diff options
author | des <des@FreeBSD.org> | 2011-05-04 07:34:44 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2011-05-04 07:34:44 +0000 |
commit | ee2afa8165baec284a83500803978f8a0e645ccd (patch) | |
tree | a745d3c673d44775cc175961e80d2246eb00e0df /crypto/openssh/openbsd-compat | |
parent | d035dd6f462a261f9b99bfa8545a924b314e1bb5 (diff) | |
parent | 1824cfda46b3f11c1c3c4071e80b73ca91553149 (diff) | |
download | FreeBSD-src-ee2afa8165baec284a83500803978f8a0e645ccd.zip FreeBSD-src-ee2afa8165baec284a83500803978f8a0e645ccd.tar.gz |
Upgrade to OpenSSH 5.8p2.
Diffstat (limited to 'crypto/openssh/openbsd-compat')
-rw-r--r-- | crypto/openssh/openbsd-compat/bindresvport.c | 2 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/bsd-misc.c | 7 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/bsd-misc.h | 6 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/charclass.h | 31 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/glob.c | 306 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/glob.h | 13 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/openbsd-compat.h | 6 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/openssl-compat.c | 76 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/openssl-compat.h | 26 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/port-linux.c | 73 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/port-linux.h | 3 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/port-solaris.c | 32 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/port-solaris.h | 5 | ||||
-rw-r--r-- | crypto/openssh/openbsd-compat/timingsafe_bcmp.c | 34 |
14 files changed, 504 insertions, 116 deletions
diff --git a/crypto/openssh/openbsd-compat/bindresvport.c b/crypto/openssh/openbsd-compat/bindresvport.c index c0d5bdb..c89f214 100644 --- a/crypto/openssh/openbsd-compat/bindresvport.c +++ b/crypto/openssh/openbsd-compat/bindresvport.c @@ -89,7 +89,7 @@ bindresvport_sa(int sd, struct sockaddr *sa) port = ntohs(*portp); if (port == 0) - port = (arc4random() % NPORTS) + STARTPORT; + port = arc4random_uniform(NPORTS) + STARTPORT; /* Avoid warning */ error = -1; diff --git a/crypto/openssh/openbsd-compat/bsd-misc.c b/crypto/openssh/openbsd-compat/bsd-misc.c index 55f100a..3ef373f 100644 --- a/crypto/openssh/openbsd-compat/bsd-misc.c +++ b/crypto/openssh/openbsd-compat/bsd-misc.c @@ -240,3 +240,10 @@ strdup(const char *str) return NULL; } #endif + +#ifndef HAVE_ISBLANK +int isblank(int c) +{ + return (c == ' ' || c == '\t'); +} +#endif diff --git a/crypto/openssh/openbsd-compat/bsd-misc.h b/crypto/openssh/openbsd-compat/bsd-misc.h index b61ec42..e70c3f9 100644 --- a/crypto/openssh/openbsd-compat/bsd-misc.h +++ b/crypto/openssh/openbsd-compat/bsd-misc.h @@ -1,4 +1,4 @@ -/* $Id: bsd-misc.h,v 1.18 2005/02/25 23:07:38 dtucker Exp $ */ +/* $Id: bsd-misc.h,v 1.19 2010/11/08 22:26:23 tim Exp $ */ /* * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org> @@ -95,4 +95,8 @@ mysig_t mysignal(int sig, mysig_t act); #define signal(a,b) mysignal(a,b) +#ifndef HAVE_ISBLANK +int isblank(int); +#endif + #endif /* _BSD_MISC_H */ diff --git a/crypto/openssh/openbsd-compat/charclass.h b/crypto/openssh/openbsd-compat/charclass.h new file mode 100644 index 0000000..91f5174 --- /dev/null +++ b/crypto/openssh/openbsd-compat/charclass.h @@ -0,0 +1,31 @@ +/* + * Public domain, 2008, Todd C. Miller <Todd.Miller@courtesan.com> + * + * $OpenBSD: charclass.h,v 1.1 2008/10/01 23:04:13 millert Exp $ + */ + +/* OPENBSD ORIGINAL: lib/libc/gen/charclass.h */ + +/* + * POSIX character class support for fnmatch() and glob(). + */ +static struct cclass { + const char *name; + int (*isctype)(int); +} cclasses[] = { + { "alnum", isalnum }, + { "alpha", isalpha }, + { "blank", isblank }, + { "cntrl", iscntrl }, + { "digit", isdigit }, + { "graph", isgraph }, + { "lower", islower }, + { "print", isprint }, + { "punct", ispunct }, + { "space", isspace }, + { "upper", isupper }, + { "xdigit", isxdigit }, + { NULL, NULL } +}; + +#define NCCLASSES (sizeof(cclasses) / sizeof(cclasses[0]) - 1) diff --git a/crypto/openssh/openbsd-compat/glob.c b/crypto/openssh/openbsd-compat/glob.c index 74b5064..0341225 100644 --- a/crypto/openssh/openbsd-compat/glob.c +++ b/crypto/openssh/openbsd-compat/glob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: glob.c,v 1.26 2005/11/28 17:50:12 deraadt Exp $ */ +/* $OpenBSD: glob.c,v 1.35 2011/01/12 01:53:14 djm Exp $ */ /* * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -33,36 +33,6 @@ /* OPENBSD ORIGINAL: lib/libc/gen/glob.c */ -#include "includes.h" - -#include <sys/types.h> -#include <sys/stat.h> - -#include <dirent.h> -#include <ctype.h> -#include <errno.h> -#include <pwd.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \ - !defined(GLOB_HAS_GL_MATCHC) || \ - !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \ - defined(BROKEN_GLOB) - -static long -get_arg_max(void) -{ -#ifdef ARG_MAX - return(ARG_MAX); -#elif defined(HAVE_SYSCONF) && defined(_SC_ARG_MAX) - return(sysconf(_SC_ARG_MAX)); -#else - return(256); /* XXX: arbitrary */ -#endif -} - /* * glob(3) -- a superset of the one defined in POSIX 1003.2. * @@ -88,6 +58,25 @@ get_arg_max(void) * Number of matches in the current invocation of glob. */ +#include "includes.h" + +#include <sys/types.h> +#include <sys/stat.h> + +#include <dirent.h> +#include <ctype.h> +#include <errno.h> +#include <pwd.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \ + !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOB_HAS_GL_STATV) || \ + !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \ + defined(BROKEN_GLOB) + +#include "charclass.h" #define DOLLAR '$' #define DOT '.' @@ -100,7 +89,6 @@ get_arg_max(void) #define RBRACKET ']' #define SEP '/' #define STAR '*' -#undef TILDE /* Some platforms may already define it */ #define TILDE '~' #define UNDERSCORE '_' #define LBRACE '{' @@ -137,26 +125,39 @@ typedef char Char; #define M_ONE META('?') #define M_RNG META('-') #define M_SET META('[') +#define M_CLASS META(':') #define ismeta(c) (((c)&M_QUOTE) != 0) +#define GLOB_LIMIT_MALLOC 65536 +#define GLOB_LIMIT_STAT 128 +#define GLOB_LIMIT_READDIR 16384 + +struct glob_lim { + size_t glim_malloc; + size_t glim_stat; + size_t glim_readdir; +}; static int compare(const void *, const void *); static int g_Ctoc(const Char *, char *, u_int); static int g_lstat(Char *, struct stat *, glob_t *); static DIR *g_opendir(Char *, glob_t *); -static Char *g_strchr(Char *, int); +static Char *g_strchr(const Char *, int); +static int g_strncmp(const Char *, const char *, size_t); static int g_stat(Char *, struct stat *, glob_t *); -static int glob0(const Char *, glob_t *); -static int glob1(Char *, Char *, glob_t *, size_t *); +static int glob0(const Char *, glob_t *, struct glob_lim *); +static int glob1(Char *, Char *, glob_t *, struct glob_lim *); static int glob2(Char *, Char *, Char *, Char *, Char *, Char *, - glob_t *, size_t *); + glob_t *, struct glob_lim *); static int glob3(Char *, Char *, Char *, Char *, Char *, - Char *, Char *, glob_t *, size_t *); -static int globextend(const Char *, glob_t *, size_t *); + Char *, Char *, glob_t *, struct glob_lim *); +static int globextend(const Char *, glob_t *, struct glob_lim *, + struct stat *); static const Char * globtilde(const Char *, Char *, size_t, glob_t *); -static int globexp1(const Char *, glob_t *); -static int globexp2(const Char *, const Char *, glob_t *, int *); +static int globexp1(const Char *, glob_t *, struct glob_lim *); +static int globexp2(const Char *, const Char *, glob_t *, + struct glob_lim *); static int match(Char *, Char *, Char *); #ifdef DEBUG static void qprintf(const char *, Char *); @@ -169,11 +170,13 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int), const u_char *patnext; int c; Char *bufnext, *bufend, patbuf[MAXPATHLEN]; + struct glob_lim limit = { 0, 0, 0 }; patnext = (u_char *) pattern; if (!(flags & GLOB_APPEND)) { pglob->gl_pathc = 0; pglob->gl_pathv = NULL; + pglob->gl_statv = NULL; if (!