sftp-server-main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server-main.c,v 1.5 2016/02/15 09:47:49 dtucker Exp $ */ +/* $OpenBSD: sftp-server-main.c,v 1.6 2019/06/06 05:13:13 otto Exp $ */ /* * Copyright (c) 2008 Markus Friedl. All rights reserved. * @@ -39,7 +39,6 @@ main(int argc, char **argv) { struct passwd *user_pw; - ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); diff --git a/sftp-server.c b/sftp-server.c index 19a132bd9..ee6013e3f 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.114 2019/01/16 23:22:10 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.115 2019/06/06 05:13:13 otto Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -1574,7 +1574,6 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) extern char *optarg; extern char *__progname; - ssh_malloc_init(); /* must be called before any mallocs */ __progname = ssh_get_progname(argv[0]); log_init(__progname, log_level, log_facility, log_stderr); diff --git a/sftp.c b/sftp.c index 44aa19d96..04881c83f 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.190 2019/01/21 22:50:42 tb Exp $ */ +/* $OpenBSD: sftp.c,v 1.191 2019/06/06 05:13:13 otto Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -2388,7 +2388,6 @@ main(int argc, char **argv) size_t num_requests = DEFAULT_NUM_REQUESTS; long long limit_kbps = 0; - ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); msetlocale(); diff --git a/ssh-add.c b/ssh-add.c index ac9c808dd..9cf298918 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.138 2019/01/21 12:53:35 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.139 2019/06/06 05:13:13 otto Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -575,7 +575,6 @@ main(int argc, char **argv) SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; LogLevel log_level = SYSLOG_LEVEL_INFO; - ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); diff --git a/ssh-agent.c b/ssh-agent.c index d06ecfd98..034f31387 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.233 2019/01/22 22:58:50 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.234 2019/06/06 05:13:13 otto Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1096,7 +1096,6 @@ main(int ac, char **av) size_t npfd = 0; u_int maxfds; - ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); diff --git a/ssh-keygen.c b/ssh-keygen.c index db371090d..010667157 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.330 2019/05/29 08:30:26 lum Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.331 2019/06/06 05:13:13 otto Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -2457,7 +2457,6 @@ main(int argc, char **argv) extern int optind; extern char *optarg; - ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 2ed041559..7b7c0f320 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.126 2019/01/26 22:35:01 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.127 2019/06/06 05:13:13 otto Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -656,7 +656,6 @@ main(int argc, char **argv) extern int optind; extern char *optarg; - ssh_malloc_init(); /* must be called before any mallocs */ __progname = ssh_get_progname(argv[0]); seed_rng(); TAILQ_INIT(&tq); diff --git a/ssh-keysign.c b/ssh-keysign.c index 601f6ca72..9ebc67860 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.56 2018/11/23 05:08:07 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.57 2019/06/06 05:13:13 otto Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -173,7 +173,6 @@ main(int argc, char **argv) char *host, *fp; size_t slen, dlen; - ssh_malloc_init(); /* must be called before any mallocs */ if (pledge("stdio rpath getpw dns id", NULL) != 0) fatal("%s: pledge: %s", __progname, strerror(errno)); diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index cb873e20b..cd79db2ae 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.18 2019/05/16 08:47:27 dtucker Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.19 2019/06/06 05:13:13 otto Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -322,7 +322,6 @@ main(int argc, char **argv) extern char *__progname; struct pollfd pfd[2]; - ssh_malloc_init(); /* must be called before any mallocs */ __progname = ssh_get_progname(argv[0]); seed_rng(); TAILQ_INIT(&pkcs11_keylist); diff --git a/ssh.c b/ssh.c index f46a3b262..d8d614111 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.501 2019/04/23 11:56:41 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.502 2019/06/06 05:13:13 otto Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -596,7 +596,6 @@ main(int ac, char **av) struct ssh_digest_ctx *md; u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; - ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); diff --git a/sshd.c b/sshd.c index 1fcde502b..be23fbc80 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.534 2019/04/18 18:56:16 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.535 2019/06/06 05:13:13 otto Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1433,8 +1433,6 @@ main(int ac, char **av) Authctxt *authctxt; struct connection_info *connection_info = NULL; - ssh_malloc_init(); /* must be called before any mallocs */ - #ifdef HAVE_SECUREWARE (void)set_auth_parameters(ac, av); #endif diff --git a/xmalloc.c b/xmalloc.c index 5cc0310a4..be26510cf 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.c,v 1.34 2017/05/31 09:15:42 deraadt Exp $ */ +/* $OpenBSD: xmalloc.c,v 1.35 2019/06/06 05:13:13 otto Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -26,15 +26,9 @@ #include "xmalloc.h" #include "log.h" -void -ssh_malloc_init(void) -{ #if defined(__OpenBSD__) - extern char *malloc_options; - - malloc_options = "S"; ++char *malloc_options = "S"; #endif /* __OpenBSD__ */ -} void * xmalloc(size_t size) -- cgit v1.2.3 From 7349149da1074d82b71722338e05b6a282f126cc Mon Sep 17 00:00:00 2001 From: "jmc@openbsd.org" Date: Wed, 12 Jun 2019 11:31:50 +0000 Subject: upstream: Hostname->HostName cleanup; from lauri tirkkonen ok dtucker OpenBSD-Commit-ID: 4ade73629ede63b691f36f9a929f943d4e7a44e4 --- clientloop.c | 4 ++-- readconf.c | 12 ++++++------ scp.1 | 6 +++--- sftp.1 | 6 +++--- ssh.1 | 6 +++--- ssh.c | 4 ++-- ssh_config.5 | 6 +++--- 7 files changed, 22 insertions(+), 22 deletions(-) (limited to 'ssh.c') diff --git a/clientloop.c b/clientloop.c index 755f29231..244de9871 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.323 2019/04/23 11:56:41 dtucker Exp $ */ +/* $OpenBSD: clientloop.c,v 1.324 2019/06/12 11:31:50 jmc Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -129,7 +129,7 @@ extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */ /* * Name of the host we are connecting to. This is the name given on the - * command line, or the HostName specified for the user-supplied name in a + * command line, or the Hostname specified for the user-supplied name in a * configuration file. */ extern char *host; diff --git a/readconf.c b/readconf.c index c143fa2e2..ec30ab30a 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.305 2019/06/07 14:18:48 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.306 2019/06/12 11:31:50 jmc Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -86,7 +86,7 @@ User foo Host fake.com - HostName another.host.name.real.org + Hostname another.host.name.real.org User blaah Port 34289 ForwardX11 no @@ -148,7 +148,7 @@ typedef enum { oGatewayPorts, oExitOnForwardFailure, oPasswordAuthentication, oRSAAuthentication, oChallengeResponseAuthentication, oXAuthLocation, - oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, + oIdentityFile, oHostname, oPort, oCipher, oRemoteForward, oLocalForward, oCertificateFile, oAddKeysToAgent, oIdentityAgent, oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, @@ -240,7 +240,7 @@ static struct { { "certificatefile", oCertificateFile }, { "addkeystoagent", oAddKeysToAgent }, { "identityagent", oIdentityAgent }, - { "hostname", oHostName }, + { "hostname", oHostname }, { "hostkeyalias", oHostKeyAlias }, { "proxycommand", oProxyCommand }, { "port", oPort }, @@ -1117,7 +1117,7 @@ parse_char_array: max_entries = SSH_MAX_HOSTS_FILES; goto parse_char_array; - case oHostName: + case oHostname: charptr = &options->hostname; goto parse_string; @@ -2593,7 +2593,7 @@ dump_client_config(Options *o, const char *host) /* Most interesting options first: user, host, port */ dump_cfg_string(oUser, o->user); - dump_cfg_string(oHostName, host); + dump_cfg_string(oHostname, host); dump_cfg_int(oPort, o->port); /* Flag options */ diff --git a/scp.1 b/scp.1 index a2833dab0..dee7fcead 100644 --- a/scp.1 +++ b/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.85 2019/01/26 22:41:28 djm Exp $ +.\" $OpenBSD: scp.1,v 1.86 2019/06/12 11:31:50 jmc Exp $ .\" -.Dd $Mdocdate: January 26 2019 $ +.Dd $Mdocdate: June 12 2019 $ .Dt SCP 1 .Os .Sh NAME @@ -164,7 +164,7 @@ For full details of the options listed below, and their possible values, see .It HostbasedKeyTypes .It HostKeyAlgorithms .It HostKeyAlias -.It HostName +.It Hostname .It IdentitiesOnly .It IdentityAgent .It IdentityFile diff --git a/sftp.1 b/sftp.1 index 259095885..4554ae4f3 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.125 2019/01/22 06:58:31 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.126 2019/06/12 11:31:50 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 22 2019 $ +.Dd $Mdocdate: June 12 2019 $ .Dt SFTP 1 .Os .Sh NAME @@ -241,7 +241,7 @@ For full details of the options listed below, and their possible values, see .It HostbasedKeyTypes .It HostKeyAlgorithms .It HostKeyAlias -.It HostName +.It Hostname .It IdentitiesOnly .It IdentityAgent .It IdentityFile diff --git a/ssh.1 b/ssh.1 index 9480eba8d..424d6c3e8 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.402 2019/03/16 19:14:21 jmc Exp $ -.Dd $Mdocdate: March 16 2019 $ +.\" $OpenBSD: ssh.1,v 1.403 2019/06/12 11:31:50 jmc Exp $ +.Dd $Mdocdate: June 12 2019 $ .Dt SSH 1 .Os .Sh NAME @@ -504,7 +504,7 @@ For full details of the options listed below, and their possible values, see .It HostbasedKeyTypes .It HostKeyAlgorithms .It HostKeyAlias -.It HostName +.It Hostname .It IdentitiesOnly .It IdentityAgent .It IdentityFile diff --git a/ssh.c b/ssh.c index d8d614111..a9903b6f9 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.502 2019/06/06 05:13:13 otto Exp $ */ +/* $OpenBSD: ssh.c,v 1.503 2019/06/12 11:31:50 jmc Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -162,7 +162,7 @@ char *config = NULL; /* * Name of the host we are connecting to. This is the name given on the - * command line, or the HostName specified for the user-supplied name in a + * command line, or the Hostname specified for the user-supplied name in a * configuration file. */ char *host; diff --git a/ssh_config.5 b/ssh_config.5 index 4e72d2ea9..806676bba 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.295 2019/06/12 05:53:21 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.296 2019/06/12 11:31:50 jmc Exp $ .Dd $Mdocdate: June 12 2019 $ .Dt SSH_CONFIG 5 .Os @@ -1222,8 +1222,8 @@ server running on some machine, or execute .Ic sshd -i somewhere. Host key management will be done using the -HostName of the host being connected (defaulting to the name typed by -the user). +.Cm Hostname +of the host being connected (defaulting to the name typed by the user). Setting the command to .Cm none disables this option entirely. -- cgit v1.2.3 From cb8f56570f70b00abae4267d4bcce2bfae7dfff6 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 14 Jun 2019 04:13:58 +0000 Subject: upstream: slightly more instructive error message when the user specifies multiple -J options on the commandline. bz3015 ok dtucker@ OpenBSD-Commit-ID: 181c15a65cac3b575819bc8d9a56212c3c748179 --- ssh.