system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-22 18:56:38 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Vendor import of OpenSSH 9.0p1

Browse source
This commit is contained in:
Ed Maste 2022-04-08 13:19:17 -04:00
parent 9b7e085bc0
commit 7f9f5c27f6
61 changed files with 1395 additions and 918 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.depend
View file

@ -121,7 +121,7 @@ sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-c
sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
sftp-realpath.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sftp.h misc.h xmalloc.h
sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h
sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h
sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h
sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h

21
.github/configs vendored
View file

@ -38,13 +38,13 @@ case "$config" in
CC="clang-12"
# clang's implicit-fallthrough requires that the code be annotated with
# __attribute__((fallthrough)) and does not understand /* FALLTHROUGH */
CFLAGS="-Wall -Wextra -O2 -Wno-error=implicit-fallthrough"
CFLAGS="-Wall -Wextra -O2 -Wno-error=implicit-fallthrough -Wno-error=unused-parameter"
CONFIGFLAGS="--with-pam --with-Werror"
;;
gcc-11-Werror)
CC="gcc"
# -Wnoformat-truncation in gcc 7.3.1 20180130 fails on fmt_scaled
CFLAGS="-Wall -Wextra -Wno-format-truncation -O2 -Wimplicit-fallthrough=4"
CFLAGS="-Wall -Wextra -O2 -Wno-format-truncation -Wimplicit-fallthrough=4 -Wno-unused-parameter"
CONFIGFLAGS="--with-pam --with-Werror"
;;
clang*|gcc*)
@ -145,10 +145,23 @@ case "$config" in
esac
case "${TARGET_HOST}" in
aix*)
# These are slow real or virtual machines so skip the slowest tests
# (which tend to be thw ones that transfer lots of data) so that the
# test run does not time out.
# The agent-restrict test fails due to some quoting issue when run
# with sh or ksh so specify bash for now.
TEST_TARGET="t-exec TEST_SHELL=bash"
SKIP_LTESTS="rekey sftp"
;;
dfly58*|dfly60*)
# scp 3-way connection hangs on these so skip until sorted.
SKIP_LTESTS=scp3
;;
fbsd6)
# Native linker is not great with PIC so OpenSSL is built w/out.
CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key"
;;
hurd)
SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace"
;;
@ -173,6 +186,10 @@ case "${TARGET_HOST}" in
# SHA256 functions in sha2.h conflict with OpenSSL's breaking sk-dummy
CONFIGFLAGS="${CONFIGFLAGS} --without-hardening --disable-security-key"
;;
openwrt-*)
CONFIGFLAGS="${CONFIGFLAGS} --without-openssl --without-zlib"
TEST_TARGET="t-exec"
;;
sol10|sol11)
# sol10 VM is 32bit and the unit tests are slow.
# sol11 has 4 test configs so skip unit tests to speed up.

25
.github/setup_ci.sh vendored
View file

@ -80,7 +80,7 @@ for TARGET in $TARGETS; do
INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-)
case ${INSTALL_LIBRESSL} in
master) ;;
*) INSTALL_LIBRESSL="v$(echo ${TARGET} | cut -f2 -d-)" ;;
*) INSTALL_LIBRESSL="$(echo ${TARGET} | cut -f2 -d-)" ;;
esac
PACKAGES="${PACKAGES} putty-tools"
;;
@ -122,11 +122,20 @@ if [ ! -z "${INSTALL_OPENSSL}" ]; then
fi
if [ ! -z "${INSTALL_LIBRESSL}" ]; then
(mkdir -p ${HOME}/libressl && cd ${HOME}/libressl &&
git clone https://github.com/libressl-portable/portable.git &&
cd ${HOME}/libressl/portable &&
git checkout ${INSTALL_LIBRESSL} &&
sh update.sh && sh autogen.sh &&
./configure --prefix=/opt/libressl &&
make -j2 && sudo make install)
if [ "${INSTALL_LIBRESSL}" = "master" ]; then
(mkdir -p ${HOME}/libressl && cd ${HOME}/libressl &&
git clone https://github.com/libressl-portable/portable.git &&
cd ${HOME}/libressl/portable &&
git checkout ${INSTALL_LIBRESSL} &&
sh update.sh && sh autogen.sh &&
./configure --prefix=/opt/libressl &&
make -j2 && sudo make install)
else
LIBRESSL_URLBASE=https://cdn.openbsd.org/pub/OpenBSD/LibreSSL
(cd ${HOME} &&
wget ${LIBRESSL_URLBASE}/libressl-${INSTALL_LIBRESSL}.tar.gz &&
tar xfz libressl-${INSTALL_LIBRESSL}.tar.gz &&
cd libressl-${INSTALL_LIBRESSL} &&
./configure --prefix=/opt/libressl && make -j2 && sudo make install)
fi
fi

3
.github/workflows/c-cpp.yml vendored
View file

@ -46,6 +46,7 @@ jobs:
- { os: ubuntu-latest, configs: libressl-3.2.6 }
- { os: ubuntu-latest, configs: libressl-3.3.4 }
- { os: ubuntu-latest, configs: libressl-3.4.1 }
- { os: ubuntu-latest, configs: libressl-3.5.0 }
- { os: ubuntu-latest, configs: openssl-master }
- { os: ubuntu-latest, configs: openssl-noec }
- { os: ubuntu-latest, configs: openssl-1.0.1 }
@ -54,7 +55,9 @@ jobs:
- { os: ubuntu-latest, configs: openssl-1.1.0h }
- { os: ubuntu-latest, configs: openssl-1.1.1 }
- { os: ubuntu-latest, configs: openssl-1.1.1k }
- { os: ubuntu-latest, configs: openssl-1.1.1m }
- { os: ubuntu-latest, configs: openssl-3.0.0 }
- { os: ubuntu-latest, configs: openssl-3.0.1 }
- { os: ubuntu-latest, configs: openssl-1.1.1_stable } # stable branch
- { os: ubuntu-latest, configs: openssl-3.0 } # stable branch
- { os: ubuntu-18.04, configs: pam }

7
.github/workflows/selfhosted.yml vendored
View file

@ -16,9 +16,11 @@ jobs:
# default config. "os" corresponds to a label associated with the worker.
matrix:
os:
- aix51
- ARM64
- alpine
- bbone
- debian-i386
- dfly30
- dfly48
- dfly58
@ -40,6 +42,8 @@ jobs:
- obsd70
- obsdsnap
- openindiana
- openwrt-mips
- openwrt-mipsel
# - rocky84
- sol10
- sol11
@ -49,6 +53,7 @@ jobs:
# Then we include any extra configs we want to test for specific VMs.
include:
- { os: ARM64, configs: pam }
- { os: debian-i386, configs: pam }
- { os: dfly30, configs: without-openssl}
- { os: dfly48, configs: pam }
- { os: dfly58, configs: pam }
@ -87,7 +92,7 @@ jobs:
run: vmrun make
- name: make tests
run: vmrun ./.github/run_test.sh ${{ matrix.configs }}
timeout-minutes: 300
timeout-minutes: 600
- name: save logs
if: failure()
uses: actions/upload-artifact@v2

1092
ChangeLog
View file

File diff suppressed because it is too large Load diff

5
Makefile.in
View file

@ -1,5 +1,4 @@
# uncomment if you run a non bourne compatible shell. Ie. csh
#SHELL = @SH@
SHELL=@SH@
AUTORECONF=autoreconf
@ -688,7 +687,7 @@ SK_DUMMY_LIBRARY=@SK_DUMMY_LIBRARY@
$(CC) $(CFLAGS_NOPIE) $(PICFLAG) $(CPPFLAGS) -c $< -o $@
regress/misc/sk-dummy/sk-dummy.so: $(SK_DUMMY_OBJS)
$(CC) $(CFLAGS) $(CPPFLAGS) -fPIC -shared -o $@ $(SK_DUMMY_OBJS) \
$(CC) $(CFLAGS) $(CPPFLAGS) $(PICFLAG) -shared -o $@ $(SK_DUMMY_OBJS) \
-L. -Lopenbsd-compat -lopenbsd-compat $(LDFLAGS_NOPIE) $(LIBS)
regress-binaries: regress-prep $(LIBCOMPAT) \

41
PROTOCOL
View file

@ -492,7 +492,7 @@ This request asks the server to call fsync(2) on an open file handle.
string "fsync@openssh.com"
string handle
One receiving this request, a server will call fsync(handle_fd) and will
On receiving this request, a server will call fsync(handle_fd) and will
respond with a SSH_FXP_STATUS message.
This extension is advertised in the SSH_FXP_VERSION hello with version
@ -576,6 +576,43 @@ Its reply is the same format as that of SSH2_FXP_REALPATH.
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
4.10. sftp: Extension request "copy-data"
This request asks the server to copy data from one open file handle and
write it to a different open file handle. This avoids needing to transfer
the data across the network twice (a download followed by an upload).
byte SSH_FXP_EXTENDED
uint32 id
string "copy-data"
string read-from-handle
uint64 read-from-offset
uint64 read-data-length
string write-to-handle
uint64 write-to-offset
The server will copy read-data-length bytes starting from
read-from-offset from the read-from-handle and write them to
write-to-handle starting from write-to-offset, and then respond with a
SSH_FXP_STATUS message.
It's equivalent to issuing a series of SSH_FXP_READ requests on
read-from-handle and a series of requests of SSH_FXP_WRITE on
write-to-handle.
If read-from-handle and write-to-handle are the same, the server will
fail the request and respond with a SSH_FX_INVALID_PARAMETER message.
If read-data-length is 0, then the server will read data from the
read-from-handle until EOF is reached.
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
This request is identical to the "copy-data" request documented in:
https://tools.ietf.org/html/draft-ietf-secsh-filexfer-extensions-00#section-7
5. Miscellaneous changes
5.1 Public key format
@ -612,4 +649,4 @@ master instance and later clients.
OpenSSH extends the usual agent protocol. These changes are documented
in the PROTOCOL.agent file.
$OpenBSD: PROTOCOL,v 1.43 2021/12/19 22:15:42 djm Exp $
$OpenBSD: PROTOCOL,v 1.44 2022/03/31 03:05:49 djm Exp $

2
README
View file

@ -1,4 +1,4 @@
See https://www.openssh.com/releasenotes.html#8.9p1 for the release notes.
See https://www.openssh.com/releasenotes.html#9.0p1 for the release notes.
Please read https://www.openssh.com/report.html for bug reporting
instructions and note that we do not use Github for bug reporting or

