=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth-rhosts.c,v retrieving revision 1.54 retrieving revision 1.55 diff -u -r1.54 -r1.55 --- src/usr.bin/ssh/auth-rhosts.c 2022/02/01 23:32:51 1.54 +++ src/usr.bin/ssh/auth-rhosts.c 2022/02/23 11:15:57 1.55 @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.54 2022/02/01 23:32:51 djm Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.55 2022/02/23 11:15:57 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -30,6 +30,7 @@ #include "pathnames.h" #include "log.h" #include "misc.h" +#include "xmalloc.h" #include "sshbuf.h" #include "sshkey.h" #include "servconf.h" @@ -185,12 +186,13 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, const char *ipaddr) { - char buf[1024]; + char *path = NULL; struct stat st; static const char * const rhosts_files[] = {".shosts", ".rhosts", NULL}; u_int rhosts_file_index; + int r; - debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s", + debug2_f("clientuser %s hostname %s ipaddr %s", client_user, hostname, ipaddr); /* Switch to the user's uid. */ @@ -204,9 +206,11 @@ for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; rhosts_file_index++) { /* Check users .rhosts or .shosts. */ - snprintf(buf, sizeof buf, "%.500s/%.100s", - pw->pw_dir, rhosts_files[rhosts_file_index]); - if (stat(buf, &st) >= 0) + xasprintf(&path, "%s/%s", + pw->pw_dir, rhosts_files[rhosts_file_index]); + r = stat(path, &st); + free(path); + if (r >= 0) break; } /* Switch back to privileged uid. */ @@ -271,10 +275,12 @@ for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; rhosts_file_index++) { /* Check users .rhosts or .shosts. */ - snprintf(buf, sizeof buf, "%.500s/%.100s", - pw->pw_dir, rhosts_files[rhosts_file_index]); - if (stat(buf, &st) == -1) + xasprintf(&path, "%s/%s", + pw->pw_dir, rhosts_files[rhosts_file_index]); + if (stat(path, &st) == -1) { + free(path); continue; + } /* * Make sure that the file is either owned by the user or by @@ -285,9 +291,10 @@ if (options.strict_modes && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || (st.st_mode & 022) != 0)) { - logit("Rhosts authentication refused for %.100s: bad modes for %.200s", - pw->pw_name, buf); - auth_debug_add("Bad file modes for %.200s", buf); + logit("Rhosts authentication refused for %.100s: " + "bad modes for %.200s", pw->pw_name, path); + auth_debug_add("Bad file modes for %.200s", path); + free(path); continue; } /* @@ -299,10 +306,11 @@ strcmp(rhosts_files[rhosts_file_index], ".shosts") != 0)) { auth_debug_add("Server has been configured to " "ignore %.100s.", rhosts_files[rhosts_file_index]); + free(path); continue; } /* Check if authentication is permitted by the file. */ - if (check_rhosts_file(buf, hostname, ipaddr, + if (check_rhosts_file(path, hostname, ipaddr, client_user, pw->pw_name)) { auth_debug_add("Accepted by %.100s.", rhosts_files[rhosts_file_index]); @@ -311,8 +319,10 @@ auth_debug_add("Accepted host %s ip %s client_user " "%s server_user %s", hostname, ipaddr, client_user, pw->pw_name); + free(path); return 1; } + free(path); } /* Restore the privileged uid. */