Attachment #1073 for bug #910




#include "misc.h"
#include "log.h"
#include "xmalloc.h"
#include "ssh.h"

/* remove newline at end of string */
char *

}

/*
 * Returns a standardized host+port identifier string.
 * Caller must free returned string.
 */
char *
put_host_port(const char *host, u_short port)
{
	int ret;
	char *hoststr;
	size_t len;

	if (port == 0 || port == SSH_DEFAULT_PORT)
		return(xstrdup(host));
	len = strlen(host) + sizeof(port) * 4 + 4;
	hoststr = xmalloc(len);
	ret = snprintf(hoststr, len, "[%s]:%d", host, (int)port);
	if (ret == -1 || (size_t)ret >= len)
		fatal("put_host_port: snprintf: %s", strerror(errno));
	debug3("put_host_port: %s", hoststr);
	return hoststr;
}

/*
 * Search for next delimiter between hostnames/addresses and ports.
 * Argument may be modified (for termination).
 * Returns *cp if parsing succeeds.

Lines 21-26 Link Here

(-)misc.h.orig (+1 lines)
21	void set_nodelay(int);	21	void set_nodelay(int);
22	int a2port(const char *);	22	int a2port(const char *);
23	int a2tun(const char , int );	23	int a2tun(const char , int );
		24	char put_host_port(const char , u_short);
24	char hpdelim(char *);	25	char hpdelim(char *);
25	char cleanhostname(char );	26	char cleanhostname(char );
26	char colon(char );	27	char colon(char );




 * is not valid. the user_hostfile will not be updated if 'readonly' is true.
 */
static int
check_host_key(char *hostname, struct sockaddr *hostaddr, Key *host_key,
    int readonly, const char *user_hostfile, const char *system_hostfile)
{
	Key *file_key;
	const char *type = key_type(host_key);
	char *ip = NULL, *host = NULL;
	char hostline[1000], *hostp, *fp;
	HostStatus host_status;
	HostStatus ip_status;

		if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
		    NULL, 0, NI_NUMERICHOST) != 0)
			fatal("check_host_key: getnameinfo failed");
		ip = put_host_port(ntop, options.port);
	} else {
		ip = xstrdup("<no hostip for proxy command>");
	}

	 * Turn off check_host_ip if the connection is to localhost, via proxy
	 * command or if we don't have a hostname to compare with
	 */
	if (options.check_host_ip && (local ||
	    strcmp(hostname, ip) == 0 || options.proxy_command != NULL))
		options.check_host_ip = 0;

	/*
	 * Allow the user to record the key under a different name or
	 * differentiate a non-standard port.  This is useful for ssh
	 * tunneling over forwarded connections or if you run multiple
	 * sshd's on different ports on the same machine.
	 */
	if (options.host_key_alias != NULL) {
		host = xstrdup(options.host_key_alias);
		debug("using hostkeyalias: %s", host);
	} else {
		host = put_host_port(hostname, options.port);
	}

	/*

	}

	xfree(ip);
	xfree(host);
	return 0;

fail:
	xfree(ip);
	xfree(host);
	return -1;
}


Lines 555-560 Link Here

(-)sshd.8.orig (+7 lines)
555	to indicate negation: if the host name matches a negated	555	to indicate negation: if the host name matches a negated
556	pattern, it is not accepted (by that line) even if it matched another	556	pattern, it is not accepted (by that line) even if it matched another
557	pattern on the line.	557	pattern on the line.
		558	A hostname or address may optionally be enclosed within
		559	.Ql \&[
		560	and
		561	.Ql \&]
		562	brackets then followed by
		563	.Ql \&:
		564	and and a non-standard port number.
558	.Pp	565	.Pp
559	Alternately, hostnames may be stored in a hashed form which hides host names	566	Alternately, hostnames may be stored in a hashed form which hides host names
560	and addresses should the file's contents be disclosed.	567	and addresses should the file's contents be disclosed.

