RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: fix bug in PermitRemoteOpen which caused it to ignore its 

first argument unless it was one of the special keywords "any" or "none".

Reported by Georges Chaudy in bz3515; ok dtucker@

OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5
This commit is contained in:
djm@openbsd.org 2023-01-02 07:03:30 +00:00 committed by Darren Tucker
parent 0872663a7b
commit b3daa8dc58
No known key found for this signature in database
1 changed files with 33 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
readconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.370 2022/11/28 01:37:36 djm Exp $ */ /* $OpenBSD: readconf.c,v 1.371 2023/01/02 07:03:30 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1568,21 +1568,20 @@ parse_pubkey_algos:
case oPermitRemoteOpen: case oPermitRemoteOpen:
uintptr = &options->num_permitted_remote_opens; uintptr = &options->num_permitted_remote_opens;
cppptr = &options->permitted_remote_opens; cppptr = &options->permitted_remote_opens;
arg = argv_next(&ac, &av);
if (!arg || *arg == '\0')
fatal("%s line %d: missing %s specification",
filename, linenum, lookup_opcode_name(opcode));
uvalue = *uintptr; /* modified later */ uvalue = *uintptr; /* modified later */
if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { i = 0;
if (*activep && uvalue == 0) {
*uintptr = 1;
*cppptr = xcalloc(1, sizeof(**cppptr));
(*cppptr)[0] = xstrdup(arg);
}
break;
}
while ((arg = argv_next(&ac, &av)) != NULL) { while ((arg = argv_next(&ac, &av)) != NULL) {
arg2 = xstrdup(arg); arg2 = xstrdup(arg);
/* Allow any/none only in first position */
if (strcasecmp(arg, "none") == 0 ||
strcasecmp(arg, "any") == 0) {
if (i > 0 || ac > 0) {
error("%s line %d: keyword %s \"%s\" "
"argument must appear alone.",
filename, linenum, keyword, arg);
goto out;
}
} else {
p = hpdelim(&arg); p = hpdelim(&arg);
if (p == NULL) { if (p == NULL) {
fatal("%s line %d: missing host in %s", fatal("%s line %d: missing host in %s",
@ -1594,19 +1593,24 @@ parse_pubkey_algos:
* don't want to use permitopen_port to avoid * don't want to use permitopen_port to avoid
* dependency on channels.[ch] here. * dependency on channels.[ch] here.
*/ */
if (arg == NULL || if (arg == NULL || (strcmp(arg, "*") != 0 &&
(strcmp(arg, "*") != 0 && a2port(arg) <= 0)) { a2port(arg) <= 0)) {
fatal("%s line %d: bad port number in %s", fatal("%s line %d: bad port number "
filename, linenum, "in %s", filename, linenum,
lookup_opcode_name(opcode)); lookup_opcode_name(opcode));
} }
}
if (*activep && uvalue == 0) { if (*activep && uvalue == 0) {
opt_array_append(filename, linenum, opt_array_append(filename, linenum,
lookup_opcode_name(opcode), lookup_opcode_name(opcode),
cppptr, uintptr, arg2); cppptr, uintptr, arg2);
} }
free(arg2); free(arg2);
i++;
} }
if (i == 0)
fatal("%s line %d: missing %s specification",
filename, linenum, lookup_opcode_name(opcode));
break; break;
case oClearAllForwardings: case oClearAllForwardings: