=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/readconf.c,v retrieving revision 1.143.2.1 retrieving revision 1.143.2.2 diff -u -r1.143.2.1 -r1.143.2.2 --- src/usr.bin/ssh/readconf.c 2006/02/03 03:01:56 1.143.2.1 +++ src/usr.bin/ssh/readconf.c 2006/10/06 03:19:33 1.143.2.2 @@ -1,3 +1,4 @@ +/* $OpenBSD: readconf.c,v 1.143.2.2 2006/10/06 03:19:33 brad Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -11,18 +12,31 @@ * called by a name other than "ssh" or "Secure Shell". */ -#include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.143.2.1 2006/02/03 03:01:56 brad Exp $"); +#include +#include +#include -#include "ssh.h" +#include + +#include +#include +#include +#include +#include +#include +#include + #include "xmalloc.h" +#include "ssh.h" #include "compat.h" #include "cipher.h" #include "pathnames.h" #include "log.h" +#include "key.h" #include "readconf.h" #include "match.h" #include "misc.h" +#include "buffer.h" #include "kex.h" #include "mac.h" @@ -94,6 +108,7 @@ typedef enum { oBadOption, oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts, + oExitOnForwardFailure, oPasswordAuthentication, oRSAAuthentication, oChallengeResponseAuthentication, oXAuthLocation, oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, @@ -124,6 +139,7 @@ { "forwardagent", oForwardAgent }, { "forwardx11", oForwardX11 }, { "forwardx11trusted", oForwardX11Trusted }, + { "exitonforwardfailure", oExitOnForwardFailure }, { "xauthlocation", oXAuthLocation }, { "gatewayports", oGatewayPorts }, { "useprivilegedport", oUsePrivilegedPort }, @@ -304,7 +320,8 @@ int *activep) { char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; - int opcode, *intptr, value, value2; + int opcode, *intptr, value, value2, scale; + long long orig, val64; size_t len; Forward fwd; @@ -317,7 +334,8 @@ s = line; /* Get the keyword. (Each line is supposed to begin with a keyword). */ - keyword = strdelim(&s); + if ((keyword = strdelim(&s)) == NULL) + return 0; /* Ignore leading whitespace. */ if (*keyword == '\0') keyword = strdelim(&s); @@ -374,6 +392,10 @@ intptr = &options->gateway_ports; goto parse_flag; + case oExitOnForwardFailure: + intptr = &options->exit_on_forward_failure; + goto parse_flag; + case oUsePrivilegedPort: intptr = &options->use_privileged_port; goto parse_flag; @@ -477,22 +499,36 @@ fatal("%.200s line %d: Missing argument.", filename, linenum); if (arg[0] < '0' || arg[0] > '9') fatal("%.200s line %d: Bad number.", filename, linenum); - value = strtol(arg, &endofnumber, 10); + orig = val64 = strtoll(arg, &endofnumber, 10); if (arg == endofnumber) fatal("%.200s line %d: Bad number.", filename, linenum); switch (toupper(*endofnumber)) { + case '\0': + scale = 1; + break; case 'K': - value *= 1<<10; + scale = 1<<10; break; case 'M': - value *= 1<<20; + scale = 1<<20; break; case 'G': - value *= 1<<30; + scale = 1<<30; break; + default: + fatal("%.200s line %d: Invalid RekeyLimit suffix", + filename, linenum); } + val64 *= scale; + /* detect integer wrap and too-large limits */ + if ((val64 / scale) != orig || val64 > INT_MAX) + fatal("%.200s line %d: RekeyLimit too large", + filename, linenum); + if (val64 < 16) + fatal("%.200s line %d: RekeyLimit too small", + filename, linenum); if (*activep && *intptr == -1) - *intptr = value; + *intptr = (int)val64; break; case oIdentityFile: @@ -961,6 +997,7 @@ options->forward_agent = -1; options->forward_x11 = -1; options->forward_x11_trusted = -1; + options->exit_on_forward_failure = -1; options->xauth_location = NULL; options->gateway_ports = -1; options->use_privileged_port = -1; @@ -1041,6 +1078,8 @@ options->forward_x11 = 0; if (options->forward_x11_trusted == -1) options->forward_x11_trusted = 0; + if (options->exit_on_forward_failure == -1) + options->exit_on_forward_failure = 0; if (options->xauth_location == NULL) options->xauth_location = _PATH_XAUTH; if (options->gateway_ports == -1)