+/* $OpenBSD: readconf.c,v 1.165 2008/01/19 23:09:49 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.145 2005/12/08 18:34:11 reyk Exp $");
-#include "ssh.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+
+#include <netinet/in.h>
+
+#include <ctype.h>
+#include <errno.h>
+#include <netdb.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
#include "xmalloc.h"
+#include "ssh.h"
#include "compat.h"
#include "cipher.h"
#include "pathnames.h"
#include "log.h"
+#include "key.h"
#include "readconf.h"
#include "match.h"
#include "misc.h"
+#include "buffer.h"
#include "kex.h"
#include "mac.h"
typedef enum {
oBadOption,
oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
+ oExitOnForwardFailure,
oPasswordAuthentication, oRSAAuthentication,
oChallengeResponseAuthentication, oXAuthLocation,
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
{ "forwardagent", oForwardAgent },
{ "forwardx11", oForwardX11 },
{ "forwardx11trusted", oForwardX11Trusted },
+ { "exitonforwardfailure", oExitOnForwardFailure },
{ "xauthlocation", oXAuthLocation },
{ "gatewayports", oGatewayPorts },
{ "useprivilegedport", oUsePrivilegedPort },
int *activep)
{
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
- int opcode, *intptr, value, value2;
+ int opcode, *intptr, value, value2, scale;
+ LogLevel *log_level_ptr;
+ long long orig, val64;
size_t len;
Forward fwd;
s = line;
/* Get the keyword. (Each line is supposed to begin with a keyword). */
- keyword = strdelim(&s);
+ if ((keyword = strdelim(&s)) == NULL)
+ return 0;
/* Ignore leading whitespace. */
if (*keyword == '\0')
keyword = strdelim(&s);
if ((value = convtime(arg)) == -1)
fatal("%s line %d: invalid time value.",
filename, linenum);
- if (*intptr == -1)
+ if (*activep && *intptr == -1)
*intptr = value;
break;
intptr = &options->gateway_ports;
goto parse_flag;
+ case oExitOnForwardFailure:
+ intptr = &options->exit_on_forward_failure;
+ goto parse_flag;
+
case oUsePrivilegedPort:
intptr = &options->use_privileged_port;
goto parse_flag;
goto parse_int;
case oRekeyLimit:
- intptr = &options->rekey_limit;
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.", filename, linenum);
if (arg[0] < '0' || arg[0] > '9')
fatal("%.200s line %d: Bad number.", filename, linenum);
- value = strtol(arg, &endofnumber, 10);
+ orig = val64 = strtoll(arg, &endofnumber, 10);
if (arg == endofnumber)
fatal("%.200s line %d: Bad number.", filename, linenum);
switch (toupper(*endofnumber)) {
+ case '\0':
+ scale = 1;
+ break;
case 'K':
- value *= 1<<10;
+ scale = 1<<10;
break;
case 'M':
- value *= 1<<20;
+ scale = 1<<20;
break;
case 'G':
- value *= 1<<30;
+ scale = 1<<30;
break;
+ default:
+ fatal("%.200s line %d: Invalid RekeyLimit suffix",
+ filename, linenum);
}
- if (*activep && *intptr == -1)
- *intptr = value;
+ val64 *= scale;
+ /* detect integer wrap and too-large limits */
+ if ((val64 / scale) != orig || val64 > UINT_MAX)
+ fatal("%.200s line %d: RekeyLimit too large",
+ filename, linenum);
+ if (val64 < 16)
+ fatal("%.200s line %d: RekeyLimit too small",
+ filename, linenum);
+ if (*activep && options->rekey_limit == -1)
+ options->rekey_limit = (u_int32_t)val64;
break;
case oIdentityFile:
if (*intptr >= SSH_MAX_IDENTITY_FILES)
fatal("%.200s line %d: Too many identity files specified (max %d).",
filename, linenum, SSH_MAX_IDENTITY_FILES);
- charptr = &options->identity_files[*intptr];
+ charptr = &options->identity_files[*intptr];
*charptr = xstrdup(arg);
*intptr = *intptr + 1;
}
break;
case oLogLevel:
- intptr = (int *) &options->log_level;
+ log_level_ptr = &options->log_level;
arg = strdelim(&s);
value = log_level_number(arg);
if (value == SYSLOG_LEVEL_NOT_SET)
fatal("%.200s line %d: unsupported log level '%s'",
filename, linenum, arg ? arg : "<NONE>");
- if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
- *intptr = (LogLevel) value;
+ if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET)
+ *log_level_ptr = (LogLevel) value;
break;
case oLocalForward:
options->forward_agent = -1;
options->forward_x11 = -1;
options->forward_x11_trusted = -1;
+ options->exit_on_forward_failure = -1;
options->xauth_location = NULL;
options->gateway_ports = -1;
options->use_privileged_port = -1;
options->forward_x11 = 0;
if (options->forward_x11_trusted == -1)
options->forward_x11_trusted = 0;
+ if (options->exit_on_forward_failure == -1)
+ options->exit_on_forward_failure = 0;
if (options->xauth_location == NULL)
options->xauth_location = _PATH_XAUTH;
if (options->gateway_ports == -1)
cp = p = xstrdup(fwdspec);
/* skip leading spaces */
- while (*cp && isspace(*cp))
+ while (isspace(*cp))
cp++;
for (i = 0; i < 4; ++i)
xfree(p);
- if (fwd->listen_port == 0 && fwd->connect_port == 0)
+ if (fwd->listen_port == 0 || fwd->connect_port == 0)
goto fail_free;
if (fwd->connect_host != NULL &&