case sensitive hostname matching

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

as recently noticed by one of our customers, ssh tends to perform hostname matching in a case sensitive manner since the lowercasing has been delayed till after configuration parsing (by commits d56b44d2dfa093883a5c4e91be3f72d99946b170 and eb6d870a0ea8661299bb2ea8f013d3ace04e2024).

Given that hostnames are ususally interpreted in a case insensitive way (and the code actually expects the input to be lowercased anyway) it might be good to perform the comparisons as such. We can either make sure match_hostname() receives a lowercased string indeed or perform the lowercasing there (carefully as not to introduce side effects).

One question is, whether *any* hostname matching should be case insensitive or whether originalhost is better left alone (I can think of reasons for case sensitive matching there, yet they seem to be bordering on misuse of the code).

I've also opened https://bugzilla.mindrot.org/show_bug.cgi?id=2685 (patch is attached there as well).

Thanks
Kind regards
	Petr
--
Petr Cerny
Mozilla/OpenSSH maintainer for SUSE Linux
Case insensitive hostname matching in ssh.

diff --git a/readconf.c b/readconf.c
index e51481b1..c7ba563d 100644
--- a/readconf.c
+++ b/readconf.c
@@ -550,6 +550,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
     const char *filename, int linenum)
 {
 	char *arg, *oattrib, *attrib, *cmd, *cp = *condition, *host, *criteria;
+	char *hostlc;
 	const char *ruser;
 	int r, port, this_result, result = 1, attributes = 0, negate;
 	char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
@@ -570,6 +571,10 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
 		host = xstrdup(host_arg);
 	}
 
+	/* match_hostname() requires the hostname to be lowercase */
+	hostlc = xstrdup(host);
+	lowercase(hostlc);
+
 	debug2("checking match for '%s' host %s originally %s",
 	    cp, host, original_host);
 	while ((oattrib = attrib = strdelim(&cp)) && *attrib != '\0') {
@@ -608,8 +613,8 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
 			goto out;
 		}
 		if (strcasecmp(attrib, "host") == 0) {
-			criteria = xstrdup(host);
-			r = match_hostname(host, arg) == 1;
+			criteria = xstrdup(hostlc);
+			r = match_hostname(hostlc, arg) == 1;
 			if (r == (negate ? 1 : 0))
 				this_result = result = 0;
 		} else if (strcasecmp(attrib, "originalhost") == 0) {
@@ -682,6 +687,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
 	if (result != -1)
 		debug2("match %sfound", result ? "" : "not ");
 	*condition = cp;
+	free(hostlc);
 	free(host);
 	return result;
 }
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux