From 3f9c2815a4b230d9f4f263cadb40d624ff322199 Mon Sep 17 00:00:00 2001 From: markus Date: Wed, 31 May 2017 10:54:00 +0000 Subject: [PATCH] make sure we don't pass a NULL string to vfprintf (triggered by the principals-command regress test); ok bluhm --- usr.bin/ssh/auth-options.c | 5 +++-- usr.bin/ssh/auth-options.h | 4 ++-- usr.bin/ssh/auth2-pubkey.c | 9 ++++----- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/usr.bin/ssh/auth-options.c b/usr.bin/ssh/auth-options.c index 6e33bbd192f..51d30b3ada4 100644 --- a/usr.bin/ssh/auth-options.c +++ b/usr.bin/ssh/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.72 2016/11/30 02:57:40 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.73 2017/05/31 10:54:00 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -116,7 +116,8 @@ match_flag(const char *opt, int allow_negate, char **optsp, const char *msg) * side effect: sets key option flags */ int -auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) +auth_parse_options(struct passwd *pw, char *opts, const char *file, + u_long linenum) { struct ssh *ssh = active_state; /* XXX */ const char *cp; diff --git a/usr.bin/ssh/auth-options.h b/usr.bin/ssh/auth-options.h index 52cbb42aaf8..547f016355a 100644 --- a/usr.bin/ssh/auth-options.h +++ b/usr.bin/ssh/auth-options.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.h,v 1.22 2016/11/30 02:57:40 djm Exp $ */ +/* $OpenBSD: auth-options.h,v 1.23 2017/05/31 10:54:00 markus Exp $ */ /* * Author: Tatu Ylonen @@ -33,7 +33,7 @@ extern int forced_tun_device; extern int key_is_cert_authority; extern char *authorized_principals; -int auth_parse_options(struct passwd *, char *, char *, u_long); +int auth_parse_options(struct passwd *, char *, const char *, u_long); void auth_clear_options(void); int auth_cert_options(struct sshkey *, struct passwd *, const char **); diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c index a0def36b9e4..67837293554 100644 --- a/usr.bin/ssh/auth2-pubkey.c +++ b/usr.bin/ssh/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.66 2017/05/31 09:15:42 deraadt Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.67 2017/05/31 10:54:00 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -584,7 +584,7 @@ match_principals_option(const char *principal_list, struct sshkey_cert *cert) } static int -process_principals(FILE *f, char *file, struct passwd *pw, +process_principals(FILE *f, const char *file, struct passwd *pw, const struct sshkey_cert *cert) { char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; @@ -622,8 +622,7 @@ process_principals(FILE *f, char *file, struct passwd *pw, for (i = 0; i < cert->nprincipals; i++) { if (strcmp(cp, cert->principals[i]) == 0) { debug3("%s:%lu: matched principal \"%.100s\"", - file == NULL ? "(command)" : file, - linenum, cert->principals[i]); + file, linenum, cert->principals[i]); if (auth_parse_options(pw, line_opts, file, linenum) != 1) continue; @@ -754,7 +753,7 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key) uid_swapped = 1; temporarily_use_uid(pw); - ok = process_principals(f, NULL, pw, cert); + ok = process_principals(f, "(command)", pw, cert); fclose(f); f = NULL; -- 2.20.1