diff options
author | Jakub Jelen <jjelen@redhat.com> | 2019-02-07 17:42:10 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-05-14 17:26:27 +0200 |
commit | 962bdf806c6fd71a64be828933caf4932fa11fa0 (patch) | |
tree | 538491a28e91eb32467f854493a238bbd9654290 /src | |
parent | 1e22a089eba5bfec1ff20d198571647e356bee69 (diff) | |
download | libssh-962bdf806c6fd71a64be828933caf4932fa11fa0.tar.gz libssh-962bdf806c6fd71a64be828933caf4932fa11fa0.tar.xz libssh-962bdf806c6fd71a64be828933caf4932fa11fa0.zip |
knownhosts: Handle wildcard ports matches against standard one
Fixes T110
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/knownhosts.c | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/src/knownhosts.c b/src/knownhosts.c index bc5e6176..c2189b13 100644 --- a/src/knownhosts.c +++ b/src/knownhosts.c @@ -440,8 +440,8 @@ int ssh_known_hosts_parse_line(const char *hostname, } if (hostname != NULL) { - char *match_pattern = NULL; - char *q; + char *host_port = NULL; + char *q = NULL; /* Hashed */ if (p[0] == '|') { @@ -453,13 +453,30 @@ int ssh_known_hosts_parse_line(const char *hostname, q = strtok(NULL, ",")) { int cmp; - cmp = match_hostname(hostname, q, strlen(q)); + if (q[0] == '[' && hostname[0] != '[') { + /* Corner case: We have standard port so we do not have + * hostname in square braces. But the patern is enclosed + * in braces with, possibly standard or wildcard, port. + * We need to test against [host]:port pair here. + */ + if (host_port == NULL) { + host_port = ssh_hostport(hostname, 22); + if (host_port == NULL) { + rc = SSH_ERROR; + goto out; + } + } + + cmp = match_hostname(host_port, q, strlen(q)); + } else { + cmp = match_hostname(hostname, q, strlen(q)); + } if (cmp == 1) { match = 1; break; } } - SAFE_FREE(match_pattern); + free(host_port); if (match == 0) { rc = SSH_AGAIN; |