ignore hostnames with metachars when hashing; ok deraadt@

author: djm <djm@openbsd.org> 2005-03-02 01:27:41 +0000
committer: djm <djm@openbsd.org> 2005-03-02 01:27:41 +0000
commit: 6e67d5a1b1bb0ee6556f5be52a8b05632ea1213d (patch)
tree: c78204f46a6dd2b4383adadbaa92bc886b3bb052 /usr.bin/ssh/ssh-keygen.c
parent: fix addition of new hashed hostnames when CheckHostIP=yes; (diff)
download: wireguard-openbsd-6e67d5a1b1bb0ee6556f5be52a8b05632ea1213d.tar.xz
wireguard-openbsd-6e67d5a1b1bb0ee6556f5be52a8b05632ea1213d.zip
1 files changed, 10 insertions, 3 deletions
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index 31f527bd1f0..2a7af708cb3 100644
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.119 2005/03/01 10:42:49 djm Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.120 2005/03/02 01:27:41 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -686,8 +686,15 @@ do_known_hosts(struct passwd *pw, const char *name)
 			} else if (hash_hosts) {
 				for(cp2 = strsep(&cp, ",");
 				    cp2 != NULL && *cp2 != '\0';
-				    cp2 = strsep(&cp, ","))
-					print_host(out, cp2, public, 1);
+				    cp2 = strsep(&cp, ",")) {
+					if (strcspn(cp2, "*?!") != strlen(cp2))
+						fprintf(stderr, "Warning: "
+						    "ignoring host name with "
+						    "metacharacters: %.64s\n",
+						    cp2);
+					else
+						print_host(out, cp2, public, 1);
+				}
 				has_unhashed = 1;
 			}
 		}
author	djm <djm@openbsd.org>	2005-03-02 01:27:41 +0000
committer	djm <djm@openbsd.org>	2005-03-02 01:27:41 +0000
commit	6e67d5a1b1bb0ee6556f5be52a8b05632ea1213d (patch)
tree	c78204f46a6dd2b4383adadbaa92bc886b3bb052 /usr.bin/ssh/ssh-keygen.c
parent	fix addition of new hashed hostnames when CheckHostIP=yes; (diff)
download	wireguard-openbsd-6e67d5a1b1bb0ee6556f5be52a8b05632ea1213d.tar.xz wireguard-openbsd-6e67d5a1b1bb0ee6556f5be52a8b05632ea1213d.zip