52
auth.c
View file

@ -101,62 +101,18 @@ int
allowed_user(struct ssh *ssh, struct passwd * pw)
{
struct stat st;
const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
const char *hostname = NULL, *ipaddr = NULL;
u_int i;
int r;
#ifdef USE_SHADOW
struct spwd *spw = NULL;
#endif
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw || !pw->pw_name)
return 0;
#ifdef USE_SHADOW
if (!options.use_pam)
spw = getspnam(pw->pw_name);
#ifdef HAS_SHADOW_EXPIRE
if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw))
if (!options.use_pam && platform_locked_account(pw)) {
logit("User %.100s not allowed because account is locked",
pw->pw_name);
return 0;
#endif /* HAS_SHADOW_EXPIRE */
#endif /* USE_SHADOW */
/* grab passwd field for locked account check */
passwd = pw->pw_passwd;
#ifdef USE_SHADOW
if (spw != NULL)
#ifdef USE_LIBIAF
passwd = get_iaf_password(pw);
#else
passwd = spw->sp_pwdp;
#endif /* USE_LIBIAF */
#endif
/* check for locked account */
if (!options.use_pam && passwd && *passwd) {
int locked = 0;
#ifdef LOCKED_PASSWD_STRING
if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0)
locked = 1;
#endif
#ifdef LOCKED_PASSWD_PREFIX
if (strncmp(passwd, LOCKED_PASSWD_PREFIX,
strlen(LOCKED_PASSWD_PREFIX)) == 0)
locked = 1;
#endif
#ifdef LOCKED_PASSWD_SUBSTR
if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
locked = 1;
#endif
#ifdef USE_LIBIAF
free((void *) passwd);
#endif /* USE_LIBIAF */
if (locked) {
logit("User %.100s not allowed because account is locked",
pw->pw_name);
return 0;
}
}
/*

6
auth2-pubkey.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-pubkey.c,v 1.112 2021/12/19 22:12:30 djm Exp $ */
/* $OpenBSD: auth2-pubkey.c,v 1.113 2022/02/27 01:33:59 naddy Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -166,8 +166,8 @@ userauth_pubkey(struct ssh *ssh, const char *method)
goto done;
}
if (match_pattern_list(pkalg, options.pubkey_accepted_algos, 0) != 1) {
logit_f("key type %s not in PubkeyAcceptedAlgorithms",
sshkey_ssh_name(key));
logit_f("signature algorithm %s not in "
"PubkeyAcceptedAlgorithms", pkalg);
goto done;
}
if ((r = sshkey_check_cert_sigtype(key,

218
channels.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: channels.c,v 1.413 2022/02/17 10:58:27 djm Exp $ */
/* $OpenBSD: channels.c,v 1.415 2022/03/30 21:10:25 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -432,21 +432,25 @@ channel_close_fd(struct ssh *ssh, Channel *c, int *fdp)
c->io_want &= ~SSH_CHAN_IO_RFD;
c->io_ready &= ~SSH_CHAN_IO_RFD;
c->rfd = -1;
c->pfds[0] = -1;
}
if (*fdp == c->wfd) {
c->io_want &= ~SSH_CHAN_IO_WFD;
c->io_ready &= ~SSH_CHAN_IO_WFD;
c->wfd = -1;
c->pfds[1] = -1;
}
if (*fdp == c->efd) {
c->io_want &= ~SSH_CHAN_IO_EFD;
c->io_ready &= ~SSH_CHAN_IO_EFD;
c->efd = -1;
c->pfds[2] = -1;
}
if (*fdp == c->sock) {
c->io_want &= ~SSH_CHAN_IO_SOCK;
c->io_ready &= ~SSH_CHAN_IO_SOCK;
c->sock = -1;
c->pfds[3] = -1;
}
ret = close(fd);
@ -2475,10 +2479,13 @@ dump_channel_poll(const char *func, const char *what, Channel *c,
u_int pollfd_offset, struct pollfd *pfd)
{
#ifdef DEBUG_CHANNEL_POLL
debug3_f("channel %d: rfd r%d w%d e%d s%d "
"pfd[%u].fd=%d want 0x%02x ev 0x%02x ready 0x%02x rev 0x%02x",
c->self, c->rfd, c->wfd, c->efd, c->sock, pollfd_offset, pfd->fd,
c->io_want, pfd->events, c->io_ready, pfd->revents);
debug3("%s: channel %d: %s r%d w%d e%d s%d c->pfds [ %d %d %d %d ] "
"io_want 0x%02x io_ready 0x%02x pfd[%u].fd=%d "
"pfd.ev 0x%02x pfd.rev 0x%02x", func, c->self, what,
c->rfd, c->wfd, c->efd, c->sock,
c->pfds[0], c->pfds[1], c->pfds[2], c->pfds[3],
c->io_want, c->io_ready,
pollfd_offset, pfd->fd, pfd->events, pfd->revents);
#endif
}
@ -2487,7 +2494,7 @@ static void
channel_prepare_pollfd(Channel *c, u_int *next_pollfd,
struct pollfd *pfd, u_int npfd)
{
u_int p = *next_pollfd;
u_int ev, p = *next_pollfd;
if (c == NULL)
return;
@ -2496,7 +2503,7 @@ channel_prepare_pollfd(Channel *c, u_int *next_pollfd,
fatal_f("channel %d: bad pfd offset %u (max %u)",
c->self, p, npfd);
}
c->pollfd_offset = -1;
c->pfds[0] = c->pfds[1] = c->pfds[2] = c->pfds[3] = -1;
/*
* prepare c->rfd
*
@ -2505,69 +2512,82 @@ channel_prepare_pollfd(Channel *c, u_int *next_pollfd,
* IO too.
*/
if (c->rfd != -1) {
if (c->pollfd_offset == -1)
c->pollfd_offset = p;
pfd[p].fd = c->rfd;
pfd[p].events = 0;
ev = 0;
if ((c->io_want & SSH_CHAN_IO_RFD) != 0)
pfd[p].events |= POLLIN;
ev |= POLLIN;
/* rfd == wfd */
if (c->wfd == c->rfd &&
(c->io_want & SSH_CHAN_IO_WFD) != 0)
pfd[p].events |= POLLOUT;
if (c->wfd == c->rfd) {
if ((c->io_want & SSH_CHAN_IO_WFD) != 0)
ev |= POLLOUT;
}
/* rfd == efd */
if (c->efd == c->rfd &&
(c->io_want & SSH_CHAN_IO_EFD_R) != 0)
pfd[p].events |= POLLIN;
if (c->efd == c->rfd &&
(c->io_want & SSH_CHAN_IO_EFD_W) != 0)
pfd[p].events |= POLLOUT;
if (c->efd == c->rfd) {
if ((c->io_want & SSH_CHAN_IO_EFD_R) != 0)
ev |= POLLIN;
if ((c->io_want & SSH_CHAN_IO_EFD_W) != 0)
ev |= POLLOUT;
}
/* rfd == sock */
if (c->sock == c->rfd &&
(c->io_want & SSH_CHAN_IO_SOCK_R) != 0)
pfd[p].events |= POLLIN;
if (c->sock == c->rfd &&
(c->io_want & SSH_CHAN_IO_SOCK_W) != 0)
pfd[p].events |= POLLOUT;
dump_channel_poll(__func__, "rfd", c, p, &pfd[p]);
p++;
if (c->sock == c->rfd) {
if ((c->io_want & SSH_CHAN_IO_SOCK_R) != 0)
ev |= POLLIN;
if ((c->io_want & SSH_CHAN_IO_SOCK_W) != 0)
ev |= POLLOUT;
}
/* Pack a pfd entry if any event armed for this fd */
if (ev != 0) {
c->pfds[0] = p;
pfd[p].fd = c->rfd;
pfd[p].events = ev;
dump_channel_poll(__func__, "rfd", c, p, &pfd[p]);
p++;
}
}
/* prepare c->wfd (if not already handled above) */
/* prepare c->wfd if wanting IO and not already handled above */
if (c->wfd != -1 && c->rfd != c->wfd) {
if (c->pollfd_offset == -1)
c->pollfd_offset = p;
pfd[p].fd = c->wfd;
pfd[p].events = 0;
if ((c->io_want & SSH_CHAN_IO_WFD) != 0)
pfd[p].events = POLLOUT;
dump_channel_poll(__func__, "wfd", c, p, &pfd[p]);
p++;
ev = 0;
if ((c->io_want & SSH_CHAN_IO_WFD))
ev |= POLLOUT;
/* Pack a pfd entry if any event armed for this fd */
if (ev != 0) {
c->pfds[1] = p;
pfd[p].fd = c->wfd;
pfd[p].events = ev;
dump_channel_poll(__func__, "wfd", c, p, &pfd[p]);
p++;
}
}
/* prepare c->efd (if not already handled above) */
/* prepare c->efd if wanting IO and not already handled above */
if (c->efd != -1 && c->rfd != c->efd) {
if (c->pollfd_offset == -1)
c->pollfd_offset = p;
pfd[p].fd = c->efd;
pfd[p].events = 0;
ev = 0;
if ((c->io_want & SSH_CHAN_IO_EFD_R) != 0)
pfd[p].events |= POLLIN;
ev |= POLLIN;
if ((c->io_want & SSH_CHAN_IO_EFD_W) != 0)
pfd[p].events |= POLLOUT;
dump_channel_poll(__func__, "efd", c, p, &pfd[p]);
p++;
ev |= POLLOUT;
/* Pack a pfd entry if any event armed for this fd */
if (ev != 0) {
c->pfds[2] = p;
pfd[p].fd = c->efd;
pfd[p].events = ev;
dump_channel_poll(__func__, "efd", c, p, &pfd[p]);
p++;
}
}
/* prepare c->sock (if not already handled above) */
/* prepare c->sock if wanting IO and not already handled above */
if (c->sock != -1 && c->rfd != c->sock) {
if (c->pollfd_offset == -1)
c->pollfd_offset = p;
pfd[p].fd = c->sock;
pfd[p].events = 0;
ev = 0;
if ((c->io_want & SSH_CHAN_IO_SOCK_R) != 0)
pfd[p].events |= POLLIN;
ev |= POLLIN;
if ((c->io_want & SSH_CHAN_IO_SOCK_W) != 0)
pfd[p].events |= POLLOUT;
dump_channel_poll(__func__, "sock", c, p, &pfd[p]);
p++;
ev |= POLLOUT;
/* Pack a pfd entry if any event armed for this fd */
if (ev != 0) {
c->pfds[3] = p;
pfd[p].fd = c->sock;
pfd[p].events = 0;
dump_channel_poll(__func__, "sock", c, p, &pfd[p]);
p++;
}
}
*next_pollfd = p;
}
@ -2614,13 +2634,15 @@ channel_prepare_poll(struct ssh *ssh, struct pollfd **pfdp, u_int *npfd_allocp,
}
static void
fd_ready(Channel *c, u_int p, struct pollfd *pfds, int fd,
fd_ready(Channel *c, int p, struct pollfd *pfds, u_int npfd, int fd,
const char *what, u_int revents_mask, u_int ready)
{
struct pollfd *pfd = &pfds[p];
if (fd == -1)
return;
if (p == -1 || (u_int)p >= npfd)
fatal_f("channel %d: bad pfd %d (max %u)", c->self, p, npfd);
dump_channel_poll(__func__, what, c, p, pfd);
if (pfd->fd != fd) {
fatal("channel %d: inconsistent %s fd=%d pollfd[%u].fd %d "
@ -2643,11 +2665,12 @@ void
channel_after_poll(struct ssh *ssh, struct pollfd *pfd, u_int npfd)
{
struct ssh_channels *sc = ssh->chanctxt;
u_int i, p;
u_int i;
int p;
Channel *c;
#ifdef DEBUG_CHANNEL_POLL
for (p = 0; p < npfd; p++) {
for (p = 0; p < (int)npfd; p++) {
if (pfd[p].revents == 0)
continue;
debug_f("pfd[%u].fd %d rev 0x%04x",
@ -2658,13 +2681,8 @@ channel_after_poll(struct ssh *ssh, struct pollfd *pfd, u_int npfd)
/* Convert pollfd into c->io_ready */
for (i = 0; i < sc->channels_alloc; i++) {
c = sc->channels[i];
if (c == NULL || c->pollfd_offset < 0)
if (c == NULL)
continue;
if ((u_int)c->pollfd_offset >= npfd) {
/* shouldn't happen */
fatal_f("channel %d: (before) bad pfd %u (max %u)",
c->self, c->pollfd_offset, npfd);
}
/* if rfd is shared with efd/sock then wfd should be too */
if (c->rfd != -1 && c->wfd != -1 && c->rfd != c->wfd &&
(c->rfd == c->efd || c->rfd == c->sock)) {
@ -2673,56 +2691,52 @@ channel_after_poll(struct ssh *ssh, struct pollfd *pfd, u_int npfd)
c->self, c->rfd, c->wfd, c->efd, c->sock);
}
c->io_ready = 0;
p = c->pollfd_offset;
/* rfd, potentially shared with wfd, efd and sock */
if (c->rfd != -1) {
fd_ready(c, p, pfd, c->rfd, "rfd", POLLIN,
SSH_CHAN_IO_RFD);
if (c->rfd != -1 && (p = c->pfds[0]) != -1) {
fd_ready(c, p, pfd, npfd, c->rfd,
"rfd", POLLIN, SSH_CHAN_IO_RFD);
if (c->rfd == c->wfd) {
fd_ready(c, p, pfd, c->wfd, "wfd/r", POLLOUT,
SSH_CHAN_IO_WFD);
fd_ready(c, p, pfd, npfd, c->wfd,
"wfd/r", POLLOUT, SSH_CHAN_IO_WFD);
}
if (c->rfd == c->efd) {
fd_ready(c, p, pfd, c->efd, "efdr/r", POLLIN,
SSH_CHAN_IO_EFD_R);
fd_ready(c, p, pfd, c->efd, "efdw/r", POLLOUT,
SSH_CHAN_IO_EFD_W);
fd_ready(c, p, pfd, npfd, c->efd,
"efdr/r", POLLIN, SSH_CHAN_IO_EFD_R);
fd_ready(c, p, pfd, npfd, c->efd,
"efdw/r", POLLOUT, SSH_CHAN_IO_EFD_W);
}
if (c->rfd == c->sock) {
fd_ready(c, p, pfd, c->sock, "sockr/r", POLLIN,
SSH_CHAN_IO_SOCK_R);
fd_ready(c, p, pfd, c->sock, "sockw/r", POLLOUT,
SSH_CHAN_IO_SOCK_W);
fd_ready(c, p, pfd, npfd, c->sock,
"sockr/r", POLLIN, SSH_CHAN_IO_SOCK_R);
fd_ready(c, p, pfd, npfd, c->sock,
"sockw/r", POLLOUT, SSH_CHAN_IO_SOCK_W);
}
p++;
dump_channel_poll(__func__, "rfd", c, p, pfd);
}
/* wfd */
if (c->wfd != -1 && c->wfd != c->rfd) {
fd_ready(c, p, pfd, c->wfd, "wfd", POLLOUT,
SSH_CHAN_IO_WFD);
p++;
if (c->wfd != -1 && c->wfd != c->rfd &&
(p = c->pfds[1]) != -1) {
fd_ready(c, p, pfd, npfd, c->wfd,
"wfd", POLLOUT, SSH_CHAN_IO_WFD);
dump_channel_poll(__func__, "wfd", c, p, pfd);
}
/* efd */
if (c->efd != -1 && c->efd != c->rfd) {
fd_ready(c, p, pfd, c->efd, "efdr", POLLIN,
SSH_CHAN_IO_EFD_R);
fd_ready(c, p, pfd, c->efd, "efdw", POLLOUT,
SSH_CHAN_IO_EFD_W);
p++;
if (c->efd != -1 && c->efd != c->rfd &&
(p = c->pfds[2]) != -1) {
fd_ready(c, p, pfd, npfd, c->efd,
"efdr", POLLIN, SSH_CHAN_IO_EFD_R);
fd_ready(c, p, pfd, npfd, c->efd,
"efdw", POLLOUT, SSH_CHAN_IO_EFD_W);
dump_channel_poll(__func__, "efd", c, p, pfd);
}
/* sock */
if (c->sock != -1 && c->sock != c->rfd) {
fd_ready(c, p, pfd, c->sock, "sockr", POLLIN,
SSH_CHAN_IO_SOCK_R);
fd_ready(c, p, pfd, c->sock, "sockw", POLLOUT,
SSH_CHAN_IO_SOCK_W);
p++;
}
if (p > npfd) {
/* shouldn't happen */
fatal_f("channel %d: (after) bad pfd %u (max %u)",
c->self, c->pollfd_offset, npfd);
if (c->sock != -1 && c->sock != c->rfd &&
(p = c->pfds[3]) != -1) {
fd_ready(c, p, pfd, npfd, c->sock,
"sockr", POLLIN, SSH_CHAN_IO_SOCK_R);
fd_ready(c, p, pfd, npfd, c->sock,
"sockw", POLLOUT, SSH_CHAN_IO_SOCK_W);
dump_channel_poll(__func__, "sock", c, p, pfd);
}
}
channel_handler(ssh, CHAN_POST, NULL);

