File Manager

003 File Manager

Current Path: /usr/src/crypto/openssh

📁 ..
📄 .depend(129.94 KB)
📄 .gitignore(341 B)
📄 .skipped-commit-ids(1.85 KB)
📄 CREDITS(5.36 KB)
📄 ChangeLog(299.53 KB)
📄 FREEBSD-upgrade(5.68 KB)
📄 FREEBSD-vendor(131 B)
📄 INSTALL(9.36 KB)
📄 LICENCE(14.83 KB)
📄 Makefile.in(24.73 KB)
📄 OVERVIEW(6.16 KB)
📄 PROTOCOL(18 KB)
📄 PROTOCOL.agent(220 B)
📄 PROTOCOL.certkeys(11.91 KB)
📄 PROTOCOL.chacha20poly1305(4.52 KB)
📄 PROTOCOL.key(1.5 KB)
📄 PROTOCOL.krl(5.13 KB)
📄 PROTOCOL.mux(8.87 KB)
📄 README(2.39 KB)
📄 README.dns(1.57 KB)
📄 README.platform(3.95 KB)
📄 README.privsep(2.25 KB)
📄 README.tun(4.78 KB)
📄 TODO(2.54 KB)
📄 aclocal.m4(5.56 KB)
📄 addrmatch.c(10.97 KB)
📄 atomicio.c(4.4 KB)
📄 atomicio.h(2.14 KB)
📄 audit-bsm.c(11.82 KB)
📄 audit-linux.c(3.46 KB)
📄 audit.c(5.69 KB)
📄 audit.h(2.27 KB)
📄 auth-bsdauth.c(3.65 KB)
📄 auth-krb5.c(6.93 KB)
📄 auth-options.c(23.45 KB)
📄 auth-options.h(2.75 KB)
📄 auth-pam.c(35.07 KB)
📄 auth-pam.h(1.89 KB)
📄 auth-passwd.c(6.42 KB)
📄 auth-rhosts.c(8.89 KB)
📄 auth-shadow.c(4.25 KB)
📄 auth-sia.c(3.15 KB)
📄 auth-sia.h(1.4 KB)
📄 auth-skey.c(2.75 KB)
📄 auth.c(32.86 KB)
📄 auth.h(7.95 KB)
📄 auth2-chall.c(9.77 KB)
📄 auth2-gss.c(9.63 KB)
📄 auth2-hostbased.c(8.08 KB)
📄 auth2-kbdint.c(2.2 KB)
📄 auth2-none.c(2.29 KB)
📄 auth2-passwd.c(2.36 KB)
📄 auth2-pubkey.c(28.79 KB)
📄 auth2.c(22.23 KB)
📄 authfd.c(14.47 KB)
📄 authfd.h(3.05 KB)
📄 authfile.c(12.59 KB)
📄 authfile.h(2.34 KB)
📄 bitmap.c(4.44 KB)
📄 bitmap.h(1.9 KB)
📄 blacklist.c(2.81 KB)
📄 blacklist_client.h(2.09 KB)
📄 buildpkg.sh.in(17.64 KB)
📄 canohost.c(4.72 KB)
📄 canohost.h(842 B)
📄 chacha.c(5.28 KB)
📄 chacha.h(1000 B)
📄 channels.c(133.25 KB)
📄 channels.h(12.96 KB)
📄 cipher-aes.c(4.54 KB)
📄 cipher-aesctr.c(2.06 KB)
📄 cipher-aesctr.h(1.3 KB)
📄 cipher-chachapoly.c(3.72 KB)
📄 cipher-chachapoly.h(1.58 KB)
📄 cipher-ctr.c(3.57 KB)
📄 cipher.c(13.57 KB)
📄 cipher.h(3.15 KB)
📄 cleanup.c(1.01 KB)
📄 clientloop.c(66.05 KB)
📄 clientloop.h(3.69 KB)
📄 compat.c(6.62 KB)
📄 compat.h(2.77 KB)
📄 config.guess(42.74 KB)
📄 config.h(53.02 KB)
📄 config.sub(35.49 KB)
📄 configure.ac(147.81 KB)
📁 contrib
📄 crc32.c(4.92 KB)
📄 crc32.h(1.44 KB)
📄 crypto_api.h(1.12 KB)
📄 defines.h(21.73 KB)
📄 dh.c(15.14 KB)
📄 dh.h(2.59 KB)
📄 digest-libc.c(5.69 KB)
