replace recently-added valid_domain() check for hostnames going to

known_hosts with a more relaxed check for bad characters; previous
commit broke address literals. Reported by/feedback from florian@

diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index cd4f0cc..f5bdd35 100644 (file)
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.359 2022/10/24 22:43:36 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.360 2022/11/03 21:59:20 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -922,6 +922,17 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
                return 0;
        }
 
+       /*
+        * Don't ever try to write an invalid name to a known hosts file.
+        * Note: do this before get_hostfile_hostname_ipaddr() to catch
+        * '[' or ']' in the name before they are added.
+        */
+       if (strcspn(hostname, "@?*#[]|'\'\"\\") != strlen(hostname)) {
+               debug_f("invalid hostname \"%s\"; will not record: %s",
+                   hostname, fail_reason);
+               readonly = RDONLY;
+       }
+
        /*
         * Prepare the hostname and address strings used for hostkey lookup.
         * In some cases, these will have a port number appended.
@@ -980,13 +991,6 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
            (host_found != NULL && host_found->note != 0)))
                readonly = RDONLY;
 
-       /* Don't ever try to write an invalid name to a known hosts file */
-       if (!valid_domain(hostname, 0, &fail_reason)) {
-               debug_f("invalid hostname \"%s\"; will not record: %s",
-                   hostname, fail_reason);
-               readonly = RDONLY;
-       }
-
        /*
         * Also perform check for the ip address, skip the check if we are
         * localhost, looking for a certificate, or the hostname was an ip