Attachment 2383 Details for Bug 2161 – Revised patch with more foolproofing

[patch] Revised patch with more foolproofing

bz2161v2.diff (text/plain), 2.87 KB, created by Damien Miller on 2013-12-05 12:13:05 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Damien Miller

Created: 2013-12-05 12:13:05 AEDT

Size: 2.87 KB

patch

obsolete

>Index: servconf.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
>retrieving revision 1.246
>diff -u -p -r1.246 servconf.c
>--- servconf.c	21 Nov 2013 00:45:44 -0000	1.246
>+++ servconf.c	5 Dec 2013 01:11:56 -0000
>@@ -1695,24 +1695,6 @@ int server_match_spec_complete(struct co
> 	return 0;	/* partial */
> }
> 
>-/* Helper macros */
>-#define M_CP_INTOPT(n) do {\
>-	if (src->n != -1) \
>-		dst->n = src->n; \
>-} while (0)
>-#define M_CP_STROPT(n) do {\
>-	if (src->n != NULL) { \
>-		free(dst->n); \
>-		dst->n = src->n; \
>-	} \
>-} while(0)
>-#define M_CP_STRARRAYOPT(n, num_n) do {\
>-	if (src->num_n != 0) { \
>-		for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
>-			dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
>-	} \
>-} while(0)
>-
> /*
>  * Copy any supported values that are set.
>  *
>@@ -1723,6 +1705,11 @@ int server_match_spec_complete(struct co
> void
> copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
> {
>+#define M_CP_INTOPT(n) do {\
>+	if (src->n != -1) \
>+		dst->n = src->n; \
>+} while (0)
>+
> 	M_CP_INTOPT(password_authentication);
> 	M_CP_INTOPT(gss_authentication);
> 	M_CP_INTOPT(rsa_authentication);
>@@ -1732,8 +1719,6 @@ copy_set_server_options(ServerOptions *d
> 	M_CP_INTOPT(hostbased_uses_name_from_packet_only);
> 	M_CP_INTOPT(kbd_interactive_authentication);
> 	M_CP_INTOPT(zero_knowledge_password_authentication);
>-	M_CP_STROPT(authorized_keys_command);
>-	M_CP_STROPT(authorized_keys_command_user);
> 	M_CP_INTOPT(permit_root_login);
> 	M_CP_INTOPT(permit_empty_passwd);
> 
>@@ -1751,6 +1736,20 @@ copy_set_server_options(ServerOptions *d
> 	M_CP_INTOPT(ip_qos_bulk);
> 	M_CP_INTOPT(rekey_limit);
> 	M_CP_INTOPT(rekey_interval);
>+
>+	/* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
>+#define M_CP_STROPT(n) do {\
>+	if (src->n != NULL && dst->n != src->n) { \
>+		free(dst->n); \
>+		dst->n = src->n; \
>+	} \
>+} while(0)
>+#define M_CP_STRARRAYOPT(n, num_n) do {\
>+	if (src->num_n != 0) { \
>+		for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
>+			dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
>+	} \
>+} while(0)
> 
> 	/* See comment in servconf.h */
> 	COPY_MATCH_STRING_OPTS();
>Index: servconf.h
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/servconf.h,v
>retrieving revision 1.110
>diff -u -p -r1.110 servconf.h
>--- servconf.h	29 Oct 2013 09:48:02 -0000	1.110
>+++ servconf.h	5 Dec 2013 01:11:56 -0000
>@@ -200,6 +200,9 @@ struct connection_info {
>  * Match sub-config and the main config, and must be sent from the
>  * privsep slave to the privsep master. We use a macro to ensure all
>  * the options are copied and the copies are done in the correct order.
>+ *
>+ * NB. an option must appear in servconf.c:copy_set_server_options() or
>+ * COPY_MATCH_STRING_OPTS here but never both.
>  */
> #define COPY_MATCH_STRING_OPTS() do { \
> 		M_CP_STROPT(banner); \

Flags:

dtucker: ok+

Actions: View | Diff

Attachments on bug 2161: 2382 | 2383