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'ssh.c') diff --git a/ssh.c b/ssh.c index a9903b6f9..d9a9d1136 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.503 2019/06/12 11:31:50 jmc Exp $ */ +/* $OpenBSD: ssh.c,v 1.504 2019/06/14 04:13:58 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -790,8 +790,11 @@ main(int ac, char **av) #endif break; case 'J': - if (options.jump_host != NULL) - fatal("Only a single -J option permitted"); + if (options.jump_host != NULL) { + fatal("Only a single -J option is permitted " + "(use commas to separate multiple " + "jump hops)"); + } if (options.proxy_command != NULL) fatal("Cannot specify -J with ProxyCommand"); if (parse_jump(optarg, &options, 1) == -1) -- cgit v1.2.3 From 4d28fa78abce2890e136281950633fae2066cc29 Mon Sep 17 00:00:00 2001 From: "deraadt@openbsd.org" Date: Fri, 28 Jun 2019 13:35:04 +0000 Subject: upstream: When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075 --- auth-rhosts.c | 10 +++++----- auth.c | 16 ++++++++-------- authfd.c | 6 +++--- authfile.c | 12 ++++++------ canohost.c | 6 +++--- channels.c | 46 +++++++++++++++++++++++----------------------- clientloop.c | 12 ++++++------ misc.c | 18 +++++++++--------- monitor.c | 10 +++++----- monitor_wrap.c | 4 ++-- mux.c | 8 ++++---- nchan.c | 6 +++--- packet.c | 14 +++++++------- readconf.c | 4 ++-- readpass.c | 10 +++++----- scp.c | 24 ++++++++++++------------ serverloop.c | 8 ++++---- session.c | 48 ++++++++++++++++++++++++------------------------ sftp-server.c | 24 ++++++++++++------------ ssh-add.c | 6 +++--- ssh-agent.c | 10 +++++----- ssh-keygen.c | 24 ++++++++++++------------ ssh-keyscan.c | 12 ++++++------ ssh.c | 18 +++++++++--------- sshconnect.c | 26 +++++++++++++------------- sshconnect2.c | 20 ++++++++++---------- sshd.c | 30 +++++++++++++++--------------- sshkey-xmss.c | 14 +++++++------- sshlogin.c | 2 +- sshpty.c | 18 +++++++++--------- uidswap.c | 32 ++++++++++++++++---------------- 31 files changed, 249 insertions(+), 249 deletions(-) (limited to 'ssh.c') diff --git a/auth-rhosts.c b/auth-rhosts.c index 57296e1f6..63c1c8acb 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.50 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -222,8 +222,8 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, * are no system-wide files. */ if (!rhosts_files[rhosts_file_index] && - stat(_PATH_RHOSTS_EQUIV, &st) < 0 && - stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) { + stat(_PATH_RHOSTS_EQUIV, &st) == -1 && + stat(_PATH_SSH_HOSTS_EQUIV, &st) == -1) { debug3("%s: no hosts access files exist", __func__); return 0; } @@ -253,7 +253,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, * Check that the home directory is owned by root or the user, and is * not group or world writable. */ - if (stat(pw->pw_dir, &st) < 0) { + if (stat(pw->pw_dir, &st) == -1) { logit("Rhosts authentication refused for %.100s: " "no home directory %.200s", pw->pw_name, pw->pw_dir); auth_debug_add("Rhosts authentication refused for %.100s: " @@ -278,7 +278,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, /* Check users .rhosts or .shosts. */ snprintf(buf, sizeof buf, "%.500s/%.100s", pw->pw_dir, rhosts_files[rhosts_file_index]); - if (stat(buf, &st) < 0) + if (stat(buf, &st) == -1) continue; /* diff --git a/auth.c b/auth.c index 8696f258e..b41d39cdc 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.139 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -167,7 +167,7 @@ allowed_user(struct ssh *ssh, struct passwd * pw) char *shell = xstrdup((pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */ - if (stat(shell, &st) != 0) { + if (stat(shell, &st) == -1) { logit("User %.100s not allowed because shell %.100s " "does not exist", pw->pw_name, shell); free(shell); @@ -517,7 +517,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes, return NULL; } - if (fstat(fd, &st) < 0) { + if (fstat(fd, &st) == -1) { close(fd); return NULL; } @@ -746,7 +746,7 @@ remote_hostname(struct ssh *ssh) fromlen = sizeof(from); memset(&from, 0, sizeof(from)); if (getpeername(ssh_packet_get_connection_in(ssh), - (struct sockaddr *)&from, &fromlen) < 0) { + (struct sockaddr *)&from, &fromlen) == -1) { debug("getpeername failed: %.100s", strerror(errno)); return strdup(ntop); } @@ -884,7 +884,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command, return 0; } temporarily_use_uid(pw); - if (stat(av[0], &st) < 0) { + if (stat(av[0], &st) == -1) { error("Could not stat %s \"%s\": %s", tag, av[0], strerror(errno)); restore_uid(); @@ -896,7 +896,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command, return 0; } /* Prepare to keep the child's stdout if requested */ - if (pipe(p) != 0) { + if (pipe(p) == -1) { error("%s: pipe: %s", tag, strerror(errno)); restore_uid(); return 0; @@ -946,12 +946,12 @@ subprocess(const char *tag, struct passwd *pw, const char *command, closefrom(STDERR_FILENO + 1); /* Don't use permanently_set_uid() here to avoid fatal() */ - if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) { error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, strerror(errno)); _exit(1); } - if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) { + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) { error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid, strerror(errno)); _exit(1); diff --git a/authfd.c b/authfd.c index 327a333d2..fd8f336fc 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.114 2019/06/21 04:21:04 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.115 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -101,12 +101,12 @@ ssh_get_authentication_socket(int *fdp) sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); - if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) + if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) return SSH_ERR_SYSTEM_ERROR; /* close on exec */ if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 || - connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { + connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { oerrno = errno; close(sock); errno = oerrno; diff --git a/authfile.c b/authfile.c index b1c92f4ad..2166c1689 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.132 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -57,7 +57,7 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) { int fd, oerrno; - if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) + if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) == -1) return SSH_ERR_SYSTEM_ERROR; if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf), sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { @@ -101,7 +101,7 @@ sshkey_load_file(int fd, struct sshbuf *blob) struct stat st; int r; - if (fstat(fd, &st) < 0) + if (fstat(fd, &st) == -1) return SSH_ERR_SYSTEM_ERROR; if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && st.st_size > MAX_KEY_FILE_SIZE) @@ -141,7 +141,7 @@ sshkey_perm_ok(int fd, const char *filename) { struct stat st; - if (fstat(fd, &st) < 0) + if (fstat(fd, &st) == -1) return SSH_ERR_SYSTEM_ERROR; /* * if a key owned by the user is accessed, then we check the @@ -176,7 +176,7 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase, if (commentp != NULL) *commentp = NULL; - if ((fd = open(filename, O_RDONLY)) < 0) { + if ((fd = open(filename, O_RDONLY)) == -1) { if (perm_ok != NULL) *perm_ok = 0; return SSH_ERR_SYSTEM_ERROR; @@ -236,7 +236,7 @@ sshkey_load_private(const char *filename, const char *passphrase, if (commentp != NULL) *commentp = NULL; - if ((fd = open(filename, O_RDONLY)) < 0) + if ((fd = open(filename, O_RDONLY)) == -1) return SSH_ERR_SYSTEM_ERROR; if (sshkey_perm_ok(fd, filename) != 0) { r = SSH_ERR_KEY_BAD_PERMISSIONS; diff --git a/canohost.c b/canohost.c index f71a08568..abea9c6e6 100644 --- a/canohost.c +++ b/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.73 2016/03/07 19:02:43 djm Exp $ */ +/* $OpenBSD: canohost.c,v 1.74 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -164,12 +164,12 @@ get_sock_port(int sock, int local) fromlen = sizeof(from); memset(&from, 0, sizeof(from)); if (local) { - if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) { + if (getsockname(sock, (struct sockaddr *)&from, &fromlen) == -1) { error("getsockname failed: %.100s", strerror(errno)); return 0; } } else { - if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) { + if (getpeername(sock, (struct sockaddr *)&from, &fromlen) == -1) { debug("getpeername failed: %.100s", strerror(errno)); return -1; } diff --git a/channels.c b/channels.c index 30691c82f..e1c7be81f 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.392 2019/06/07 14:18:48 dtucker Exp $ */ +/* $OpenBSD: channels.c,v 1.393 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1671,7 +1671,7 @@ channel_post_x11_listener(struct ssh *ssh, Channel *c, chan_mark_dead(ssh, c); errno = oerrno; } - if (newsock < 0) { + if (newsock == -1) { if (errno != EINTR && errno != EWOULDBLOCK && errno != ECONNABORTED) error("accept: %.100s", strerror(errno)); @@ -1814,7 +1814,7 @@ channel_post_port_listener(struct ssh *ssh, Channel *c, addrlen = sizeof(addr); newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); - if (newsock < 0) { + if (newsock == -1) { if (errno != EINTR && errno != EWOULDBLOCK && errno != ECONNABORTED) error("accept: %.100s", strerror(errno)); @@ -1853,7 +1853,7 @@ channel_post_auth_listener(struct ssh *ssh, Channel *c, addrlen = sizeof(addr); newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); - if (newsock < 0) { + if (newsock == -1) { error("accept from auth socket: %.100s", strerror(errno)); if (errno == EMFILE || errno == ENFILE) c->notbefore = monotime() + 1; @@ -1881,7 +1881,7 @@ channel_post_connecting(struct ssh *ssh, Channel *c, fatal(":%s: channel %d: no remote id", __func__, c->self); /* for rdynamic the OPEN_CONFIRMATION has been sent already */ isopen = (c->type == SSH_CHANNEL_RDYNAMIC_FINISH); - if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) < 0) { + if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) == -1) { err = errno; error("getsockopt SO_ERROR failed"); } @@ -1956,7 +1956,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c, errno = 0; len = read(c->rfd, buf, sizeof(buf)); - if (len < 0 && (errno == EINTR || + if (len == -1 && (errno == EINTR || ((errno == EAGAIN || errno == EWOULDBLOCK) && !force))) return 1; #ifndef PTY_ZEROREAD @@ -2030,7 +2030,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c, /* ignore truncated writes, datagrams might get lost */ len = write(c->wfd, buf, dlen); free(data); - if (len < 0 && (errno == EINTR || errno == EAGAIN || + if (len == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) return 1; if (len <= 0) @@ -2045,7 +2045,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c, #endif len = write(c->wfd, buf, dlen); - if (len < 0 && + if (len == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) return 1; if (len <= 0) { @@ -2099,7 +2099,7 @@ channel_handle_efd_write(struct ssh *ssh, Channel *c, len = write(c->efd, sshbuf_ptr(c->extended), sshbuf_len(c->extended)); debug2("channel %d: written %zd to efd %d", c->self, len, c->efd); - if (len < 0 && (errno == EINTR || errno == EAGAIN || + if (len == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) return 1; if (len <= 0) { @@ -2130,7 +2130,7 @@ channel_handle_efd_read(struct ssh *ssh, Channel *c, len = read(c->efd, buf, sizeof(buf)); debug2("channel %d: read %zd from efd %d", c->self, len, c->efd); - if (len < 0 && (errno == EINTR || ((errno == EAGAIN || + if (len == -1 && (errno == EINTR || ((errno == EAGAIN || errno == EWOULDBLOCK) && !force))) return 1; if (len <= 0) { @@ -2219,7 +2219,7 @@ read_mux(struct ssh *ssh, Channel *c, u_int need) if (sshbuf_len(c->input) < need) { rlen = need - sshbuf_len(c->input); len = read(c->rfd, buf, MINIMUM(rlen, CHAN_RBUF)); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len == -1 && (errno == EINTR || errno == EAGAIN)) return sshbuf_len(c->input); if (len <= 0) { debug2("channel %d: ctl read<=0 rfd %d len %zd", @@ -2283,7 +2283,7 @@ channel_post_mux_client_write(struct ssh *ssh, Channel *c, return; len = write(c->wfd, sshbuf_ptr(c->output), sshbuf_len(c->output)); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len == -1 && (errno == EINTR || errno == EAGAIN)) return; if (len <= 0) { chan_mark_dead(ssh, c); @@ -2331,7 +2331,7 @@ channel_post_mux_listener(struct ssh *ssh, Channel *c, return; } - if (getpeereid(newsock, &euid, &egid) < 0) { + if (getpeereid(newsock, &euid, &egid) == -1) { error("%s getpeereid failed: %s", __func__, strerror(errno)); close(newsock); @@ -3461,7 +3461,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, } /* Create a port to listen for the host. */ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) { + if (sock == -1) { /* this is no error since kernel may not support ipv6 */ verbose("socket [%s]:%s: %.100s", ntop, strport, strerror(errno)); @@ -3476,7 +3476,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, ntop, strport); /* Bind the socket to the address. */ - if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) { /* * address can be in if use ipv6 address is * already bound @@ -3492,7 +3492,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, continue; } /* Start listening for connections on the socket. */ - if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { + if (listen(sock, SSH_LISTEN_BACKLOG) == -1) { error("listen: %.100s", strerror(errno)); error("listen [%s]:%s: %.100s", ntop, strport, strerror(errno)); @@ -4512,7 +4512,7 @@ channel_send_window_changes(struct ssh *ssh) if (sc->channels[i] == NULL || !sc->channels[i]->client_tty || sc->channels[i]->type != SSH_CHANNEL_OPEN) continue; - if (ioctl(sc->channels[i]->rfd, TIOCGWINSZ, &ws) < 0) + if (ioctl(sc->channels[i]->rfd, TIOCGWINSZ, &ws) == -1) continue; channel_request_start(ssh, i, "window-change", 0); if ((r = sshpkt_put_u32(ssh, (u_int)ws.ws_col)) != 0 || @@ -4615,7 +4615,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset, continue; sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) { + if (sock == -1) { if ((errno != EINVAL) && (errno != EAFNOSUPPORT) #ifdef EPFNOSUPPORT && (errno != EPFNOSUPPORT) @@ -4634,7 +4634,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset, sock_set_v6only(sock); if (x11_use_localhost) set_reuseaddr(sock); - if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) { debug2("%s: bind port %d: %.100s", __func__, port, strerror(errno)); close(sock); @@ -4658,7 +4658,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset, /* Start listening for connections on the socket. */ for (n = 0; n < num_socks; n++) { sock = socks[n]; - if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { + if (listen(sock, SSH_LISTEN_BACKLOG) == -1) { error("listen: %.100s", strerror(errno)); close(sock); return -1; @@ -4690,7 +4690,7 @@ connect_local_xsocket_path(const char *pathname) struct sockaddr_un addr; sock = socket(AF_UNIX, SOCK_STREAM, 0); - if (sock < 0) + if (sock == -1) error("socket: %.100s", strerror(errno)); memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; @@ -4831,12 +4831,12 @@ x11_connect_display(struct ssh *ssh) for (ai = aitop; ai; ai = ai->ai_next) { /* Create a socket. */ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) { + if (sock == -1) { debug2("socket: %.100s", strerror(errno)); continue; } /* Connect it to the display. */ - if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) { debug2("connect %.100s port %u: %.100s", buf, 6000 + display_number, strerror(errno)); close(sock); diff --git a/clientloop.c b/clientloop.c index ccf8f4b8c..7f32871f8 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.325 2019/06/26 22:29:43 dtucker Exp $ */ +/* $OpenBSD: clientloop.c,v 1.326 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -561,7 +561,7 @@ client_wait_until_can_do_something(struct ssh *ssh, } ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); - if (ret < 0) { + if (ret == -1) { /* * We have to clear the select masks, because we return. * We have to return, because the mainloop checks for the flags @@ -644,11 +644,11 @@ client_process_net_input(struct ssh *ssh, fd_set *readset) * There is a kernel bug on Solaris that causes select to * sometimes wake up even though there is no data available. */ - if (len < 0 && + if (len == -1 && (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK)) len = 0; - if (len < 0) { + if (len == -1) { /* * An error has encountered. Perhaps there is a * network problem. @@ -1096,7 +1096,7 @@ process_escapes(struct ssh *ssh, Channel *c, /* Fork into background. */ pid = fork(); - if (pid < 0) { + if (pid == -1) { error("fork: %.100s", strerror(errno)); continue; } @@ -2248,7 +2248,7 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, struct winsize ws; /* Store window size in the packet. */ - if (ioctl(in_fd, TIOCGWINSZ, &ws) < 0) + if (ioctl(in_fd, TIOCGWINSZ, &ws) == -1) memset(&ws, 0, sizeof(ws)); channel_request_start(ssh, id, "pty-req", 1); diff --git a/misc.c b/misc.c index 4011ee5f2..b90aac5c0 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.138 2019/06/27 18:03:37 deraadt Exp $ */ +/* $OpenBSD: misc.c,v 1.139 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -96,7 +96,7 @@ set_nonblock(int fd) int val; val = fcntl(fd, F_GETFL); - if (val < 0) { + if (val == -1) { error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); return (-1); } @@ -120,7 +120,7 @@ unset_nonblock(int fd) int val; val = fcntl(fd, F_GETFL); - if (val < 0) { + if (val == -1) { error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); return (-1); } @@ -1136,7 +1136,7 @@ tun_open(int tun, int mode, char **ifname) return -1; } - if (fd < 0) { + if (fd == -1) { debug("%s: %s open: %s", __func__, name, strerror(errno)); return -1; } @@ -1575,7 +1575,7 @@ unix_listener(const char *path, int backlog, int unlink_first) } sock = socket(PF_UNIX, SOCK_STREAM, 0); - if (sock < 0) { + if (sock == -1) { saved_errno = errno; error("%s: socket: %.100s", __func__, strerror(errno)); errno = saved_errno; @@ -1585,7 +1585,7 @@ unix_listener(const char *path, int backlog, int unlink_first) if (unlink(path) != 0 && errno != ENOENT) error("unlink(%s): %.100s", path, strerror(errno)); } - if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { + if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { saved_errno = errno; error("%s: cannot bind to path %s: %s", __func__, path, strerror(errno)); @@ -1593,7 +1593,7 @@ unix_listener(const char *path, int backlog, int unlink_first) errno = saved_errno; return -1; } - if (listen(sock, backlog) < 0) { + if (listen(sock, backlog) == -1) { saved_errno = errno; error("%s: cannot listen on path %s: %s", __func__, path, strerror(errno)); @@ -1875,7 +1875,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, } strlcpy(buf, cp, sizeof(buf)); - if (stat(buf, &st) < 0 || + if (stat(buf, &st) == -1 || (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || (st.st_mode & 022) != 0) { snprintf(err, errlen, @@ -1910,7 +1910,7 @@ safe_path_fd(int fd, const char *file, struct passwd *pw, struct stat st; /* check the open file to avoid races */ - if (fstat(fd, &st) < 0) { + if (fstat(fd, &st) == -1) { snprintf(err, errlen, "cannot stat file %s: %s", file, strerror(errno)); return -1; diff --git a/monitor.c b/monitor.c index 60e529444..96d10913c 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.197 2019/01/21 10:38:54 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.198 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1470,7 +1470,7 @@ mm_record_login(struct ssh *ssh, Session *s, struct passwd *pw) fromlen = sizeof(from); if (ssh_packet_connection_is_on_socket(ssh)) { if (getpeername(ssh_packet_get_connection_in(ssh), - (struct sockaddr *)&from, &fromlen) < 0) { + (struct sockaddr *)&from, &fromlen) == -1) { debug("getpeername: %.100s", strerror(errno)); cleanup_exit(255); } @@ -1538,7 +1538,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m) fatal("%s: send fds failed", __func__); /* make sure nothing uses fd 0 */ - if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0) + if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) == -1) fatal("%s: open(/dev/null): %s", __func__, strerror(errno)); if (fd0 != 0) error("%s: fd0 %d != 0", __func__, fd0); @@ -1730,9 +1730,9 @@ monitor_openfds(struct monitor *mon, int do_logfds) if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) fatal("%s: socketpair: %s", __func__, strerror(errno)); #ifdef SO_ZEROIZE - if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) + if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1) error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno)); - if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) + if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1) error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno)); #endif FD_CLOSEONEXEC(pair[0]); diff --git a/monitor_wrap.c b/monitor_wrap.c index 186e8f022..4169b7604 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.112 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.113 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -612,7 +612,7 @@ mm_session_pty_cleanup2(Session *s) sshbuf_free(m); /* closed dup'ed master */ - if (s->ptymaster != -1 && close(s->ptymaster) < 0) + if (s->ptymaster != -1 && close(s->ptymaster) == -1) error("close(s->ptymaster/%d): %s", s->ptymaster, strerror(errno)); diff --git a/mux.c b/mux.c index e89db193d..f3ea11cdc 100644 --- a/mux.c +++ b/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.79 2019/01/19 21:35:25 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.80 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -1492,7 +1492,7 @@ mux_client_read(int fd, struct sshbuf *b, size_t need) return -1; } len = read(fd, p + have, need - have); - if (len < 0) { + if (len == -1) { switch (errno) { #if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN) case EWOULDBLOCK: @@ -1541,7 +1541,7 @@ mux_client_write_packet(int fd, struct sshbuf *m) return -1; } len = write(fd, ptr + have, need - have); - if (len < 0) { + if (len == -1) { switch (errno) { #if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN) case EWOULDBLOCK: @@ -2324,7 +2324,7 @@ muxclient(const char *path) fatal("ControlPath too long ('%s' >= %u bytes)", path, (unsigned int)sizeof(addr.sun_path)); - if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) + if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) fatal("%s socket(): %s", __func__, strerror(errno)); if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) { diff --git a/nchan.c b/nchan.c index 8294d7fca..1e96eb641 100644 --- a/nchan.c +++ b/nchan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nchan.c,v 1.69 2018/10/04 07:47:35 djm Exp $ */ +/* $OpenBSD: nchan.c,v 1.70 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -380,7 +380,7 @@ chan_shutdown_write(struct ssh *ssh, Channel *c) c->self, __func__, c->istate, c->ostate, c->sock, c->wfd, c->efd, channel_format_extended_usage(c)); if (c->sock != -1) { - if (shutdown(c->sock, SHUT_WR) < 0) { + if (shutdown(c->sock, SHUT_WR) == -1) { debug2("channel %d: %s: shutdown() failed for " "fd %d [i%d o%d]: %.100s", c->self, __func__, c->sock, c->istate, c->ostate, @@ -410,7 +410,7 @@ chan_shutdown_read(struct ssh *ssh, Channel *c) * write side has been closed already. (bug on Linux) * HP-UX may return ENOTCONN also. */ - if (shutdown(c->sock, SHUT_RD) < 0 && errno != ENOTCONN) { + if (shutdown(c->sock, SHUT_RD) == -1 && errno != ENOTCONN) { error("channel %d: %s: shutdown() failed for " "fd %d [i%d o%d]: %.100s", c->self, __func__, c->sock, c->istate, c->ostate, diff --git a/packet.c b/packet.c index 8333c7ca9..817da43b5 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.285 2019/06/07 14:18:48 dtucker Exp $ */ +/* $OpenBSD: packet.c,v 1.286 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -440,12 +440,12 @@ ssh_packet_connection_is_on_socket(struct ssh *ssh) fromlen = sizeof(from); memset(&from, 0, sizeof(from)); if (getpeername(state->connection_in, (struct sockaddr *)&from, - &fromlen) < 0) + &fromlen) == -1) return 0; tolen = sizeof(to); memset(&to, 0, sizeof(to)); if (getpeername(state->connection_out, (struct sockaddr *)&to, - &tolen) < 0) + &tolen) == -1) return 0; if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0) return 0; @@ -471,7 +471,7 @@ ssh_packet_connection_af(struct ssh *ssh) memset(&to, 0, sizeof(to)); if (getsockname(ssh->state->connection_out, (struct sockaddr *)&to, - &tolen) < 0) + &tolen) == -1) return 0; #ifdef IPV4_IN_IPV6 if (to.ss_family == AF_INET6 && @@ -1359,7 +1359,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) r = SSH_ERR_CONN_CLOSED; goto out; } - if (len < 0) { + if (len == -1) { r = SSH_ERR_SYSTEM_ERROR; goto out; } @@ -2036,7 +2036,7 @@ ssh_packet_set_tos(struct ssh *ssh, int tos) case AF_INET: debug3("%s: set IP_TOS 0x%02x", __func__, tos); if (setsockopt(ssh->state->connection_in, - IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0) + IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1) error("setsockopt IP_TOS %d: %.100s:", tos, strerror(errno)); break; @@ -2045,7 +2045,7 @@ ssh_packet_set_tos(struct ssh *ssh, int tos) case AF_INET6: debug3("%s: set IPV6_TCLASS 0x%02x", __func__, tos); if (setsockopt(ssh->state->connection_in, - IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) < 0) + IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) == -1) error("setsockopt IPV6_TCLASS %d: %.100s:", tos, strerror(errno)); break; diff --git a/readconf.c b/readconf.c index ec30ab30a..27b535e1f 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.306 2019/06/12 11:31:50 jmc Exp $ */ +/* $OpenBSD: readconf.c,v 1.307 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -518,7 +518,7 @@ execute_in_shell(const char *cmd) _exit(1); } /* Parent. */ - if (pid < 0) + if (pid == -1) fatal("%s: fork: %.100s", __func__, strerror(errno)); close(devnull); diff --git a/readpass.c b/readpass.c index 44014ef8a..7e52cae9c 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.53 2019/01/19 04:15:56 tb Exp $ */ +/* $OpenBSD: readpass.c,v 1.54 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -61,19 +61,19 @@ ssh_askpass(char *askpass, const char *msg) error("ssh_askpass: fflush: %s", strerror(errno)); if (askpass == NULL) fatal("internal error: askpass undefined"); - if (pipe(p) < 0) { + if (pipe(p) == -1) { error("ssh_askpass: pipe: %s", strerror(errno)); return NULL; } osigchld = signal(SIGCHLD, SIG_DFL); - if ((pid = fork()) < 0) { + if ((pid = fork()) == -1) { error("ssh_askpass: fork: %s", strerror(errno)); signal(SIGCHLD, osigchld); return NULL; } if (pid == 0) { close(p[0]); - if (dup2(p[1], STDOUT_FILENO) < 0) + if (dup2(p[1], STDOUT_FILENO) == -1) fatal("ssh_askpass: dup2: %s", strerror(errno)); execlp(askpass, askpass, msg, (char *)NULL); fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); @@ -93,7 +93,7 @@ ssh_askpass(char *askpass, const char *msg) buf[len] = '\0'; close(p[0]); - while ((ret = waitpid(pid, &status, 0)) < 0) + while ((ret = waitpid(pid, &status, 0)) == -1) if (errno != EINTR) break; signal(SIGCHLD, osigchld); diff --git a/scp.c b/scp.c index 80bc0e8b1..86204d8f1 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.204 2019/02/10 11:15:52 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.205 2019/06/28 13:35:04 deraadt Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -253,13 +253,13 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout) * Reserve two descriptors so that the real pipes won't get * descriptors 0 and 1 because that will screw up dup2 below. */ - if (pipe(reserved) < 0) + if (pipe(reserved) == -1) fatal("pipe: %s", strerror(errno)); /* Create a socket pair for communicating with ssh. */ - if (pipe(pin) < 0) + if (pipe(pin) == -1) fatal("pipe: %s", strerror(errno)); - if (pipe(pout) < 0) + if (pipe(pout) == -1) fatal("pipe: %s", strerror(errno)); /* Free the reserved descriptors. */ @@ -1075,13 +1075,13 @@ source(int argc, char **argv) len = strlen(name); while (len > 1 && name[len-1] == '/') name[--len] = '\0'; - if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0)) < 0) + if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0)) == -1) goto syserr; if (strchr(name, '\n') != NULL) { strnvis(encname, name, sizeof(encname), VIS_NL); name = encname; } - if (fstat(fd, &stb) < 0) { + if (fstat(fd, &stb) == -1) { syserr: run_err("%s: %s", name, strerror(errno)); goto next; } @@ -1155,7 +1155,7 @@ next: if (fd != -1) { unset_nonblock(remout); if (fd != -1) { - if (close(fd) < 0 && !haderr) + if (close(fd) == -1 && !haderr) haderr = errno; fd = -1; } @@ -1419,14 +1419,14 @@ sink(int argc, char **argv, const char *src) /* Handle copying from a read-only directory */ mod_flag = 1; - if (mkdir(np, mode | S_IRWXU) < 0) + if (mkdir(np, mode | S_IRWXU) == -1) goto bad; } vect[0] = xstrdup(np); sink(1, vect, src); if (setimes) { setimes = 0; - if (utimes(vect[0], tv) < 0) + if (utimes(vect[0], tv) == -1) run_err("%s: set times: %s", vect[0], strerror(errno)); } @@ -1437,7 +1437,7 @@ sink(int argc, char **argv, const char *src) } omode = mode; mode |= S_IWUSR; - if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { + if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) == -1) { bad: run_err("%s: %s", np, strerror(errno)); continue; } @@ -1527,7 +1527,7 @@ bad: run_err("%s: %s", np, strerror(errno)); stop_progress_meter(); if (setimes && wrerr == NO) { setimes = 0; - if (utimes(np, tv) < 0) { + if (utimes(np, tv) == -1) { run_err("%s: set times: %s", np, strerror(errno)); wrerr = DISPLAYED; @@ -1681,7 +1681,7 @@ allocbuf(BUF *bp, int fd, int blksize) #ifdef HAVE_STRUCT_STAT_ST_BLKSIZE struct stat stb; - if (fstat(fd, &stb) < 0) { + if (fstat(fd, &stb) == -1) { run_err("fstat: %s", strerror(errno)); return (0); } diff --git a/serverloop.c b/serverloop.c index d7b04b37c..ea468c954 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.215 2019/03/27 09:29:14 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.216 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -123,7 +123,7 @@ static int notify_pipe[2]; static void notify_setup(void) { - if (pipe(notify_pipe) < 0) { + if (pipe(notify_pipe) == -1) { error("pipe(notify_pipe) failed %s", strerror(errno)); } else if ((fcntl(notify_pipe[0], F_SETFD, FD_CLOEXEC) == -1) || (fcntl(notify_pipe[1], F_SETFD, FD_CLOEXEC) == -1)) { @@ -328,7 +328,7 @@ process_input(struct ssh *ssh, fd_set *readset, int connection_in) verbose("Connection closed by %.100s port %d", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); return -1; - } else if (len < 0) { + } else if (len == -1) { if (errno != EINTR && errno != EAGAIN && errno != EWOULDBLOCK) { verbose("Read error from remote host " @@ -384,7 +384,7 @@ collect_children(struct ssh *ssh) if (child_terminated) { debug("Received SIGCHLD."); while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || - (pid < 0 && errno == EINTR)) + (pid == -1 && errno == EINTR)) if (pid > 0) session_close_by_pid(ssh, pid, status); child_terminated = 0; diff --git a/session.c b/session.c index ac06b08e9..8f5d7e0a4 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.315 2019/02/22 03:37:11 djm Exp $ */ +/* $OpenBSD: session.c,v 1.316 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -399,17 +399,17 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) fatal("do_exec_no_pty: no session"); /* Allocate pipes for communicating with the program. */ - if (pipe(pin) < 0) { + if (pipe(pin) == -1) { error("%s: pipe in: %.100s", __func__, strerror(errno)); return -1; } - if (pipe(pout) < 0) { + if (pipe(pout) == -1) { error("%s: pipe out: %.100s", __func__, strerror(errno)); close(pin[0]); close(pin[1]); return -1; } - if (pipe(perr) < 0) { + if (pipe(perr) == -1) { error("%s: pipe err: %.100s", __func__, strerror(errno)); close(pin[0]); @@ -425,11 +425,11 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) fatal("do_exec_no_pty: no session"); /* Uses socket pairs to communicate with the program. */ - if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) { + if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1) { error("%s: socketpair #1: %.100s", __func__, strerror(errno)); return -1; } - if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) { + if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) == -1) { error("%s: socketpair #2: %.100s", __func__, strerror(errno)); close(inout[0]); @@ -465,7 +465,7 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ - if (setsid() < 0) + if (setsid() == -1) error("setsid failed: %.100s", strerror(errno)); #ifdef USE_PIPES @@ -474,19 +474,19 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) * pair, and make the child side the standard input. */ close(pin[1]); - if (dup2(pin[0], 0) < 0) + if (dup2(pin[0], 0) == -1) perror("dup2 stdin"); close(pin[0]); /* Redirect stdout. */ close(pout[0]); - if (dup2(pout[1], 1) < 0) + if (dup2(pout[1], 1) == -1) perror("dup2 stdout"); close(pout[1]); /* Redirect stderr. */ close(perr[0]); - if (dup2(perr[1], 2) < 0) + if (dup2(perr[1], 2) == -1) perror("dup2 stderr"); close(perr[1]); #else @@ -497,12 +497,12 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) */ close(inout[1]); close(err[1]); - if (dup2(inout[0], 0) < 0) /* stdin */ + if (dup2(inout[0], 0) == -1) /* stdin */ perror("dup2 stdin"); - if (dup2(inout[0], 1) < 0) /* stdout (same as stdin) */ + if (dup2(inout[0], 1) == -1) /* stdout (same as stdin) */ perror("dup2 stdout"); close(inout[0]); - if (dup2(err[0], 2) < 0) /* stderr */ + if (dup2(err[0], 2) == -1) /* stderr */ perror("dup2 stderr"); close(err[0]); #endif @@ -577,14 +577,14 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) * Do this before forking (and cleanup in the child) so as to * detect and gracefully fail out-of-fd conditions. */ - if ((fdout = dup(ptyfd)) < 0) { + if ((fdout = dup(ptyfd)) == -1) { error("%s: dup #1: %s", __func__, strerror(errno)); close(ttyfd); close(ptyfd); return -1; } /* we keep a reference to the pty master */ - if ((ptymaster = dup(ptyfd)) < 0) { + if ((ptymaster = dup(ptyfd)) == -1) { error("%s: dup #2: %s", __func__, strerror(errno)); close(ttyfd); close(ptyfd); @@ -614,11 +614,11 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) pty_make_controlling_tty(&ttyfd, s->tty); /* Redirect stdin/stdout/stderr from the pseudo tty. */ - if (dup2(ttyfd, 0) < 0) + if (dup2(ttyfd, 0) == -1) error("dup2 stdin: %s", strerror(errno)); - if (dup2(ttyfd, 1) < 0) + if (dup2(ttyfd, 1) == -1) error("dup2 stdout: %s", strerror(errno)); - if (dup2(ttyfd, 2) < 0) + if (dup2(ttyfd, 2) == -1) error("dup2 stderr: %s", strerror(errno)); /* Close the extra descriptor for the pseudo tty. */ @@ -755,7 +755,7 @@ do_login(struct ssh *ssh, Session *s, const char *command) fromlen = sizeof(from); if (ssh_packet_connection_is_on_socket(ssh)) { if (getpeername(ssh_packet_get_connection_in(ssh), - (struct sockaddr *)&from, &fromlen) < 0) { + (struct sockaddr *)&from, &fromlen) == -1) { debug("getpeername: %.100s", strerror(errno)); cleanup_exit(255); } @@ -1619,7 +1619,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) #endif /* Change