Return to bug 910

Lines 33-38 Link Here

(-)misc.c.orig (+23 lines)
33	#include "misc.h"	33	#include "misc.h"
34	#include "log.h"	34	#include "log.h"
35	#include "xmalloc.h"	35	#include "xmalloc.h"
		36	#include "ssh.h"
36		37
37	/* remove newline at end of string */	38	/* remove newline at end of string */
38	char *	39	char *
Lines 312-317 Link Here
312	}	313	}
313		314
314	/*	315	/*
		316	* Returns a standardized host+port identifier string.
		317	* Caller must free returned string.
		318	*/
		319	char *
		320	put_host_port(const char *host, u_short port)
		321	{
		322	int ret;
		323	char *hoststr;
		324	size_t len;
		325
		326	if (port == 0 \|\| port == SSH_DEFAULT_PORT)
		327	return(xstrdup(host));
		328	len = strlen(host) + sizeof(port) * 4 + 4;
		329	hoststr = xmalloc(len);
		330	ret = snprintf(hoststr, len, "[%s]:%d", host, (int)port);
		331	if (ret == -1 \|\| (size_t)ret >= len)
		332	fatal("put_host_port: snprintf: %s", strerror(errno));
		333	debug3("put_host_port: %s", hoststr);
		334	return hoststr;
		335	}
		336
		337	/*
315	* Search for next delimiter between hostnames/addresses and ports.	338	* Search for next delimiter between hostnames/addresses and ports.
316	* Argument may be modified (for termination).	339	* Argument may be modified (for termination).
317	* Returns *cp if parsing succeeds.	340	* Returns *cp if parsing succeeds.

Lines 518-529 Link Here

(-)sshconnect.c.orig (-9 / +14 lines)
518	* is not valid. the user_hostfile will not be updated if 'readonly' is true.	518	* is not valid. the user_hostfile will not be updated if 'readonly' is true.
519	*/	519	*/
520	static int	520	static int
521	check_host_key(char host, struct sockaddr hostaddr, Key *host_key,	521	check_host_key(char hostname, struct sockaddr hostaddr, Key *host_key,
522	int readonly, const char user_hostfile, const char system_hostfile)	522	int readonly, const char user_hostfile, const char system_hostfile)
523	{	523	{
524	Key *file_key;	524	Key *file_key;
525	const char *type = key_type(host_key);	525	const char *type = key_type(host_key);
526	char *ip = NULL;	526	char ip = NULL, host = NULL;
527	char hostline[1000], hostp, fp;	527	char hostline[1000], hostp, fp;
528	HostStatus host_status;	528	HostStatus host_status;
529	HostStatus ip_status;	529	HostStatus ip_status;
Lines 574-580 Link Here
574	if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),	574	if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
575	NULL, 0, NI_NUMERICHOST) != 0)	575	NULL, 0, NI_NUMERICHOST) != 0)
576	fatal("check_host_key: getnameinfo failed");	576	fatal("check_host_key: getnameinfo failed");
577	ip = xstrdup(ntop);	577	ip = put_host_port(ntop, options.port);
578	} else {	578	} else {
579	ip = xstrdup("<no hostip for proxy command>");	579	ip = xstrdup("<no hostip for proxy command>");
580	}	580	}
Lines 582-599 Link Here
582	* Turn off check_host_ip if the connection is to localhost, via proxy	582	* Turn off check_host_ip if the connection is to localhost, via proxy
583	* command or if we don't have a hostname to compare with	583	* command or if we don't have a hostname to compare with
584	*/	584	*/
585	if (options.check_host_ip &&	585	if (options.check_host_ip && (local \|\|
586	(local \|\| strcmp(host, ip) == 0 \|\| options.proxy_command != NULL))	586	strcmp(hostname, ip) == 0 \|\| options.proxy_command != NULL))
587	options.check_host_ip = 0;	587	options.check_host_ip = 0;
588		588
589	/*	589	/*
590	* Allow the user to record the key under a different name. This is	590	* Allow the user to record the key under a different name or
591	* useful for ssh tunneling over forwarded connections or if you run	591	* differentiate a non-standard port. This is useful for ssh
592	* multiple sshd's on different ports on the same machine.	592	* tunneling over forwarded connections or if you run multiple
		593	* sshd's on different ports on the same machine.
593	*/	594	*/
594	if (options.host_key_alias != NULL) {	595	if (options.host_key_alias != NULL) {
595	host = options.host_key_alias;	596	host = xstrdup(options.host_key_alias);
596	debug("using hostkeyalias: %s", host);	597	debug("using hostkeyalias: %s", host);
		598	} else {
		599	host = put_host_port(hostname, options.port);
597	}	600	}
598		601
599	/*	602	/*
Lines 855-864 Link Here
855	}	858	}
856		859
857	xfree(ip);	860	xfree(ip);
		861	xfree(host);
858	return 0;	862	return 0;
859		863
860	fail:	864	fail:
861	xfree(ip);	865	xfree(ip);
		866	xfree(host);
862	return -1;	867	return -1;
863	}	868	}
864		869