4
channels.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: channels.h,v 1.141 2022/01/22 00:49:34 djm Exp $ */
/* $OpenBSD: channels.h,v 1.142 2022/03/30 21:10:25 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -138,7 +138,7 @@ struct Channel {
int sock; /* sock fd */
u_int io_want; /* bitmask of SSH_CHAN_IO_* */
u_int io_ready; /* bitmask of SSH_CHAN_IO_* */
int pollfd_offset; /* base offset into pollfd array (or -1) */
int pfds[4]; /* pollfd entries for rfd/wfd/efd/sock */
int ctl_chan; /* control channel (multiplexed connections) */
int isatty; /* rfd is a tty */
#ifdef _AIX

7
config.h.in
View file

@ -327,6 +327,10 @@
*/
#undef HAVE_DECL_BZERO
/* Define to 1 if you have the declaration of `ftruncate', and to 0 if you
don't. */
#undef HAVE_DECL_FTRUNCATE
/* Define to 1 if you have the declaration of `getpeereid', and to 0 if you
don't. */
#undef HAVE_DECL_GETPEEREID
@ -840,6 +844,9 @@
/* Define if you have isblank(3C). */
#undef HAVE_ISBLANK
/* Define to 1 if you have the `killpg' function. */
#undef HAVE_KILLPG
/* Define to 1 if you have the `krb5_cc_new_unique' function. */
#undef HAVE_KRB5_CC_NEW_UNIQUE

175
configure vendored
View file

@ -4794,6 +4794,86 @@ $as_echo "no" >&6; }
fi
# Extract the first word of "bash", so it can be a program name with args.
set dummy bash; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
if ${ac_cv_path_SH+:} false; then :
$as_echo_n "(cached) " >&6
else
case $SH in
[\\/]* | ?:[\\/]*)
ac_cv_path_SH="$SH" # Let the user override the test with a path.
;;
*)
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_SH="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
IFS=$as_save_IFS
;;
esac
fi
SH=$ac_cv_path_SH
if test -n "$SH"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $SH" >&5
$as_echo "$SH" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
# Extract the first word of "ksh", so it can be a program name with args.
set dummy ksh; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
if ${ac_cv_path_SH+:} false; then :
$as_echo_n "(cached) " >&6
else
case $SH in
[\\/]* | ?:[\\/]*)
ac_cv_path_SH="$SH" # Let the user override the test with a path.
;;
*)
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_SH="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
IFS=$as_save_IFS
;;
esac
fi
SH=$ac_cv_path_SH
if test -n "$SH"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $SH" >&5
$as_echo "$SH" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
# Extract the first word of "sh", so it can be a program name with args.
set dummy sh; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
@ -5524,6 +5604,8 @@ $as_echo_n "checking if $CC supports compile flag -pipe... " >&6; }
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -5531,6 +5613,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -5578,6 +5661,8 @@ $as_echo_n "checking if $CC supports compile flag -Wunknown-warning-option... "
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -5585,6 +5670,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -5632,6 +5718,8 @@ $as_echo_n "checking if $CC supports compile flag -Wno-error=format-truncation..
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -5639,6 +5727,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -5686,6 +5775,8 @@ $as_echo_n "checking if $CC supports compile flag -Qunused-arguments... " >&6; }
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -5693,6 +5784,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -5740,6 +5832,8 @@ $as_echo_n "checking if $CC supports compile flag -Wall... " >&6; }
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -5747,6 +5841,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -5794,6 +5889,8 @@ $as_echo_n "checking if $CC supports compile flag -Wextra... " >&6; }
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -5801,6 +5898,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -5848,6 +5946,8 @@ $as_echo_n "checking if $CC supports compile flag -Wpointer-arith... " >&6; }
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -5855,6 +5955,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -5902,6 +6003,8 @@ $as_echo_n "checking if $CC supports compile flag -Wuninitialized... " >&6; }
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -5909,6 +6012,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -5956,6 +6060,8 @@ $as_echo_n "checking if $CC supports compile flag -Wsign-compare... " >&6; }
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -5963,6 +6069,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -6010,6 +6117,8 @@ $as_echo_n "checking if $CC supports compile flag -Wformat-security... " >&6; }
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -6017,6 +6126,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -6064,6 +6174,8 @@ $as_echo_n "checking if $CC supports compile flag -Wsizeof-pointer-memaccess...
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -6071,6 +6183,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -6118,6 +6231,8 @@ $as_echo_n "checking if $CC supports compile flag -Wpointer-sign... " >&6; }
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -6125,6 +6240,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -6172,6 +6288,8 @@ $as_echo_n "checking if $CC supports compile flag -Wunused-parameter... " >&6; }
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -6179,6 +6297,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -6226,6 +6345,8 @@ $as_echo_n "checking if $CC supports compile flag -Wunused-result... " >&6; }
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -6233,6 +6354,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -6280,6 +6402,8 @@ $as_echo_n "checking if $CC supports compile flag -Wimplicit-fallthrough... " >&
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -6287,6 +6411,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -6334,6 +6459,8 @@ $as_echo_n "checking if $CC supports compile flag -Wmisleading-indentation... "
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -6341,6 +6468,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -6388,6 +6516,8 @@ $as_echo_n "checking if $CC supports compile flag -Wbitwise-instead-of-logical..
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -6395,6 +6525,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -6442,6 +6573,8 @@ $as_echo_n "checking if $CC supports compile flag -fno-strict-aliasing... " >&6;
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -6449,6 +6582,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -6497,6 +6631,8 @@ $as_echo_n "checking if $CC supports compile flag -mretpoline... " >&6; }
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -6504,6 +6640,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -6597,6 +6734,8 @@ $as_echo_n "checking if $CC supports compile flag -D_FORTIFY_SOURCE=2... " >&6;
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -6604,6 +6743,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -6840,6 +6980,8 @@ $as_echo_n "checking if $CC supports compile flag -fzero-call-used-regs=all... "
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -6847,6 +6989,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -6894,6 +7037,8 @@ $as_echo_n "checking if $CC supports compile flag -ftrivial-auto-var-init=zero..
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -6901,6 +7046,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -7891,6 +8037,8 @@ $as_echo_n "checking if $CC supports compile flag -Wno-attributes... " >&6; }
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -7898,6 +8046,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -11547,6 +11696,8 @@ $as_echo_n "checking if $CC supports compile flag -fPIE... " >&6; }
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -11554,6 +11705,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
@ -11738,6 +11890,7 @@ for ac_func in \
inet_ntoa \
inet_ntop \
innetgr \
killpg \
llabs \
localtime_r \
login_getcapbool \
@ -12325,6 +12478,22 @@ cat >>confdefs.h <<_ACEOF
_ACEOF
ac_fn_c_check_decl "$LINENO" "ftruncate" "ac_cv_have_decl_ftruncate" "
#include <sys/types.h>
#include <unistd.h>
"
if test "x$ac_cv_have_decl_ftruncate" = xyes; then :
ac_have_decl=1
else
ac_have_decl=0
fi
cat >>confdefs.h <<_ACEOF
#define HAVE_DECL_FTRUNCATE $ac_have_decl
_ACEOF
ac_fn_c_check_decl "$LINENO" "readv" "ac_cv_have_decl_readv" "
#include <sys/types.h>
#include <sys/uio.h>
@ -15329,9 +15498,9 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if select and/or poll works with descriptor rlimit" >&5
$as_echo_n "checking if select and/or poll works with descriptor rlimit... " >&6; }
if test "$cross_compiling" = yes; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
select_works_with_rlimit=yes
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming no" >&5
$as_echo "$as_me: WARNING: cross compiling: assuming no" >&2;}
select_works_with_rlimit=no
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext

13
configure.ac
View file

@ -48,6 +48,8 @@ AC_PATH_PROG([SED], [sed])
AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
AC_PATH_PROG([SH], [bash])
AC_PATH_PROG([SH], [ksh])
AC_PATH_PROG([SH], [sh])
AC_PATH_PROG([GROFF], [groff])
AC_PATH_PROG([NROFF], [nroff awf])
@ -1876,6 +1878,7 @@ AC_CHECK_FUNCS([ \
inet_ntoa \
inet_ntop \
innetgr \
killpg \
llabs \
localtime_r \
login_getcapbool \
@ -2092,6 +2095,12 @@ AC_CHECK_DECLS([O_NONBLOCK], , ,
#endif
])
AC_CHECK_DECLS([ftruncate], , ,
[
#include <sys/types.h>
#include <unistd.h>
])
AC_CHECK_DECLS([readv, writev], , , [
#include <sys/types.h>
#include <sys/uio.h>
@ -3574,8 +3583,8 @@ AC_RUN_IFELSE(
select_works_with_rlimit=yes],
[AC_MSG_RESULT([no])
select_works_with_rlimit=no],
[AC_MSG_WARN([cross compiling: assuming yes])
select_works_with_rlimit=yes]
[AC_MSG_WARN([cross compiling: assuming no])
select_works_with_rlimit=no]
)
AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[

2
contrib/redhat/openssh.spec
View file

@ -1,4 +1,4 @@
%global ver 8.9p1
%global ver 9.0p1
%global rel 1%{?dist}
# OpenSSH privilege separation requires a user & group ID

2
contrib/suse/openssh.spec
View file

@ -13,7 +13,7 @@
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
Version: 8.9p1
Version: 9.0p1
URL: https://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz

3
m4/openssh.m4
View file

@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
#include <stdlib.h>
#include <stdio.h>
/* Trivial function to help test for -fzero-call-used-regs */
void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@ -21,6 +23,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does

27
misc.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: misc.c,v 1.174 2022/02/11 00:43:56 dtucker Exp $ */
/* $OpenBSD: misc.c,v 1.175 2022/03/20 08:51:21 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005-2020 Damien Miller. All rights reserved.
@ -1069,16 +1069,21 @@ addargs(arglist *args, char *fmt, ...)
r = vasprintf(&cp, fmt, ap);
va_end(ap);
if (r == -1)
fatal("addargs: argument too long");
fatal_f("argument too long");
nalloc = args->nalloc;
if (args->list == NULL) {
nalloc = 32;
args->num = 0;
} else if (args->num+2 >= nalloc)
} else if (args->num > (256 * 1024))
fatal_f("too many arguments");
else if (args->num >= args->nalloc)
fatal_f("arglist corrupt");
else if (args->num+2 >= nalloc)
nalloc *= 2;
args->list = xrecallocarray(args->list, args->nalloc, nalloc, sizeof(char *));
args->list = xrecallocarray(args->list, args->nalloc,
nalloc, sizeof(char *));
args->nalloc = nalloc;
args->list[args->num++] = cp;
args->list[args->num] = NULL;
@ -1095,10 +1100,12 @@ replacearg(arglist *args, u_int which, char *fmt, ...)
r = vasprintf(&cp, fmt, ap);
va_end(ap);
if (r == -1)
fatal("replacearg: argument too long");
fatal_f("argument too long");
if (args->list == NULL || args->num >= args->nalloc)
fatal_f("arglist corrupt");
if (which >= args->num)
fatal("replacearg: tried to replace invalid arg %d >= %d",
fatal_f("tried to replace invalid arg %d >= %d",
which, args->num);
free(args->list[which]);
args->list[which] = cp;
@ -1109,13 +1116,15 @@ freeargs(arglist *args)
{
u_int i;
if (args->list != NULL) {
if (args == NULL)
return;
if (args->list != NULL && args->num < args->nalloc) {
for (i = 0; i < args->num; i++)
free(args->list[i]);
free(args->list);
args->nalloc = args->num = 0;
args->list = NULL;
}
args->nalloc = args->num = 0;
args->list = NULL;
}
/*

11
monitor.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.231 2022/01/28 06:18:42 guenther Exp $ */
/* $OpenBSD: monitor.c,v 1.232 2022/02/25 02:09:27 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -709,7 +709,6 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m)
int
mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m)
{
char *username;
struct passwd *pwent;
int r, allowed = 0;
u_int i;
@ -719,14 +718,12 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m)
if (authctxt->attempt++ != 0)
fatal_f("multiple attempts for getpwnam");
if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0)
if ((r = sshbuf_get_cstring(m, &authctxt->user, NULL)) != 0)
fatal_fr(r, "parse");
pwent = getpwnamallow(ssh, username);
pwent = getpwnamallow(ssh, authctxt->user);
authctxt->user = xstrdup(username);
setproctitle("%s [priv]", pwent ? username : "unknown");
free(username);
setproctitle("%s [priv]", pwent ? authctxt->user : "unknown");
sshbuf_reset(m);

4
myproposal.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: myproposal.h,v 1.70 2021/11/10 06:29:25 djm Exp $ */
/* $OpenBSD: myproposal.h,v 1.71 2022/03/30 21:13:23 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -25,12 +25,12 @@
*/
#define KEX_SERVER_KEX \
"sntrup761x25519-sha512@openssh.com," \
"curve25519-sha256," \
"curve25519-sha256@libssh.org," \
"ecdh-sha2-nistp256," \
"ecdh-sha2-nistp384," \
"ecdh-sha2-nistp521," \
"sntrup761x25519-sha512@openssh.com," \
"diffie-hellman-group-exchange-sha256," \
"diffie-hellman-group16-sha512," \
"diffie-hellman-group18-sha512," \

2
openbsd-compat/arc4random.c
View file

@ -79,7 +79,7 @@ _rs_init(u_char *buf, size_t n)
{
if (n < KEYSZ + IVSZ)
return;
chacha_keysetup(&rs, buf, KEYSZ * 8, 0);
chacha_keysetup(&rs, buf, KEYSZ * 8);
chacha_ivsetup(&rs, buf + KEYSZ);
}

10
openbsd-compat/bsd-misc.c
View file

@ -107,7 +107,7 @@ const char *strerror(int e)
#endif
#ifndef HAVE_UTIMES
int utimes(char *filename, struct timeval *tvp)
int utimes(const char *filename, struct timeval *tvp)
{
struct utimbuf ub;
@ -412,6 +412,14 @@ getsid(pid_t pid)
}
#endif
#ifndef HAVE_KILLPG
int
killpg(pid_t pgrp, int sig)
{
return kill(pgrp, sig);
}
#endif
#ifdef FFLUSH_NULL_BUG
#undef fflush
int _ssh_compat_fflush(FILE *f)

2
openbsd-compat/bsd-misc.h
View file

@ -62,7 +62,7 @@ struct timeval {
}
#endif /* HAVE_STRUCT_TIMEVAL */
int utimes(char *, struct timeval *);
int utimes(const char *, struct timeval *);
#endif /* HAVE_UTIMES */
#ifndef AT_FDCWD

6
openbsd-compat/bsd-poll.c
View file

@ -91,11 +91,11 @@ ppoll(struct pollfd *fds, nfds_t nfds, const struct timespec *tmoutp,
fds[i].revents = 0;
if (fd == -1)
continue;
if (FD_ISSET(fd, readfds))
if ((fds[i].events & POLLIN) && FD_ISSET(fd, readfds))
fds[i].revents |= POLLIN;
if (FD_ISSET(fd, writefds))
if ((fds[i].events & POLLOUT) && FD_ISSET(fd, writefds))
fds[i].revents |= POLLOUT;
if (FD_ISSET(fd, exceptfds))
if ((fds[i].events & POLLPRI) && FD_ISSET(fd, exceptfds))
fds[i].revents |= POLLPRI;
}

6
openbsd-compat/chacha_private.h
View file

@ -1,10 +1,12 @@
/* OPENBSD ORIGINAL: lib/libc/crypt/chacha_private.h */
/*
chacha-merged.c version 20080118
D. J. Bernstein
Public domain.
*/
/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */
/* $OpenBSD: chacha_private.h,v 1.3 2022/02/28 21:56:29 dtucker Exp $ */
typedef unsigned char u8;
typedef unsigned int u32;
@ -52,7 +54,7 @@ static const char sigma[16] = "expand 32-byte k";
static const char tau[16] = "expand 16-byte k";
static void
chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
{
const char *constants;

