Attachment 733 Details for Bug 884 – Update patch #633 to OpenBSD -current

[patch] Update patch #633 to OpenBSD -current

openbsd-sshd-bigkey.patch (text/plain), 7.43 KB, created by Darren Tucker on 2004-10-29 22:03:59 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Darren Tucker

Created: 2004-10-29 22:03:59 AEST

Size: 7.43 KB

patch

obsolete

>Index: auth-rsa.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/auth-rsa.c,v
>retrieving revision 1.60
>diff -u -p -r1.60 auth-rsa.c
>--- auth-rsa.c	21 Jun 2004 17:36:31 -0000	1.60
>+++ auth-rsa.c	29 Oct 2004 11:53:10 -0000
>@@ -48,9 +48,8 @@ extern u_char session_id[16];
>  * following format:
>  *   options bits e n comment
>  * where bits, e and n are decimal numbers,
>- * and comment is any string of characters up to newline.  The maximum
>- * length of a line is 8000 characters.  See the documentation for a
>- * description of the options.
>+ * and comment is any string of characters up to newline.
>+ * See the documentation for a description of the options.
>  */
> 
> BIGNUM *
>@@ -152,7 +151,7 @@ auth_rsa_challenge_dialog(Key *key)
> int
> auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
> {
>-	char line[8192], *file;
>+	char *line, *file, err[2048];
> 	int allowed = 0;
> 	u_int bits;
> 	FILE *f;
>@@ -183,10 +182,10 @@ auth_rsa_key_allowed(struct passwd *pw, 
> 		return (0);
> 	}
> 	if (options.strict_modes &&
>-	    secure_filename(f, file, pw, line, sizeof(line)) != 0) {
>+	    secure_filename(f, file, pw, err, sizeof(err)) != 0) {
> 		xfree(file);
> 		fclose(f);
>-		logit("Authentication refused: %s", line);
>+		logit("Authentication refused: %s", err);
> 		restore_uid();
> 		return (0);
> 	}
>@@ -201,7 +200,7 @@ auth_rsa_key_allowed(struct passwd *pw, 
> 	 * found, perform a challenge-response dialog to verify that the
> 	 * user really has the corresponding private key.
> 	 */
>-	while (fgets(line, sizeof(line), f)) {
>+	while ((line = fgetline(f)) != NULL) {
> 		char *cp;
> 		char *key_options;
> 
>@@ -210,8 +209,10 @@ auth_rsa_key_allowed(struct passwd *pw, 
> 		/* Skip leading whitespace, empty and comment lines. */
> 		for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
> 			;
>-		if (!*cp || *cp == '\n' || *cp == '#')
>+		if (!*cp || *cp == '\n' || *cp == '#') {
>+			xfree(line);
> 			continue;
>+		}
> 
> 		/*
> 		 * Check if there are options for this key, and if so,
>@@ -235,6 +236,7 @@ auth_rsa_key_allowed(struct passwd *pw, 
> 		if (hostfile_read_key(&cp, &bits, key) == 0) {
> 			debug("%.100s, line %lu: non ssh1 key syntax",
> 			    file, linenum);
>+			xfree(line);
> 			continue;
> 		}
> 		/* cp now points to the comment part. */
>@@ -254,11 +256,14 @@ auth_rsa_key_allowed(struct passwd *pw, 
> 		 * If our options do not allow this key to be used,
> 		 * do not send challenge.
> 		 */
>-		if (!auth_parse_options(pw, key_options, file, linenum))
>+		if (!auth_parse_options(pw, key_options, file, linenum)) {
>+			xfree(line);
> 			continue;
>+		}
> 
> 		/* break out, this key is allowed */
> 		allowed = 1;
>+		xfree(line);
> 		break;
> 	}
> 
>Index: auth2-pubkey.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/auth2-pubkey.c,v
>retrieving revision 1.7
>diff -u -p -r1.7 auth2-pubkey.c
>--- auth2-pubkey.c	21 Jun 2004 17:36:31 -0000	1.7
>+++ auth2-pubkey.c	29 Oct 2004 11:53:10 -0000
>@@ -40,6 +40,7 @@ RCSID("$OpenBSD: auth2-pubkey.c,v 1.7 20
> #include "auth-options.h"
> #include "canohost.h"
> #include "monitor_wrap.h"
>+#include "misc.h"
> 
> /* import */
> extern ServerOptions options;
>@@ -163,7 +164,7 @@ done:
> static int
> user_key_allowed2(struct passwd *pw, Key *key, char *file)
> {
>-	char line[8192];
>+	char *line, err[2048];
> 	int found_key = 0;
> 	FILE *f;
> 	u_long linenum = 0;
>@@ -190,9 +191,9 @@ user_key_allowed2(struct passwd *pw, Key
> 		return 0;
> 	}
> 	if (options.strict_modes &&
>-	    secure_filename(f, file, pw, line, sizeof(line)) != 0) {
>+	    secure_filename(f, file, pw, err, sizeof(err)) != 0) {
> 		fclose(f);
>-		logit("Authentication refused: %s", line);