(flags & GLOB_DOOFFS)) pglob->gl_offs = 0; } @@ -181,6 +184,11 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int), pglob->gl_errfunc = errfunc; pglob->gl_matchc = 0; + if (pglob->gl_offs < 0 || pglob->gl_pathc < 0 || + pglob->gl_offs >= INT_MAX || pglob->gl_pathc >= INT_MAX || + pglob->gl_pathc >= INT_MAX - pglob->gl_offs - 1) + return GLOB_NOSPACE; + bufnext = patbuf; bufend = bufnext + MAXPATHLEN - 1; if (flags & GLOB_NOESCAPE) @@ -201,9 +209,9 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int), *bufnext = EOS; if (flags & GLOB_BRACE) - return globexp1(patbuf, pglob); + return globexp1(patbuf, pglob, &limit); else - return glob0(patbuf, pglob); + return glob0(patbuf, pglob, &limit); } /* @@ -212,20 +220,18 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int), * characters */ static int -globexp1(const Char *pattern, glob_t *pglob) +globexp1(const Char *pattern, glob_t *pglob, struct glob_lim *limitp) { const Char* ptr = pattern; - int rv; /* Protect a single {}, for find(1), like csh */ if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS) - return glob0(pattern, pglob); + return glob0(pattern, pglob, limitp); - while ((ptr = (const Char *) g_strchr((Char *) ptr, LBRACE)) != NULL) - if (!globexp2(ptr, pattern, pglob, &rv)) - return rv; + if ((ptr = (const Char *) g_strchr(ptr, LBRACE)) != NULL) + return globexp2(ptr, pattern, pglob, limitp); - return glob0(pattern, pglob); + return glob0(pattern, pglob, limitp); } @@ -235,9 +241,10 @@ globexp1(const Char *pattern, glob_t *pglob) * If it fails then it tries to glob the rest of the pattern and returns. */ static int -globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv) +globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, + struct glob_lim *limitp) { - int i; + int i, rv; Char *lm, *ls; const Char *pe, *pm, *pl; Char patbuf[MAXPATHLEN]; @@ -270,10 +277,8 @@ globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv) } /* Non matching braces; just glob the pattern */ - if (i != 0 || *pe == EOS) { - *rv = glob0(patbuf, pglob); - return 0; - } + if (i != 0 || *pe == EOS) + return glob0(patbuf, pglob, limitp); for (i = 0, pl = pm = ptr; pm <= pe; pm++) { switch (*pm) { @@ -319,7 +324,9 @@ globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv) #ifdef DEBUG qprintf("globexp2:", patbuf); #endif - *rv = globexp1(patbuf, pglob); + rv = globexp1(patbuf, pglob, limitp); + if (rv && rv != GLOB_NOMATCH) + return rv; /* move after the comma, to the next string */ pl = pm + 1; @@ -330,7 +337,6 @@ globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv) break; } } - *rv = 0; return 0; } @@ -399,6 +405,47 @@ globtilde(const Char *pattern, Char *patbuf, size_t patbuf_len, glob_t *pglob) return patbuf; } +static int +g_strncmp(const Char *s1, const char *s2, size_t n) +{ + int rv = 0; + + while (n--) { + rv = *(Char *)s1 - *(const unsigned char *)s2++; + if (rv) + break; + if (*s1++ == '\0') + break; + } + return rv; +} + +static int +g_charclass(const Char **patternp, Char **bufnextp) +{ + const Char *pattern = *patternp + 1; + Char *bufnext = *bufnextp; + const Char *colon; + struct cclass *cc; + size_t len; + + if ((colon = g_strchr(pattern, ':')) == NULL || colon[1] != ']') + return 1; /* not a character class */ + + len = (size_t)(colon - pattern); + for (cc = cclasses; cc->name != NULL; cc++) { + if (!g_strncmp(pattern, cc->name, len) && cc->name[len] == '\0') + break; + } + if (cc->name == NULL) + return -1; /* invalid character class */ + *bufnext++ = M_CLASS; + *bufnext++ = (Char)(cc - &cclasses[0]); + *bufnextp = bufnext; + *patternp += len + 3; + + return 0; +} /* * The main glob() routine: compiles the pattern (optionally processing @@ -408,12 +455,11 @@ globtilde(const Char *pattern, Char *patbuf, size_t patbuf_len, glob_t *pglob) * to find no matches. */ static int -glob0(const Char *pattern, glob_t *pglob) +glob0(const Char *pattern, glob_t *pglob, struct glob_lim *limitp) { const Char *qpatnext; int c, err, oldpathc; Char *bufnext, patbuf[MAXPATHLEN]; - size_t limit = 0; qpatnext = globtilde(pattern, patbuf, MAXPATHLEN, pglob); oldpathc = pglob->gl_pathc; @@ -427,7 +473,7 @@ glob0(const Char *pattern, glob_t *pglob) if (c == NOT) ++qpatnext; if (*qpatnext == EOS || - g_strchr((Char *) qpatnext+1, RBRACKET) == NULL) { + g_strchr(qpatnext+1, RBRACKET) == NULL) { *bufnext++ = LBRACKET; if (c == NOT) --qpatnext; @@ -438,6 +484,20 @@ glob0(const Char *pattern, glob_t *pglob) *bufnext++ = M_NOT; c = *qpatnext++; do { + if (c == LBRACKET && *qpatnext == ':') { + do { + err = g_charclass(&qpatnext, + &bufnext); + if (err) + break; + c = *qpatnext++; + } while (c == LBRACKET && *qpatnext == ':'); + if (err == -1 && + !