diff options
| -rw-r--r-- | auth-passwd.c | 23 | ||||
| -rw-r--r-- | monitor.c | 8 | ||||
| -rw-r--r-- | monitor_wrap.c | 9 | ||||
| -rw-r--r-- | servconf.h | 6 | ||||
| -rw-r--r-- | session.c | 22 | ||||
| -rw-r--r-- | sshd.c | 9 | ||||
| -rw-r--r-- | sshlogin.c | 22 |
7 files changed, 56 insertions, 43 deletions
diff --git a/auth-passwd.c b/auth-passwd.c index 6097fdd2..65f52518 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-passwd.c,v 1.46 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: auth-passwd.c,v 1.47 2018/07/09 21:26:02 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -46,16 +46,17 @@ #include <stdarg.h> #include "packet.h" -#include "buffer.h" +#include "sshbuf.h" +#include "ssherr.h" #include "log.h" #include "misc.h" #include "servconf.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" #include "auth-options.h" -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; extern ServerOptions options; #ifdef HAVE_LOGIN_CAP @@ -131,7 +132,7 @@ auth_password(struct ssh *ssh, const char *password) static void warn_expiry(Authctxt *authctxt, auth_session_t *as) { - char buf[256]; + int r; quad_t pwtimeleft, actimeleft, daysleft, pwwarntime, acwarntime; pwwarntime = acwarntime = TWO_WEEKS; @@ -148,17 +149,17 @@ warn_expiry(Authctxt *authctxt, auth_session_t *as) #endif if (pwtimeleft != 0 && pwtimeleft < pwwarntime) { daysleft = pwtimeleft / DAY + 1; - snprintf(buf, sizeof(buf), + if ((r = sshbuf_putf(loginmsg, "Your password will expire in %lld day%s.\n", - daysleft, daysleft == 1 ? "" : "s"); - buffer_append(&loginmsg, buf, strlen(buf)); + daysleft, daysleft == 1 ? "" : "s")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } if (actimeleft != 0 && actimeleft < acwarntime) { daysleft = actimeleft / DAY + 1; - snprintf(buf, sizeof(buf), + if ((r = sshbuf_putf(loginmsg, "Your account will expire in %lld day%s.\n", - daysleft, daysleft == 1 ? "" : "s"); - buffer_append(&loginmsg, buf, strlen(buf)); + daysleft, daysleft == 1 ? "" : "s")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } } @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.180 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.181 2018/07/09 21:26:02 markus Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -115,7 +115,7 @@ extern u_int utmp_len; extern u_char session_id[]; extern Buffer auth_debug; extern int auth_debug_init; -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */ /* State exported from the child */ @@ -1495,8 +1495,8 @@ mm_answer_pty(int sock, Buffer *m) close(0); /* send messages generated by record_login */ - buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); - buffer_clear(&loginmsg); + buffer_put_string(m, buffer_ptr(loginmsg), buffer_len(loginmsg)); + buffer_clear(loginmsg); mm_request_send(sock, MONITOR_ANS_PTY, m); diff --git a/monitor_wrap.c b/monitor_wrap.c index 012ab01a..6bf04109 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.101 2018/07/09 13:37:10 sf Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.102 2018/07/09 21:26:02 markus Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -87,7 +87,7 @@ extern z_stream incoming_stream; extern z_stream outgoing_stream; extern struct monitor *pmonitor; -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; extern ServerOptions options; void @@ -506,7 +506,7 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) { Buffer m; char *p, *msg; - int success = 0, tmp1 = -1, tmp2 = -1; + int success = 0, tmp1 = -1, tmp2 = -1, r; /* Kludge: ensure there are fds free to receive the pty/tty */ if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 || @@ -540,7 +540,8 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) strlcpy(namebuf, p, namebuflen); /* Possible truncation */ free(p); - buffer_append(&loginmsg, msg, strlen(msg)); + if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); free(msg); if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 || @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.135 2018/07/03 10:59:35 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.136 2018/07/09 21:26:02 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -261,8 +261,8 @@ void fill_default_server_options(ServerOptions *); int process_server_config_line(ServerOptions *, char *, const char *, int, int *, struct connection_info *); void process_permitopen(struct ssh *ssh, ServerOptions *options); -void load_server_config(const char *, Buffer *); -void parse_server_config(ServerOptions *, const char *, Buffer *, +void load_server_config(const char *, struct sshbuf *); +void