From nobody Wed Feb 08 21:06:33 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PBsxQ604tz3pKTF; Wed, 8 Feb 2023 21:06:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PBsxQ0v5Mz3klZ; Wed, 8 Feb 2023 21:06:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675890394; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5nflelcDnHpPx9cmhcLXOYZTZQ1fnB3g8+mLuHk4cr8=; b=esWvMvvB6OlADi+ZjwRwVAbpiFYjHddrDVUQe5XUqoiPod2N+oPwGy4pGqUNkVv8CMrvJK Y3F3/mUM+X2a7PnKDp2EYJ+mpj85VtAhmqvx0PyCfcwTmsoehVmWgLZpyoGs2MWVwRIrH0 gDb40rtA/lTGDHcYrHkwWMxLHwSOj9R/e+MTwnneTjh7G2Nl7FJxp0zzUlwXZePQ6pjwmW +69az89+Kp9I5vdkjhcAftioE2loTKgyZrlNox/7HIsL09iPiR2PUZnWXFfZsPZ3+YDYp0 q3UJqADrTA+G//aWR+3zEKYED1T/lEVbpGfweOzNj5VuOG/yrVVmGQy7rhjfSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675890394; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5nflelcDnHpPx9cmhcLXOYZTZQ1fnB3g8+mLuHk4cr8=; b=mnNIn88cbNB5gTXmIC9/ciUsOFdWxDzswieXUTKS6Bqkv/C+ph7g/CPLFa8NxI/QN6GfY7 yQUQSDYNDfw+nm6B9kcq3raAl3TfaSgZkem7D7KCgOckL9gxOukj42pgjbeSFqiaI6ezr/ +qSUHjuAGwoiWUvuiXzjBzlMyPGcQbtZk7B//t1Nz9sAwFCtKdcS7yCr98cXKlmhBYthjF C5D02usP8l/JGKJtVyPdoDI5BozfX7xxQsE46Drm5fnZmL1y1aRl43m62ilvn9oeXad2rQ CMY1on+QnTy8tI9SzGYztVXlON8dZzerQRjccpoCzxiJpR8s2fa/aNgMR8SDMA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675890394; a=rsa-sha256; cv=none; b=oDd6eUAxkcQnC4n5N8502r8L4OnfAhavMEevFGyOUwH6hl20FtDRCas5Lyh+RY6hq4X5uV t/EKDp/EifXEdq3caV+12R8Z6oHdzL5LRosgbA57akmjpG2R5aIJTmVT+smJMrT6EtW6ym SYyVkooFwX64jx+v3R4MmvMwyrnhBsq9PI7aGprzF6fVArSDYS+GwhYEpP/0RTEX+GA/9j ZivdfdeLoXJ9eEfzQzEW9sqTyBmXpNpDI13bQHrFc5Nbx4WMs/RgGH77BJO0Uvd5XENTiG rF5SLpIiOeodZc4IYH+2S1pNi5FsLq7V/WqzuN6JQkpNJgIk4iUiyXF3ClhDAw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PBsxP4N5Fz1BM0; Wed, 8 Feb 2023 21:06:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 318L6X1a068117; Wed, 8 Feb 2023 21:06:33 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 318L6XAx068116; Wed, 8 Feb 2023 21:06:33 GMT (envelope-from git) Date: Wed, 8 Feb 2023 21:06:33 GMT Message-Id: <202302082106.318L6XAx068116@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 6cf3164ff3d8 - stable/12 - ssh: Be more paranoid with host/domain names coming from the List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 6cf3164ff3d838e13dc0d4de583380245057fec6 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=6cf3164ff3d838e13dc0d4de583380245057fec6 commit 6cf3164ff3d838e13dc0d4de583380245057fec6 Author: Ed Maste AuthorDate: 2023-02-06 16:45:52 +0000 Commit: Ed Maste CommitDate: 2023-02-08 21:06:23 +0000 ssh: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters. Obtained from: OpenSSH-portable commit 445363433ba2 Obtained from: OpenSSH-portable commit 3cae9f92a318 Sponsored by: The FreeBSD Foundation (cherry picked from commit 2e828220579e3ada74ed0613871ec6ec61d669ba) (cherry picked from commit 6ad91c17b0555f0d28377f66fb9f7c8b4cee2b06) --- crypto/openssh/ssh.c | 8 ++++++-- crypto/openssh/sshconnect.c | 15 +++++++++++++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c index 8ae20441205e..c5a4326bd1c6 100644 --- a/crypto/openssh/ssh.c +++ b/crypto/openssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.576 2022/09/17 10:33:18 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.579 2022/10/24 22:43:36 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -252,6 +252,7 @@ static struct addrinfo * resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) { char strport[NI_MAXSERV]; + const char *errstr = NULL; struct addrinfo hints, *res; int gaierr; LogLevel loglevel = SYSLOG_LEVEL_DEBUG1; @@ -277,7 +278,10 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) return NULL; } if (cname != NULL && res->ai_canonname != NULL) { - if (strlcpy(cname, res->ai_canonname, clen) >= clen) { + if (!valid_domain(res->ai_canonname, 0, &errstr)) { + error("ignoring bad CNAME \"%s\" for host \"%s\": %s", + res->ai_canonname, name, errstr); + } else if (strlcpy(cname, res->ai_canonname, clen) >= clen) { error_f("host \"%s\" cname \"%s\" too long (max %lu)", name, res->ai_canonname, (u_long)clen); if (clen > 0) diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c index 76b85452bfa6..cebe110b9888 100644 --- a/crypto/openssh/sshconnect.c +++ b/crypto/openssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.358 2022/08/26 08:16:27 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.360 2022/11/03 21:59:20 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -936,7 +936,7 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, char *ip = NULL, *host = NULL; char hostline[1000], *hostp, *fp, *ra; char msg[1024]; - const char *type, *fail_reason; + const char *type, *fail_reason = NULL; const struct hostkey_entry *host_found = NULL, *ip_found = NULL; int len, cancelled_forwarding = 0, confirmed; int local = sockaddr_is_local(hostaddr); @@ -961,6 +961,17 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, return 0; } + /* + * Don't ever try to write an invalid name to a known hosts file. + * Note: do this before get_hostfile_hostname_ipaddr() to catch + * '[' or ']' in the name before they are added. + */ + if (strcspn(hostname, "@?*#[]|'\'\"\\") != strlen(hostname)) { + debug_f("invalid hostname \"%s\"; will not record: %s", + hostname, fail_reason); + readonly = RDONLY; + } + /* * Prepare the hostname and address strings used for hostkey lookup. * In some cases, these will have a port number appended.