(pglob->gl_flags & GLOB_NOCHECK)) + return GLOB_NOMATCH; + if (c == RBRACKET) + break; + } *bufnext++ = CHAR(c); if (*qpatnext == RANGE && (c = qpatnext[1]) != RBRACKET) { @@ -471,7 +531,7 @@ glob0(const Char *pattern, glob_t *pglob) qprintf("glob0:", patbuf); #endif - if ((err = glob1(patbuf, patbuf+MAXPATHLEN-1, pglob, &limit)) != 0) + if ((err = glob1(patbuf, patbuf+MAXPATHLEN-1, pglob, limitp)) != 0) return(err); /* @@ -484,7 +544,7 @@ glob0(const Char *pattern, glob_t *pglob) if ((pglob->gl_flags & GLOB_NOCHECK) || ((pglob->gl_flags & GLOB_NOMAGIC) && !(pglob->gl_flags & GLOB_MAGCHAR))) - return(globextend(pattern, pglob, &limit)); + return(globextend(pattern, pglob, limitp, NULL)); else return(GLOB_NOMATCH); } @@ -501,7 +561,7 @@ compare(const void *p, const void *q) } static int -glob1(Char *pattern, Char *pattern_last, glob_t *pglob, size_t *limitp) +glob1(Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp) { Char pathbuf[MAXPATHLEN]; @@ -520,7 +580,7 @@ glob1(Char *pattern, Char *pattern_last, glob_t *pglob, size_t *limitp) */ static int glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, - Char *pattern, Char *pattern_last, glob_t *pglob, size_t *limitp) + Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp) { struct stat sb; Char *p, *q; @@ -536,6 +596,14 @@ glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, if (g_lstat(pathbuf, &sb, pglob)) return(0); + if ((pglob->gl_flags & GLOB_LIMIT) && + limitp->glim_stat++ >= GLOB_LIMIT_STAT) { + errno = 0; + *pathend++ = SEP; + *pathend = EOS; + return(GLOB_NOSPACE); + } + if (((pglob->gl_flags & GLOB_MARK) && pathend[-1] != SEP) && (S_ISDIR(sb.st_mode) || (S_ISLNK(sb.st_mode) && @@ -547,7 +615,7 @@ glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, *pathend = EOS; } ++pglob->gl_matchc; - return(globextend(pathbuf, pglob, limitp)); + return(globextend(pathbuf, pglob, limitp, &sb)); } /* Find end of next segment, copy tentatively to pathend. */ @@ -581,7 +649,7 @@ glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, static int glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, Char *pattern, Char *restpattern, Char *restpattern_last, glob_t *pglob, - size_t *limitp) + struct glob_lim *limitp) { struct dirent *dp; DIR *dirp; @@ -624,6 +692,14 @@ glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, u_char *sc; Char *dc; + if ((pglob->gl_flags & GLOB_LIMIT) && + limitp->glim_readdir++ >= GLOB_LIMIT_READDIR) { + errno = 0; + *pathend++ = SEP; + *pathend = EOS; + return(GLOB_NOSPACE); + } + /* Initial DOT must be matched literally. */ if (dp->d_name[0] == DOT && *pattern != DOT) continue; @@ -670,25 +746,44 @@ glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, * gl_pathv points to (gl_offs + gl_pathc + 1) items. */ static int -globextend(const Char *path, glob_t *pglob, size_t *limitp) +globextend(const Char *path, glob_t *pglob, struct glob_lim *limitp, + struct stat *sb) { char **pathv; - int i; - u_int newsize, len; - char *copy; + ssize_t i; + size_t newn, len; + char *copy = NULL; const Char *p; - - newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs); - pathv = pglob->gl_pathv ? realloc((char *)pglob->gl_pathv, newsize) : - malloc(newsize); - if (pathv == NULL) { + struct stat **statv; + + newn = 2 + pglob->gl_pathc + pglob->gl_offs; + if (pglob->gl_offs >= INT_MAX || + pglob->gl_pathc >= INT_MAX || + newn >= INT_MAX || + SIZE_MAX / sizeof(*pathv) <= newn || + SIZE_MAX / sizeof(*statv) <= newn) { + nospace: + for (i = pglob->gl_offs; i < (ssize_t)(newn - 2); i++) { + if (pglob->gl_pathv && pglob->gl_pathv[i]) + free(pglob->gl_pathv[i]); + if ((pglob->gl_flags & GLOB_KEEPSTAT) != 0 && + pglob->gl_pathv && pglob->gl_pathv[i]) + free(pglob->gl_statv[i]); + } if (pglob->gl_pathv) { free(pglob->gl_pathv); pglob->gl_pathv = NULL; } + if (pglob->gl_statv) { + free(pglob->gl_statv); + pglob->gl_statv = NULL; + } return(GLOB_NOSPACE); } + pathv = realloc(pglob->gl_pathv, newn * sizeof(*pathv)); + if (pathv == NULL) + goto nospace; if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) { /* first time around -- clear initial gl_offs items */ pathv += pglob->gl_offs; @@ -697,10 +792,39 @@ globextend(const Char *path, glob_t *pglob, size_t *limitp) } pglob->gl_pathv = pathv; + if ((pglob->gl_flags & GLOB_KEEPSTAT) != 0) { + statv = realloc(pglob->gl_statv, newn * sizeof(*statv)); + if (statv == NULL) + goto nospace; + if (pglob->gl_statv == NULL && pglob->gl_offs > 0) { + /* first time around -- clear initial gl_offs items */ + statv += pglob->gl_offs; + for (i = pglob->gl_offs; --i >= 0; ) + *--statv = NULL; + } + pglob->gl_statv = statv; + if (sb == NULL) + statv[pglob->gl_offs + pglob->gl_pathc] = NULL; + else { + limitp->glim_malloc += sizeof(**statv); + if ((pglob->gl_flags & GLOB_LIMIT) && + limitp->glim_malloc >= GLOB_LIMIT_MALLOC) { + errno = 0; + return(GLOB_NOSPACE); + } + if ((statv[pglob->gl_offs + pglob->gl_pathc] = + malloc(sizeof(**statv))) == NULL) + goto copy_error; + memcpy(statv[pglob->gl_offs + pglob->gl_pathc], sb, + sizeof(*sb)); + } + statv[pglob->gl_offs + pglob->gl_pathc + 1] = NULL; + } + for (p = path; *p++;) ; len = (size_t)(p - path); - *limitp += len; + limitp->glim_malloc += len; if ((copy = malloc(len)) != NULL) { if (g_Ctoc(path, copy, len)) { free(copy); @@ -711,11 +835,12 @@ globextend(const Char *path, glob_t *pglob, size_t *limitp) pathv[pglob->gl_offs + pglob->gl_pathc] = NULL; if ((pglob->gl_flags & GLOB_LIMIT) && - newsize + *limitp >= (u_int) get_arg_max()) { + (newn * sizeof(*pathv)) + limitp->glim_malloc > + GLOB_LIMIT_MALLOC) { errno = 0; return(GLOB_NOSPACE); } - + copy_error: return(copy == NULL ? GLOB_NOSPACE : 0); } @@ -751,13 +876,21 @@ match(Char *name, Char *pat, Char *patend) return(0); if ((negate_range = ((*pat & M_MASK) == M_NOT)) != EOS) ++pat; - while (((c = *pat++) & M_MASK) != M_END) + while (((c = *pat++) & M_MASK) != M_END) { + if ((c & M_MASK) == M_CLASS) { + Char idx = *pat & M_MASK; + if (idx < NCCLASSES && + cclasses[idx].isctype(k)) + ok = 1; + ++pat; + } if ((*pat & M_MASK) == M_RNG) { if (c <= k && k <= pat[1]) ok = 1; pat += 2; } else if (c == k) ok = 1; + } if (ok == negate_range) return(0); break; @@ -785,6 +918,14 @@ globfree(glob_t *pglob) free(pglob->gl_pathv); pglob->gl_pathv = NULL; } + if (pglob->gl_statv != NULL) { + for (i = 0; i < pglob->gl_pathc; i++) { + if (pglob->gl_statv[i] != NULL) + free(pglob->gl_statv[i]); + } + free(pglob->gl_statv); + pglob->gl_statv = NULL; + } } static DIR * @@ -830,11 +971,11 @@ g_stat(Char *fn, struct stat *sb, glob_t *pglob) } static Char * -g_strchr(Char *str, int ch) +g_strchr(const Char *str, int ch) { do { if (*str == ch) - return (str); + return ((Char *)str); } while (*str++); return (NULL); } @@ -870,5 +1011,4 @@ qprintf(const char *str, Char *s) #endif #endif /* !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || - !defined(GLOB_HAS_GL_MATCHC) */ - + !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOB_HAS_GL_STATV) */ diff --git a/crypto/openssh/openbsd-compat/glob.h b/crypto/openssh/openbsd-compat/glob.h index a2b36f9..f8a7fa5 100644 --- a/crypto/openssh/openbsd-compat/glob.h +++ b/crypto/openssh/openbsd-compat/glob.h @@ -1,4 +1,4 @@ -/* $OpenBSD: glob.h,v 1.10 2005/12/13 00:35:22 millert Exp $ */ +/* $OpenBSD: glob.h,v 1.11 2010/09/24 13:32:55 djm Exp $ */ /* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */ /* @@ -38,13 +38,15 @@ /* OPENBSD ORIGINAL: include/glob.h */ #if !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || \ - !defined(GLOB_HAS_GL_MATCHC) || \ + !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOB_HAS_GL_STATV) || \ !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \ defined(BROKEN_GLOB) #ifndef _GLOB_H_ #define _GLOB_H_ +#include <sys/stat.h> + struct stat; typedef struct { int gl_pathc; /* Count of total paths so far. */ @@ -52,6 +54,7 @@ typedef struct { int gl_offs; /* Reserved at beginning of gl_pathv. */ int gl_flags; /* Copy of flags parameter to glob. */ char **gl_pathv; /* List of paths matching pattern. */ + struct stat **gl_statv; /* Stat entries corresponding to gl_pathv */ /* Copy of errfunc parameter to glob. */ int (*gl_errfunc)(const char *, int); @@ -75,12 +78,10 @@ typedef struct { #define GLOB_NOSORT 0x0020 /* Don't sort. */ #define GLOB_NOESCAPE 0x1000 /* Disable backslash escaping. */ -/* Error values returned by glob(3) */ #define GLOB_NOSPACE (-1) /* Malloc call failed. */ #define GLOB_ABORTED (-2) /* Unignored error. */ #define GLOB_NOMATCH (-3) /* No match and GLOB_NOCHECK not set. */ #define GLOB_NOSYS (-4) /* Function not supported. */ -#define GLOB_ABEND GLOB_ABORTED #define GLOB_ALTDIRFUNC 0x0040 /* Use alternately specified directory funcs. */ #define GLOB_BRACE 0x0080 /* Expand braces ala csh. */ @@ -89,6 +90,8 @@ typedef struct { #define GLOB_QUOTE 0x0400 /* Quote special chars with \. */ #define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */ #define GLOB_LIMIT 0x2000 /* Limit pattern match output to ARG_MAX */ +#define GLOB_KEEPSTAT 0x4000 /* Retain stat data for paths in gl_statv. */ +#define GLOB_ABEND GLOB_ABORTED /* backward compatibility */ int glob(const char *, int, int (*)(const char *, int), glob_t *); void globfree(glob_t *); @@ -96,5 +99,5 @@ void globfree(glob_t *); #endif /* !_GLOB_H_ */ #endif /* !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || - !defined(GLOB_HAS_GL_MATCHC */ + !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOH_HAS_GL_STATV) */ diff --git a/crypto/openssh/openbsd-compat/openbsd-compat.h b/crypto/openssh/openbsd-compat/openbsd-compat.h index e15d2bd..77c5ed2 100644 --- a/crypto/openssh/openbsd-compat/openbsd-compat.h +++ b/crypto/openssh/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.50 2010/08/16 03:15:23 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.51 2010/10/07 10:25:29 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -213,6 +213,10 @@ char *user_from_uid(uid_t, int); char *group_from_gid(gid_t, int); #endif +#ifndef HAVE_TIMINGSAFE_BCMP +int timingsafe_bcmp(const void *, const void *, size_t); +#endif + void *xmmap(size_t size); char *xcrypt(const char *password, const char *salt); char *shadow_pw(struct passwd *pw); diff --git a/crypto/openssh/openbsd-compat/openssl-compat.c b/crypto/openssh/openbsd-compat/openssl-compat.c index 420496c..b617fdf 100644 --- a/crypto/openssh/openbsd-compat/openssl-compat.c +++ b/crypto/openssh/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.9 2010/01/28 23:54:11 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.13 2011/01/21 22:37:06 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> @@ -18,10 +18,20 @@ #include "includes.h" +#include <stdarg.h> +#include <string.h> + #ifdef USE_OPENSSL_ENGINE # include <openssl/engine.h> +# include <openssl/conf.h> +#endif + +#ifndef HAVE_RSA_GET_DEFAULT_METHOD +# include <openssl/rsa.h> #endif +#include "log.h" + #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS #include "openssl-compat.h" @@ -58,6 +68,70 @@ ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt) } #endif +#ifndef HAVE_BN_IS_PRIME_EX +int +BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, void *cb) +{ + if (cb != NULL) + fatal("%s: callback args not supported", __func__); + return BN_is_prime(p, nchecks, NULL, ctx, NULL); +} +#endif + +#ifndef HAVE_RSA_GENERATE_KEY_EX +int +RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *bn_e, void *cb) +{ + RSA *new_rsa, tmp_rsa; + unsigned long e; + + if (cb != NULL) + fatal("%s: callback args not supported", __func__); + e = BN_get_word(bn_e); + if (e == 0xffffffffL) + fatal("%s: value of e too large", __func__); + new_rsa = RSA_generate_key(bits, e, NULL, NULL); + if (new_rsa == NULL) + return 0; + /* swap rsa/new_rsa then free new_rsa */ + tmp_rsa = *rsa; + *rsa = *new_rsa; + *new_rsa = tmp_rsa; + RSA_free(new_rsa); + return 1; +} +#endif + +#ifndef HAVE_DSA_GENERATE_PARAMETERS_EX +int +DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed, + int seed_len, int *counter_ret, unsigned long *h_ret, void *cb) +{ + DSA *new_dsa, tmp_dsa; + + if (cb != NULL) + fatal("%s: callback args not supported", __func__); + new_dsa = DSA_generate_parameters(bits, (unsigned char *)seed, seed_len, + counter_ret, h_ret, NULL, NULL); + if (new_dsa == NULL) + return 0; + /* swap dsa/new_dsa then free new_dsa */ + tmp_dsa = *dsa; + *dsa = *new_dsa; + *new_dsa = tmp_dsa; + DSA_free(new_dsa); + return 1; +} +#endif + +#ifndef HAVE_RSA_GET_DEFAULT_METHOD +RSA_METHOD * +RSA_get_default_method(void) +{ + return RSA_PKCS1_SSLeay(); +} +#endif + #ifdef USE_OPENSSL_ENGINE void ssh_SSLeay_add_all_algorithms(void) diff --git a/crypto/openssh/openbsd-compat/openssl-compat.h b/crypto/openssh/openbsd-compat/openssl-compat.h index b7caa65..6d4f3f2 100644 --- a/crypto/openssh/openbsd-compat/openssl-compat.h +++ b/crypto/openssh/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.15 