current directory to the user's home directory. */ - if (chdir(pw->pw_dir) < 0) { + if (chdir(pw->pw_dir) == -1) { /* Suppress missing homedir warning for chroot case */ #ifdef HAVE_LOGIN_CAP r = login_getcapbool(lc, "requirehome", 0); @@ -1973,7 +1973,7 @@ session_subsystem_req(struct ssh *ssh, Session *s) s->is_subsystem = SUBSYSTEM_INT_SFTP; debug("subsystem: %s", prog); } else { - if (stat(prog, &st) < 0) + if (stat(prog, &st) == -1) debug("subsystem: cannot stat %s: %s", prog, strerror(errno)); s->is_subsystem = SUBSYSTEM_EXT; @@ -2062,7 +2062,7 @@ session_break_req(struct ssh *ssh, Session *s) (r = sshpkt_get_end(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); - if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0) + if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) == -1) return 0; return 1; } @@ -2286,7 +2286,7 @@ session_pty_cleanup2(Session *s) * the pty cleanup, so that another process doesn't get this pty * while we're still cleaning up. */ - if (s->ptymaster != -1 && close(s->ptymaster) < 0) + if (s->ptymaster != -1 && close(s->ptymaster) == -1) error("close(s->ptymaster/%d): %s", s->ptymaster, strerror(errno)); @@ -2598,7 +2598,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s) } /* Set up a suitable value for the DISPLAY variable. */ - if (gethostname(hostname, sizeof(hostname)) < 0) + if (gethostname(hostname, sizeof(hostname)) == -1) fatal("gethostname: %.100s", strerror(errno)); /* * auth_display must be used as the displayname when the diff --git a/sftp-server.c b/sftp-server.c index ee6013e3f..e7dd33b2f 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.115 2019/06/06 05:13:13 otto Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.116 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -701,7 +701,7 @@ process_open(u_int32_t id) status = SSH2_FX_PERMISSION_DENIED; } else { fd = open(name, flags, mode); - if (fd < 0) { + if (fd == -1) { status = errno_to_portable(errno); } else { handle = handle_new(HANDLE_FILE, name, fd, flags, NULL); @@ -754,12 +754,12 @@ process_read(u_int32_t id) } fd = handle_to_fd(handle); if (fd >= 0) { - if (lseek(fd, off, SEEK_SET) < 0) { + if (lseek(fd, off, SEEK_SET) == -1) { error("process_read: seek failed"); status = errno_to_portable(errno); } else { ret = read(fd, buf, len); - if (ret < 0) { + if (ret == -1) { status = errno_to_portable(errno); } else if (ret == 0) { status = SSH2_FX_EOF; @@ -795,13 +795,13 @@ process_write(u_int32_t id) status = SSH2_FX_FAILURE; else { if (!(handle_to_flags(handle) & O_APPEND) && - lseek(fd, off, SEEK_SET) < 0) { + lseek(fd, off, SEEK_SET) == -1) { status = errno_to_portable(errno); error("process_write: seek failed"); } else { /* XXX ATOMICIO ? */ ret = write(fd, data, len); - if (ret < 0) { + if (ret == -1) { error("process_write: write failed"); status = errno_to_portable(errno); } else if ((size_t)ret == len) { @@ -831,7 +831,7 @@ process_do_stat(u_int32_t id, int do_lstat) debug3("request %u: %sstat", id, do_lstat ? "l" : ""); verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name); r = do_lstat ? lstat(name, &st) : stat(name, &st); - if (r < 0) { + if (r == -1) { status = errno_to_portable(errno); } else { stat_to_attrib(&st, &a); @@ -869,7 +869,7 @@ process_fstat(u_int32_t id) fd = handle_to_fd(handle); if (fd >= 0) { r = fstat(fd, &st); - if (r < 0) { + if (r == -1) { status = errno_to_portable(errno); } else { stat_to_attrib(&st, &a); @@ -1079,7 +1079,7 @@ process_readdir(u_int32_t id) /* XXX OVERFLOW ? */ snprintf(pathname, sizeof pathname, "%s%s%s", path, strcmp(path, "/") ? "/" : "", dp->d_name); - if (lstat(pathname, &st) < 0) + if (lstat(pathname, &st) == -1) continue; stat_to_attrib(&st, &(stats[count].attrib)); stats[count].name = xstrdup(dp->d_name); @@ -1726,7 +1726,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) if (olen > 0) FD_SET(out, wset); - if (select(max+1, rset, wset, NULL, NULL) < 0) { + if (select(max+1, rset, wset, NULL, NULL) == -1) { if (errno == EINTR) continue; error("select: %s", strerror(errno)); @@ -1739,7 +1739,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) if (len == 0) { debug("read eof"); sftp_server_cleanup_exit(0); - } else if (len < 0) { + } else if (len == -1) { error("read: %s", strerror(errno)); sftp_server_cleanup_exit(1); } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) { @@ -1750,7 +1750,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) /* send oqueue to stdout */ if (FD_ISSET(out, wset)) { len = write(out, sshbuf_ptr(oqueue), olen); - if (len < 0) { + if (len == -1) { error("write: %s", strerror(errno)); sftp_server_cleanup_exit(1); } else if ((r = sshbuf_consume(oqueue, len)) != 0) { diff --git a/ssh-add.c b/ssh-add.c index 9cf298918..bc2360e1e 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.139 2019/06/06 05:13:13 otto Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.140 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -203,7 +203,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag) if (strcmp(filename, "-") == 0) { fd = STDIN_FILENO; filename = "(stdin)"; - } else if ((fd = open(filename, O_RDONLY)) < 0) { + } else if ((fd = open(filename, O_RDONLY)) == -1) { perror(filename); return -1; } @@ -727,7 +727,7 @@ main(int argc, char **argv) for (i = 0; default_files[i]; i++) { snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir, default_files[i]); - if (stat(buf, &st) < 0) + if (stat(buf, &st) == -1) continue; if (do_file(agent_fd, deleting, key_only, buf, qflag) == -1) diff --git a/ssh-agent.c b/ssh-agent.c index 4d7ab225f..9c6680a25 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.236 2019/06/21 04:21:04 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.237 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -827,11 +827,11 @@ handle_socket_read(u_int socknum) slen = sizeof(sunaddr); fd = accept(sockets[socknum].fd, (struct sockaddr *)&sunaddr, &slen); - if (fd < 0) { + if (fd == -1) { error("accept from AUTH_SOCKET: %s", strerror(errno)); return -1; } - if (getpeereid(fd, &euid, &egid) < 0) { + if (getpeereid(fd, &euid, &egid) == -1) { error("getpeereid %d failed: %s", fd, strerror(errno)); close(fd); return -1; @@ -1312,7 +1312,7 @@ main(int ac, char **av) #ifdef HAVE_SETRLIMIT /* deny core dumps, since memory contains unencrypted private keys */ rlim.rlim_cur = rlim.rlim_max = 0; - if (setrlimit(RLIMIT_CORE, &rlim) < 0) { + if (setrlimit(RLIMIT_CORE, &rlim) == -1) { error("setrlimit RLIMIT_CORE: %s", strerror(errno)); cleanup_exit(1); } @@ -1345,7 +1345,7 @@ skip: if (parent_alive_interval != 0) check_parent_exists(); (void) reaper(); /* remove expired keys */ - if (result < 0) { + if (result == -1) { if (saved_errno == EINTR) continue; fatal("poll: %s", strerror(saved_errno)); diff --git a/ssh-keygen.c b/ssh-keygen.c index c95bc15cf..3aa4f5125 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.332 2019/06/21 04:21:04 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.333 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -370,7 +370,7 @@ do_convert_to(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); if ((r = sshkey_load_public(identity_file, &k, NULL)) != 0) k = load_identity(identity_file); @@ -696,7 +696,7 @@ do_convert_from(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); switch (convert_format) { @@ -756,7 +756,7 @@ do_print_public(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", identity_file, strerror(errno)); prv = load_identity(identity_file); if ((r = sshkey_write(prv, stdout)) != 0) @@ -854,7 +854,7 @@ fingerprint_private(const char *path) struct sshkey *public = NULL; int r; - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", path, strerror(errno)); if ((r = sshkey_load_public(path, &public, &comment)) != 0) { debug("load public \"%s\": %s", path, ssh_err(r)); @@ -1340,7 +1340,7 @@ do_change_passphrase(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", identity_file, strerror(errno)); /* Try to load the file with empty passphrase. */ r = sshkey_load_private(identity_file, "", &private, &comment); @@ -1424,7 +1424,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname, if (fname == NULL) fatal("%s: no filename", __func__); - if (stat(fname, &st) < 0) { + if (stat(fname, &st) == -1) { if (errno == ENOENT) return 0; fatal("%s: %s", fname, strerror(errno)); @@ -1453,7 +1453,7 @@ do_change_comment(struct passwd *pw, const char *identity_comment) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", identity_file, strerror(errno)); if ((r = sshkey_load_private(identity_file, "", &private, &comment)) == 0) @@ -2045,7 +2045,7 @@ do_show_cert(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) < 0) + if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) == -1) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); path = identity_file; @@ -2472,7 +2472,7 @@ main(int argc, char **argv) pw = getpwuid(getuid()); if (!pw) fatal("No user exists for uid %lu", (u_long)getuid()); - if (gethostname(hostname, sizeof(hostname)) < 0) + if (gethostname(hostname, sizeof(hostname)) == -1) fatal("gethostname: %s", strerror(errno)); /* Remaining characters: Ydw */ @@ -2852,11 +2852,11 @@ main(int argc, char **argv) snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); if (strstr(identity_file, dotsshdir) != NULL) { - if (stat(dotsshdir, &st) < 0) { + if (stat(dotsshdir, &st) == -1) { if (errno != ENOENT) { error("Could not stat %s: %s", dotsshdir, strerror(errno)); - } else if (mkdir(dotsshdir, 0700) < 0) { + } else if (mkdir(dotsshdir, 0700) == -1) { error("Could not create directory '%s': %s", dotsshdir, strerror(errno)); } else if (!quiet) diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 7b7c0f320..d95ba1b37 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.127 2019/06/06 05:13:13 otto Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.128 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -122,7 +122,7 @@ fdlim_get(int hard) #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) struct rlimit rlfd; - if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0) + if (getrlimit(RLIMIT_NOFILE, &rlfd) == -1) return (-1); if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY) return SSH_SYSFDMAX; @@ -143,10 +143,10 @@ fdlim_set(int lim) if (lim <= 0) return (-1); #if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE) - if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0) + if (getrlimit(RLIMIT_NOFILE, &rlfd) == -1) return (-1); rlfd.rlim_cur = lim; - if (setrlimit(RLIMIT_NOFILE, &rlfd) < 0) + if (setrlimit(RLIMIT_NOFILE, &rlfd) == -1) return (-1); #elif defined (HAVE_SETDTABLESIZE) setdtablesize(lim); @@ -343,13 +343,13 @@ tcpconnect(char *host) } for (ai = aitop; ai; ai = ai->ai_next) { s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (s < 0) { + if (s == -1) { error("socket: %s", strerror(errno)); continue; } if (set_nonblock(s) == -1) fatal("%s: set_nonblock(%d)", __func__, s); - if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0 && + if (connect(s, ai->ai_addr, ai->ai_addrlen) == -1 && errno != EINPROGRESS) error("connect (`%s'): %s", host, strerror(errno)); else diff --git a/ssh.c b/ssh.c index d9a9d1136..654376981 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.504 2019/06/14 04:13:58 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.505 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -773,7 +773,7 @@ main(int ac, char **av) break; case 'i': p = tilde_expand_filename(optarg, getuid()); - if (stat(p, &st) < 0) + if (stat(p, &st) == -1) fprintf(stderr, "Warning: Identity file %s " "not accessible: %s.