31
openbsd-compat/getrrsetbyname.c
View file

@ -89,7 +89,7 @@ struct __res_state _res;
#ifndef GETSHORT
#define GETSHORT(s, cp) { \
register u_char *t_cp = (u_char *)(cp); \
u_char *t_cp = (u_char *)(cp); \
(s) = ((u_int16_t)t_cp[0] << 8) \
| ((u_int16_t)t_cp[1]) \
; \
@ -99,7 +99,7 @@ struct __res_state _res;
#ifndef GETLONG
#define GETLONG(l, cp) { \
register u_char *t_cp = (u_char *)(cp); \
u_char *t_cp = (u_char *)(cp); \
(l) = ((u_int32_t)t_cp[0] << 24) \
| ((u_int32_t)t_cp[1] << 16) \
| ((u_int32_t)t_cp[2] << 8) \
@ -109,36 +109,35 @@ struct __res_state _res;
}
#endif
/*
* If the system doesn't have _getshort/_getlong or that are not exactly what
* we need then use local replacements, avoiding name collisions.
*/
#if !defined(HAVE__GETSHORT) || !defined(HAVE__GETLONG) || \
!defined(HAVE_DECL__GETSHORT) || HAVE_DECL__GETSHORT == 0 || \
!defined(HAVE_DECL__GETLONG) || HAVE_DECL__GETLONG == 0
#define _getshort(x) (_ssh_compat_getshort(x))
#define _getlong(x) (_ssh_compat_getlong(x))
/*
* Routines to insert/extract short/long's.
*/
#ifndef HAVE__GETSHORT
static u_int16_t
_getshort(msgp)
register const u_char *msgp;
_getshort(const u_char *msgp)
{
register u_int16_t u;
u_int16_t u;
GETSHORT(u, msgp);
return (u);
}
#elif defined(HAVE_DECL__GETSHORT) && (HAVE_DECL__GETSHORT == 0)
u_int16_t _getshort(register const u_char *);
#endif
#ifndef HAVE__GETLONG
static u_int32_t
_getlong(msgp)
register const u_char *msgp;
_getlong(const u_char *msgp)
{
register u_int32_t u;
u_int32_t u;
GETLONG(u, msgp);
return (u);
}
#elif defined(HAVE_DECL__GETLONG) && (HAVE_DECL__GETLONG == 0)
u_int32_t _getlong(register const u_char *);
#endif
/* ************** */

8
openbsd-compat/openbsd-compat.h
View file

@ -65,6 +65,10 @@ int bindresvport_sa(int sd, struct sockaddr *sa);
void closefrom(int);
#endif
#if defined(HAVE_DECL_FTRUNCATE) && HAVE_DECL_FTRUNCATE == 0
int ftruncate(int filedes, off_t length);
#endif
#ifndef HAVE_GETLINE
#include <stdio.h>
ssize_t getline(char **, size_t *, FILE *);
@ -78,6 +82,10 @@ int getpagesize(void);
char *getcwd(char *pt, size_t size);
#endif
#ifndef HAVE_KILLPG
int killpg(pid_t, int);
#endif
#if defined(HAVE_DECL_MEMMEM) && HAVE_DECL_MEMMEM == 0
void *memmem(const void *, size_t, const void *, size_t);
#endif

51
platform.c
View file

@ -18,6 +18,7 @@
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include "log.h"
@ -197,3 +198,53 @@ platform_krb5_get_principal_name(const char *pw_name)
return NULL;
#endif
}
/* returns 1 if account is locked */
int
platform_locked_account(struct passwd *pw)
{
int locked = 0;
char *passwd = pw->pw_passwd;
#ifdef USE_SHADOW
struct spwd *spw = NULL;
#ifdef USE_LIBIAF
char *iaf_passwd = NULL;
#endif
spw = getspnam(pw->pw_name);
#ifdef HAS_SHADOW_EXPIRE
if (spw != NULL && auth_shadow_acctexpired(spw))
return 1;
#endif /* HAS_SHADOW_EXPIRE */
if (spw != NULL)
#ifdef USE_LIBIAF
iaf_passwd = passwd = get_iaf_password(pw);
#else
passwd = spw->sp_pwdp;
#endif /* USE_LIBIAF */
#endif
/* check for locked account */
if (passwd && *passwd) {
#ifdef LOCKED_PASSWD_STRING
if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0)
locked = 1;
#endif
#ifdef LOCKED_PASSWD_PREFIX
if (strncmp(passwd, LOCKED_PASSWD_PREFIX,
strlen(LOCKED_PASSWD_PREFIX)) == 0)
locked = 1;
#endif
#ifdef LOCKED_PASSWD_SUBSTR
if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
locked = 1;
#endif
}
#ifdef USE_LIBIAF
if (iaf_passwd != NULL)
freezero(iaf_passwd, strlen(iaf_passwd));
#endif /* USE_LIBIAF */
return locked;
}

1
platform.h
View file

@ -28,6 +28,7 @@ void platform_setusercontext(struct passwd *);
void platform_setusercontext_post_groups(struct passwd *);
char *platform_get_krb5_client(const char *);
char *platform_krb5_get_principal_name(const char *);
int platform_locked_account(struct passwd *);
int platform_sys_dir_uid(uid_t);
void platform_disable_tracing(int);

31
scp.0
View file

@ -30,10 +30,10 @@ DESCRIPTION
-3 Copies between two remote hosts are transferred through the local
host. Without this option the data is copied directly between
the two remote hosts. Note that, when using the original SCP
protocol (the default), this option selects batch mode for the
second host as scp cannot ask for passwords or passphrases for
both hosts. This mode is the default.
the two remote hosts. Note that, when using the legacy SCP
protocol (via the -O flag), this option selects batch mode for
the second host as scp cannot ask for passwords or passphrases
for both hosts. This mode is the default.
-4 Forces scp to use IPv4 addresses only.
@ -53,7 +53,7 @@ DESCRIPTION
option is directly passed to ssh(1).
-D sftp_server_path
When using the SFTP protocol support via -s, connect directly to
When using the SFTP protocol support via -M, connect directly to
a local SFTP server program rather than a remote one via ssh(1).
This option may be useful in debugging the client and server.
@ -77,12 +77,11 @@ DESCRIPTION
-l limit
Limits the used bandwidth, specified in Kbit/s.
-O Use the original SCP protocol for file transfers instead of the
-O Use the legacy SCP protocol for file transfers instead of the
SFTP protocol. Forcing the use of the SCP protocol may be
necessary for servers that do not implement SFTP, for backwards-
compatibility for particular filename wildcard patterns and for
expanding paths with a M-bM-^@M-^X~M-bM-^@M-^Y prefix for older SFTP servers. This
mode is the default.
expanding paths with a M-bM-^@M-^X~M-bM-^@M-^Y prefix for older SFTP servers.
-o ssh_option
Can be used to pass options to ssh in the format used in
@ -175,9 +174,6 @@ DESCRIPTION
Name of program to use for the encrypted connection. The program
must understand ssh(1) options.
-s Use the SFTP protocol for transfers rather than the original scp
protocol.
-T Disable strict filename checking. By default when copying files
from a remote host to a local directory scp checks that the
received filenames match those requested on the command-line to
@ -203,14 +199,17 @@ HISTORY
scp is based on the rcp program in BSD source code from the Regents of
the University of California.
Since OpenSSH 8.8, scp has use the SFTP protocol for transfers by
default.
AUTHORS
Timo Rinne <tri@iki.fi>
Tatu Ylonen <ylo@cs.hut.fi>
CAVEATS
The original SCP protocol (used by default) requires execution of the
remote user's shell to perform glob(3) pattern matching. This requires
careful quoting of any characters that have special meaning to the remote
shell, such as quote characters.
The legacy SCP protocol (selected by the -O flag) requires execution of
the remote user's shell to perform glob(3) pattern matching. This
requires careful quoting of any characters that have special meaning to
the remote shell, such as quote characters.
OpenBSD 7.0 February 10, 2022 OpenBSD 7.0
OpenBSD 7.0 February 23, 2022 OpenBSD 7.0

24
scp.1
View file

@ -8,9 +8,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
.\" $OpenBSD: scp.1,v 1.107 2022/02/10 04:12:38 djm Exp $
.\" $OpenBSD: scp.1,v 1.108 2022/02/23 21:21:16 djm Exp $
.\"
.Dd $Mdocdate: February 10 2022 $
.Dd $Mdocdate: February 23 2022 $
.Dt SCP 1
.Os
.Sh NAME
@ -76,7 +76,9 @@ The options are as follows:
Copies between two remote hosts are transferred through the local host.
Without this option the data is copied directly between the two remote
hosts.
Note that, when using the original SCP protocol (the default), this option
Note that, when using the legacy SCP protocol (via the
.Fl O
flag), this option
selects batch mode for the second host as
.Nm
cannot ask for passwords or passphrases for both hosts.
@ -109,7 +111,7 @@ This option is directly passed to
.Xr ssh 1 .
.It Fl D Ar sftp_server_path
When using the SFTP protocol support via
.Fl s ,
.Fl M ,
connect directly to a local SFTP server program rather than a
remote one via
.Xr ssh 1 .
@ -141,13 +143,12 @@ This option is directly passed to
.It Fl l Ar limit
Limits the used bandwidth, specified in Kbit/s.
.It Fl O
Use the original SCP protocol for file transfers instead of the SFTP protocol.
Use the legacy SCP protocol for file transfers instead of the SFTP protocol.
Forcing the use of the SCP protocol may be necessary for servers that do
not implement SFTP, for backwards-compatibility for particular filename
wildcard patterns and for expanding paths with a
.Sq ~
prefix for older SFTP servers.
This mode is the default.
.It Fl o Ar ssh_option
Can be used to pass options to
.Nm ssh
@ -257,8 +258,6 @@ to use for the encrypted connection.
The program must understand
.Xr ssh 1
options.
.It Fl s
Use the SFTP protocol for transfers rather than the original scp protocol.
.It Fl T
Disable strict filename checking.
By default when copying files from a remote host to a local directory
@ -295,12 +294,17 @@ debugging connection, authentication, and configuration problems.
is based on the rcp program in
.Bx
source code from the Regents of the University of California.
.Pp
Since OpenSSH 8.8,
.Nm
has use the SFTP protocol for transfers by default.
.Sh AUTHORS
.An Timo Rinne Aq Mt tri@iki.fi
.An Tatu Ylonen Aq Mt ylo@cs.hut.fi
.Sh CAVEATS
The original SCP protocol (used by default) requires execution of the
remote user's shell to perform
The legacy SCP protocol (selected by the
.Fl O
flag) requires execution of the remote user's shell to perform
.Xr glob 3
pattern matching.
This requires careful quoting of any characters that have special meaning to