2010/05/12 07:50:02 djm Exp $ */ +/* $Id: openssl-compat.h,v 1.18 2011/01/21 22:37:06 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> @@ -17,6 +17,7 @@ */ #include "includes.h" +#include <openssl/opensslv.h> #include <openssl/evp.h> #include <openssl/rsa.h> #include <openssl/dsa.h> @@ -39,6 +40,12 @@ # define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) #endif +#if OPENSSL_VERSION_NUMBER < 0x1000000fL +# define LIBCRYPTO_EVP_INL_TYPE unsigned int +#else +# define LIBCRYPTO_EVP_INL_TYPE size_t +#endif + #if (OPENSSL_VERSION_NUMBER < 0x00907000L) || defined(OPENSSL_LOBOTOMISED_AES) # define USE_BUILTIN_RIJNDAEL #endif @@ -71,6 +78,10 @@ extern const EVP_CIPHER *evp_acss(void); # define EVP_CIPHER_CTX_key_length(c) ((c)->key_len) #endif +#ifndef HAVE_RSA_GET_DEFAULT_METHOD +RSA_METHOD *RSA_get_default_method(void); +#endif + /* * We overload some of the OpenSSL crypto functions with ssh_* equivalents * which cater for older and/or less featureful OpenSSL version. @@ -101,6 +112,19 @@ extern const EVP_CIPHER *evp_acss(void); # define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms() # endif +# ifndef HAVE_BN_IS_PRIME_EX +int BN_is_prime_ex(const BIGNUM *, int, BN_CTX *, void *); +# endif + +# ifndef HAVE_DSA_GENERATE_PARAMETERS_EX +int DSA_generate_parameters_ex(DSA *, int, const unsigned char *, int, int *, + unsigned long *, void *); +# endif + +# ifndef HAVE_RSA_GENERATE_KEY_EX +int RSA_generate_key_ex(RSA *, int, BIGNUM *, void *); +# endif + int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, unsigned char *, int); int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); diff --git a/crypto/openssh/openbsd-compat/port-linux.c b/crypto/openssh/openbsd-compat/port-linux.c index 89b9a73..fe6fc2d 100644 --- a/crypto/openssh/openbsd-compat/port-linux.c +++ b/crypto/openssh/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.8 2010/03/01 04:52:50 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.11.4.3 2011/02/06 02:24:17 dtucker Exp $ */ /* * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> @@ -45,7 +45,7 @@ ssh_selinux_enabled(void) static int enabled = -1; if (enabled == -1) { - enabled = is_selinux_enabled(); + enabled = (is_selinux_enabled() == 1); debug("SELinux support %s", enabled ? "enabled" : "disabled"); } @@ -205,17 +205,41 @@ ssh_selinux_change_context(const char *newname) xfree(oldctx); xfree(newctx); } + +void +ssh_selinux_setfscreatecon(const char *path) +{ + security_context_t context; + + if (!ssh_selinux_enabled()) + return; + if (path == NULL) { + setfscreatecon(NULL); + return; + } + if (matchpathcon(path, 0700, &context) == 0) + setfscreatecon(context); +} + #endif /* WITH_SELINUX */ #ifdef LINUX_OOM_ADJUST -#define OOM_ADJ_PATH "/proc/self/oom_adj" /* - * The magic "don't kill me", as documented in eg: + * The magic "don't kill me" values, old and new, as documented in eg: * http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt + * http://lxr.linux.no/#linux+v2.6.36/Documentation/filesystems/proc.txt */ -#define OOM_ADJ_NOKILL -17 static int oom_adj_save = INT_MIN; +static char *oom_adj_path = NULL; +struct { + char *path; + int value; +} oom_adjust[] = { + {"/proc/self/oom_score_adj", -1000}, /* kernels >= 2.6.36 */ + {"/proc/self/oom_adj", -17}, /* kernels <= 2.6.35 */ + {NULL, 0}, +}; /* * Tell the kernel's out-of-memory killer to avoid sshd. @@ -224,23 +248,31 @@ static int oom_adj_save = INT_MIN; void oom_adjust_setup(void) { + int i, value; FILE *fp; debug3("%s", __func__); - if ((fp = fopen(OOM_ADJ_PATH, "r+")) != NULL) { - if (fscanf(fp, "%d", &oom_adj_save) != 1) - verbose("error reading %s: %s", OOM_ADJ_PATH, strerror(errno)); - else { - rewind(fp); - if (fprintf(fp, "%d\n", OOM_ADJ_NOKILL) <= 0) - verbose("error writing %s: %s", - OOM_ADJ_PATH, strerror(errno)); - else - verbose("Set %s from %d to %d", - OOM_ADJ_PATH, oom_adj_save, OOM_ADJ_NOKILL); + for (i = 0; oom_adjust[i].path != NULL; i++) { + oom_adj_path = oom_adjust[i].path; + value = oom_adjust[i].value; + if ((fp = fopen(oom_adj_path, "r+")) != NULL) { + if (fscanf(fp, "%d", &oom_adj_save) != 1) + verbose("error reading %s: %s", oom_adj_path, + strerror(errno)); + else { + rewind(fp); + if (fprintf(fp, "%d\n", value) <= 