- stevesk@cvs.openbsd.org 2009/12/25 19:40:21

     [readconf.c servconf.c misc.h ssh-keyscan.c misc.c]
     validate routing domain is in range 0-RT_TABLEID_MAX.
     'Looks right' deraadt@

diff --git a/ChangeLog b/ChangeLog
index ce5cd8b8965861d42e14849fe957f9d247bf68cb..feaa27aee26cad48cc059150a529e7db92e05780 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -123,6 +123,10 @@
      [PROTOCOL]
      fix an incorrect magic number and typo in PROTOCOL; bz#1688
      report and fix from ueno AT unixuser.org
+   - stevesk@cvs.openbsd.org 2009/12/25 19:40:21
+     [readconf.c servconf.c misc.h ssh-keyscan.c misc.c]
+     validate routing domain is in range 0-RT_TABLEID_MAX.
+     'Looks right' deraadt@
 
 20091226
  - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1

diff --git a/misc.c b/misc.c
index 21db00a137533402b68544f1f20e549cf6be01e1..d4bdfc0eae5c2410b70e434746d5d853383c602a 100644 (file)
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.73 2009/11/20 03:24:07 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.74 2009/12/25 19:40:21 stevesk Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -273,6 +273,18 @@ a2port(const char *s)
        return (int)port;
 }
 
+int
+a2rdomain(const char *s)
+{
+       long long rdomain;
+       const char *errstr;
+
+       rdomain = strtonum(s, 0, RT_TABLEID_MAX, &errstr);
+       if (errstr != NULL)
+               return -1;
+       return (int)rdomain;
+}
+
 int
 a2tun(const char *s, int *remote)
 {

diff --git a/misc.h b/misc.h
index 87b7f0edfc0382371cb9fa29b529e6b5e24cfc7f..1e859e2559a75fec7281d0717e6cb07c7d4b6ca4 100644 (file)
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.39 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: misc.h,v 1.40 2009/12/25 19:40:21 stevesk Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -23,6 +23,7 @@ int    set_nonblock(int);
 int     unset_nonblock(int);
 void    set_nodelay(int);
 int     a2port(const char *);
+int     a2rdomain(const char *);
 int     a2tun(const char *, int *);
 char   *put_host_port(const char *, u_short);
 char   *hpdelim(char **);

diff --git a/readconf.c b/readconf.c
index 6b2e3b21d75745e80031b6b5a604427eb5ae0b9f..2f1b0cd3bb59be4b1862d5100a64e2d428de9a36 100644 (file)
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.179 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: readconf.c,v 1.180 2009/12/25 19:40:21 stevesk Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -925,7 +925,7 @@ parse_int:
                if (!arg || *arg == '\0')
                        fatal("%.200s line %d: Missing argument.",
                            filename, linenum);
-               value = a2port(arg);
+               value = a2rdomain(arg);
                if (value == -1)
                        fatal("%.200s line %d: Bad rdomain.",
                            filename, linenum);

diff --git a/servconf.c b/servconf.c
index 729f23bade344f0b7a7f1937d8a9fd2b42b30f70..8b8518aa80443863bc4884b774b923be50df047f 100644 (file)
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.197 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: servconf.c,v 1.198 2009/12/25 19:40:21 stevesk Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1298,7 +1298,16 @@ process_server_config_line(ServerOptions *options, char *line,
 
        case sRDomain:
                intptr = &options->rdomain;
-               goto parse_int;
+               arg = strdelim(&cp);
+               if (!arg || *arg == '\0')
+                       fatal("%s line %d: missing rdomain value.",
+                           filename, linenum);
+               if ((value = a2rdomain(arg)) == -1)
+                       fatal("%s line %d: invalid rdomain value.",
+                           filename, linenum);
+               if (*intptr == -1)
+                       *intptr = value;
+               break;
 
        case sDeprecated:
                logit("%s line %d: Deprecated option %s",

diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index f30e850451718cdb2ac57c75de1ee3b7d71cb095..faeb9e13ed64ca711f5cca8bab47e9128e350949 100644 (file)
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.79 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.80 2009/12/25 19:40:21 stevesk Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -807,9 +807,11 @@ main(int argc, char **argv)
                        IPv4or6 = AF_INET6;
                        break;
                case 'V':
-                       scan_rdomain = a2port(optarg);
-                       if (scan_rdomain < 0)
-                               scan_rdomain = -1;
+                       scan_rdomain = a2rdomain(optarg);
+                       if (scan_rdomain == -1) {
+                               fprintf(stderr, "Bad rdomain '%s'\n", optarg);
+                               exit(1);
+                       }
                        break;
                case '?':
                default: