Upgrade to 6.3p1.

Approved by: re (gjb)
author: des <des@FreeBSD.org> 2013-09-21 21:36:09 +0000
committer: des <des@FreeBSD.org> 2013-09-21 21:36:09 +0000
commit: cda41f674dcdd03b86d4e53cd0dbd08b534f9e7a (patch)
tree: a72d0647ecce54e017341118e11204ee4ba0de68 /crypto/openssh/readconf.c
parent: 3e16db31d109ec87db0aa5d7fcd63e93398259d4 (diff)
parent: ff2597d3eebc3da3f7cf2a638607274cad9b199e (diff)
download: FreeBSD-src-cda41f674dcdd03b86d4e53cd0dbd08b534f9e7a.zip
FreeBSD-src-cda41f674dcdd03b86d4e53cd0dbd08b534f9e7a.tar.gz
1 files changed, 69 insertions, 61 deletions
diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c
index c99ea66..f946ca7 100644
--- a/crypto/openssh/readconf.c
+++ b/crypto/openssh/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.196 2013/02/22 04:45:08 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.204 2013/06/10 19:19:44 dtucker Exp $ */
 /* $FreeBSD$ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -33,6 +33,9 @@ __RCSID("$FreeBSD$");
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -138,13 +141,13 @@ typedef enum {
 	oHashKnownHosts,
 	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
 	oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
-	oKexAlgorithms, oIPQoS, oRequestTTY,
+	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
+	oIgnoredUnknownOption,
 	oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
 #ifdef NONE_CIPHER_ENABLED
 	oNoneEnabled, oNoneSwitch,
 #endif
-	oVersionAddendum,
-	oDeprecated, oUnsupported
+	oVersionAddendum, oDeprecated, oUnsupported
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -255,6 +258,7 @@ static struct {
 	{ "kexalgorithms", oKexAlgorithms },
 	{ "ipqos", oIPQoS },
 	{ "requesttty", oRequestTTY },
+	{ "ignoreunknown", oIgnoreUnknown },
 	{ "hpndisabled", oHPNDisabled },
 	{ "hpnbuffersize", oHPNBufferSize },
 	{ "tcprcvbufpoll", oTcpRcvBufPoll },
@@ -334,22 +338,20 @@ clear_forwardings(Options *options)
 	int i;
 
 	for (i = 0; i < options->num_local_forwards; i++) {
-		if (options->local_forwards[i].listen_host != NULL)
-			xfree(options->local_forwards[i].listen_host);
-		xfree(options->local_forwards[i].connect_host);
+		free(options->local_forwards[i].listen_host);
+		free(options->local_forwards[i].connect_host);
 	}
 	if (options->num_local_forwards > 0) {
-		xfree(options->local_forwards);
+		free(options->local_forwards);
 		options->local_forwards = NULL;
 	}
 	options->num_local_forwards = 0;
 	for (i = 0; i < options->num_remote_forwards; i++) {
-		if (options->remote_forwards[i].listen_host != NULL)
-			xfree(options->remote_forwards[i].listen_host);
-		xfree(options->remote_forwards[i].connect_host);
+		free(options->remote_forwards[i].listen_host);
+		free(options->remote_forwards[i].connect_host);
 	}
 	if (options->num_remote_forwards > 0) {
-		xfree(options->remote_forwards);
+		free(options->remote_forwards);
 		options->remote_forwards = NULL;
 	}
 	options->num_remote_forwards = 0;
@@ -381,14 +383,17 @@ add_identity_file(Options *options, const char *dir, const char *filename,
  */
 
 static OpCodes
-parse_token(const char *cp, const char *filename, int linenum)
+parse_token(const char *cp, const char *filename, int linenum,
+    const char *ignored_unknown)
 {
-	u_int i;
+	int i;
 
 	for (i = 0; keywords[i].name; i++)
-		if (strcasecmp(cp, keywords[i].name) == 0)
+		if (strcmp(cp, keywords[i].name) == 0)
 			return keywords[i].opcode;
-
+	if (ignored_unknown != NULL && match_pattern_list(cp, ignored_unknown,
+	    strlen(ignored_unknown), 1) == 1)
+		return oIgnoredUnknownOption;
 	error("%s: line %d: Bad configuration option: %s",
 	    filename, linenum, cp);
 	return oBadOption;
@@ -407,10 +412,10 @@ process_config_line(Options *options, const char *host,
 {
 	char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
 	char **cpptr, fwdarg[256];
-	u_int *uintptr, max_entries = 0;
-	int negated, opcode, *intptr, value, value2, scale;
+	u_int i, *uintptr, max_entries = 0;
+	int negated, opcode, *intptr, value, value2;
 	LogLevel *log_level_ptr;
-	long long orig, val64;
+	long long val64;
 	size_t len;
 	Forward fwd;
 
@@ -430,14 +435,22 @@ process_config_line(Options *options, const char *host,
 		keyword = strdelim(&s);
 	if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
 		return 0;
+	/* Match lowercase keyword */
+	for (i = 0; i < strlen(keyword); i++)
+		keyword[i] = tolower(keyword[i]);
 
-	opcode = parse_token(keyword, filename, linenum);
+	opcode = parse_token(keyword, filename, linenum,
+	    options->ignored_unknown);
 
 	switch (opcode) {
 	case oBadOption:
 		/* don't panic, but count bad options */
 		return -1;
 		/* NOTREACHED */
+	case oIgnoredUnknownOption:
+		debug("%s line %d: Ignored unknown option \"%s\"",
+		    filename, linenum, keyword);
+		return 0;
 	case oConnectTimeout:
 		intptr = &options->connection_timeout;
 parse_time:
@@ -592,39 +605,32 @@ parse_yesnoask:
 	case oRekeyLimit:
 		arg = strdelim(&s);
 		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.", filename, linenum);
-		if (arg[0] < '0' || arg[0] > '9')
-			fatal("%.200s line %d: Bad number.", filename, linenum);
-		orig = val64 = strtoll(arg, &endofnumber, 10);
-		if (arg == endofnumber)
-			fatal("%.200s line %d: Bad number.", filename, linenum);
-		switch (toupper(*endofnumber)) {
-		case '\0':
-			scale = 1;
-			break;
-		case 'K':
-			scale = 1<<10;
-			break;
-		case 'M':
-			scale = 1<<20;
-			break;
-		case 'G':
-			scale = 1<<30;
-			break;
-		default:
-			fatal("%.200s line %d: Invalid RekeyLimit suffix",
-			    filename, linenum);
+			fatal("%.200s line %d: Missing argument.", filename,
+			    linenum);
+		if (strcmp(arg, "default") == 0) {
+			val64 = 0;
+		} else {
+			if (scan_scaled(arg, &val64) == -1)
+				fatal("%.200s line %d: Bad number '%s': %s",
+				    filename, linenum, arg, strerror(errno));
+			/* check for too-large or too-small limits */
+			if (val64 > UINT_MAX)
+				fatal("%.200s line %d: RekeyLimit too large",
+				    filename, linenum);
+			if (val64 != 0 && val64 < 16)
+				fatal("%.200s line %d: RekeyLimit too small",
+				    filename, linenum);
 		}
-		val64 *= scale;
-		/* detect integer wrap and too-large limits */
-		if ((val64 / scale) != orig || val64 > UINT_MAX)
-			fatal("%.200s line %d: RekeyLimit too large",
-			    filename, linenum);
-		if (val64 < 16)
-			fatal("%.200s line %d: RekeyLimit too small",
-			    filename, linenum);
 		if (*activep && options->rekey_limit == -1)
 			options->rekey_limit = (u_int32_t)val64;
+		if (s != NULL) { /* optional rekey interval present */
+			if (strcmp(s, "none") == 0) {
+				(void)strdelim(&s);	/* discard */
+				break;
+			}
+			intptr = &options->rekey_interval;
+			goto parse_time;
+		}
 		break;
 
 	case oIdentityFile:
@@ -1149,6 +1155,10 @@ parse_int:
 		}
 		return 0;
 
+	case oIgnoreUnknown:
+		charptr = &options->ignored_unknown;
+		goto parse_string;
+
 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
 		    filename, linenum, keyword);
@@ -1289,6 +1299,7 @@ initialize_options(Options * options)
 	options->no_host_authentication_for_localhost = - 1;
 	options->identities_only = - 1;
 	options->rekey_limit = - 1;
+	options->rekey_interval = -1;
 	options->verify_host_key_dns = -1;
 	options->server_alive_interval = -1;
 	options->server_alive_count_max = -1;
@@ -1310,6 +1321,7 @@ initialize_options(Options * options)
 	options->ip_qos_bulk = -1;
 	options->request_tty = -1;
 	options->version_addendum = NULL;
+	options->ignored_unknown = NULL;
 	options->hpn_disabled = -1;
 	options->hpn_buffer_size = -1;
 	options->tcp_rcv_buf_poll = -1;
@@ -1328,8 +1340,6 @@ initialize_options(Options * options)
 void
 fill_default_options(Options * options)
 {
-	int len;
-
 	if (options->forward_agent == -1)
 		options->forward_agent = 0;
 	if (options->forward_x11 == -1)
@@ -1435,6 +1445,8 @@ fill_default_options(Options * options)
 		options->enable_ssh_keysign = 0;
 	if (options->rekey_limit == -1)
 		options->rekey_limit = 0;
+	if (options->rekey_interval == -1)
+		options->rekey_interval = 0;
 #if HAVE_LDNS
 	if (options->verify_host_key_dns == -1)
 		/* automatically trust a verified SSHFP record */
@@ -1576,7 +1588,7 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
 		i = 0; /* failure */
 	}
 
-	xfree(p);
+	free(p);
 
 	if (dynamicfwd) {
 		if (!(i == 1 || i == 2))
@@ -1602,13 +1614,9 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
 	return (i);
 
  fail_free:
-	if (fwd->connect_host != NULL) {
-		xfree(fwd->connect_host);
-		fwd->connect_host = NULL;
-	}
-	if (fwd->listen_host != NULL) {
-		xfree(fwd->listen_host);
-		fwd->listen_host = NULL;
-	}
+	free(fwd->connect_host);
+	fwd->connect_host = NULL;
+	free(fwd->listen_host);
+	fwd->listen_host = NULL;
 	return (0);
 }
author	des <des@FreeBSD.org>	2013-09-21 21:36:09 +0000
committer	des <des@FreeBSD.org>	2013-09-21 21:36:09 +0000
commit	cda41f674dcdd03b86d4e53cd0dbd08b534f9e7a (patch)
tree	a72d0647ecce54e017341118e11204ee4ba0de68 /crypto/openssh/readconf.c
parent	3e16db31d109ec87db0aa5d7fcd63e93398259d4 (diff)
parent	ff2597d3eebc3da3f7cf2a638607274cad9b199e (diff)
download	FreeBSD-src-cda41f674dcdd03b86d4e53cd0dbd08b534f9e7a.zip FreeBSD-src-cda41f674dcdd03b86d4e53cd0dbd08b534f9e7a.tar.gz