0) + verbose("error writing %s: %s", + oom_adj_path, strerror(errno)); + else + verbose("Set %s from %d to %d", + oom_adj_path, oom_adj_save, value); + } + fclose(fp); + return; } - fclose(fp); } + oom_adj_path = NULL; } /* Restore the saved OOM adjustment */ @@ -250,13 +282,14 @@ oom_adjust_restore(void) FILE *fp; debug3("%s", __func__); - if (oom_adj_save == INT_MIN || (fp = fopen(OOM_ADJ_PATH, "w")) == NULL) + if (oom_adj_save == INT_MIN || oom_adj_path == NULL || + (fp = fopen(oom_adj_path, "w")) == NULL) return; if (fprintf(fp, "%d\n", oom_adj_save) <= 0) - verbose("error writing %s: %s", OOM_ADJ_PATH, strerror(errno)); + verbose("error writing %s: %s", oom_adj_path, strerror(errno)); else - verbose("Set %s to %d", OOM_ADJ_PATH, oom_adj_save); + verbose("Set %s to %d", oom_adj_path, oom_adj_save); fclose(fp); return; diff --git a/crypto/openssh/openbsd-compat/port-linux.h b/crypto/openssh/openbsd-compat/port-linux.h index 209d9a7..c2f6184 100644 --- a/crypto/openssh/openbsd-compat/port-linux.h +++ b/crypto/openssh/openbsd-compat/port-linux.h @@ -1,4 +1,4 @@ -/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */ +/* $Id: port-linux.h,v 1.4.10.1 2011/02/04 00:42:21 djm Exp $ */ /* * Copyright (c) 2006 Damien Miller <djm@openbsd.org> @@ -24,6 +24,7 @@ int ssh_selinux_enabled(void); void ssh_selinux_setup_pty(char *, const char *); void ssh_selinux_setup_exec_context(char *); void ssh_selinux_change_context(const char *); +void ssh_selinux_setfscreatecon(const char *); #endif #ifdef LINUX_OOM_ADJUST diff --git a/crypto/openssh/openbsd-compat/port-solaris.c b/crypto/openssh/openbsd-compat/port-solaris.c index 2ab64d4..25382f1 100644 --- a/crypto/openssh/openbsd-compat/port-solaris.c +++ b/crypto/openssh/openbsd-compat/port-solaris.c @@ -1,4 +1,4 @@ -/* $Id: port-solaris.c,v 1.3 2006/10/31 23:28:49 dtucker Exp $ */ +/* $Id: port-solaris.c,v 1.4 2010/11/05 01:03:05 dtucker Exp $ */ /* * Copyright (c) 2006 Chad Mynhier. @@ -197,3 +197,33 @@ solaris_contract_post_fork_parent(pid_t pid) close(ctl_fd); } #endif + +#ifdef USE_SOLARIS_PROJECTS +#include <sys/task.h> +#include <project.h> + +/* + * Get/set solaris default project. + * If we fail, just run along gracefully. + */ +void +solaris_set_default_project(struct passwd *pw) +{ + struct project *defaultproject; + struct project tempproject; + char buf[1024]; + + /* get default project, if we fail just return gracefully */ + if ((defaultproject = getdefaultproj(pw->pw_name, &tempproject, &buf, + sizeof(buf))) > 0) { + /* set default project */ + if (setproject(defaultproject->pj_name, pw->pw_name, + TASK_NORMAL) != 0) + debug("setproject(%s): %s", defaultproject->pj_name, + strerror(errno)); + } else { + /* debug on getdefaultproj() error */ + debug("getdefaultproj(%s): %s", pw->pw_name, strerror(errno)); + } +} +#endif /* USE_SOLARIS_PROJECTS */ diff --git a/crypto/openssh/openbsd-compat/port-solaris.h b/crypto/openssh/openbsd-compat/port-solaris.h index 4c32487..cd442e7 100644 --- a/crypto/openssh/openbsd-compat/port-solaris.h +++ b/crypto/openssh/openbsd-compat/port-solaris.h @@ -1,4 +1,4 @@ -/* $Id: port-solaris.h,v 1.1 2006/08/30 17:24:42 djm Exp $ */ +/* $Id: port-solaris.h,v 1.2 2010/11/05 01:03:05 dtucker Exp $ */ /* * Copyright (c) 2006 Chad Mynhier. @@ -20,8 +20,11 @@ #include <sys/types.h> +#include <pwd.h> + void solaris_contract_pre_fork(void); void solaris_contract_post_fork_child(void); void solaris_contract_post_fork_parent(pid_t pid); +void solaris_set_default_project(struct passwd *); #endif diff --git a/crypto/openssh/openbsd-compat/timingsafe_bcmp.c b/crypto/openssh/openbsd-compat/timingsafe_bcmp.c new file mode 100644 index 0000000..7e28c0e --- /dev/null +++ b/crypto/openssh/openbsd-compat/timingsafe_bcmp.c @@ -0,0 +1,34 @@ +/* $OpenBSD: timingsafe_bcmp.c,v 1.1 2010/09/24 13:33:00 matthew Exp $ */ +/* + * Copyright (c) 2010 Damien Miller. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/string/timingsafe_bcmp.c */ + +#include "includes.h" +#ifndef HAVE_TIMINGSAFE_BCMP + +int +timingsafe_bcmp(const void *b1, const void *b2, size_t n) +{ + const unsigned char *p1 = b1, *p2 = b2; + int ret = 0; + + for (; n > 0; n--) + ret |= *p1++ ^ *p2++; + return (ret != 0); +} + +#endif /* TIMINGSAFE_BCMP */ |