From nobody Wed Feb 8 21:05:53 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PBswd5FF5z3pKNH; Wed, 8 Feb 2023 21:05:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PBswd4b4Hz3jfx; Wed, 8 Feb 2023 21:05:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675890353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DhKm/ClBnwRrVTYQJZIJ6/2XEag/3O3me1Uw+CZRUcQ=; b=Hn5+JOGM2sLx8X0jFJG4JO+PxHnJLBKhbGktr2Lc+A8l40/gAz8yz+S5UTvHeCqhKeWdup NenBCHa1B9sikZxI2CcSp2w5ZSFapsVIfW9HdV9BDMS3CFlbigVTODcE9YBKW2v6DyivZ+ 4BzVlQM2n18FID6VpXk+0mAmrNOfifYhwSI1UFNSA1KJDRZ8kLqtUuq/2aczy2DQHhsZhi 8ZmlYwbcVTJyUrpIOBTFhNC2V9+a6W6XE1S5qXLjIZ+PCycFjecMYYuyXb4q74jjoskaDJ sKIJ0wxipgARKHgOXru0sCqGfl5dbLifri5ub17snL/+lNAkHCmYL9YC5PMK8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675890353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DhKm/ClBnwRrVTYQJZIJ6/2XEag/3O3me1Uw+CZRUcQ=; b=clEClJKplRk4esZBZ948mrWbzKvUFyeHXIQhF2Sb0I4+yBgm6RaJKI80mzZixadcews/zJ e36RpmOzvPQNOUgOgnQDo0R2nBEVIS7lKubyd5hx0ceWPw0H4tbf+Ici79XPIvDcKjaS1p xvX8ZE6coLrdLx3iDqpX+2TR11MqTvPQXpsJw9fiGG+UDd65ZwX7eDp2S9JPwQT2aB2iGH q2jzDhnHruY19TFWRd2ELabEBemX896LaHuCeeHl96UCMRVUnif0QGyX6C0URMo3t/Rx4N a023vpLgGidPpjWEX4BCJJVdlD+BdSUbh/R4A2DKDthufwRG3v0nzESQ9RXU8Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675890353; a=rsa-sha256; cv=none; b=yU8GAhYBgLUvNh75Si9T77hmcdMHyZo6GqbBv7N84ifw8ykXshVmkDy0mDEKFeLCWs93w2 nwf5llwjwHorm0jJqZFqQEO98KW1GpQG1LthPaw3R/4DTABlaPnup3EsLcEfqyWASM7jXe AMBr/RMNMzNstMWKqGkdYr4v8kHrJEP9O+s4SkonFIyt29V23UmZ35YhW0tO7t01F5ACQ7 Er8LxOj6FRB9PYhGVnW8yp1d6uU+vOOGjmVQojEanSDwm6I9DUbiQsXenx/q2YadW2/Inz JjRTAafzrNHK9Dhcu2SDWexyGMyJyKlXucKCsNleYAxBeW3ei0GtLcMJQ7/LfQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PBswd3dlQz1BLw; Wed, 8 Feb 2023 21:05:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 318L5rOP067874; Wed, 8 Feb 2023 21:05:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 318L5rxA067873; Wed, 8 Feb 2023 21:05:53 GMT (envelope-from git) Date: Wed, 8 Feb 2023 21:05:53 GMT Message-Id: <202302082105.318L5rxA067873@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 6ad91c17b055 - stable/13 - ssh: Be more paranoid with host/domain names coming from the List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 6ad91c17b0555f0d28377f66fb9f7c8b4cee2b06 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=6ad91c17b0555f0d28377f66fb9f7c8b4cee2b06 commit 6ad91c17b0555f0d28377f66fb9f7c8b4cee2b06 Author: Ed Maste AuthorDate: 2023-02-06 16:45:52 +0000 Commit: Ed Maste CommitDate: 2023-02-08 21:04:36 +0000 ssh: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters. Obtained from: OpenSSH-portable commit 445363433ba2 Obtained from: OpenSSH-portable commit 3cae9f92a318 Sponsored by: The FreeBSD Foundation (cherry picked from commit 2e828220579e3ada74ed0613871ec6ec61d669ba) --- crypto/openssh/ssh.c | 8 ++++++-- crypto/openssh/sshconnect.c | 15 +++++++++++++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c index 0c96f68bd8ae..549686b7798f 100644 --- a/crypto/openssh/ssh.c +++ b/crypto/openssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.576 2022/09/17 10:33:18 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.579 2022/10/24 22:43:36 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -251,6 +251,7 @@ static struct addrinfo * resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) { char strport[NI_MAXSERV]; + const char *errstr = NULL; struct addrinfo hints, *res; int gaierr; LogLevel loglevel = SYSLOG_LEVEL_DEBUG1; @@ -276,7 +277,10 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) return NULL; } if (cname != NULL && res->ai_canonname != NULL) { - if (strlcpy(cname, res->ai_canonname, clen) >= clen) { + if (!valid_domain(res->ai_canonname, 0, &errstr)) { + error("ignoring bad CNAME \"%s\" for host \"%s\": %s", + res->ai_canonname, name, errstr); + } else if (strlcpy(cname, res->ai_canonname, clen) >= clen) { error_f("host \"%s\" cname \"%s\" too long (max %lu)", name, res->ai_canonname, (u_long)clen); if (clen > 0) diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c index eb5353e2d408..b44518d7acc7 100644 --- a/crypto/openssh/sshconnect.c +++ b/crypto/openssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.358 2022/08/26 08:16:27 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.360 2022/11/03 21:59:20 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -935,7 +935,7 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, char *ip = NULL, *host = NULL; char hostline[1000], *hostp, *fp, *ra; char msg[1024]; - const char *type, *fail_reason; + const char *type, *fail_reason = NULL; const struct hostkey_entry *host_found = NULL, *ip_found = NULL; int len, cancelled_forwarding = 0, confirmed; int local = sockaddr_is_local(hostaddr); @@ -960,6 +960,17 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, return 0; } + /* + * Don't ever try to write an invalid name to a known hosts file. + * Note: do this before get_hostfile_hostname_ipaddr() to catch + * '[' or ']' in the name before they are added. + */ + if (strcspn(hostname, "@?*#[]|'\'\"\\") != strlen(hostname)) { + debug_f("invalid hostname \"%s\"; will not record: %s", + hostname, fail_reason); + readonly = RDONLY; + } + /* * Prepare the hostname and address strings used for hostkey lookup. * In some cases, these will have a port number appended.