\n", p, strerror(errno)); @@ -1426,7 +1426,7 @@ main(int ac, char **av) if (config == NULL) { r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); - if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { + if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) == -1) { #ifdef WITH_SELINUX ssh_selinux_setfscreatecon(buf); #endif @@ -1593,7 +1593,7 @@ fork_postauth(void) control_persist_detach(); debug("forking to background"); fork_after_authentication_flag = 0; - if (daemon(1, 1) < 0) + if (daemon(1, 1) == -1) fatal("daemon() failed: %.200s", strerror(errno)); } @@ -1689,8 +1689,8 @@ ssh_init_stdio_forwarding(struct ssh *ssh) debug3("%s: %s:%d", __func__, options.stdio_forward_host, options.stdio_forward_port); - if ((in = dup(STDIN_FILENO)) < 0 || - (out = dup(STDOUT_FILENO)) < 0) + if ((in = dup(STDIN_FILENO)) == -1 || + (out = dup(STDOUT_FILENO)) == -1) fatal("channel_connect_stdio_fwd: dup() in/out failed"); if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host, options.stdio_forward_port, in, out)) == NULL) @@ -1843,7 +1843,7 @@ ssh_session2_open(struct ssh *ssh) out = dup(STDOUT_FILENO); err = dup(STDERR_FILENO); - if (in < 0 || out < 0 || err < 0) + if (in == -1 || out == -1 || err == -1) fatal("dup() in/out/err failed"); /* enable nonblocking unless tty */ @@ -1974,7 +1974,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw) if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1) error("%s: open %s: %s", __func__, _PATH_DEVNULL, strerror(errno)); - if (dup2(devnull, STDOUT_FILENO) < 0) + if (dup2(devnull, STDOUT_FILENO) == -1) fatal("%s: dup2() stdout failed", __func__); if (devnull > STDERR_FILENO) close(devnull); @@ -2161,7 +2161,7 @@ main_sigchld_handler(int sig) int status; while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || - (pid < 0 && errno == EINTR)) + (pid == -1 && errno == EINTR)) ; errno = save_errno; } diff --git a/sshconnect.c b/sshconnect.c index 2dc500b47..ed44fccb8 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.316 2019/06/21 04:21:04 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.317 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -133,7 +133,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, if ((shell = getenv("SHELL")) == NULL) shell = _PATH_BSHELL; - if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) < 0) + if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) == -1) fatal("Could not create socketpair to communicate with " "proxy dialer: %.100s", strerror(errno)); @@ -148,11 +148,11 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, close(sp[1]); /* Redirect stdin and stdout. */ if (sp[0] != 0) { - if (dup2(sp[0], 0) < 0) + if (dup2(sp[0], 0) == -1) perror("dup2 stdin"); } if (sp[0] != 1) { - if (dup2(sp[0], 1) < 0) + if (dup2(sp[0], 1) == -1) perror("dup2 stdout"); } if (sp[0] >= 2) @@ -180,7 +180,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, exit(1); } /* Parent. */ - if (pid < 0) + if (pid == -1) fatal("fork failed: %.100s", strerror(errno)); close(sp[0]); free(command_string); @@ -216,7 +216,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, shell = _PATH_BSHELL; /* Create pipes for communicating with the proxy. */ - if (pipe(pin) < 0 || pipe(pout) < 0) + if (pipe(pin) == -1 || pipe(pout) == -1) fatal("Could not create pipes to communicate with the proxy: %.100s", strerror(errno)); @@ -231,12 +231,12 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, /* Redirect stdin and stdout. */ close(pin[1]); if (pin[0] != 0) { - if (dup2(pin[0], 0) < 0) + if (dup2(pin[0], 0) == -1) perror("dup2 stdin"); close(pin[0]); } close(pout[0]); - if (dup2(pout[1], 1) < 0) + if (dup2(pout[1], 1) == -1) perror("dup2 stdout"); /* Cannot be 1 because pin allocated two descriptors. */ close(pout[1]); @@ -262,7 +262,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, exit(1); } /* Parent. */ - if (pid < 0) + if (pid == -1) fatal("fork failed: %.100s", strerror(errno)); else proxy_command_pid = pid; /* save pid to clean up later */ @@ -371,7 +371,7 @@ ssh_create_socket(struct addrinfo *ai) char ntop[NI_MAXHOST]; sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) { + if (sock == -1) { error("socket: %s", strerror(errno)); return -1; } @@ -532,7 +532,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, /* Set SO_KEEPALIVE if requested. */ if (want_keepalive && setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, - sizeof(on)) < 0) + sizeof(on)) == -1) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); /* Set the connection. */ @@ -553,8 +553,8 @@ ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs, return ssh_connect_direct(ssh, host, addrs, hostaddr, port, family, connection_attempts, timeout_ms, want_keepalive); } else if (strcmp(options.proxy_command, "-") == 0) { - if ((in = dup(STDIN_FILENO)) < 0 || - (out = dup(STDOUT_FILENO)) < 0) { + if ((in = dup(STDIN_FILENO)) == -1 || + (out = dup(STDOUT_FILENO)) == -1) { if (in >= 0) close(in); error("%s: dup() in/out failed", __func__); diff --git a/sshconnect2.c b/sshconnect2.c index 0d2523ca1..0ad44ce19 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.305 2019/05/31 03:20:07 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.306 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1408,7 +1408,7 @@ load_identity_file(Identity *id) int r, perm_ok = 0, quit = 0, i; struct stat st; - if (stat(id->filename, &st) < 0) { + if (stat(id->filename, &st) == -1) { (id->userprovided ? logit : debug3)("no such identity: %s: %s", id->filename, strerror(errno)); return NULL; @@ -1841,7 +1841,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, *sigp = NULL; *lenp = 0; - if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { + if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) { error("%s: not installed: %s", __func__, strerror(errno)); return -1; } @@ -1849,30 +1849,30 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, error("%s: fflush: %s", __func__, strerror(errno)); return -1; } - if (pipe(to) < 0) { + if (pipe(to) == -1) { error("%s: pipe: %s", __func__, strerror(errno)); return -1; } - if (pipe(from) < 0) { + if (pipe(from) == -1) { error("%s: pipe: %s", __func__, strerror(errno)); return -1; } - if ((pid = fork()) < 0) { + if ((pid = fork()) == -1) { error("%s: fork: %s", __func__, strerror(errno)); return -1; } osigchld = signal(SIGCHLD, SIG_DFL); if (pid == 0) { close(from[0]); - if (dup2(from[1], STDOUT_FILENO) < 0) + if (dup2(from[1], STDOUT_FILENO) == -1) fatal("%s: dup2: %s", __func__, strerror(errno)); close(to[1]); - if (dup2(to[0], STDIN_FILENO) < 0) + if (dup2(to[0], STDIN_FILENO) == -1) fatal("%s: dup2: %s", __func__, strerror(errno)); close(from[1]); close(to[0]); - if (dup2(sock, STDERR_FILENO + 1) < 0) + if (dup2(sock, STDERR_FILENO + 1) == -1) fatal("%s: dup2: %s", __func__, strerror(errno)); sock = STDERR_FILENO + 1; fcntl(sock, F_SETFD, 0); /* keep the socket on exec */ @@ -1906,7 +1906,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, } errno = 0; - while (waitpid(pid, &status, 0) < 0) { + while (waitpid(pid, &status, 0) == -1) { if (errno != EINTR) { error("%s: waitpid %ld: %s", __func__, (long)pid, strerror(errno)); diff --git a/sshd.c b/sshd.c index 735a11060..11571c010 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.536 2019/06/21 04:21:05 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.537 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -345,7 +345,7 @@ main_sigchld_handler(int sig) int status; while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || - (pid < 0 && errno == EINTR)) + (pid == -1 && errno == EINTR)) ; errno = save_errno; } @@ -468,7 +468,7 @@ privsep_preauth_child(void) debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, (u_int)privsep_pw->pw_gid); gidset[0] = privsep_pw->pw_gid; - if (setgroups(1, gidset) < 0) + if (setgroups(1, gidset) == -1) fatal("setgroups: %.100s", strerror(errno)); permanently_set_uid(privsep_pw); } @@ -508,7 +508,7 @@ privsep_preauth(struct ssh *ssh) monitor_child_preauth(ssh, pmonitor); /* Wait for the child's exit status */ - while (waitpid(pid, &status, 0) < 0) { + while (waitpid(pid, &status, 0) == -1) { if (errno == EINTR) continue; pmonitor->m_pid = -1; @@ -967,7 +967,7 @@ listen_on_addrs(struct listenaddr *la) /* Create socket for listening. */ listen_sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (listen_sock < 0) { + if (listen_sock == -1) { /* kernel may not support ipv6 */ verbose("socket: %.100s", strerror(errno)); continue; @@ -996,7 +996,7 @@ listen_on_addrs(struct listenaddr *la) debug("Bind to port %s on %s.", strport, ntop); /* Bind the socket to the desired port. */ - if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) { error("Bind to port %s on %s failed: %.200s.", strport, ntop, strerror(errno)); close(listen_sock); @@ -1006,7 +1006,7 @@ listen_on_addrs(struct listenaddr *la) num_listen_socks++; /* Start listening on the port. */ - if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0) + if (listen(listen_sock, SSH_LISTEN_BACKLOG) == -1) fatal("listen on [%s]:%s: %.100s", ntop, strport, strerror(errno)); logit("Server listening on %s port %s%s%s.", @@ -1091,7 +1091,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) /* Wait in select until there is a connection. */ ret = select(maxfd+1, fdset, NULL, NULL, NULL); - if (ret < 0 && errno != EINTR) + if (ret == -1 && errno != EINTR) error("select: %.100s", strerror(errno)); if (received_sigterm) { logit("Received signal %d; terminating.", @@ -1101,7 +1101,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) unlink(options.pid_file); exit(received_sigterm == SIGTERM ? 0 : 255); } - if (ret < 0) + if (ret == -1) continue; for (i = 0; i < options.max_startups; i++) { @@ -1141,7 +1141,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) fromlen = sizeof(from); *newsock = accept(listen_socks[i], (struct sockaddr *)&from, &fromlen); - if (*newsock < 0) { + if (*newsock == -1) { if (errno != EINTR && errno != EWOULDBLOCK && errno != ECONNABORTED && errno != EAGAIN) error("accept: %.100s", @@ -1261,7 +1261,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) /* Parent. Stay in the loop. */ platform_post_fork_parent(pid); - if (pid < 0) + if (pid == -1) error("fork: %.100s", strerror(errno)); else debug("Forked child %ld.", (long)pid); @@ -1314,7 +1314,7 @@ check_ip_options(struct ssh *ssh) memset(&from, 0, sizeof(from)); if (getpeername(sock_in, (struct sockaddr *)&from, - &fromlen) < 0) + &fromlen) == -1) return; if (from.ss_family != AF_INET) return; @@ -1895,7 +1895,7 @@ main(int ac, char **av) already_daemon = daemonized(); if (!