6
scp.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: scp.c,v 1.245 2022/02/10 04:12:38 djm Exp $ */
/* $OpenBSD: scp.c,v 1.247 2022/03/20 08:52:17 djm Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@ -449,7 +449,7 @@ main(int argc, char **argv)
const char *errstr;
extern char *optarg;
extern int optind;
enum scp_mode_e mode = MODE_SCP;
enum scp_mode_e mode = MODE_SFTP;
char *sftp_direct = NULL;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
@ -968,7 +968,7 @@ do_sftp_connect(char *host, char *user, int port, char *sftp_direct,
return NULL;
} else {
args.list = NULL;
freeargs(&args);
addargs(&args, "sftp-server");
if (do_cmd(sftp_direct, host, NULL, -1, 0, "sftp",
reminp, remoutp, pidp) < 0)

9
servconf.c
View file

@ -1,5 +1,5 @@
/* $OpenBSD: servconf.c,v 1.383 2022/02/08 08:59:12 dtucker Exp $ */
/* $OpenBSD: servconf.c,v 1.384 2022/03/18 04:04:11 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -2520,7 +2520,7 @@ parse_server_match_config(ServerOptions *options,
initialize_server_options(&mo);
parse_server_config(&mo, "reprocess config", cfg, includes,
connectinfo);
connectinfo, 0);
copy_set_server_options(options, &mo, 0);
}
@ -2698,12 +2698,13 @@ parse_server_config_depth(ServerOptions *options, const char *filename,
void
parse_server_config(ServerOptions *options, const char *filename,
struct sshbuf *conf, struct include_list *includes,
struct connection_info *connectinfo)
struct connection_info *connectinfo, int reexec)
{
int active = connectinfo ? 0 : 1;
parse_server_config_depth(options, filename, conf, includes,
connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0);
process_queued_listen_addrs(options);
if (!reexec)
process_queued_listen_addrs(options);
}
static const char *

4
servconf.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.h,v 1.155 2021/07/02 05:11:21 dtucker Exp $ */
/* $OpenBSD: servconf.h,v 1.156 2022/03/18 04:04:11 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -297,7 +297,7 @@ int process_server_config_line(ServerOptions *, char *, const char *, int,
void process_permitopen(struct ssh *ssh, ServerOptions *options);
void load_server_config(const char *, struct sshbuf *);
void parse_server_config(ServerOptions *, const char *, struct sshbuf *,
struct include_list *includes, struct connection_info *);
struct include_list *includes, struct connection_info *, int);
void parse_server_match_config(ServerOptions *,
struct include_list *includes, struct connection_info *);
int parse_server_match_testspec(struct connection_info *, char *);

122
sftp-client.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-client.c,v 1.161 2022/01/17 21:41:04 djm Exp $ */
/* $OpenBSD: sftp-client.c,v 1.162 2022/03/31 03:07:03 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@ -103,6 +103,7 @@ struct sftp_conn {
#define SFTP_EXT_LSETSTAT 0x00000020
#define SFTP_EXT_LIMITS 0x00000040
#define SFTP_EXT_PATH_EXPAND 0x00000080
#define SFTP_EXT_COPY_DATA 0x00000100
u_int exts;
u_int64_t limit_kbps;
struct bwlimit bwlimit_in, bwlimit_out;
@ -534,6 +535,10 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests,
strcmp((char *)value, "1") == 0) {
ret->exts |= SFTP_EXT_PATH_EXPAND;
known = 1;
} else if (strcmp(name, "copy-data") == 0 &&
strcmp((char *)value, "1") == 0) {
ret->exts |= SFTP_EXT_COPY_DATA;
known = 1;
}
if (known) {
debug2("Server supports extension \"%s\" revision %s",
@ -1078,6 +1083,121 @@ do_expand_path(struct sftp_conn *conn, const char *path)
return do_realpath_expand(conn, path, 1);
}
int
do_copy(struct sftp_conn *conn, const char *oldpath, const char *newpath)
{
Attrib junk, *a;
struct sshbuf *msg;
u_char *old_handle, *new_handle;
u_int mode, status, id;
size_t old_handle_len, new_handle_len;
int r;
/* Return if the extension is not supported */
if ((conn->exts & SFTP_EXT_COPY_DATA) == 0) {
error("Server does not support copy-data extension");
return -1;
}
/* Make sure the file exists, and we can copy its perms */
if ((a = do_stat(conn, oldpath, 0)) == NULL)
return -1;
/* Do not preserve set[ug]id here, as we do not preserve ownership */
if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
mode = a->perm & 0777;
if (!S_ISREG(a->perm)) {
error("Cannot copy non-regular file: %s", oldpath);
return -1;
}
} else {
/* NB: The user's umask will apply to this */
mode = 0666;
}
/* Set up the new perms for the new file */
attrib_clear(a);
a->perm = mode;
a->flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
if ((msg = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
attrib_clear(&junk); /* Send empty attributes */
/* Open the old file for reading */
id = conn->msg_id++;
if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 ||
(r = sshbuf_put_u32(msg, id)) != 0 ||
(r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
(r = sshbuf_put_u32(msg, SSH2_FXF_READ)) != 0 ||
(r = encode_attrib(msg, &junk)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
send_msg(conn, msg);
debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, oldpath);
sshbuf_reset(msg);
old_handle = get_handle(conn, id, &old_handle_len,
"remote open(\"%s\")", oldpath);
if (old_handle == NULL) {
sshbuf_free(msg);
return -1;
}
/* Open the new file for writing */
id = conn->msg_id++;
if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 ||
(r = sshbuf_put_u32(msg, id)) != 0 ||
(r = sshbuf_put_cstring(msg, newpath)) != 0 ||
(r = sshbuf_put_u32(msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|
SSH2_FXF_TRUNC)) != 0 ||
(r = encode_attrib(msg, a)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
send_msg(conn, msg);
debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, newpath);
sshbuf_reset(msg);
new_handle = get_handle(conn, id, &new_handle_len,
"remote open(\"%s\")", newpath);
if (new_handle == NULL) {
sshbuf_free(msg);
free(old_handle);
return -1;
}
/* Copy the file data */
id = conn->msg_id++;
if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
(r = sshbuf_put_u32(msg, id)) != 0 ||
(r = sshbuf_put_cstring(msg, "copy-data")) != 0 ||
(r = sshbuf_put_string(msg, old_handle, old_handle_len)) != 0 ||
(r = sshbuf_put_u64(msg, 0)) != 0 ||
(r = sshbuf_put_u64(msg, 0)) != 0 ||
(r = sshbuf_put_string(msg, new_handle, new_handle_len)) != 0 ||
(r = sshbuf_put_u64(msg, 0)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
send_msg(conn, msg);
debug3("Sent message copy-data \"%s\" 0 0 -> \"%s\" 0",
oldpath, newpath);
status = get_status(conn, id);
if (status != SSH2_FX_OK)
error("Couldn't copy file \"%s\" to \"%s\": %s", oldpath,
newpath, fx2txt(status));
/* Clean up everything */
sshbuf_free(msg);
do_close(conn, old_handle, old_handle_len);
do_close(conn, new_handle, new_handle_len);
free(old_handle);
free(new_handle);
return status == SSH2_FX_OK ? 0 : -1;
}
int
do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath,
int force_legacy)

5
sftp-client.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-client.h,v 1.35 2022/01/01 01:55:30 jsg Exp $ */
/* $OpenBSD: sftp-client.h,v 1.36 2022/03/31 03:07:03 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
@ -125,6 +125,9 @@ int do_statvfs(struct sftp_conn *, const char *, struct sftp_statvfs *, int);
/* Rename 'oldpath' to 'newpath' */
int do_rename(struct sftp_conn *, const char *, const char *, int);
/* Copy 'oldpath' to 'newpath' */
int do_copy(struct sftp_conn *, const char *, const char *);
/* Link 'oldpath' to 'newpath' */
int do_hardlink(struct sftp_conn *, const char *, const char *);

8
sftp-glob.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-glob.c,v 1.29 2019/11/13 04:47:52 deraadt Exp $ */
/* $OpenBSD: sftp-glob.c,v 1.30 2022/02/25 09:46:24 dtucker Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@ -51,7 +51,7 @@ fudge_opendir(const char *path)
r = xcalloc(1, sizeof(*r));
if (do_readdir(cur.conn, (char *)path, &r->dir)) {
if (do_readdir(cur.conn, path, &r->dir)) {
free(r);
return(NULL);
}
@ -112,7 +112,7 @@ fudge_lstat(const char *path, struct stat *st)
{
Attrib *a;
if (!(a = do_lstat(cur.conn, (char *)path, 1)))
if (!(a = do_lstat(cur.conn, path, 1)))
return(-1);
attrib_to_stat(a, st);
@ -125,7 +125,7 @@ fudge_stat(const char *path, struct stat *st)
{
Attrib *a;
if (!(a = do_stat(cur.conn, (char *)path, 1)))
if (!(a = do_stat(cur.conn, path, 1)))
return(-1);
attrib_to_stat(a, st);

