Bugzilla – Attachment 2226 Details for
Bug 2074
Host key verification incorrectly handles IPv6 addresses
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
canonicalise hostnames that are actually addresses
canonicalise-ip-address.diff (text/plain), 5.05 KB, created by
Damien Miller
on 2013-03-08 11:42:58 AEDT
(
hide
)
Description:
canonicalise hostnames that are actually addresses
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2013-03-08 11:42:58 AEDT
Size:
5.05 KB
patch
obsolete
>Index: roaming_client.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/roaming_client.c,v >retrieving revision 1.4 >diff -u -p -r1.4 roaming_client.c >--- roaming_client.c 7 Dec 2011 05:44:38 -0000 1.4 >+++ roaming_client.c 8 Mar 2013 00:34:55 -0000 >@@ -256,7 +256,7 @@ wait_for_roaming_reconnect(void) > if (c != '\n' && c != '\r') > continue; > >- if (ssh_connect(host, &hostaddr, options.port, >+ if (ssh_connect(&host, &hostaddr, options.port, > options.address_family, 1, &timeout_ms, > options.tcp_keep_alive, options.use_privileged_port, > options.proxy_command) == 0 && roaming_resume() == 0) { >Index: ssh.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh.c,v >retrieving revision 1.373 >diff -u -p -r1.373 ssh.c >--- ssh.c 22 Feb 2013 22:09:01 -0000 1.373 >+++ ssh.c 8 Mar 2013 00:34:56 -0000 >@@ -645,7 +645,8 @@ main(int ac, char **av) > * file if the user specifies a config file on the command line. > */ > if (config != NULL) { >- if (!read_config_file(config, host, &options, SSHCONF_USERCONF)) >+ if (strcasecmp(config, "none") != 0 && >+ !read_config_file(config, host, &options, SSHCONF_USERCONF)) > fatal("Can't open user config file %.100s: " > "%.100s", config, strerror(errno)); > } else { >@@ -757,7 +758,7 @@ main(int ac, char **av) > timeout_ms = options.connection_timeout * 1000; > > /* Open a connection to the remote host. */ >- if (ssh_connect(host, &hostaddr, options.port, >+ if (ssh_connect(&host, &hostaddr, options.port, > options.address_family, options.connection_attempts, &timeout_ms, > options.tcp_keep_alive, > original_effective_uid == 0 && options.use_privileged_port, >Index: sshconnect.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshconnect.c,v >retrieving revision 1.237 >diff -u -p -r1.237 sshconnect.c >--- sshconnect.c 22 Feb 2013 19:13:56 -0000 1.237 >+++ sshconnect.c 8 Mar 2013 00:34:56 -0000 >@@ -331,15 +331,16 @@ timeout_connect(int sockfd, const struct > * the daemon. > */ > int >-ssh_connect(const char *host, struct sockaddr_storage * hostaddr, >+ssh_connect(char **hostp, struct sockaddr_storage *hostaddr, > u_short port, int family, int connection_attempts, int *timeout_ms, > int want_keepalive, int needpriv, const char *proxy_command) > { > int gaierr; > int on = 1; >- int sock = -1, attempt; >+ int sock = -1, attempt, replace_host = 0; > char ntop[NI_MAXHOST], strport[NI_MAXSERV]; > struct addrinfo hints, *ai, *aitop; >+ const char *host = *hostp; > > debug2("ssh_connect: needpriv %d", needpriv); > >@@ -349,13 +350,26 @@ ssh_connect(const char *host, struct soc > > /* No proxy command. */ > >+ /* Try numeric address first */ > memset(&hints, 0, sizeof(hints)); > hints.ai_family = family; > hints.ai_socktype = SOCK_STREAM; >+ hints.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV; > snprintf(strport, sizeof strport, "%u", port); >- if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) >- fatal("%s: Could not resolve hostname %.100s: %s", __progname, >- host, ssh_gai_strerror(gaierr)); >+ if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) == 0) { >+ /* Hostname was numeric. arrange to use it later */ >+ replace_host = 1; >+ } else { >+ debug3("%s: could not parse hostname %.100s as numeric: %s", >+ __func__, host, ssh_gai_strerror(gaierr)); >+ memset(&hints, 0, sizeof(hints)); >+ hints.ai_family = family; >+ hints.ai_socktype = SOCK_STREAM; >+ snprintf(strport, sizeof strport, "%u", port); >+ if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) >+ fatal("%s: Could not resolve hostname %.100s: %s", >+ __progname, host, ssh_gai_strerror(gaierr)); >+ } > > for (attempt = 0; attempt < connection_attempts; attempt++) { > if (attempt > 0) { >@@ -400,7 +414,6 @@ ssh_connect(const char *host, struct soc > if (sock != -1) > break; /* Successful connection. */ > } >- > freeaddrinfo(aitop); > > /* Return failure if we didn't get a successful connection. */ >@@ -410,6 +423,9 @@ ssh_connect(const char *host, struct soc > return (-1); > } > >+ if (replace_host) >+ *hostp = xstrdup(ntop); >+ > debug("Connection established."); > > /* Set SO_KEEPALIVE if requested. */ >@@ -744,7 +760,7 @@ check_host_key(char *hostname, struct so > load_hostkeys(host_hostkeys, host, system_hostfiles[i]); > > ip_hostkeys = NULL; >- if (!want_cert && options.check_host_ip) { >+ if (options.check_host_ip) { > ip_hostkeys = init_hostkeys(); > for (i = 0; i < num_user_hostfiles; i++) > load_hostkeys(ip_hostkeys, ip, user_hostfiles[i]); >Index: sshconnect.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshconnect.h,v >retrieving revision 1.27 >diff -u -p -r1.27 sshconnect.h >--- sshconnect.h 29 Nov 2010 23:45:51 -0000 1.27 >+++ sshconnect.h 8 Mar 2013 00:34:56 -0000 >@@ -32,7 +32,7 @@ struct Sensitive { > }; > > int >-ssh_connect(const char *, struct sockaddr_storage *, u_short, int, int, >+ssh_connect(char **, struct sockaddr_storage *, u_short, int, int, > int *, int, int, const char *); > void ssh_kill_proxy_command(void); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2226">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2074
:
2226
|
2453