bugzilla-daemon at mindrot.org
2015-Jan-09 11:10 UTC
[Bug 2335] New: Config parser accepts ip/port in ListenAddress and PermitOpen
https://bugzilla.mindrot.org/show_bug.cgi?id=2335
Bug ID: 2335
Summary: Config parser accepts ip/port in ListenAddress and
PermitOpen
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
Created attachment 2525
--> https://bugzilla.mindrot.org/attachment.cgi?id=2525&action=edit
Make config parser more strict to ip:port values
According to manual pages above mentioned options in sshd_config accept
only values in format ip:port, but parser used in code also accept
ip/port which can lead to unexpected results when someone doesn't
understand what he is doing. Great example is our bugzilla [1].
Shortly problem was using ListenAddress 192.168.1.0/24 which ended in
converting number 24 into port and in SELinux denial.
This behaviour can be prevented by appended patch, which is accepting
only valid values according to manual pages. This is done in function
hpdelim, which is used only for parsing above mentioned ListenAddress
and PermitOpen (same syntax according to man pages).
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1130733
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Sep-08 15:09 UTC
[Bug 2335] Config parser accepts ip/port in ListenAddress and PermitOpen
https://bugzilla.mindrot.org/show_bug.cgi?id=2335
--- Comment #1 from Jakub Jelen <jjelen at redhat.com> ---
Hello,
can we fix also this, since we are changing the configuration parsers?
192.168.1.0/24
is certainly not a valid syntax for IP and port pair.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Mar-26 14:10 UTC
[Bug 2335] Config parser accepts ip/port in ListenAddress and PermitOpen
https://bugzilla.mindrot.org/show_bug.cgi?id=2335
Jakub Jelen <jjelen at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2525|0 |1
is obsolete| |
--- Comment #2 from Jakub Jelen <jjelen at redhat.com> ---
Created attachment 3137
--> https://bugzilla.mindrot.org/attachment.cgi?id=3137&action=edit
New version of patch for OpenSSH 7.7p1 (prerelease)
The old patch does not apply anymore since it is now used also for
other things so I put together a new version with hpdelim2(). See
attached patch.
Any chance getting this finally fixed. Simple test cases, that fail
without this patch:
./sshd -f /dev/null -T -oPermitOpen=localhost/222
-oHostKey=regress/rsa| grep 222
./sshd -f /dev/null -T -oListenAddress=localhost/222
-oHostKey=regress/rsa| grep 222
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Jan-23 10:31 UTC
[Bug 2335] Config parser accepts ip/port in ListenAddress and PermitOpen
https://bugzilla.mindrot.org/show_bug.cgi?id=2335
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #3 from Darren Tucker <dtucker at dtucker.net> ---
Some git archaeology reveals this was added in 2001 to support IPv6
addresses with ports:
https://github.com/openssh/openssh-portable/commit/d71ba5771b5c67b4efd3294ecb85dc4d10d03265
at the time it was documented in sshd(8). These days it's not in line
with the relevant standards (eg
https://tools.ietf.org/html/rfc5952#section-6) so we should probably
remove it.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Jan-23 10:31 UTC
[Bug 2335] Config parser accepts ip/port in ListenAddress and PermitOpen
https://bugzilla.mindrot.org/show_bug.cgi?id=2335
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2915
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2915
[Bug 2915] Tracking bug for 8.0 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Jan-23 10:46 UTC
[Bug 2335] Config parser accepts ip/port in ListenAddress and PermitOpen
https://bugzilla.mindrot.org/show_bug.cgi?id=2335
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3137|0 |1
is obsolete| |
CC| |djm at mindrot.org
Attachment #3231| |ok?(djm at mindrot.org)
Flags| |
--- Comment #4 from Darren Tucker <dtucker at dtucker.net> ---
Created attachment 3231
--> https://bugzilla.mindrot.org/attachment.cgi?id=3231&action=edit
remove support for obsolete host/port notation
reworked the patch a little to apply to openbsd current.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Jan-23 21:51 UTC
[Bug 2335] Config parser accepts ip/port in ListenAddress and PermitOpen
https://bugzilla.mindrot.org/show_bug.cgi?id=2335
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #5 from Darren Tucker <dtucker at dtucker.net> ---
Patch applied and will be in the 8.0 release.
Thanks.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Jan-24 02:38 UTC
[Bug 2335] Config parser accepts ip/port in ListenAddress and PermitOpen
https://bugzilla.mindrot.org/show_bug.cgi?id=2335 --- Comment #6 from Darren Tucker <dtucker at dtucker.net> --- BTW: all of the diffs using hpdelim2 had a bug, fortunately not critical: in the common case where there's no delimiter hpdelim2 does not populate the 2nd arg so you would see spurious failures if the uninitialised memory happened to contain "/". Fixed in a follow up commit. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Jan-26 06:04 UTC
[Bug 2335] Config parser accepts ip/port in ListenAddress and PermitOpen
https://bugzilla.mindrot.org/show_bug.cgi?id=2335
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3231|ok?(djm at mindrot.org) |ok+
Flags| |
--- Comment #7 from Damien Miller <djm at mindrot.org> ---
Comment on attachment 3231
--> https://bugzilla.mindrot.org/attachment.cgi?id=3231
remove support for obsolete host/port notation
ok, but two nits:
>+char *hpdelim2(char **, char *);
Maybe hpdelim_char() would be a little more descriptive?
