From 0993bba02a4ab19a1c5a86a8130511dc1d662233 Mon Sep 17 00:00:00 2001 From: djm Date: Wed, 23 Feb 2022 11:15:57 +0000 Subject: [PATCH] use asprintf to construct .rhosts paths --- usr.bin/ssh/auth-rhosts.c | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/usr.bin/ssh/auth-rhosts.c b/usr.bin/ssh/auth-rhosts.c index 999703c77d4..2fe709cd334 100644 --- a/usr.bin/ssh/auth-rhosts.c +++ b/usr.bin/ssh/auth-rhosts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.54 2022/02/01 23:32:51 djm Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.55 2022/02/23 11:15:57 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -30,6 +30,7 @@ #include "pathnames.h" #include "log.h" #include "misc.h" +#include "xmalloc.h" #include "sshbuf.h" #include "sshkey.h" #include "servconf.h" @@ -185,12 +186,13 @@ int auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, const char *ipaddr) { - char buf[1024]; + char *path = NULL; struct stat st; static const char * const rhosts_files[] = {".shosts", ".rhosts", NULL}; u_int rhosts_file_index; + int r; - debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s", + debug2_f("clientuser %s hostname %s ipaddr %s", client_user, hostname, ipaddr); /* Switch to the user's uid. */ @@ -204,9 +206,11 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; rhosts_file_index++) { /* Check users .rhosts or .shosts. */ - snprintf(buf, sizeof buf, "%.500s/%.100s", - pw->pw_dir, rhosts_files[rhosts_file_index]); - if (stat(buf, &st) >= 0) + xasprintf(&path, "%s/%s", + pw->pw_dir, rhosts_files[rhosts_file_index]); + r = stat(path, &st); + free(path); + if (r >= 0) break; } /* Switch back to privileged uid. */ @@ -271,10 +275,12 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; rhosts_file_index++) { /* Check users .rhosts or .shosts. */ - snprintf(buf, sizeof buf, "%.500s/%.100s", - pw->pw_dir, rhosts_files[rhosts_file_index]); - if (stat(buf, &st) == -1) + xasprintf(&path, "%s/%s", + pw->pw_dir, rhosts_files[rhosts_file_index]); + if (stat(path, &st) == -1) { + free(path); continue; + } /* * Make sure that the file is either owned by the user or by @@ -285,9 +291,10 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, if (options.strict_modes && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || (st.st_mode & 022) != 0)) { - logit("Rhosts authentication refused for %.100s: bad modes for %.200s", - pw->pw_name, buf); - auth_debug_add("Bad file modes for %.200s", buf); + logit("Rhosts authentication refused for %.100s: " + "bad modes for %.200s", pw->pw_name, path); + auth_debug_add("Bad file modes for %.200s", path); + free(path); continue; } /* @@ -299,10 +306,11 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, strcmp(rhosts_files[rhosts_file_index], ".shosts") != 0)) { auth_debug_add("Server has been configured to " "ignore %.100s.", rhosts_files[rhosts_file_index]); + free(path); continue; } /* Check if authentication is permitted by the file. */ - if (check_rhosts_file(buf, hostname, ipaddr, + if (check_rhosts_file(path, hostname, ipaddr, client_user, pw->pw_name)) { auth_debug_add("Accepted by %.100s.", rhosts_files[rhosts_file_index]); @@ -311,8 +319,10 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, auth_debug_add("Accepted host %s ip %s client_user " "%s server_user %s", hostname, ipaddr, client_user, pw->pw_name); + free(path); return 1; } + free(path); } /* Restore the privileged uid. */ -- 2.20.1