search for: dolower

...dits: ------------------------------------------------------- % diff ./match.c /home/millerig/osrc/openssh-7.2p2/match.c 121a122 > char *low_string = 0; 156,159c157,168 < if (match_pattern(string, sub)) { < if (negated) < return -1; /* Negative */ < else --- > if (dolower) { > u_int j; > if (low_string) free(low_string); > low_string = malloc(strlen(string) + 1); > for (j = 0; j < strlen(string); ++j) low_string[j] = tolower(string[j]); > low_string[j] = 0; > } > if (match_pattern((dolower ? low_string : string), sub)) { &g...

...18 match.c --- match.c 5 Mar 2002 01:42:43 -0000 1.18 +++ match.c 2 Aug 2002 12:13:39 -0000 @@ -135,7 +135,7 @@ match_pattern_list(const char *string, c for (subi = 0; i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; subi++, i++) - sub[subi] = dolower && isupper(pattern[i]) ? + sub[subi] = dolower && isupper((unsigned)pattern[i]) ? tolower(pattern[i]) : pattern[i]; /* If subpattern too long, return failure (no match). */ if (subi >= sizeof(sub) - 1) Index: scp.c =================================================...

...tern_list (string=0x0, pattern=pattern at entry=0x555555831aa0 "ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v0"..., dolower=dolower at entry=0) at match.c:156 #2 0x000055555556447c in list_hostkey_types () at sshd.c:794 #3 do_ssh2_kex () at sshd.c:2327 #4 0x00005555555622c1 in main (ac=<optimized out>, av=<optimized out>) at sshd.c:2181 Problem is in list_hostkey_types() which is not checking the retur...

On Wed, 20 Feb 2019 at 23:54, Corinna Vinschen <vinschen at redhat.com> wrote: > The previous revert enabled case-insensitive user names again. This > patch implements the case-insensitive user and group name matching. > To allow Unicode chars, implement the matcher using wchar_t chars in > Cygwin-specific code. Keep the generic code changes as small as possible. > Cygwin:

Windows usernames are case-insensitive and almost any Unicode character is allowed in a username. The user should be able to login with her username given in any case and not be refused. However, this opens up a security problem in terms of the sshd_config Match rules. The match rules for user and group names have to operate case-insensitive as well, otherwise the user can override her settings

https://bugzilla.mindrot.org/show_bug.cgi?id=2685 Bug ID: 2685 Summary: Case sensitive hostname matching Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

...CHED */ } -#ifndef HAVE_CYGWIN /* Cygwin version in openbsd-compat/bsd-cygwin_util.c */ - /* * Tries to match the string against the * comma-separated sequence of subpatterns (each possibly preceded by ! to @@ -172,7 +170,17 @@ match_pattern_list(const char *string, const char *pattern, int dolower) return got_positive; } +int +match_usergroup_pattern_list(const char *string, const char *pattern) +{ +#ifdef HAVE_CYGWIN + /* Windows usernames may be Unicode and are not case sensitive */ + return cygwin_ug_match_pattern_list(string, pattern); +#else + /* On most systems usernames are case...

Hi, OpenSSH 5.6 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a moderately large release, with a number of new features and bug fixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH