diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2022-10-28 02:29:34 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2022-10-28 13:39:35 +1100 |
| commit | 1192588546c29ceec10775125f396555ea71850f (patch) | |
| tree | 72e61525bc48f50d8854a5d65668e966cb1e8ab2 /ssh-keyscan.c | |
| parent | 64af4209309461c79c39eda2d13f9d77816c6398 (diff) | |
| download | openssh-git-1192588546c29ceec10775125f396555ea71850f.tar.gz | |
upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.
ssh-keyscan 192.168.0.0/24
If a CIDR range is passed, then it will be expanded to all possible
addresses in the range including the all-0s and all-1s addresses.
bz#976 feedback/ok markus@
OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
Diffstat (limited to 'ssh-keyscan.c')
| -rw-r--r-- | ssh-keyscan.c | 43 |
1 files changed, 40 insertions, 3 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index d7283136..a8ab932b 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.146 2022/08/19 04:02:46 dtucker Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.147 2022/10/28 02:29:34 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * @@ -52,6 +52,7 @@ #include "ssherr.h" #include "ssh_api.h" #include "dns.h" +#include "addr.h" /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. Default value is AF_UNSPEC means both IPv4 and IPv6. */ @@ -384,7 +385,7 @@ tcpconnect(char *host) } static int -conalloc(char *iname, char *oname, int keytype) +conalloc(const char *iname, const char *oname, int keytype) { char *namebase, *name, *namelist; int s; @@ -629,7 +630,7 @@ conloop(void) } static void -do_host(char *host) +do_one_host(char *host) { char *name = strnnsep(&host, " \t\n"); int j; @@ -645,6 +646,42 @@ do_host(char *host) } } +static void +do_host(char *host) +{ + char daddr[128]; + struct xaddr addr, end_addr; + u_int masklen; + + if (host == NULL) + return; + if (addr_pton_cidr(host, &addr, &masklen) != 0) { + /* Assume argument is a hostname */ + do_one_host(host); + } else { + /* Argument is a CIDR range */ + debug("CIDR range %s", host); + end_addr = addr; + if (addr_host_to_all1s(&end_addr, masklen) != 0) + goto badaddr; + /* + * Note: we deliberately include the all-zero/ones addresses. + */ + for (;;) { + if (addr_ntop(&addr, daddr, sizeof(daddr)) != 0) { + badaddr: + error("Invalid address %s", host); + return; + } + debug("CIDR expand: address %s", daddr); + do_one_host(daddr); + if (addr_cmp(&addr, &end_addr) == 0) + break; + addr_increment(&addr); + }; + } +} + void sshfatal(const char *file, const char *func, int line, int showfunc, LogLevel level, const char *suffix, const char *fmt, ...) |