summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--auth-rsa.c10
-rw-r--r--auth2-pubkey.c9
-rw-r--r--authfile.c9
-rw-r--r--misc.c25
-rw-r--r--misc.h3
-rw-r--r--ssh.h9
-rw-r--r--sshd.86
8 files changed, 57 insertions, 20 deletions
diff --git a/ChangeLog b/ChangeLog
index ea529e79..513df22d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,10 @@
- describe ls flags as a list
- other minor improvements
ok jmc, djm
+ - dtucker@cvs.openbsd.org 2004/12/06 11:41:03
+ [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
+ Discard over-length authorized_keys entries rather than complaining when
+ they don't decode. bz #884, with & ok djm@
20041203
- (dtucker) OpenBSD CVS Sync
@@ -1890,4 +1894,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3589 2004/12/06 11:46:45 dtucker Exp $
+$Id: ChangeLog,v 1.3590 2004/12/06 11:47:41 dtucker Exp $
diff --git a/auth-rsa.c b/auth-rsa.c
index 16369d47..2060f839 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.61 2004/12/06 11:41:03 dtucker Exp $");
#include <openssl/rsa.h>
#include <openssl/md5.h>
@@ -49,7 +49,7 @@ extern u_char session_id[16];
* options bits e n comment
* where bits, e and n are decimal numbers,
* and comment is any string of characters up to newline. The maximum
- * length of a line is 8000 characters. See the documentation for a
+ * length of a line is SSH_MAX_PUBKEY_BYTES characters. See sshd(8) for a
* description of the options.
*/
@@ -152,7 +152,7 @@ auth_rsa_challenge_dialog(Key *key)
int
auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
{
- char line[8192], *file;
+ char line[SSH_MAX_PUBKEY_BYTES], *file;
int allowed = 0;
u_int bits;
FILE *f;
@@ -201,12 +201,10 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
* found, perform a challenge-response dialog to verify that the
* user really has the corresponding private key.
*/
- while (fgets(line, sizeof(line), f)) {
+ while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
char *cp;
char *key_options;
- linenum++;
-
/* Skip leading whitespace, empty and comment lines. */
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
;
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index bafea09d..41e23beb 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -23,8 +23,9 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-pubkey.c,v 1.7 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: auth2-pubkey.c,v 1.8 2004/12/06 11:41:03 dtucker Exp $");
+#include "ssh.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "packet.h"
@@ -167,7 +168,7 @@ done:
static int
user_key_allowed2(struct passwd *pw, Key *key, char *file)
{
- char line[8192];
+ char line[SSH_MAX_PUBKEY_BYTES];
int found_key = 0;
FILE *f;
u_long linenum = 0;
@@ -204,9 +205,9 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
found_key = 0;
found = key_new(key->type);
- while (fgets(line, sizeof(line), f)) {
+ while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
char *cp, *key_options = NULL;
- linenum++;
+
/* Skip leading whitespace, empty and comment lines. */
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
;
diff --git a/authfile.c b/authfile.c
index 1c006c43..4038ab69 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.58 2004/08/23 11:48:09 djm Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.59 2004/12/06 11:41:03 dtucker Exp $");
#include <openssl/err.h>
#include <openssl/evp.h>
@@ -601,13 +601,14 @@ static int
key_try_load_public(Key *k, const char *filename, char **commentp)
{
FILE *f;
- char line[4096];
+ char line[SSH_MAX_PUBKEY_BYTES];
char *cp;
+ int linenum = 0;
f = fopen(filename, "r");
if (f != NULL) {
- while (fgets(line, sizeof(line), f)) {
- line[sizeof(line)-1] = '\0';
+ while (read_keyfile_line(f, filename, line, sizeof(line),
+ &linenum) != -1) {
cp = line;
switch (*cp) {
case '#':
diff --git a/misc.c b/misc.c
index 8cb411cc..d0cc5382 100644
--- a/misc.c
+++ b/misc.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.25 2004/08/11 21:43:05 avsm Exp $");
+RCSID("$OpenBSD: misc.c,v 1.26 2004/12/06 11:41:03 dtucker Exp $");
#include "misc.h"
#include "log.h"
@@ -332,3 +332,26 @@ addargs(arglist *args, char *fmt, ...)
args->list[args->num++] = xstrdup(buf);
args->list[args->num] = NULL;
}
+
+/*
+ * Read an entire line from a public key file into a static buffer, discarding
+ * lines that exceed the buffer size. Returns 0 on success, -1 on failure.
+ */
+int
+read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
+ int *lineno)
+{
+ while (fgets(buf, bufsz, f) != NULL) {
+ (*lineno)++;
+ if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
+ return 0;
+ } else {
+ debug("%s: %s line %d exceeds size limit", __func__,
+ filename, lineno);
+ /* discard remainder of line */
+ while(fgetc(f) != '\n' && !feof(f))
+ ; /* nothing */
+ }
+ }
+ return -1;
+}
diff --git a/misc.h b/misc.h
index 0290a2d6..4aab2ca0 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.18 2004/10/29 22:53:56 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.19 2004/12/06 11:41:03 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -47,3 +47,4 @@ char *tilde_expand_filename(const char *, uid_t);
char *read_passphrase(const char *, int);
int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
+int read_keyfile_line(FILE *, const char *, char *, size_t, int *);
diff --git a/ssh.h b/ssh.h
index a3b2ebbb..07592415 100644
--- a/ssh.h
+++ b/ssh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.h,v 1.75 2003/12/02 17:01:15 markus Exp $ */
+/* $OpenBSD: ssh.h,v 1.76 2004/12/06 11:41:03 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -40,6 +40,13 @@
#define SSH_MAX_IDENTITY_FILES 100
/*
+ * Maximum length of lines in authorized_keys file.
+ * Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with
+ * some room for options and comments.
+ */
+#define SSH_MAX_PUBKEY_BYTES 8192
+
+/*
* Major protocol version. Different version indicates major incompatibility
* that prevents communication.
*
diff --git a/sshd.8 b/sshd.8
index 83d0f48d..2ac7b727 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.202 2004/08/26 16:00:55 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.203 2004/12/06 11:41:03 dtucker Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -420,7 +420,9 @@ or
.Dq ssh-rsa .
.Pp
Note that lines in this file are usually several hundred bytes long
-(because of the size of the public key encoding).
+(because of the size of the public key encoding) up to a limit of
+8 kilobytes, which permits DSA keys up to 8 kilobits and RSA
+keys up to 16 kilobits.
You don't want to type them in; instead, copy the
.Pa identity.pub ,
.Pa id_dsa.pub