Projects
Mega:24.03:SP1:Everything
libssh
_service:tar_scm:backport-0004-CVE-2023-6004-mi...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-0004-CVE-2023-6004-misc-Add-function-to-check-allowed-cha.patch of Package libssh
From c6180409677c765e6b9ae2b18a3a7a9671ac1dbe Mon Sep 17 00:00:00 2001 From: Norbert Pocs <norbertpocs0@gmail.com> Date: Tue, 10 Oct 2023 12:44:16 +0200 Subject: [PATCH 04/20] CVE-2023-6004: misc: Add function to check allowed characters of a hostname The hostname can be a domain name or an ip address. The colon has to be allowed because of IPv6 even it is prohibited in domain names. Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> --- include/libssh/misc.h | 3 ++ src/misc.c | 68 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) diff --git a/include/libssh/misc.h b/include/libssh/misc.h index 924da533..0924ba7f 100644 --- a/include/libssh/misc.h +++ b/include/libssh/misc.h @@ -103,6 +103,9 @@ int ssh_newline_vis(const char *string, char *buf, size_t buf_len); int ssh_tmpname(char *name); char *ssh_strreplace(const char *src, const char *pattern, const char *repl); + +int ssh_check_hostname_syntax(const char *hostname); + #ifdef __cplusplus } #endif diff --git a/src/misc.c b/src/misc.c index 7c478a77..be6ee836 100644 --- a/src/misc.c +++ b/src/misc.c @@ -94,6 +94,8 @@ #define ZLIB_STRING "" #endif +#define ARPA_DOMAIN_MAX_LEN 63 + /** * @defgroup libssh_misc The SSH helper functions * @ingroup libssh @@ -1974,4 +1976,70 @@ char *ssh_strerror(int err_num, char *buf, size_t buflen) #endif /* defined(__linux__) && defined(__GLIBC__) && defined(_GNU_SOURCE) */ } +/** + * @brief Checks syntax of a domain name + * + * The check is made based on the RFC1035 section 2.3.1 + * Allowed characters are: hyphen, period, digits (0-9) and letters (a-zA-Z) + * + * The label should be no longer than 63 characters + * The label should start with a letter and end with a letter or number + * The label in this implementation can start with a number to allow virtual + * URLs to pass. Note that this will make IPv4 addresses to pass + * this check too. + * + * @param hostname The domain name to be checked, has to be null terminated + * + * @return SSH_OK if the hostname passes syntax check + * SSH_ERROR otherwise or if hostname is NULL or empty string + */ +int ssh_check_hostname_syntax(const char *hostname) +{ + char *it = NULL, *s = NULL, *buf = NULL; + size_t it_len; + char c; + + if (hostname == NULL || strlen(hostname) == 0) { + return SSH_ERROR; + } + + /* strtok_r writes into the string, keep the input clean */ + s = strdup(hostname); + if (s == NULL) { + return SSH_ERROR; + } + + it = strtok_r(s, ".", &buf); + /* if the token has 0 length */ + if (it == NULL) { + free(s); + return SSH_ERROR; + } + do { + it_len = strlen(it); + if (it_len > ARPA_DOMAIN_MAX_LEN || + /* the first char must be a letter, but some virtual urls start + * with a number */ + isalnum(it[0]) == 0 || + isalnum(it[it_len - 1]) == 0) { + free(s); + return SSH_ERROR; + } + while (*it != '\0') { + c = *it; + /* the "." is allowed too, but tokenization removes it from the + * string */ + if (isalnum(c) == 0 && c != '-') { + free(s); + return SSH_ERROR; + } + it++; + } + } while ((it = strtok_r(NULL, ".", &buf)) != NULL); + + free(s); + + return SSH_OK; +} + /** @} */ -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2