parse_server_config(ServerOptions *, const char *, struct sshbuf *, struct connection_info *); void parse_server_match_config(ServerOptions *, struct connection_info *); int parse_server_match_testspec(struct connection_info *, char *); @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.302 2018/07/09 21:20:26 markus Exp $ */ +/* $OpenBSD: session.c,v 1.303 2018/07/09 21:26:02 markus Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -69,7 +69,8 @@ #include "ssh2.h" #include "sshpty.h" #include "packet.h" -#include "buffer.h" +#include "sshbuf.h" +#include "ssherr.h" #include "match.h" #include "uidswap.h" #include "compat.h" @@ -139,7 +140,7 @@ extern int debug_flag; extern u_int utmp_len; extern int startup_pipe; extern void destroy_sensitive_data(void); -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; extern struct sshauthopt *auth_opts; char *tun_fwd_ifnames; /* serverloop.c */ @@ -248,11 +249,14 @@ auth_input_request_forwarding(struct ssh *ssh, struct passwd * pw) static void display_loginmsg(void) { - if (buffer_len(&loginmsg) > 0) { - buffer_append(&loginmsg, "\0", 1); - printf("%s", (char *)buffer_ptr(&loginmsg)); - buffer_clear(&loginmsg); - } + int r; + + if (sshbuf_len(loginmsg) == 0) + return; + if ((r = sshbuf_put_u8(loginmsg, 0)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + printf("%s", (char *)sshbuf_ptr(loginmsg)); + sshbuf_reset(loginmsg); } static void @@ -757,7 +761,7 @@ do_exec(struct ssh *ssh, Session *s, const char *command) * it to the user, otherwise multiple sessions may accumulate * multiple copies of the login messages. */ - buffer_clear(&loginmsg); + sshbuf_reset(loginmsg); return ret; } @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.509 2018/07/03 11:39:54 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.510 2018/07/09 21:26:02 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -240,7 +240,7 @@ struct sshauthopt *auth_opts = NULL; Buffer cfg; /* message to be displayed after login */ -Buffer loginmsg; +struct sshbuf *loginmsg; /* Unprivileged user */ struct passwd *privsep_pw = NULL; @@ -649,7 +649,7 @@ privsep_postauth(Authctxt *authctxt) fatal("fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { verbose("User child is on pid %ld", (long)pmonitor->m_pid); - buffer_clear(&loginmsg); + sshbuf_reset(loginmsg); monitor_clear_keystate(pmonitor); monitor_child_postauth(pmonitor); @@ -2119,7 +2119,8 @@ main(int ac, char **av) fatal("allocation failed"); /* prepare buffer to collect messages to display to user after login */ - buffer_init(&loginmsg); + if ((loginmsg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); auth_debug_reset(); if (use_privsep) { @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.32 2015/12/26 20:51:35 guenther Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.33 2018/07/09 21:26:02 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -55,13 +55,15 @@ #include <unistd.h> #include <limits.h> +#include "sshlogin.h" +#include "ssherr.h" #include "loginrec.h" #include "log.h" -#include "buffer.h" +#include "sshbuf.h" #include "misc.h" #include "servconf.h" -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; extern ServerOptions options; /* @@ -88,8 +90,9 @@ static void store_lastlog_message(const char *user, uid_t uid) { #ifndef NO_SSH_LASTLOG - char *time_string, hostname[HOST_NAME_MAX+1] = "", buf[512]; + char *time_string, hostname[HOST_NAME_MAX+1] = ""; time_t last_login_time; + int r; if (!options.print_lastlog) return; @@ -97,7 +100,9 @@ store_lastlog_message(const char *user, uid_t uid) # ifdef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG time_string = sys_auth_get_lastlogin_msg(user, uid); if (time_string != NULL) { - buffer_append(&loginmsg, time_string, strlen(time_string)); + if ((r = sshbuf_put(loginmsg, + time_string, strlen(time_string))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); free(time_string); } # else @@ -108,12 +113,13 @@ store_lastlog_message(const char *user, uid_t uid) time_string = ctime(&last_login_time); time_string[strcspn(time_string, "\n")] = '\0'; if (strcmp(hostname, "") == 0) - snprintf(buf, sizeof(buf), "Last login: %s\r\n", + r = sshbuf_putf(loginmsg, "Last login: %s\r\n", time_string); else - snprintf(buf, sizeof(buf), "Last login: %s from %s\r\n", + r = sshbuf_putf(loginmsg, "Last login: %s from %s\r\n", time_string, hostname); - buffer_append(&loginmsg, buf, strlen(buf)); + if (r != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } # endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */ #endif /* NO_SSH_LASTLOG */ |