+/* $OpenBSD: readconf.c,v 1.159 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.145 2005/12/08 18:34:11 reyk Exp $");
-#include "ssh.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+
+#include <netinet/in.h>
+
+#include <ctype.h>
+#include <errno.h>
+#include <netdb.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
#include "xmalloc.h"
+#include "ssh.h"
#include "compat.h"
#include "cipher.h"
#include "pathnames.h"
#include "log.h"
+#include "key.h"
#include "readconf.h"
#include "match.h"
#include "misc.h"
+#include "buffer.h"
#include "kex.h"
#include "mac.h"
typedef enum {
oBadOption,
oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
+ oExitOnForwardFailure,
oPasswordAuthentication, oRSAAuthentication,
oChallengeResponseAuthentication, oXAuthLocation,
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
{ "forwardagent", oForwardAgent },
{ "forwardx11", oForwardX11 },
{ "forwardx11trusted", oForwardX11Trusted },
+ { "exitonforwardfailure", oExitOnForwardFailure },
{ "xauthlocation", oXAuthLocation },
{ "gatewayports", oGatewayPorts },
{ "useprivilegedport", oUsePrivilegedPort },
int *activep)
{
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
- int opcode, *intptr, value, value2;
+ int opcode, *intptr, value, value2, scale;
+ long long orig, val64;
size_t len;
Forward fwd;
s = line;
/* Get the keyword. (Each line is supposed to begin with a keyword). */
- keyword = strdelim(&s);
+ if ((keyword = strdelim(&s)) == NULL)
+ return 0;
/* Ignore leading whitespace. */
if (*keyword == '\0')
keyword = strdelim(&s);
intptr = &options->gateway_ports;
goto parse_flag;
+ case oExitOnForwardFailure:
+ intptr = &options->exit_on_forward_failure;
+ goto parse_flag;
+
case oUsePrivilegedPort:
intptr = &options->use_privileged_port;
goto parse_flag;
fatal("%.200s line %d: Missing argument.", filename, linenum);
if (arg[0] < '0' || arg[0] > '9')
fatal("%.200s line %d: Bad number.", filename, linenum);
- value = strtol(arg, &endofnumber, 10);
+ orig = val64 = strtoll(arg, &endofnumber, 10);
if (arg == endofnumber)
fatal("%.200s line %d: Bad number.", filename, linenum);
switch (toupper(*endofnumber)) {
+ case '\0':
+ scale = 1;
+ break;
case 'K':
- value *= 1<<10;
+ scale = 1<<10;
break;
case 'M':
- value *= 1<<20;
+ scale = 1<<20;
break;
case 'G':
- value *= 1<<30;
+ scale = 1<<30;
break;
+ default:
+ fatal("%.200s line %d: Invalid RekeyLimit suffix",
+ filename, linenum);
}
+ val64 *= scale;
+ /* detect integer wrap and too-large limits */
+ if ((val64 / scale) != orig || val64 > INT_MAX)
+ fatal("%.200s line %d: RekeyLimit too large",
+ filename, linenum);
+ if (val64 < 16)
+ fatal("%.200s line %d: RekeyLimit too small",
+ filename, linenum);
if (*activep && *intptr == -1)
- *intptr = value;
+ *intptr = (int)val64;
break;
case oIdentityFile:
options->forward_agent = -1;
options->forward_x11 = -1;
options->forward_x11_trusted = -1;
+ options->exit_on_forward_failure = -1;
options->xauth_location = NULL;
options->gateway_ports = -1;
options->use_privileged_port = -1;
options->forward_x11 = 0;
if (options->forward_x11_trusted == -1)
options->forward_x11_trusted = 0;
+ if (options->exit_on_forward_failure == -1)
+ options->exit_on_forward_failure = 0;
if (options->xauth_location == NULL)
options->xauth_location = _PATH_XAUTH;
if (options->gateway_ports == -1)
andersk / gssapi-openssh.git / blobdiff