diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-10-29 02:47:23 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-10-29 13:53:59 +1100 |
| commit | 815209abfdd2991fb92ad7d2e33374916cdcbcf4 (patch) | |
| tree | 043584e99a4e51b19f21f2567c88a03669024a8b /clientloop.c | |
| parent | a575cf44e59a65506c67bddb62a712208a7a279c (diff) | |
upstream: UpdateHostkeys: fixed/better detection of host keys that
exist under other names and addresses; spotted by and debugged with lots of
help from jca@
OpenBSD-Commit-ID: 5113d7f550bbd48243db1705afbf16b63792d4b7
Diffstat (limited to 'clientloop.c')
| -rw-r--r-- | clientloop.c | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/clientloop.c b/clientloop.c index f9b18fe0..c49eed39 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.354 2020/10/18 11:32:01 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.355 2020/10/29 02:47:23 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1892,13 +1892,20 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx) return 0; } - /* Record if address matched against a different hostname. */ - if (ctx->ip_str != NULL && (l->match & HKF_MATCH_HOST) == 0 && - strchr(l->hosts, ',') != NULL) { - ctx->other_name_seen = 1; - debug3_f("found address %s against different hostname at " - "%s:%ld", ctx->ip_str, l->path, l->linenum); - return 0; + /* If CheckHostIP is enabled, then check for mismatched hostname/addr */ + if (ctx->ip_str != NULL && strchr(l->hosts, ',') != NULL) { + if ((l->match & HKF_MATCH_HOST) == 0) { + /* Record if address matched a different hostname. */ + ctx->other_name_seen = 1; + debug3_f("found address %s against different hostname " + "at %s:%ld", ctx->ip_str, l->path, l->linenum); + return 0; + } else if ((l->match & HKF_MATCH_IP) == 0) { + /* Record if hostname matched a different address. */ + ctx->other_name_seen = 1; + debug3_f("found hostname %s against different address " + "at %s:%ld", ctx->host_str, l->path, l->linenum); + } } /* @@ -2291,7 +2298,7 @@ client_input_hostkeys(struct ssh *ssh) ctx->ip_str ? ctx->ip_str : "(none)"); if ((r = hostkeys_foreach(options.user_hostfiles[i], hostkeys_find, ctx, ctx->host_str, ctx->ip_str, - HKF_WANT_PARSE_KEY|HKF_WANT_MATCH)) != 0) { + HKF_WANT_PARSE_KEY)) != 0) { if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) { debug_f("hostkeys file %s does not exist", options.user_hostfiles[i]); |