From 1192588546c29ceec10775125f396555ea71850f Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 28 Oct 2022 02:29:34 +0000
Subject: upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.

ssh-keyscan 192.168.0.0/24

If a CIDR range is passed, then it will be expanded to all possible
addresses in the range including the all-0s and all-1s addresses.

bz#976 feedback/ok markus@

OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
---
 ssh-keyscan.c | 43 ++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 40 insertions(+), 3 deletions(-)

(limited to 'ssh-keyscan.c')

diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index d7283136..a8ab932b 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.146 2022/08/19 04:02:46 dtucker Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.147 2022/10/28 02:29:34 djm Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -52,6 +52,7 @@
 #include "ssherr.h"
 #include "ssh_api.h"
 #include "dns.h"
+#include "addr.h"
 
 /* Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
    Default value is AF_UNSPEC means both IPv4 and IPv6. */
@@ -384,7 +385,7 @@ tcpconnect(char *host)
 }
 
 static int
-conalloc(char *iname, char *oname, int keytype)
+conalloc(const char *iname, const char *oname, int keytype)
 {
 	char *namebase, *name, *namelist;
 	int s;
@@ -629,7 +630,7 @@ conloop(void)
 }
 
 static void
-do_host(char *host)
+do_one_host(char *host)
 {
 	char *name = strnnsep(&host, " \t\n");
 	int j;
@@ -645,6 +646,42 @@ do_host(char *host)
 	}
 }
 
+static void
+do_host(char *host)
+{
+	char daddr[128];
+	struct xaddr addr, end_addr;
+	u_int masklen;
+
+	if (host == NULL)
+		return;
+	if (addr_pton_cidr(host, &addr, &masklen) != 0) {
+		/* Assume argument is a hostname */
+		do_one_host(host);
+	} else {
+		/* Argument is a CIDR range */
+		debug("CIDR range %s", host);
+		end_addr = addr;
+		if (addr_host_to_all1s(&end_addr, masklen) != 0)
+			goto badaddr;
+		/*
+		 * Note: we deliberately include the all-zero/ones addresses.
+		 */
+		for (;;) {
+			if (addr_ntop(&addr, daddr, sizeof(daddr)) != 0) {
+ badaddr:
+				error("Invalid address %s", host);
+				return;
+			}
+			debug("CIDR expand: address %s", daddr);
+			do_one_host(daddr);
+			if (addr_cmp(&addr, &end_addr) == 0)
+				break;
+			addr_increment(&addr);
+		};
+	}
+}
+
 void
 sshfatal(const char *file, const char *func, int line, int showfunc,
     LogLevel level, const char *suffix, const char *fmt, ...)
-- 
cgit v1.2.1