we only ever use it for strlen(pattern).
Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.
ok markus@
-/* $OpenBSD: auth2-hostbased.c,v 1.24 2015/01/28 22:36:00 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.25 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
goto done;
}
if (match_pattern_list(sshkey_ssh_name(key),
- options.hostbased_key_types,
- strlen(options.hostbased_key_types), 0) != 1) {
+ options.hostbased_key_types, 0) != 1) {
logit("%s: key type %s not in HostbasedAcceptedKeyTypes",
__func__, sshkey_type(key));
goto done;
-/* $OpenBSD: auth2-pubkey.c,v 1.48 2015/05/01 03:23:51 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.49 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
logit("refusing previously-used %s key", key_type(key));
goto done;
}
- if (match_pattern_list(sshkey_ssh_name(key), options.pubkey_key_types,
- strlen(options.pubkey_key_types), 0) != 1) {
+ if (match_pattern_list(sshkey_ssh_name(key),
+ options.pubkey_key_types, 0) != 1) {
logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
__func__, sshkey_ssh_name(key));
goto done;
-/* $OpenBSD: clientloop.c,v 1.272 2015/02/25 19:54:02 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.273 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
/* Check that the key is accepted in HostkeyAlgorithms */
if (options.hostkeyalgorithms != NULL &&
match_pattern_list(sshkey_ssh_name(key),
- options.hostkeyalgorithms,
- strlen(options.hostkeyalgorithms), 0) != 1) {
+ options.hostkeyalgorithms, 0) != 1) {
debug3("%s: %s key not permitted by HostkeyAlgorithms",
__func__, sshkey_ssh_name(key));
continue;
-/* $OpenBSD: compat.c,v 1.90 2015/04/13 02:04:08 djm Exp $ */
+/* $OpenBSD: compat.c,v 1.91 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
/* process table, return first match */
for (i = 0; check[i].pat; i++) {
- if (match_pattern_list(version, check[i].pat,
- strlen(check[i].pat), 0) == 1) {
+ if (match_pattern_list(version, check[i].pat, 0) == 1) {
debug("match: %s pat %s compat 0x%08x",
version, check[i].pat, check[i].bugs);
datafellows = check[i].bugs; /* XXX for now */
buffer_init(&b);
tmp = orig_prop = xstrdup(proposal);
while ((cp = strsep(&tmp, ",")) != NULL) {
- if (match_pattern_list(cp, filter, strlen(cp), 0) != 1) {
+ if (match_pattern_list(cp, filter, 0) != 1) {
if (buffer_len(&b) > 0)
buffer_append(&b, ",", 1);
buffer_append(&b, cp, strlen(cp));
-/* $OpenBSD: groupaccess.c,v 1.15 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: groupaccess.c,v 1.16 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 2001 Kevin Steves. All rights reserved.
*
ga_match_pattern_list(const char *group_pattern)
{
int i, found = 0;
- size_t len = strlen(group_pattern);
for (i = 0; i < ngroups; i++) {
- switch (match_pattern_list(groups_byname[i],
- group_pattern, len, 0)) {
+ switch (match_pattern_list(groups_byname[i], group_pattern, 0)) {
case -1:
return 0; /* Negated match wins */
case 0:
-/* $OpenBSD: hostfile.c,v 1.65 2015/03/31 22:57:06 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.66 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
return nlen == strlen(hashed_host) &&
strncmp(hashed_host, names, nlen) == 0;
}
- return match_hostname(host, names, nlen) == 1;
+ return match_hostname(host, names) == 1;
}
int
-/* $OpenBSD: match.c,v 1.29 2013/11/20 20:54:10 deraadt Exp $ */
+/* $OpenBSD: match.c,v 1.30 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* indicate negation). Returns -1 if negation matches, 1 if there is
* a positive match, 0 if there is no match at all.
*/
-
int
-match_pattern_list(const char *string, const char *pattern, u_int len,
- int dolower)
+match_pattern_list(const char *string, const char *pattern, int dolower)
{
char sub[1024];
int negated;
int got_positive;
- u_int i, subi;
+ u_int i, subi, len = strlen(pattern);
got_positive = 0;
for (i = 0; i < len;) {
* a positive match, 0 if there is no match at all.
*/
int
-match_hostname(const char *host, const char *pattern, u_int len)
+match_hostname(const char *host, const char *pattern)
{
- return match_pattern_list(host, pattern, len, 1);
+ return match_pattern_list(host, pattern, 1);
}
/*
return 0;
/* negative hostname match */
- if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)
+ if ((mhost = match_hostname(host, patterns)) == -1)
return 0;
/* no match at all */
if (mhost == 0 && mip == 0)
-/* $OpenBSD: match.h,v 1.15 2010/02/26 20:29:54 djm Exp $ */
+/* $OpenBSD: match.h,v 1.16 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
#define MATCH_H
int match_pattern(const char *, const char *);
-int match_pattern_list(const char *, const char *, u_int, int);
-int match_hostname(const char *, const char *, u_int);
+int match_pattern_list(const char *, const char *, int);
+int match_hostname(const char *, const char *);
int match_host_and_ip(const char *, const char *, const char *);
int match_user(const char *, const char *, const char *, const char *);
char *match_list(const char *, const char *, u_int *);
-/* $OpenBSD: monitor.c,v 1.148 2015/05/01 03:23:51 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.149 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
allowed = options.pubkey_authentication &&
!auth2_userkey_already_used(authctxt, key) &&
match_pattern_list(sshkey_ssh_name(key),
- options.pubkey_key_types,
- strlen(options.pubkey_key_types), 0) == 1 &&
+ options.pubkey_key_types, 0) == 1 &&
user_key_allowed(authctxt->pw, key,
pubkey_auth_attempt);
pubkey_auth_info(authctxt, key, NULL);
case MM_HOSTKEY:
allowed = options.hostbased_authentication &&
match_pattern_list(sshkey_ssh_name(key),
- options.hostbased_key_types,
- strlen(options.hostbased_key_types), 0) == 1 &&
+ options.hostbased_key_types, 0) == 1 &&
hostbased_key_allowed(authctxt->pw,
cuser, chost, key);
pubkey_auth_info(authctxt, key,
-/* $OpenBSD: readconf.c,v 1.234 2015/04/24 01:36:00 deraadt Exp $ */
+/* $OpenBSD: readconf.c,v 1.235 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
char *arg, *oattrib, *attrib, *cmd, *cp = *condition, *host, *criteria;
const char *ruser;
int r, port, this_result, result = 1, attributes = 0, negate;
- size_t len;
char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
/*
result = -1;
goto out;
}
- len = strlen(arg);
if (strcasecmp(attrib, "host") == 0) {
criteria = xstrdup(host);
- r = match_hostname(host, arg, len) == 1;
+ r = match_hostname(host, arg) == 1;
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "originalhost") == 0) {
criteria = xstrdup(original_host);
- r = match_hostname(original_host, arg, len) == 1;
+ r = match_hostname(original_host, arg) == 1;
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "user") == 0) {
criteria = xstrdup(ruser);
- r = match_pattern_list(ruser, arg, len, 0) == 1;
+ r = match_pattern_list(ruser, arg, 0) == 1;
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "localuser") == 0) {
criteria = xstrdup(pw->pw_name);
- r = match_pattern_list(pw->pw_name, arg, len, 0) == 1;
+ r = match_pattern_list(pw->pw_name, arg, 0) == 1;
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "exec") == 0) {
for (i = 0; keywords[i].name; i++)
if (strcmp(cp, keywords[i].name) == 0)
return keywords[i].opcode;
- if (ignored_unknown != NULL && match_pattern_list(cp, ignored_unknown,
- strlen(ignored_unknown), 1) == 1)
+ if (ignored_unknown != NULL &&
+ match_pattern_list(cp, ignored_unknown, 1) == 1)
return oIgnoredUnknownOption;
error("%s: line %d: Bad configuration option: %s",
filename, linenum, cp);
-/* $OpenBSD: servconf.c,v 1.268 2015/05/01 07:08:08 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.269 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
{
int result = 1, attributes = 0, port;
char *arg, *attrib, *cp = *condition;
- size_t len;
if (ci == NULL)
debug3("checking syntax for 'Match %s'", cp);
error("Missing Match criteria for %s", attrib);
return -1;
}
- len = strlen(arg);
if (strcasecmp(attrib, "user") == 0) {
if (ci == NULL || ci->user == NULL) {
result = 0;
continue;
}
- if (match_pattern_list(ci->user, arg, len, 0) != 1)
+ if (match_pattern_list(ci->user, arg, 0) != 1)
result = 0;
else
debug("user %.100s matched 'User %.100s' at "
result = 0;
continue;
}
- if (match_hostname(ci->host, arg, len) != 1)
+ if (match_hostname(ci->host, arg) != 1)
result = 0;
else
debug("connection from %.100s matched 'Host "
-/* $OpenBSD: ssh.c,v 1.417 2015/04/17 13:16:48 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.418 2015/05/04 06:10:48 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname);
for (i = 0; i < options.num_permitted_cnames; i++) {
rule = options.permitted_cnames + i;
- if (match_pattern_list(*namep, rule->source_list,
- strlen(rule->source_list), 1) != 1 ||
- match_pattern_list(cname, rule->target_list,
- strlen(rule->target_list), 1) != 1)
+ if (match_pattern_list(*namep, rule->source_list, 1) != 1 ||
+ match_pattern_list(cname, rule->target_list, 1) != 1)
continue;
verbose("Canonicalized DNS aliased hostname "
"\"%s\" => \"%s\"", *namep, cname);
-/* $OpenBSD: sshconnect2.c,v 1.223 2015/01/30 11:43:14 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.224 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
continue;
if (match_pattern_list(
sshkey_ssh_name(authctxt->sensitive->keys[i]),
- authctxt->active_ktype,
- strlen(authctxt->active_ktype), 0) != 1)
+ authctxt->active_ktype, 0) != 1)
continue;
/* we take and free the key */
private = authctxt->sensitive->keys[i];
-/* $OpenBSD: sshkey.c,v 1.16 2015/04/03 22:17:27 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.17 2015/05/04 06:10:48 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
if (kt->type == KEY_RSA1)
continue;
if (match_pattern_list(kt->name,
- p, strlen(p), 0) != 0)
+ p, 0) != 0)
break;
}
if (kt->type != -1)
projects / openbsd / commitdiff