>+		logit("Authentication refused: %s", err);
> 		restore_uid();
> 		return 0;
> 	}
>@@ -200,14 +201,16 @@ user_key_allowed2(struct passwd *pw, Key
> 	found_key = 0;
> 	found = key_new(key->type);
> 
>-	while (fgets(line, sizeof(line), f)) {
>+	while ((line = fgetline(f)) != NULL) {
> 		char *cp, *key_options = NULL;
> 		linenum++;
> 		/* Skip leading whitespace, empty and comment lines. */
> 		for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
> 			;
>-		if (!*cp || *cp == '\n' || *cp == '#')
>+		if (!*cp || *cp == '\n' || *cp == '#') {
>+			xfree(line);
> 			continue;
>+		}
> 
> 		if (key_read(found, &cp) != 1) {
> 			/* no key?  check if there are options for this key */
>@@ -226,6 +229,7 @@ user_key_allowed2(struct passwd *pw, Key
> 			if (key_read(found, &cp) != 1) {
> 				debug2("user_key_allowed: advance: '%s'", cp);
> 				/* still no key?  advance to next line*/
>+				xfree(line);
> 				continue;
> 			}
> 		}
>@@ -238,6 +242,7 @@ user_key_allowed2(struct passwd *pw, Key
> 			verbose("Found matching %s key: %s",
> 			    key_type(found), fp);
> 			xfree(fp);
>+			xfree(line);
> 			break;
> 		}
> 	}
>Index: authfile.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/authfile.c,v
>retrieving revision 1.58
>diff -u -p -r1.58 authfile.c
>--- authfile.c	23 Aug 2004 11:48:09 -0000	1.58
>+++ authfile.c	29 Oct 2004 11:53:10 -0000
>@@ -51,6 +51,7 @@ RCSID("$OpenBSD: authfile.c,v 1.58 2004/
> #include "log.h"
> #include "authfile.h"
> #include "rsa.h"
>+#include "misc.h"
> 
> /* Version identification string for SSH v1 identity files. */
> static const char authfile_id_string[] =
>@@ -598,18 +599,18 @@ static int
> key_try_load_public(Key *k, const char *filename, char **commentp)
> {
> 	FILE *f;
>-	char line[4096];
>+	char *line;
> 	char *cp;
> 
> 	f = fopen(filename, "r");
> 	if (f != NULL) {
>-		while (fgets(line, sizeof(line), f)) {
>-			line[sizeof(line)-1] = '\0';
>+		while ((line = fgetline(f)) != NULL) {
> 			cp = line;
> 			switch (*cp) {
> 			case '#':
> 			case '\n':
> 			case '\0':
>+				xfree(line);
> 				continue;
> 			}
> 			/* Skip leading whitespace. */
>@@ -620,6 +621,7 @@ key_try_load_public(Key *k, const char *
> 					if (commentp)
> 						*commentp=xstrdup(filename);
> 					fclose(f);
>+					xfree(line);
> 					return 1;
> 				}
> 			}
>Index: misc.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/misc.c,v
>retrieving revision 1.25
>diff -u -p -r1.25 misc.c
>--- misc.c	11 Aug 2004 21:43:05 -0000	1.25
>+++ misc.c	29 Oct 2004 11:53:10 -0000
>@@ -28,6 +28,7 @@ RCSID("$OpenBSD: misc.c,v 1.25 2004/08/1
> #include "misc.h"
> #include "log.h"
> #include "xmalloc.h"
>+#include "buffer.h"
> 
> /* remove newline at end of string */
> char *
>@@ -325,4 +326,36 @@ addargs(arglist *args, char *fmt, ...)
> 	args->nalloc = nalloc;
> 	args->list[args->num++] = xstrdup(buf);
> 	args->list[args->num] = NULL;
>+}
>+
>+/*
>+ * get a line from a FILE, allocating enough space to hold it
>+ */
>+char *
>+fgetline(FILE *f)
>+{
>+	Buffer buf;
>+	char *line, tmp[1024];
>+	size_t len;
>+
>+	buffer_init(&buf);
>+	while (1) {
>+		if (fgets(tmp, sizeof(tmp), f) == NULL)
>+			break;
>+		len = strlen(tmp);
>+		buffer_append(&buf, tmp, len);
>+		debug("%s: len %d string '%s'", __func__, len, tmp);
>+		if (tmp[len - 1] == '\n')
>+			break;
>+	}
>+
>+	if (buffer_len(&buf) == 0) {
>+		line = NULL;
>+	} else {
>+		buffer_append(&buf, "\0", 1);
>+		line = xstrdup(buffer_ptr(&buf));
>+		/* XXX: zero buffer too? */
>+	}
>+	buffer_free(&buf);
>+	return line;
> }
>Index: misc.h
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/misc.h,v
>retrieving revision 1.17
>diff -u -p -r1.17 misc.h
>--- misc.h	11 Aug 2004 21:43:05 -0000	1.17
>+++ misc.h	29 Oct 2004 11:53:10 -0000
>@@ -23,6 +23,7 @@ int	 a2port(const char *);
> char	*cleanhostname(char *);
> char	*colon(char *);
> long	 convtime(const char *);
>+char	*fgetline(FILE *);
> 
> struct passwd *pwcopy(struct passwd *);
>

Actions: View | Diff

Attachments on bug 884: 658 | 659 | 660 | 661 | 663 | 733 | 734 | 735