git: 6cf3164ff3d8 - stable/12 - ssh: Be more paranoid with host/domain names coming from the
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 08 Feb 2023 21:06:33 UTC
The branch stable/12 has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=6cf3164ff3d838e13dc0d4de583380245057fec6
commit 6cf3164ff3d838e13dc0d4de583380245057fec6
Author: Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-02-06 16:45:52 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-02-08 21:06:23 +0000
ssh: Be more paranoid with host/domain names coming from the
never write a name with bad characters to a known_hosts file.
replace recently-added valid_domain() check for hostnames going to
known_hosts with a more relaxed check for bad characters.
Obtained from: OpenSSH-portable commit 445363433ba2
Obtained from: OpenSSH-portable commit 3cae9f92a318
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 2e828220579e3ada74ed0613871ec6ec61d669ba)
(cherry picked from commit 6ad91c17b0555f0d28377f66fb9f7c8b4cee2b06)
---
crypto/openssh/ssh.c | 8 ++++++--
crypto/openssh/sshconnect.c | 15 +++++++++++++--
2 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c
index 8ae20441205e..c5a4326bd1c6 100644
--- a/crypto/openssh/ssh.c
+++ b/crypto/openssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.576 2022/09/17 10:33:18 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.579 2022/10/24 22:43:36 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -252,6 +252,7 @@ static struct addrinfo *
resolve_host(const char *name, int port, int logerr, char *cname, size_t clen)
{
char strport[NI_MAXSERV];
+ const char *errstr = NULL;
struct addrinfo hints, *res;
int gaierr;
LogLevel loglevel = SYSLOG_LEVEL_DEBUG1;
@@ -277,7 +278,10 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen)
return NULL;
}
if (cname != NULL && res->ai_canonname != NULL) {
- if (strlcpy(cname, res->ai_canonname, clen) >= clen) {
+ if (!valid_domain(res->ai_canonname, 0, &errstr)) {
+ error("ignoring bad CNAME \"%s\" for host \"%s\": %s",
+ res->ai_canonname, name, errstr);
+ } else if (strlcpy(cname, res->ai_canonname, clen) >= clen) {
error_f("host \"%s\" cname \"%s\" too long (max %lu)",
name, res->ai_canonname, (u_long)clen);
if (clen > 0)
diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c
index 76b85452bfa6..cebe110b9888 100644
--- a/crypto/openssh/sshconnect.c
+++ b/crypto/openssh/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.358 2022/08/26 08:16:27 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.360 2022/11/03 21:59:20 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -936,7 +936,7 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
char *ip = NULL, *host = NULL;
char hostline[1000], *hostp, *fp, *ra;
char msg[1024];
- const char *type, *fail_reason;
+ const char *type, *fail_reason = NULL;
const struct hostkey_entry *host_found = NULL, *ip_found = NULL;
int len, cancelled_forwarding = 0, confirmed;
int local = sockaddr_is_local(hostaddr);
@@ -961,6 +961,17 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
return 0;
}
+ /*
+ * Don't ever try to write an invalid name to a known hosts file.
+ * Note: do this before get_hostfile_hostname_ipaddr() to catch
+ * '[' or ']' in the name before they are added.
+ */
+ if (strcspn(hostname, "@?*#[]|'\'\"\\") != strlen(hostname)) {
+ debug_f("invalid hostname \"%s\"; will not record: %s",
+ hostname, fail_reason);
+ readonly = RDONLY;
+ }
+
/*
* Prepare the hostname and address strings used for hostkey lookup.
* In some cases, these will have a port number appended.