>--- servconf.c 19 Jan 2019 21:37:48 -0000 1.346
>+++ servconf.c 23 Jan 2019 10:44:04 -0000
...>@@ -1251,8 +1251,10 @@ process_server_config_line(ServerOptions
> port = 0;
> p = arg;
> } else {
>- p = hpdelim(&arg);
>- if (p == NULL)
>+ char ch;
>+ arg2 = NULL;
Either newline after "char ch" or move it to the declarations of the
start of the function
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Jan-26 06:09 UTC
[Bug 2335] Config parser accepts ip/port in ListenAddress and PermitOpen
https://bugzilla.mindrot.org/show_bug.cgi?id=2335 --- Comment #8 from Darren Tucker <dtucker at dtucker.net> --- (In reply to Damien Miller from comment #7)> Maybe hpdelim_char() would be a little more descriptive?Maybe, but this only (re) adds the prototype, the function has existed under this name for a while: https://github.com/openssh/openssh-portable/commit/887669ef032d63cf07f53cada216fa8a0c9a7d72> Either newline after "char ch" or move it to the declarations of the > start of the functionAlready fixed in https://github.com/openssh/openssh-portable/commit/281ce042579b834cdc1e74314f1fb2eeb75d2612 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-May-15 15:15 UTC
[Bug 2335] Config parser accepts ip/port in ListenAddress and PermitOpen
https://bugzilla.mindrot.org/show_bug.cgi?id=2335
Jakub Jelen <jjelen at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kurt at easygo.at
--- Comment #9 from Jakub Jelen <jjelen at redhat.com> ---
*** Bug 3010 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:08 UTC
[Bug 2335] Config parser accepts ip/port in ListenAddress and PermitOpen
https://bugzilla.mindrot.org/show_bug.cgi?id=2335
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #10 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Oct-13 14:40 UTC
[Bug 2335] Config parser accepts ip/port in ListenAddress and PermitOpen
https://bugzilla.mindrot.org/show_bug.cgi?id=2335
Ahmed Sayeed <ahmedsayeed1982 at yahoo.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ahmedsayeed1982 at yahoo.com
--- Comment #11 from Ahmed Sayeed <ahmedsayeed1982 at yahoo.com> ---
Possibly similar to 23220 however on 64-bit recent Debian sid with
trivial code I see : https://www.webb-dev.co.uk/category/crypto/
mimas$
mimas$ uname -a http://www.compilatori.com/category/services/
Linux mimas 5.10.0-6-sparc64 #1 Debian 5.10.28-1 (2021-04-09) sparc64
GNU/Linux
mimas$
http://www.acpirateradio.co.uk/category/services/
mimas$
mimas$ /usr/bin/gcc --version
http://www.logoarts.co.uk/category/services/
gcc (Debian 10.2.1-6) 10.2.1 20210110
Copyright (C) 2020 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is
NO http://www.slipstone.co.uk/category/services/
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
mimas$ http://embermanchester.uk/category/services/
mimas$
mimas$ cat -n foo.c http://connstr.net/category/services/
1
2 #include <stdio.h>
3 #include <stdlib.h>
4 http://joerg.li/category/services/
5 int main(int argc, char **argv)
6 {
7 int a = 1;
8 http://www.jopspeech.com/category/services/
9 printf("a = %i\n", a);
10 http://www.wearelondonmade.com/category/services/
11 printf("&a = %p\n", &a);
12
13 return EXIT_SUCCESS;
14 https://waytowhatsnext.com/category/crypto/
15 }
16
mimas$ http://www.iu-bloomington.com/category/crypto/
mimas$
mimas$ /usr/bin/gcc -std=iso9899:1999 -pedantic -pedantic-errors
-fno-builtin https://komiya-dental.com/category/crypto/ -g -m64 -O0
-mno-app-regs -mcpu=ultrasparc -mmemory-model=tso -o foo foo.c
mimas$ http://www-look-4.com/category/services/
mimas$
mimas$ TERM=dumb LC_ALL=C /usr/bin/gdb ./foo
GNU gdb (Debian 10.1-2) 10.1.90.20210103-git
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Seemingly Similar Threads
- [Bug 2582] New: Allow PermitOpen to use a wildcard hostname with a fixed port
- [Bug 2652] New: PKCS11 login skipped if login required and no pin set
- [Bug 2512] New: Use IP_FREEBIND if available for sshd listening socket
- [Bug 2512] New: Use IP_FREEBIND if available for sshd listening socket
- [Bug 2638] New: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private objects