lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-29 01:03:57 +03:00
Code Activity

Add flags for escape expand operation

Browse Source 
Calling `ssh_options_apply` more times can result in an unwanted behaviour of
expanding the escape characters more times. Adding flags to check if the
expansion was already done on the current string variables.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Norbert Pocs
2022-11-16 16:51:02 +01:00
committed by Jakub Jelen
parent 87d694d5ad
commit 1bd499febb
3 changed files with 69 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
include/libssh/session.h
View File

@@ -93,6 +93,12 @@ enum ssh_pending_call_e {
#define SSH_OPT_FLAG_KBDINT_AUTH 0x4 #define SSH_OPT_FLAG_KBDINT_AUTH 0x4
#define SSH_OPT_FLAG_GSSAPI_AUTH 0x8 #define SSH_OPT_FLAG_GSSAPI_AUTH 0x8
/* Escape expansion of different variables */
#define SSH_OPT_EXP_FLAG_KNOWNHOSTS 0x1
#define SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS 0x2
#define SSH_OPT_EXP_FLAG_PROXYCOMMAND 0x4
#define SSH_OPT_EXP_FLAG_IDENTITY 0x8
/* extensions flags */ /* extensions flags */
/* negotiation enabled */ /* negotiation enabled */
#define SSH_EXT_NEGOTIATION 0x01 #define SSH_EXT_NEGOTIATION 0x01
@@ -232,6 +238,7 @@ struct ssh_session_struct {
char *gss_client_identity; char *gss_client_identity;
int gss_delegate_creds; int gss_delegate_creds;
int flags; int flags;
int exp_flags;
int nodelay; int nodelay;
bool config_processed; bool config_processed;
uint8_t options_seen[SOC_MAX]; uint8_t options_seen[SOC_MAX];

23
src/options.c
View File

@@ -735,6 +735,7 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
ssh_set_error_oom(session); ssh_set_error_oom(session);
return -1; return -1;
} }
session->opts.exp_flags &= ~SSH_OPT_EXP_FLAG_KNOWNHOSTS;
} }
break; break;
case SSH_OPTIONS_GLOBAL_KNOWNHOSTS: case SSH_OPTIONS_GLOBAL_KNOWNHOSTS:
@@ -756,6 +757,7 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
ssh_set_error_oom(session); ssh_set_error_oom(session);
return -1; return -1;
} }
session->opts.exp_flags &= ~SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS;
} }
break; break;
case SSH_OPTIONS_TIMEOUT: case SSH_OPTIONS_TIMEOUT:
@@ -1019,6 +1021,7 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
return -1; return -1;
} }
session->opts.ProxyCommand = q; session->opts.ProxyCommand = q;
session->opts.exp_flags &= ~SSH_OPT_EXP_FLAG_PROXYCOMMAND;
} }
} }
break; break;
@@ -1586,6 +1589,7 @@ int ssh_options_apply(ssh_session session)
} }
} }
if ((session->opts.exp_flags & SSH_OPT_EXP_FLAG_KNOWNHOSTS) == 0) {
if (session->opts.knownhosts == NULL) { if (session->opts.knownhosts == NULL) {
tmp = ssh_path_expand_escape(session, "%d/known_hosts"); tmp = ssh_path_expand_escape(session, "%d/known_hosts");
} else { } else {
@@ -1596,18 +1600,26 @@ int ssh_options_apply(ssh_session session)
} }
free(session->opts.knownhosts); free(session->opts.knownhosts);
session->opts.knownhosts = tmp; session->opts.knownhosts = tmp;
session->opts.exp_flags |= SSH_OPT_EXP_FLAG_KNOWNHOSTS;
}
if ((session->opts.exp_flags & SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS) == 0) {
if (session->opts.global_knownhosts == NULL) { if (session->opts.global_knownhosts == NULL) {
tmp = strdup("/etc/ssh/ssh_known_hosts"); tmp = strdup("/etc/ssh/ssh_known_hosts");
} else { } else {
tmp = ssh_path_expand_escape(session, session->opts.global_knownhosts); tmp = ssh_path_expand_escape(session,
session->opts.global_knownhosts);
} }
if (tmp == NULL) { if (tmp == NULL) {
return -1; return -1;
} }
free(session->opts.global_knownhosts); free(session->opts.global_knownhosts);
session->opts.global_knownhosts = tmp; session->opts.global_knownhosts = tmp;
session->opts.exp_flags |= SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS;
}
if ((session->opts.exp_flags & SSH_OPT_EXP_FLAG_PROXYCOMMAND) == 0) {
if (session->opts.ProxyCommand != NULL) { if (session->opts.ProxyCommand != NULL) {
char *p = NULL; char *p = NULL;
size_t plen = strlen(session->opts.ProxyCommand) + size_t plen = strlen(session->opts.ProxyCommand) +
@@ -1624,15 +1636,20 @@ int ssh_options_apply(ssh_session session)
free(p); free(p);
return -1; return -1;
} }
}
tmp = ssh_path_expand_escape(session, p); tmp = ssh_path_expand_escape(session, p);
free(p); free(p);
} else {
tmp = ssh_path_expand_escape(session,
session->opts.ProxyCommand);
}
if (tmp == NULL) { if (tmp == NULL) {
return -1; return -1;
} }
free(session->opts.ProxyCommand); free(session->opts.ProxyCommand);
session->opts.ProxyCommand = tmp; session->opts.ProxyCommand = tmp;
session->opts.exp_flags |= SSH_OPT_EXP_FLAG_PROXYCOMMAND;
}
} }
for (tmp = ssh_list_pop_head(char *, session->opts.identity_non_exp); for (tmp = ssh_list_pop_head(char *, session->opts.identity_non_exp);

2
src/session.c
View File

@@ -115,6 +115,8 @@ ssh_session ssh_new(void)
SSH_OPT_FLAG_KBDINT_AUTH | SSH_OPT_FLAG_KBDINT_AUTH |
SSH_OPT_FLAG_GSSAPI_AUTH; SSH_OPT_FLAG_GSSAPI_AUTH;
session->opts.exp_flags = 0;
session->opts.identity = ssh_list_new(); session->opts.identity = ssh_list_new();
if (session->opts.identity == NULL) { if (session->opts.identity == NULL) {
goto err; goto err;