Blame SOURCES/openssh-9.6p1-upstream-cve-2023-51385.patch
|
JonathanC8 |
46ce9b |
--- ssh.c 2024-03-02 19:08:29.085655690 -0500
|
|
JonathanC8 |
46ce9b |
+++ ssh.c 2024-03-02 19:14:10.889324532 -0500
|
|
JonathanC8 |
46ce9b |
@@ -484,6 +484,41 @@
|
|
JonathanC8 |
46ce9b |
}
|
|
JonathanC8 |
46ce9b |
}
|
|
JonathanC8 |
46ce9b |
|
|
JonathanC8 |
46ce9b |
+static int
|
|
JonathanC8 |
46ce9b |
+valid_hostname(const char *s)
|
|
JonathanC8 |
46ce9b |
+{
|
|
JonathanC8 |
46ce9b |
+ size_t i;
|
|
JonathanC8 |
46ce9b |
+
|
|
JonathanC8 |
46ce9b |
+ if (*s == '-')
|
|
JonathanC8 |
46ce9b |
+ return 0;
|
|
JonathanC8 |
46ce9b |
+ for (i = 0; s[i] != 0; i++) {
|
|
JonathanC8 |
46ce9b |
+ if (strchr("'`\"$\\;&<>|(){}", s[i]) != NULL ||
|
|
JonathanC8 |
46ce9b |
+ isspace((u_char)s[i]) || iscntrl((u_char)s[i]))
|
|
JonathanC8 |
46ce9b |
+ return 0;
|
|
JonathanC8 |
46ce9b |
+ }
|
|
JonathanC8 |
46ce9b |
+ return 1;
|
|
JonathanC8 |
46ce9b |
+}
|
|
JonathanC8 |
46ce9b |
+
|
|
JonathanC8 |
46ce9b |
+static int
|
|
JonathanC8 |
46ce9b |
+valid_ruser(const char *s)
|
|
JonathanC8 |
46ce9b |
+{
|
|
JonathanC8 |
46ce9b |
+ size_t i;
|
|
JonathanC8 |
46ce9b |
+
|
|
JonathanC8 |
46ce9b |
+ if (*s == '-')
|
|
JonathanC8 |
46ce9b |
+ return 0;
|
|
JonathanC8 |
46ce9b |
+ for (i = 0; s[i] != 0; i++) {
|
|
JonathanC8 |
46ce9b |
+ if (strchr("'`\";&<>|(){}", s[i]) != NULL)
|
|
JonathanC8 |
46ce9b |
+ return 0;
|
|
JonathanC8 |
46ce9b |
+ /* Disallow '-' after whitespace */
|
|
JonathanC8 |
46ce9b |
+ if (isspace((u_char)s[i]) && s[i + 1] == '-')
|
|
JonathanC8 |
46ce9b |
+ return 0;
|
|
JonathanC8 |
46ce9b |
+ /* Disallow \ in last position */
|
|
JonathanC8 |
46ce9b |
+ if (s[i] == '\\' && s[i + 1] == '\0')
|
|
JonathanC8 |
46ce9b |
+ return 0;
|
|
JonathanC8 |
46ce9b |
+ }
|
|
JonathanC8 |
46ce9b |
+ return 1;
|
|
JonathanC8 |
46ce9b |
+}
|
|
JonathanC8 |
46ce9b |
+
|
|
JonathanC8 |
46ce9b |
/* Rewrite the port number in an addrinfo list of addresses */
|
|
JonathanC8 |
46ce9b |
static void
|
|
JonathanC8 |
46ce9b |
set_addrinfo_port(struct addrinfo *addrs, int port)
|
|
JonathanC8 |
46ce9b |
@@ -961,6 +996,11 @@
|
|
JonathanC8 |
46ce9b |
if (!host)
|
|
JonathanC8 |
46ce9b |
usage();
|
|
JonathanC8 |
46ce9b |
|
|
JonathanC8 |
46ce9b |
+ if (!valid_hostname(host))
|
|
JonathanC8 |
46ce9b |
+ fatal("hostname contains invalid characters");
|
|
JonathanC8 |
46ce9b |
+ if (options.user != NULL && !valid_ruser(options.user))
|
|
JonathanC8 |
46ce9b |
+ fatal("remote username contains invalid characters");
|
|
JonathanC8 |
46ce9b |
+
|
|
JonathanC8 |
46ce9b |
host_arg = xstrdup(host);
|
|
JonathanC8 |
46ce9b |
|
|
JonathanC8 |
46ce9b |
#ifdef WITH_OPENSSL
|