upstream commit
Validate address ranges for AllowUser/DenyUsers at
configuration load time and refuse to accept bad ones. It was previously
possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and
these would always match.
Thanks to Laurence Parry for a detailed bug report. ok markus (for
a previous diff version)
Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb
diff --git a/servconf.c b/servconf.c
index 35abec4..a18ebb5 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.298 2016/10/24 01:09:17 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.299 2016/11/06 05:46:37 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -1366,6 +1366,9 @@
if (options->num_allow_users >= MAX_ALLOW_USERS)
fatal("%s line %d: too many allow users.",
filename, linenum);
+ if (match_user(NULL, NULL, NULL, arg) == -1)
+ fatal("%s line %d: invalid AllowUsers pattern: "
+ "\"%.100s\"", filename, linenum, arg);
if (!*activep)
continue;
options->allow_users[options->num_allow_users++] =
@@ -1378,6 +1381,9 @@
if (options->num_deny_users >= MAX_DENY_USERS)
fatal("%s line %d: too many deny users.",
filename, linenum);
+ if (match_user(NULL, NULL, NULL, arg) == -1)
+ fatal("%s line %d: invalid DenyUsers pattern: "
+ "\"%.100s\"", filename, linenum, arg);
if (!*activep)
continue;
options->deny_users[options->num_deny_users++] =