94
sftp-server.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-server.c,v 1.139 2022/02/01 23:32:51 djm Exp $ */
/* $OpenBSD: sftp-server.c,v 1.140 2022/03/31 03:05:49 djm Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
@ -44,6 +44,7 @@
#include <unistd.h>
#include <stdarg.h>
#include "atomicio.h"
#include "xmalloc.h"
#include "sshbuf.h"
#include "ssherr.h"
@ -119,6 +120,7 @@ static void process_extended_fsync(u_int32_t id);
static void process_extended_lsetstat(u_int32_t id);
static void process_extended_limits(u_int32_t id);
static void process_extended_expand(u_int32_t id);
static void process_extended_copy_data(u_int32_t id);
static void process_extended(u_int32_t id);
struct sftp_handler {
@ -164,6 +166,7 @@ static const struct sftp_handler extended_handlers[] = {
{ "limits", "limits@openssh.com", 0, process_extended_limits, 0 },
{ "expand-path", "expand-path@openssh.com", 0,
process_extended_expand, 0 },
{ "copy-data", "copy-data", 0, process_extended_copy_data, 1 },
{ NULL, NULL, 0, NULL, 0 }
};
@ -720,6 +723,7 @@ process_init(void)
compose_extension(msg, "lsetstat@openssh.com", "1");
compose_extension(msg, "limits@openssh.com", "1");
compose_extension(msg, "expand-path@openssh.com", "1");
compose_extension(msg, "copy-data", "1");
send_msg(msg);
sshbuf_free(msg);
@ -1592,6 +1596,94 @@ process_extended_expand(u_int32_t id)
free(path);
}
static void
process_extended_copy_data(u_int32_t id)
{
u_char buf[64*1024];
int read_handle, read_fd, write_handle, write_fd;
u_int64_t len, read_off, read_len, write_off;
int r, copy_until_eof, status = SSH2_FX_OP_UNSUPPORTED;
size_t ret;
if ((r = get_handle(iqueue, &read_handle)) != 0 ||
(r = sshbuf_get_u64(iqueue, &read_off)) != 0 ||
(r = sshbuf_get_u64(iqueue, &read_len)) != 0 ||
(r = get_handle(iqueue, &write_handle)) != 0 ||
(r = sshbuf_get_u64(iqueue, &write_off)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
debug("request %u: copy-data from \"%s\" (handle %d) off %llu len %llu "
"to \"%s\" (handle %d) off %llu",
id, handle_to_name(read_handle), read_handle,
(unsigned long long)read_off, (unsigned long long)read_len,
handle_to_name(write_handle), write_handle,
(unsigned long long)write_off);
/* For read length of 0, we read until EOF. */
if (read_len == 0) {
read_len = (u_int64_t)-1 - read_off;
copy_until_eof = 1;
} else
copy_until_eof = 0;
read_fd = handle_to_fd(read_handle);
write_fd = handle_to_fd(write_handle);
/* Disallow reading & writing to the same handle or same path or dirs */
if (read_handle == write_handle || read_fd < 0 || write_fd < 0 ||
!strcmp(handle_to_name(read_handle), handle_to_name(write_handle))) {
status = SSH2_FX_FAILURE;
goto out;
}
if (lseek(read_fd, read_off, SEEK_SET) < 0) {
status = errno_to_portable(errno);
error("%s: read_seek failed", __func__);
goto out;
}
if ((handle_to_flags(write_handle) & O_APPEND) == 0 &&
lseek(write_fd, write_off, SEEK_SET) < 0) {
status = errno_to_portable(errno);
error("%s: write_seek failed", __func__);
goto out;
}
/* Process the request in chunks. */
while (read_len > 0 || copy_until_eof) {
len = MINIMUM(sizeof(buf), read_len);
read_len -= len;
ret = atomicio(read, read_fd, buf, len);
if (ret == 0 && errno == EPIPE) {
status = copy_until_eof ? SSH2_FX_OK : SSH2_FX_EOF;
break;
} else if (ret == 0) {
status = errno_to_portable(errno);
error("%s: read failed: %s", __func__, strerror(errno));
break;
}
len = ret;
handle_update_read(read_handle, len);
ret = atomicio(vwrite, write_fd, buf, len);
if (ret != len) {
status = errno_to_portable(errno);
error("%s: write failed: %llu != %llu: %s", __func__,
(unsigned long long)ret, (unsigned long long)len,
strerror(errno));
break;
}
handle_update_write(write_handle, len);
}
if (read_len == 0)
status = SSH2_FX_OK;
out:
send_status(id, status);
}
static void
process_extended(u_int32_t id)
{

17
sftp.0
View file

@ -53,15 +53,15 @@ DESCRIPTION
-b batchfile
Batch mode reads a series of commands from an input batchfile
instead of stdin. Since it lacks user interaction it should be
instead of stdin. Since it lacks user interaction, it should be
used in conjunction with non-interactive authentication to
obviate the need to enter a password at connection time (see
sshd(8) and ssh-keygen(1) for details).
A batchfile of M-bM-^@M-^X-M-bM-^@M-^Y may be used to indicate standard input. sftp
will abort if any of the following commands fail: get, put,
reget, reput, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod,
chown, chgrp, lpwd, df, symlink, and lmkdir.
reget, reput, rename, ln, rm, mkdir, chdir, ls, lchdir, copy, cp,
chmod, chown, chgrp, lpwd, df, symlink, and lmkdir.
Termination on error can be suppressed on a command by command
basis by prefixing the command with a M-bM-^@M-^X-M-bM-^@M-^Y character (for example,
@ -243,6 +243,15 @@ INTERACTIVE COMMANDS
Note that this is only supported by servers that implement the
"lsetstat@openssh.com" extension.
copy oldpath newpath
Copy remote file from oldpath to newpath.
Note that this is only supported by servers that implement the
"copy-data" extension.
cp oldpath newpath
Alias to copy command.
df [-hi] [path]
Display usage information for the filesystem holding the current
directory (or path if specified). If the -h flag is specified,
@ -408,4 +417,4 @@ SEE ALSO
T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
filexfer-00.txt, January 2001, work in progress material.
OpenBSD 7.0 July 2, 2021 OpenBSD 7.0
OpenBSD 7.0 March 31, 2022 OpenBSD 7.0

20
sftp.1
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: sftp.1,v 1.138 2021/07/02 05:11:21 dtucker Exp $
.\" $OpenBSD: sftp.1,v 1.140 2022/03/31 17:27:27 naddy Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 2 2021 $
.Dd $Mdocdate: March 31 2022 $
.Dt SFTP 1
.Os
.Sh NAME
@ -126,7 +126,7 @@ Batch mode reads a series of commands from an input
.Ar batchfile
instead of
.Em stdin .
Since it lacks user interaction it should be used in conjunction with
Since it lacks user interaction, it should be used in conjunction with
non-interactive authentication to obviate the need to enter a password
at connection time (see
.Xr sshd 8
@ -144,7 +144,7 @@ will abort if any of the following
commands fail:
.Ic get , put , reget , reput , rename , ln ,
.Ic rm , mkdir , chdir , ls ,
.Ic lchdir , chmod , chown ,
.Ic lchdir , copy , cp , chmod , chown ,
.Ic chgrp , lpwd , df , symlink ,
and
.Ic lmkdir .
@ -400,6 +400,18 @@ If the
flag is specified, then symlinks will not be followed.
Note that this is only supported by servers that implement
the "lsetstat@openssh.com" extension.
.It Ic copy Ar oldpath Ar newpath
Copy remote file from
.Ar oldpath
to
.Ar newpath .
.Pp
Note that this is only supported by servers that implement the "copy-data"
extension.
.It Ic cp Ar oldpath Ar newpath
Alias to
.Ic copy
command.
.It Xo Ic df
.Op Fl hi
.Op Ar path

17
sftp.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: sftp.c,v 1.212 2021/09/11 09:05:50 schwarze Exp $ */
/* $OpenBSD: sftp.c,v 1.214 2022/03/31 03:07:03 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@ -137,6 +137,7 @@ enum sftp_command {
I_CHGRP,
I_CHMOD,
I_CHOWN,
I_COPY,
I_DF,
I_GET,
I_HELP,
@ -180,6 +181,8 @@ static const struct CMD cmds[] = {
{ "chgrp", I_CHGRP, REMOTE },
{ "chmod", I_CHMOD, REMOTE },
{ "chown", I_CHOWN, REMOTE },
{ "copy", I_COPY, REMOTE },
{ "cp", I_COPY, REMOTE },
{ "df", I_DF, REMOTE },
{ "dir", I_LS, REMOTE },
{ "exit", I_QUIT, NOARGS },
@ -286,6 +289,8 @@ help(void)
"chgrp [-h] grp path Change group of file 'path' to 'grp'\n"
"chmod [-h] mode path Change permissions of file 'path' to 'mode'\n"
"chown [-h] own path Change owner of file 'path' to 'own'\n"
"copy oldpath newpath Copy remote file\n"
"cp oldpath newpath Copy remote file\n"
"df [-hi] [path] Display statistics for current directory or\n"
" filesystem containing 'path'\n"
"exit Quit sftp\n"
@ -1369,6 +1374,10 @@ parse_args(const char **cpp, int *ignore_errors, int *disable_echo, int *aflag,
if ((optidx = parse_link_flags(cmd, argv, argc, sflag)) == -1)
return -1;
goto parse_two_paths;
case I_COPY:
if ((optidx = parse_no_flags(cmd, argv, argc)) == -1)
return -1;
goto parse_two_paths;
case I_RENAME:
if ((optidx = parse_rename_flags(cmd, argv, argc, lflag)) == -1)
return -1;
@ -1536,6 +1545,11 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
err = process_put(conn, path1, path2, *pwd, pflag,
rflag, aflag, fflag);
break;
case I_COPY:
path1 = make_absolute(path1, *pwd);
path2 = make_absolute(path2, *pwd);
err = do_copy(conn, path1, path2);
break;
case I_RENAME:
path1 = make_absolute(path1, *pwd);
path2 = make_absolute(path2, *pwd);
@ -2272,7 +2286,6 @@ static void
connect_to_server(char *path, char **args, int *in, int *out)
{
int c_in, c_out;
#ifdef USE_PIPES
int pin[2], pout[2];

6
ssh-agent.0
View file

@ -25,10 +25,10 @@ DESCRIPTION
-c Generate C-shell commands on stdout. This is the default if
SHELL looks like it's a csh style of shell.
-D Foreground mode. When this option is specified ssh-agent will
-D Foreground mode. When this option is specified, ssh-agent will
not fork.
-d Debug mode. When this option is specified ssh-agent will not
-d Debug mode. When this option is specified, ssh-agent will not
fork and will write debug information to standard error.
-E fingerprint_hash
@ -116,4 +116,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 7.0 June 22, 2020 OpenBSD 7.0
OpenBSD 7.0 March 31, 2022 OpenBSD 7.0

8
ssh-agent.1
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-agent.1,v 1.72 2020/06/22 05:52:05 djm Exp $
.\" $OpenBSD: ssh-agent.1,v 1.73 2022/03/31 17:27:27 naddy Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 22 2020 $
.Dd $Mdocdate: March 31 2022 $
.Dt SSH-AGENT 1
.Os
.Sh NAME
@ -82,12 +82,12 @@ This is the default if
looks like it's a csh style of shell.
.It Fl D
Foreground mode.
When this option is specified
When this option is specified,
.Nm
will not fork.
.It Fl d
Debug mode.
When this option is specified
When this option is specified,
.Nm
will not fork and will write debug information to standard error.
.It Fl E Ar fingerprint_hash

9
ssh-keygen.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keygen.c,v 1.448 2022/02/01 23:32:51 djm Exp $ */
/* $OpenBSD: ssh-keygen.c,v 1.450 2022/03/18 02:32:22 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -3538,6 +3538,13 @@ main(int argc, char **argv)
return sig_sign(identity_file, cert_principals,
argc, argv, opts, nopts);
} else if (strncmp(sign_op, "check-novalidate", 16) == 0) {
/* NB. cert_principals is actually namespace, via -n */
if (cert_principals == NULL ||
*cert_principals == '\0') {
error("Too few arguments for check-novalidate: "
"missing namespace");
exit(1);
}
if (ca_key_path == NULL) {
error("Too few arguments for check-novalidate: "
"missing signature file");

4
ssh-keysign.0
View file

@ -36,7 +36,7 @@ FILES
/etc/ssh/ssh_host_ecdsa_key-cert.pub
/etc/ssh/ssh_host_ed25519_key-cert.pub
/etc/ssh/ssh_host_rsa_key-cert.pub
If these files exist they are assumed to contain public
If these files exist, they are assumed to contain public
certificate information corresponding with the private keys
above.
@ -49,4 +49,4 @@ HISTORY
AUTHORS
Markus Friedl <markus@openbsd.org>
OpenBSD 7.0 November 30, 2019 OpenBSD 7.0
OpenBSD 7.0 March 31, 2022 OpenBSD 7.0

