RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

make sure we don't pass a NULL string to vfprintf
(triggered by the principals-command regress test); ok bluhm

Upstream-ID: eb49854f274ab37a0b57056a6af379a0b7111990
This commit is contained in:
markus@openbsd.org 2017-05-31 10:54:00 +00:00 committed by Damien Miller
parent 84008608c9
commit 75b8af8de8
3 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
auth-options.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-options.c,v 1.72 2016/11/30 02:57:40 djm Exp $ */ /* $OpenBSD: auth-options.c,v 1.73 2017/05/31 10:54:00 markus Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -119,7 +119,8 @@ match_flag(const char *opt, int allow_negate, char **optsp, const char *msg)
* side effect: sets key option flags * side effect: sets key option flags
*/ */
int int
auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) auth_parse_options(struct passwd *pw, char *opts, const char *file,
u_long linenum)
{ {
struct ssh *ssh = active_state; /* XXX */ struct ssh *ssh = active_state; /* XXX */
const char *cp; const char *cp;

4
auth-options.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-options.h,v 1.22 2016/11/30 02:57:40 djm Exp $ */ /* $OpenBSD: auth-options.h,v 1.23 2017/05/31 10:54:00 markus Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -33,7 +33,7 @@ extern int forced_tun_device;
extern int key_is_cert_authority; extern int key_is_cert_authority;
extern char *authorized_principals; extern char *authorized_principals;
int auth_parse_options(struct passwd *, char *, char *, u_long); int auth_parse_options(struct passwd *, char *, const char *, u_long);
void auth_clear_options(void); void auth_clear_options(void);
int auth_cert_options(struct sshkey *, struct passwd *, const char **); int auth_cert_options(struct sshkey *, struct passwd *, const char **);

9
auth2-pubkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-pubkey.c,v 1.66 2017/05/31 09:15:42 deraadt Exp $ */ /* $OpenBSD: auth2-pubkey.c,v 1.67 2017/05/31 10:54:00 markus Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -587,7 +587,7 @@ match_principals_option(const char *principal_list, struct sshkey_cert *cert)
} }
static int static int
process_principals(FILE *f, char *file, struct passwd *pw, process_principals(FILE *f, const char *file, struct passwd *pw,
const struct sshkey_cert *cert) const struct sshkey_cert *cert)
{ {
char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts;
@ -625,8 +625,7 @@ process_principals(FILE *f, char *file, struct passwd *pw,
for (i = 0; i < cert->nprincipals; i++) { for (i = 0; i < cert->nprincipals; i++) {
if (strcmp(cp, cert->principals[i]) == 0) { if (strcmp(cp, cert->principals[i]) == 0) {
debug3("%s:%lu: matched principal \"%.100s\"", debug3("%s:%lu: matched principal \"%.100s\"",
file == NULL ? "(command)" : file, file, linenum, cert->principals[i]);
linenum, cert->principals[i]);
if (auth_parse_options(pw, line_opts, if (auth_parse_options(pw, line_opts,
file, linenum) != 1) file, linenum) != 1)
continue; continue;
@ -757,7 +756,7 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key)
uid_swapped = 1; uid_swapped = 1;
temporarily_use_uid(pw); temporarily_use_uid(pw);
ok = process_principals(f, NULL, pw, cert); ok = process_principals(f, "(command)", pw, cert);
fclose(f); fclose(f);
f = NULL; f = NULL;