diff options
| -rw-r--r-- | auth2-pubkey.c | 26 | ||||
| -rw-r--r-- | authfile.c | 24 | ||||
| -rw-r--r-- | authfile.h | 3 |
3 files changed, 27 insertions, 26 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 65db116e..d567f527 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.92 2019/09/03 08:29:58 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.93 2019/09/03 08:30:47 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -539,28 +539,6 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, } /* - * Advanced *cpp past the end of key options, defined as the first unquoted - * whitespace character. Returns 0 on success or -1 on failure (e.g. - * unterminated quotes). - */ -static int -advance_past_options(char **cpp) -{ - char *cp = *cpp; - int quoted = 0; - - for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { - if (*cp == '\\' && cp[1] == '"') - cp++; /* Skip both */ - else if (*cp == '"') - quoted = !quoted; - } - *cpp = cp; - /* return failure for unterminated quotes */ - return (*cp == '\0' && quoted) ? -1 : 0; -} - -/* * Check a single line of an authorized_keys-format file. Returns 0 if key * matches, -1 otherwise. Will return key/cert options via *authoptsp * on success. "loc" is used as file/line location in log messages. @@ -590,7 +568,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key, /* no key? check for options */ debug2("%s: check options: '%s'", loc, cp); key_options = cp; - if (advance_past_options(&cp) != 0) { + if (sshkey_advance_past_options(&cp) != 0) { reason = "invalid key option string"; goto fail_reason; } @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.134 2019/08/05 11:50:33 dtucker Exp $ */ +/* $OpenBSD: authfile.c,v 1.135 2019/09/03 08:30:47 djm Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -528,3 +528,25 @@ sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file) } } +/* + * Advanced *cpp past the end of key options, defined as the first unquoted + * whitespace character. Returns 0 on success or -1 on failure (e.g. + * unterminated quotes). + */ +int +sshkey_advance_past_options(char **cpp) +{ + char *cp = *cpp; + int quoted = 0; + + for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { + if (*cp == '\\' && cp[1] == '"') + cp++; /* Skip both */ + else if (*cp == '"') + quoted = !quoted; + } + *cpp = cp; + /* return failure for unterminated quotes */ + return (*cp == '\0' && quoted) ? -1 : 0; +} + @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.h,v 1.22 2019/08/05 11:50:33 dtucker Exp $ */ +/* $OpenBSD: authfile.h,v 1.23 2019/09/03 08:30:47 djm Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. @@ -48,5 +48,6 @@ int sshkey_load_private_type_fd(int fd, int type, const char *passphrase, int sshkey_perm_ok(int, const char *); int sshkey_in_file(struct sshkey *, const char *, int, int); int sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file); +int sshkey_advance_past_options(char **cpp); #endif |