6
ssh-keysign.8
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keysign.8,v 1.16 2019/11/30 07:07:59 jmc Exp $
.\" $OpenBSD: ssh-keysign.8,v 1.17 2022/03/31 17:27:27 naddy Exp $
.\"
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
.\"
@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 30 2019 $
.Dd $Mdocdate: March 31 2022 $
.Dt SSH-KEYSIGN 8
.Os
.Sh NAME
@ -77,7 +77,7 @@ must be set-uid root if host-based authentication is used.
.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub
.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub
If these files exist they are assumed to contain public certificate
If these files exist, they are assumed to contain public certificate
information corresponding with the private keys above.
.El
.Sh SEE ALSO

10
ssh.0
View file

@ -387,7 +387,7 @@ DESCRIPTION
If the port argument is M-bM-^@M-^X0M-bM-^@M-^Y, the listen port will be dynamically
allocated on the server and reported to the client at run time.
When used together with -O forward the allocated port will be
When used together with -O forward, the allocated port will be
printed to the standard output.
-S ctl_path
@ -560,11 +560,11 @@ AUTHENTICATION
normal shell as an interactive session. All communication with the
remote command or shell will be automatically encrypted.
If an interactive session is requested ssh by default will only request a
pseudo-terminal (pty) for interactive sessions when the client has one.
If an interactive session is requested, ssh by default will only request
a pseudo-terminal (pty) for interactive sessions when the client has one.
The flags -T and -t can be used to override this behaviour.
If a pseudo-terminal has been allocated the user may use the escape
If a pseudo-terminal has been allocated, the user may use the escape
characters noted below.
If no pseudo-terminal has been allocated, the session is transparent and
@ -1013,4 +1013,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 7.0 February 6, 2022 OpenBSD 7.0
OpenBSD 7.0 March 31, 2022 OpenBSD 7.0

10
ssh.1
View file

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.429 2022/02/06 00:29:03 jsg Exp $
.Dd $Mdocdate: February 6 2022 $
.\" $OpenBSD: ssh.1,v 1.430 2022/03/31 17:27:27 naddy Exp $
.Dd $Mdocdate: March 31 2022 $
.Dt SSH 1
.Os
.Sh NAME
@ -705,7 +705,7 @@ argument is
the listen port will be dynamically allocated on the server and reported
to the client at run time.
When used together with
.Ic -O forward
.Ic -O forward ,
the allocated port will be printed to the standard output.
.Pp
.It Fl S Ar ctl_path
@ -1045,7 +1045,7 @@ the user a normal shell as an interactive session.
All communication with
the remote command or shell will be automatically encrypted.
.Pp
If an interactive session is requested
If an interactive session is requested,
.Nm
by default will only request a pseudo-terminal (pty) for interactive
sessions when the client has one.
@ -1055,7 +1055,7 @@ and
.Fl t
can be used to override this behaviour.
.Pp
If a pseudo-terminal has been allocated the
If a pseudo-terminal has been allocated, the
user may use the escape characters noted below.
.Pp
If no pseudo-terminal has been allocated,

4
ssh.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.c,v 1.573 2022/02/08 08:59:12 dtucker Exp $ */
/* $OpenBSD: ssh.c,v 1.574 2022/03/30 04:33:09 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -696,7 +696,7 @@ main(int ac, char **av)
again:
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
"AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
"AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { /* HUZdhjruz */
switch (opt) {
case '1':
fatal("SSH protocol v.1 is no longer supported");

8
ssh_config.0
View file

@ -213,7 +213,7 @@ DESCRIPTION
list of certificates used for authentication.
CheckHostIP
If set to yes ssh(1) will additionally check the host IP address
If set to yes, ssh(1) will additionally check the host IP address
in the known_hosts file. This allows it to detect if a host key
changed due to DNS spoofing and will add addresses of destination
hosts to ~/.ssh/known_hosts in the process, regardless of the
@ -670,9 +670,9 @@ DESCRIPTION
a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified algorithms will be placed at
the head of the default set. The default is:
sntrup761x25519-sha512@openssh.com,
curve25519-sha256,curve25519-sha256@libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
sntrup761x25519-sha512@openssh.com,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group16-sha512,
diffie-hellman-group18-sha512,
@ -947,7 +947,7 @@ DESCRIPTION
the second argument must be host:hostport or a Unix domain socket
path, otherwise if no destination argument is specified then the
remote forwarding will be established as a SOCKS proxy. When
acting as a SOCKS proxy the destination of the connection can be
acting as a SOCKS proxy, the destination of the connection can be
restricted by PermitRemoteOpen.
IPv6 addresses can be specified by enclosing addresses in square
@ -1308,4 +1308,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
OpenBSD 7.0 February 15, 2022 OpenBSD 7.0
OpenBSD 7.0 March 31, 2022 OpenBSD 7.0

10
ssh_config.5
View file

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh_config.5,v 1.369 2022/02/15 05:13:36 djm Exp $
.Dd $Mdocdate: February 15 2022 $
.\" $OpenBSD: ssh_config.5,v 1.371 2022/03/31 17:58:44 naddy Exp $
.Dd $Mdocdate: March 31 2022 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@ -435,7 +435,7 @@ directives will add to the list of certificates used for
authentication.
.It Cm CheckHostIP
If set to
.Cm yes
.Cm yes ,
.Xr ssh 1
will additionally check the host IP address in the
.Pa known_hosts
@ -1165,9 +1165,9 @@ character, then the specified algorithms will be placed at the head of the
default set.
The default is:
.Bd -literal -offset indent
sntrup761x25519-sha512@openssh.com,
curve25519-sha256,curve25519-sha256@libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
sntrup761x25519-sha512@openssh.com,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group16-sha512,
diffie-hellman-group18-sha512,
@ -1581,7 +1581,7 @@ If forwarding to a specific destination then the second argument must be
or a Unix domain socket path,
otherwise if no destination argument is specified then the remote forwarding
will be established as a SOCKS proxy.
When acting as a SOCKS proxy the destination of the connection can be
When acting as a SOCKS proxy, the destination of the connection can be
restricted by
.Cm PermitRemoteOpen .
.Pp

4
sshd.0
View file

@ -402,7 +402,7 @@ AUTHORIZED_KEYS FILE FORMAT
Enable all restrictions, i.e. disable port, agent and X11
forwarding, as well as disabling PTY allocation and execution of
~/.ssh/rc. If any future restriction capabilities are added to
authorized_keys files they will be included in this set.
authorized_keys files, they will be included in this set.
tunnel="n"
Force a tun(4) device on the server. Without this option, the
@ -672,4 +672,4 @@ AUTHORS
versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
for privilege separation.
OpenBSD 7.0 September 10, 2021 OpenBSD 7.0
OpenBSD 7.0 March 31, 2022 OpenBSD 7.0

6
sshd.8
View file

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd.8,v 1.317 2021/09/10 11:38:38 dtucker Exp $
.Dd $Mdocdate: September 10 2021 $
.\" $OpenBSD: sshd.8,v 1.318 2022/03/31 17:27:27 naddy Exp $
.Dd $Mdocdate: March 31 2022 $
.Dt SSHD 8
.Os
.Sh NAME
@ -650,7 +650,7 @@ Enable all restrictions, i.e. disable port, agent and X11 forwarding,
as well as disabling PTY allocation
and execution of
.Pa ~/.ssh/rc .
If any future restriction capabilities are added to authorized_keys files
If any future restriction capabilities are added to authorized_keys files,
they will be included in this set.
.It Cm tunnel="n"
Force a

4
sshd.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.584 2022/03/01 01:59:19 djm Exp $ */
/* $OpenBSD: sshd.c,v 1.585 2022/03/18 04:04:11 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1749,7 +1749,7 @@ main(int ac, char **av)
load_server_config(config_file_name, cfg);
parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
cfg, &includes, NULL);
cfg, &includes, NULL, rexeced_flag);
#ifdef WITH_OPENSSL
if (options.moduli_file != NULL)

4
sshd_config.0
View file

@ -577,9 +577,9 @@ DESCRIPTION
The default is:
sntrup761x25519-sha512@openssh.com,
curve25519-sha256,curve25519-sha256@libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
sntrup761x25519-sha512@openssh.com,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
diffie-hellman-group14-sha256
@ -1191,4 +1191,4 @@ AUTHORS
versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
for privilege separation.
OpenBSD 7.0 December 4, 2021 OpenBSD 7.0
OpenBSD 7.0 March 31, 2022 OpenBSD 7.0

6
sshd_config.5
View file

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.339 2021/12/04 00:05:39 naddy Exp $
.Dd $Mdocdate: December 4 2021 $
.\" $OpenBSD: sshd_config.5,v 1.340 2022/03/31 17:58:44 naddy Exp $
.Dd $Mdocdate: March 31 2022 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@ -961,9 +961,9 @@ sntrup761x25519-sha512@openssh.com
.Pp
The default is:
.Bd -literal -offset indent
sntrup761x25519-sha512@openssh.com,
curve25519-sha256,curve25519-sha256@libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
sntrup761x25519-sha512@openssh.com,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
diffie-hellman-group14-sha256

9
sshsig.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: sshsig.c,v 1.28 2022/02/01 23:34:47 djm Exp $ */
/* $OpenBSD: sshsig.c,v 1.29 2022/03/30 04:27:51 djm Exp $ */
/*
* Copyright (c) 2019 Google LLC
*
@ -739,7 +739,7 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line,
return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */
/* format: identity[,identity...] [option[,option...]] key */
if ((tmp = strdelimw(&cp)) == NULL) {
if ((tmp = strdelimw(&cp)) == NULL || cp == NULL) {
error("%s:%lu: invalid line", path, linenum);
r = SSH_ERR_INVALID_FORMAT;
goto out;
@ -777,6 +777,11 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line,
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
if (cp == NULL || *cp == '\0') {
error("%s:%lu: missing key", path, linenum);
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
*cp++ = '\0';
skip_space(&cp);
if (sshkey_read(key, &cp) != 0) {

4
version.h
View file

@ -1,6 +1,6 @@
/* $OpenBSD: version.h,v 1.93 2022/02/23 11:07:09 djm Exp $ */
/* $OpenBSD: version.h,v 1.94 2022/04/04 22:45:25 djm Exp $ */
#define SSH_VERSION "OpenSSH_8.9"
#define SSH_VERSION "OpenSSH_9.0"
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE

5
xmalloc.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: xmalloc.c,v 1.36 2019/11/12 22:32:48 djm Exp $ */
/* $OpenBSD: xmalloc.c,v 1.37 2022/03/13 23:27:54 cheloha Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -91,8 +91,7 @@ xstrdup(const char *str)
len = strlen(str) + 1;
cp = xmalloc(len);
strlcpy(cp, str, len);
return cp;
return memcpy(cp, str, len);
}
int