(debug_flag || inetd_flag || no_daemon_flag || already_daemon)) { - if (daemon(0, 0) < 0) + if (daemon(0, 0) == -1) fatal("daemon() failed: %.200s", strerror(errno)); disconnect_controlling_tty(); @@ -1958,7 +1958,7 @@ main(int ac, char **av) * controlling terminal which will result in "could not set * controlling tty" errors. */ - if (!debug_flag && !inetd_flag && setsid() < 0) + if (!debug_flag && !inetd_flag && setsid() == -1) error("setsid: %.100s", strerror(errno)); #endif @@ -2036,7 +2036,7 @@ main(int ac, char **av) /* Set SO_KEEPALIVE if requested. */ if (options.tcp_keep_alive && ssh_packet_connection_is_on_socket(ssh) && - setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) + setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) == -1) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); if ((remote_port = ssh_remote_port(ssh)) < 0) { diff --git a/sshkey-xmss.c b/sshkey-xmss.c index ef39831c6..a29e33f39 100644 --- a/sshkey-xmss.c +++ b/sshkey-xmss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey-xmss.c,v 1.4 2019/06/27 18:03:37 deraadt Exp $ */ +/* $OpenBSD: sshkey-xmss.c,v 1.5 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2017 Markus Friedl. All rights reserved. * @@ -473,12 +473,12 @@ sshkey_xmss_get_state(const struct sshkey *k, sshkey_printfn *pr) ret = SSH_ERR_ALLOC_FAIL; goto done; } - if ((lockfd = open(lockfile, O_CREAT|O_RDONLY, 0600)) < 0) { + if ((lockfd = open(lockfile, O_CREAT|O_RDONLY, 0600)) == -1) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: cannot open/create: %s", __func__, lockfile); goto done; } - while (flock(lockfd, LOCK_EX|LOCK_NB) < 0) { + while (flock(lockfd, LOCK_EX|LOCK_NB) == -1) { if (errno != EWOULDBLOCK) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: cannot lock: %s", __func__, lockfile); @@ -613,7 +613,7 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) PRINT("%s: ENCRYPT FAILED: %d", __func__, ret); goto done; } - if ((fd = open(nstatefile, O_CREAT|O_WRONLY|O_EXCL, 0600)) < 0) { + if ((fd = open(nstatefile, O_CREAT|O_WRONLY|O_EXCL, 0600)) == -1) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: open new state file: %s", __func__, nstatefile); goto done; @@ -632,13 +632,13 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) close(fd); goto done; } - if (fsync(fd) < 0) { + if (fsync(fd) == -1) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: sync new state file: %s", __func__, nstatefile); close(fd); goto done; } - if (close(fd) < 0) { + if (close(fd) == -1) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: close new state file: %s", __func__, nstatefile); goto done; @@ -652,7 +652,7 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) goto done; } } - if (rename(nstatefile, statefile) < 0) { + if (rename(nstatefile, statefile) == -1) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: rename %s to %s", __func__, nstatefile, statefile); goto done; diff --git a/sshlogin.c b/sshlogin.c index 1b2ee5f85..4ed419494 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.33 2018/07/09 21:26:02 markus Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.34 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/sshpty.c b/sshpty.c index 4da84d05f..715035257 100644 --- a/sshpty.c +++ b/sshpty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshpty.c,v 1.31 2016/11/29 03:54:50 dtucker Exp $ */ +/* $OpenBSD: sshpty.c,v 1.32 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -68,7 +68,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) int i; i = openpty(ptyfd, ttyfd, NULL, NULL, NULL); - if (i < 0) { + if (i == -1) { error("openpty: %.100s", strerror(errno)); return 0; } @@ -86,9 +86,9 @@ void pty_release(const char *tty) { #if !defined(__APPLE_PRIVPTY__) && !defined(HAVE_OPENPTY) - if (chown(tty, (uid_t) 0, (gid_t) 0) < 0) + if (chown(tty, (uid_t) 0, (gid_t) 0) == -1) error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno)); - if (chmod(tty, (mode_t) 0666) < 0) + if (chmod(tty, (mode_t) 0666) == -1) error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno)); #endif /* !__APPLE_PRIVPTY__ && !HAVE_OPENPTY */ } @@ -108,7 +108,7 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) close(fd); } #endif /* TIOCNOTTY */ - if (setsid() < 0) + if (setsid() == -1) error("setsid: %.100s", strerror(errno)); /* @@ -131,14 +131,14 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) error("SETPGRP %s",strerror(errno)); #endif /* NEED_SETPGRP */ fd = open(tty, O_RDWR); - if (fd < 0) + if (fd == -1) error("%.100s: %.100s", tty, strerror(errno)); else close(fd); /* Verify that we now have a controlling tty. */ fd = open(_PATH_TTY, O_WRONLY); - if (fd < 0) + if (fd == -1) error("open /dev/tty failed - could not set controlling tty: %.100s", strerror(errno)); else @@ -188,7 +188,7 @@ pty_setowner(struct passwd *pw, const char *tty) #endif if (st.st_uid != pw->pw_uid || st.st_gid != gid) { - if (chown(tty, pw->pw_uid, gid) < 0) { + if (chown(tty, pw->pw_uid, gid) == -1) { if (errno == EROFS && (st.st_uid == pw->pw_uid || st.st_uid == 0)) debug("chown(%.100s, %u, %u) failed: %.100s", @@ -202,7 +202,7 @@ pty_setowner(struct passwd *pw, const char *tty) } if ((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != mode) { - if (chmod(tty, mode) < 0) { + if (chmod(tty, mode) == -1) { if (errno == EROFS && (st.st_mode & (S_IRGRP | S_IROTH)) == 0) debug("chmod(%.100s, 0%o) failed: %.100s", diff --git a/uidswap.c b/uidswap.c index 49f76d818..1d78c607a 100644 --- a/uidswap.c +++ b/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.41 2018/07/18 11:34:04 dtucker Exp $ */ +/* $OpenBSD: uidswap.c,v 1.42 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -84,12 +84,12 @@ temporarily_use_uid(struct passwd *pw) temporarily_use_uid_effective = 1; saved_egroupslen = getgroups(0, NULL); - if (saved_egroupslen < 0) + if (saved_egroupslen == -1) fatal("getgroups: %.100s", strerror(errno)); if (saved_egroupslen > 0) { saved_egroups = xreallocarray(saved_egroups, saved_egroupslen, sizeof(gid_t)); - if (getgroups(saved_egroupslen, saved_egroups) < 0) + if (getgroups(saved_egroupslen, saved_egroups) == -1) fatal("getgroups: %.100s", strerror(errno)); } else { /* saved_egroupslen == 0 */ free(saved_egroups); @@ -98,17 +98,17 @@ temporarily_use_uid(struct passwd *pw) /* set and save the user's groups */ if (user_groupslen == -1 || user_groups_uid != pw->pw_uid) { - if (initgroups(pw->pw_name, pw->pw_gid) < 0) + if (initgroups(pw->pw_name, pw->pw_gid) == -1) fatal("initgroups: %s: %.100s", pw->pw_name, strerror(errno)); user_groupslen = getgroups(0, NULL); - if (user_groupslen < 0) + if (user_groupslen == -1) fatal("getgroups: %.100s", strerror(errno)); if (user_groupslen > 0) { user_groups = xreallocarray(user_groups, user_groupslen, sizeof(gid_t)); - if (getgroups(user_groupslen, user_groups) < 0) + if (getgroups(user_groupslen, user_groups) == -1) fatal("getgroups: %.100s", strerror(errno)); } else { /* user_groupslen == 0 */ free(user_groups); @@ -117,17 +117,17 @@ temporarily_use_uid(struct passwd *pw) user_groups_uid = pw->pw_uid; } /* Set the effective uid to the given (unprivileged) uid. */ - if (setgroups(user_groupslen, user_groups) < 0) + if (setgroups(user_groupslen, user_groups) == -1) fatal("setgroups: %.100s", strerror(errno)); #ifndef SAVED_IDS_WORK_WITH_SETEUID /* Propagate the privileged gid to all of our gids. */ - if (setgid(getegid()) < 0) + if (setgid(getegid()) == -1) debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno)); /* Propagate the privileged uid to all of our uids. */ - if (setuid(geteuid()) < 0) + if (setuid(geteuid()) == -1) debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno)); #endif /* SAVED_IDS_WORK_WITH_SETEUID */ - if (setegid(pw->pw_gid) < 0) + if (setegid(pw->pw_gid) == -1) fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); if (seteuid(pw->pw_uid) == -1) @@ -152,9 +152,9 @@ restore_uid(void) #ifdef SAVED_IDS_WORK_WITH_SETEUID debug("restore_uid: %u/%u", (u_int)saved_euid, (u_int)saved_egid); /* Set the effective uid back to the saved privileged uid. */ - if (seteuid(saved_euid) < 0) + if (seteuid(saved_euid) == -1) fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno)); - if (setegid(saved_egid) < 0) + if (setegid(saved_egid) == -1) fatal("setegid %u: %.100s", (u_int)saved_egid, strerror(errno)); #else /* SAVED_IDS_WORK_WITH_SETEUID */ /* @@ -166,7 +166,7 @@ restore_uid(void) setgid(getgid()); #endif /* SAVED_IDS_WORK_WITH_SETEUID */ - if (setgroups(saved_egroupslen, saved_egroups) < 0) + if (setgroups(saved_egroupslen, saved_egroups) == -1) fatal("setgroups: %.100s", strerror(errno)); temporarily_use_uid_effective = 0; } @@ -190,7 +190,7 @@ permanently_set_uid(struct passwd *pw) debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); - if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); #ifdef __APPLE__ @@ -198,12 +198,12 @@ permanently_set_uid(struct passwd *pw) * OS X requires initgroups after setgid to opt back into * memberd support for >16 supplemental groups. */ - if (initgroups(pw->pw_name, pw->pw_gid) < 0) + if (initgroups(pw->pw_name, pw->pw_gid) == -1) fatal("initgroups %.100s %u: %.100s", pw->pw_name, (u_int)pw->pw_gid, strerror(errno)); #endif - if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); #ifndef NO_UID_RESTORATION_TEST -- cgit v1.2.3 From 91a2135f32acdd6378476c5bae475a6e7811a6a2 Mon Sep 17 00:00:00 2001 From: "naddy@openbsd.org" Date: Fri, 6 Sep 2019 14:45:34 +0000 Subject: upstream: Allow prepending a list of algorithms to the default set by starting the list with the '^' character, e.g. HostKeyAlgorithms ^ssh-ed25519 Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com ok djm@ dtucker@ OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97 --- kex.c | 15 ++++++++++++--- readconf.c | 14 +++++++++----- servconf.c | 14 +++++++++----- ssh.c | 4 ++-- ssh_config.5 | 28 ++++++++++++++++++++++++++-- sshd_config.5 | 24 ++++++++++++++++++++++-- 6 files changed, 80 insertions(+), 19 deletions(-) (limited to 'ssh.c') diff --git a/kex.c b/kex.c index 84f8e2aa9..5a8a03aad 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.153 2019/09/06 01:58:50 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.154 2019/09/06 14:45:34 naddy Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -213,8 +213,9 @@ kex_names_cat(const char *a, const char *b) /* * Assemble a list of algorithms from a default list and a string from a * configuration file. The user-provided string may begin with '+' to - * indicate that it should be appended to the default or '-' that the - * specified names should be removed. + * indicate that it should be appended to the default, '-' that the + * specified names should be removed, or '^' that they should be placed + * at the head. */ int kex_assemble_names(char **listp, const char *def, const char *all) @@ -251,6 +252,14 @@ kex_assemble_names(char **listp, const char *def, const char *all) free(list); /* filtering has already been done */ return 0; + } else if (*list == '^') { + /* Place names at head of default list */ + if ((tmp = kex_names_cat(list + 1, def)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto fail; + } + free(list); + list = tmp; } else { /* Explicit list, overrides default - just use "list" as is */ } diff --git a/readconf.c b/readconf.c index d1b7871ec..f78b4d6fe 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.308 2019/08/09 05:05:54 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.309 2019/09/06 14:45:34 naddy Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1199,7 +1199,8 @@ parse_int: arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && + !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", filename, linenum, arg ? arg : ""); if (*activep && options->ciphers == NULL) @@ -1210,7 +1211,8 @@ parse_int: arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && + !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) fatal("%.200s line %d: Bad SSH2 MAC spec '%s'.", filename, linenum, arg ? arg : ""); if (*activep && options->macs == NULL) @@ -1223,7 +1225,8 @@ parse_int: fatal("%.200s line %d: Missing argument.", filename, linenum); if (*arg != '-' && - !kex_names_valid(*arg == '+' ? arg + 1 : arg)) + !kex_names_valid(*arg == '+' || *arg == '^' ? + arg + 1 : arg)) fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.", filename, linenum, arg ? arg : ""); if (*activep && options->kex_algorithms == NULL) @@ -1238,7 +1241,8 @@ parse_keytypes: fatal("%.200s line %d: Missing argument.", filename, linenum); if (*arg != '-' && - !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) + !sshkey_names_valid2(*arg == '+' || *arg == '^' ? + arg + 1 : arg, 1)) fatal("%s line %d: Bad key types '%s'.", filename, linenum, arg ? arg : ""); if (*activep && *charptr == NULL) diff --git a/servconf.c b/servconf.c index 340045b28..e76f9c39e 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.351 2019/04/18 18:56:16 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.352 2019/09/06 14:45:34 naddy Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1444,7 +1444,8 @@ process_server_config_line(ServerOptions *options, char *line, fatal("%s line %d: Missing argument.", filename, linenum); if (*arg != '-' && - !