relax valid_domain() checks to allow an underscore as the first

character. ok deraadt@

diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c
index a7b5b95..c547ea9 100644 (file)
--- a/usr.bin/ssh/misc.c
+++ b/usr.bin/ssh/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.197 2024/09/25 01:24:04 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.198 2024/10/24 03:14:37 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005-2020 Damien Miller.  All rights reserved.
@@ -2299,7 +2299,8 @@ valid_domain(char *name, int makelower, const char **errstr)
                strlcpy(errbuf, "empty domain name", sizeof(errbuf));
                goto bad;
        }
-       if (!isalpha((u_char)name[0]) && !isdigit((u_char)name[0])) {
+       if (!isalpha((u_char)name[0]) && !isdigit((u_char)name[0]) &&
+          name[0] != '_' /* technically invalid, but common */) {
                snprintf(errbuf, sizeof(errbuf), "domain name \"%.100s\" "
                    "starts with invalid character", name);
                goto bad;