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) + !sshkey_names_valid2(*arg == '+' || *arg == '^' ? + arg + 1 : arg, 1)) fatal("%s line %d: Bad key types '%s'.", filename, linenum, arg ? arg : ""); if (*activep && *charptr == NULL) @@ -1715,7 +1716,8 @@ process_server_config_line(ServerOptions *options, char *line, arg = strdelim(&cp); if (!arg || *arg == '\0') fatal("%s line %d: Missing argument.", filename, linenum); - if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && + !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) fatal("%s line %d: Bad SSH2 cipher spec '%s'.", filename, linenum, arg ? arg : ""); if (options->ciphers == NULL) @@ -1726,7 +1728,8 @@ process_server_config_line(ServerOptions *options, char *line, arg = strdelim(&cp); if (!arg || *arg == '\0') fatal("%s line %d: Missing argument.", filename, linenum); - if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && + !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) fatal("%s line %d: Bad SSH2 mac spec '%s'.", filename, linenum, arg ? arg : ""); if (options->macs == NULL) @@ -1739,7 +1742,8 @@ process_server_config_line(ServerOptions *options, char *line, fatal("%s line %d: Missing argument.", filename, linenum); if (*arg != '-' && - !kex_names_valid(*arg == '+' ? arg + 1 : arg)) + !kex_names_valid(*arg == '+' || *arg == '^' ? + arg + 1 : arg)) fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", filename, linenum, arg ? arg : ""); if (options->kex_algorithms == NULL) diff --git a/ssh.c b/ssh.c index 654376981..cb321bcf3 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.505 2019/06/28 13:35:04 deraadt Exp $ */ +/* $OpenBSD: ssh.c,v 1.506 2019/09/06 14:45:34 naddy Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -877,7 +877,7 @@ main(int ac, char **av) } break; case 'c': - if (!ciphers_valid(*optarg == '+' ? + if (!ciphers_valid(*optarg == '+' || *optarg == '^' ? optarg + 1 : optarg)) { fprintf(stderr, "Unknown cipher type '%s'\n", optarg); diff --git a/ssh_config.5 b/ssh_config.5 index 14d96beaf..e114b1dfe 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.300 2019/09/04 20:31:15 naddy Exp $ -.Dd $Mdocdate: September 4 2019 $ +.\" $OpenBSD: ssh_config.5,v 1.301 2019/09/06 14:45:34 naddy Exp $ +.Dd $Mdocdate: September 6 2019 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -430,6 +430,10 @@ If the specified list begins with a .Sq - character, then the specified ciphers (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified ciphers will be placed at the head of the +default set. .Pp The supported ciphers are: .Bd -literal -offset indent @@ -794,6 +798,10 @@ If the specified list begins with a .Sq - character, then the specified key types (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified key types will be placed at the head of the +default set. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -822,6 +830,10 @@ If the specified list begins with a .Sq - character, then the specified key types (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified key types will be placed at the head of the +default set. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -1051,6 +1063,10 @@ If the specified list begins with a .Sq - character, then the specified methods (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified methods will be placed at the head of the +default set. The default is: .Bd -literal -offset indent curve25519-sha256,curve25519-sha256@libssh.org, @@ -1132,6 +1148,10 @@ If the specified list begins with a .Sq - character, then the specified algorithms (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified algorithms will be placed at the head of the +default set. .Pp The algorithms that contain .Qq -etm @@ -1289,6 +1309,10 @@ If the specified list begins with a .Sq - character, then the specified key types (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified key types will be placed at the head of the +default set. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, diff --git a/sshd_config.5 b/sshd_config.5 index f42d10417..9486f2a1c 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.289 2019/09/04 20:31:15 naddy Exp $ -.Dd $Mdocdate: September 4 2019 $ +.\" $OpenBSD: sshd_config.5,v 1.290 2019/09/06 14:45:34 naddy Exp $ +.Dd $Mdocdate: September 6 2019 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -462,6 +462,10 @@ If the specified list begins with a .Sq - character, then the specified ciphers (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified ciphers will be placed at the head of the +default set. .Pp The supported ciphers are: .Pp @@ -676,6 +680,10 @@ If the specified list begins with a .Sq - character, then the specified key types (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified key types will be placed at the head of the +default set. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -881,6 +889,10 @@ If the specified list begins with a .Sq - character, then the specified methods (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified methods will be placed at the head of the +default set. The supported algorithms are: .Pp .Bl -item -compact -offset indent @@ -998,6 +1010,10 @@ If the specified list begins with a .Sq - character, then the specified algorithms (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified algorithms will be placed at the head of the +default set. .Pp The algorithms that contain .Qq -etm @@ -1403,6 +1419,10 @@ If the specified list begins with a .Sq - character, then the specified key types (including wildcards) will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified key types will be placed at the head of the +default set. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, -- cgit v1.2.3 From fbe24b142915331ceb2a3a76be3dc5b6d204fddf Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 13 Sep 2019 04:27:35 +0000 Subject: upstream: allow %n to be expanded in ProxyCommand strings From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 ok dtucker@ OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6 --- ssh.c | 4 ++-- ssh_config.5 | 4 ++-- sshconnect.c | 35 ++++++++++++++++++++--------------- sshconnect.h | 7 ++++--- 4 files changed, 28 insertions(+), 22 deletions(-) (limited to 'ssh.c') diff --git a/ssh.c b/ssh.c index cb321bcf3..ee51823cd 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.506 2019/09/06 14:45:34 naddy Exp $ */ +/* $OpenBSD: ssh.c,v 1.507 2019/09/13 04:27:35 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1369,7 +1369,7 @@ main(int ac, char **av) timeout_ms = options.connection_timeout * 1000; /* Open a connection to the remote host. */ - if (ssh_connect(ssh, host, addrs, &hostaddr, options.port, + if (ssh_connect(ssh, host_arg, host, addrs, &hostaddr, options.port, options.address_family, options.connection_attempts, &timeout_ms, options.tcp_keep_alive) != 0) exit(255); diff --git a/ssh_config.5 b/ssh_config.5 index b10c55492..867c916a7 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.302 2019/09/13 04:07:42 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.303 2019/09/13 04:27:35 djm Exp $ .Dd $Mdocdate: September 13 2019 $ .Dt SSH_CONFIG 5 .Os @@ -1821,7 +1821,7 @@ accept the tokens %%, %d, %h, %i, %l, %r, and %u. accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, and %u. .Pp .Cm ProxyCommand -accepts the tokens %%, %h, %p, and %r. +accepts the tokens %%, %h, %n, %p, and %r. .Pp .Cm RemoteCommand accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and %u. diff --git a/sshconnect.c b/sshconnect.c index ed44fccb8..740780443 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.317 2019/06/28 13:35:04 deraadt Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.318 2019/09/13 04:27:35 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -87,14 +87,18 @@ static void warn_changed_key(struct sshkey *); /* Expand a proxy command */ static char * expand_proxy_command(const char *proxy_command, const char *user, - const char *host, int port) + const char *host, const char *host_arg, int port) { char *tmp, *ret, strport[NI_MAXSERV]; snprintf(strport, sizeof strport, "%d", port); xasprintf(&tmp, "exec %s", proxy_command); - ret = percent_expand(tmp, "h", host, "p", strport, - "r", options.user, (char *)NULL); + ret = percent_expand(tmp, + "h", host, + "n", host_arg, + "p", strport, + "r", options.user, + (char *)NULL); free(tmp); return ret; } @@ -122,8 +126,8 @@ stderr_null(void) * a connected fd back to us. */ static int -ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, - const char *proxy_command) +ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, + const char *host_arg, u_short port, const char *proxy_command) { char *command_string; int sp[2], sock; @@ -138,7 +142,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, "proxy dialer: %.100s", strerror(errno)); command_string = expand_proxy_command(proxy_command, options.user, - host, port); + host_arg, host, port); debug("Executing proxy dialer command: %.500s", command_string); /* Fork and execute the proxy command. */ @@ -204,8 +208,8 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, * Connect to the given ssh server using a proxy command. */ static int -ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, - const char *proxy_command) +ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg, + u_short port, const char *proxy_command) { char *command_string; int pin[2], pout[2]; @@ -221,7 +225,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, strerror(errno)); command_string = expand_proxy_command(proxy_command, options.user, - host, port); + host_arg, host, port); debug("Executing proxy command: %.500s", command_string); /* Fork and execute the proxy command. */ @@ -543,9 +547,9 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, } int -ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs, - struct sockaddr_storage *hostaddr, u_short port, int family, - int connection_attempts, int *timeout_ms, int want_keepalive) +ssh_connect(struct ssh *ssh, const char *host, const char *host_arg, + struct addrinfo *addrs, struct sockaddr_storage *hostaddr, u_short port, + int family, int connection_attempts, int *timeout_ms, int want_keepalive) { int in, out; @@ -564,10 +568,11 @@ ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs, return -1; /* ssh_packet_set_connection logs error */ return 0; } else if (options.proxy_use_fdpass) { - return ssh_proxy_fdpass_connect(ssh, host, port, + return ssh_proxy_fdpass_connect(ssh, host, host_arg, port, options.proxy_command); } - return ssh_proxy_connect(ssh, host, port, options.proxy_command); + return ssh_proxy_connect(ssh, host, host_arg, port, + options.proxy_command); } /* defaults to 'no' */ diff --git a/sshconnect.h b/sshconnect.h index b455d7c20..2e84b8bc5 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.38 2019/06/21 04:21:05 djm Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.39 2019/09/13 04:27:35 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -33,8 +33,9 @@ struct Sensitive { struct addrinfo; struct ssh; -int ssh_connect(struct ssh *, const char *, struct addrinfo *, - struct sockaddr_storage *, u_short, int, int, int *, int); +int ssh_connect(struct ssh *, const char *, const char *, + struct addrinfo *, struct sockaddr_storage *, u_short, + int, int, int *, int); void ssh_kill_proxy_command(void); void ssh_login(struct ssh *, Sensitive *, const char *, -- cgit v1.2.3