📄 digest-openssl.c(4.95 KB)
📄 digest.h(2.51 KB)
📄 dispatch.c(3.52 KB)
📄 dispatch.h(2.2 KB)
📄 dns.c(9.15 KB)
📄 dns.h(2.03 KB)
📄 ed25519.c(3.1 KB)
📄 entropy.c(6.34 KB)
📄 entropy.h(1.47 KB)
📄 fatal.c(1.63 KB)
📄 fe25519.c(8.13 KB)
📄 fe25519.h(2.31 KB)
📄 fixalgorithms(422 B)
📄 fixpaths(499 B)
📄 freebsd-configure.sh(1.07 KB)
📄 freebsd-namespace.sh(1.93 KB)
📄 freebsd-post-merge.sh(224 B)
📄 freebsd-pre-merge.sh(429 B)
📄 ge25519.c(11.04 KB)
📄 ge25519.h(1.35 KB)
📄 ge25519_base.data(164.61 KB)
📄 groupaccess.c(3.5 KB)
📄 groupaccess.h(1.53 KB)
📄 gss-genr.c(7.99 KB)
📄 gss-serv-krb5.c(5.63 KB)
📄 gss-serv.c(10.32 KB)
📄 hash.c(623 B)
📄 hmac.c(5.08 KB)
📄 hmac.h(1.62 KB)
📄 hostfile.c(21.7 KB)
📄 hostfile.h(3.8 KB)
📄 includes.h(3.85 KB)
📄 install-sh(13.67 KB)
📄 kex.c(25.9 KB)
📄 kex.h(7.32 KB)
📄 kexc25519.c(4.62 KB)
📄 kexc25519c.c(5.11 KB)
📄 kexc25519s.c(4.99 KB)
📄 kexdh.c(3.27 KB)
📄 kexdhc.c(6.13 KB)
📄 kexdhs.c(6.06 KB)
📄 kexecdh.c(3.49 KB)
📄 kexecdhc.c(6.22 KB)
📄 kexecdhs.c(5.94 KB)
📄 kexgex.c(3.67 KB)
📄 kexgexc.c(7.63 KB)
📄 kexgexs.c(7.35 KB)
📄 krb5_config.h(315 B)
📄 krl.c(35.63 KB)
📄 krl.h(2.67 KB)
📄 log.c(10.67 KB)
📄 log.h(2.64 KB)
📄 loginrec.c(41.91 KB)
📄 loginrec.h(4.6 KB)
📄 logintest.c(8.58 KB)
📄 mac.c(7.24 KB)
📄 mac.h(1.96 KB)
📄 match.c(9.14 KB)
📄 match.h(1.16 KB)
📄 md5crypt.c(3.98 KB)
📄 md5crypt.h(744 B)
📄 mdoc2man.awk(8.38 KB)
📄 misc.c(43.77 KB)
📄 misc.h(5.69 KB)
📄 mkinstalldirs(633 B)
📄 moduli(552 KB)
📄 moduli.5(3.6 KB)
📄 moduli.c(20.46 KB)
📄 monitor.c(50.56 KB)
📄 monitor.h(3.83 KB)
📄 monitor_fdpass.c(4.71 KB)
📄 monitor_fdpass.h(1.49 KB)
📄 monitor_wrap.c(27.44 KB)
📄 monitor_wrap.h(3.84 KB)
📄 msg.c(2.75 KB)
📄 msg.h(1.49 KB)
📄 mux.c(65.73 KB)
📄 myproposal.h(5.62 KB)
📄 nchan.c(12.06 KB)
📄 nchan.ms(3.86 KB)
📄 nchan2.ms(3.38 KB)
📄 opacket.c(5.55 KB)
📄 opacket.h(5.98 KB)
📁 openbsd-compat
📄 openssh.xml.in(2.77 KB)
📄 opensshd.init.in(1.86 KB)
📄 packet.c(70.79 KB)
📄 packet.h(7.39 KB)
📄 pathnames.h(5.69 KB)
📄 pkcs11.h(41.37 KB)
📄 platform-misc.c(1.09 KB)
📄 platform-pledge.c(1.86 KB)
📄 platform-tracing.c(1.69 KB)
📄 platform.c(4.71 KB)
📄 platform.h(1.43 KB)
📄 poly1305.c(4.54 KB)
📄 poly1305.h(645 B)
📄 progressmeter.c(7.48 KB)
📄 progressmeter.h(1.44 KB)
📄 readconf.c(81 KB)
📄 readconf.h(7.83 KB)
📄 readpass.c(4.99 KB)
📁 regress
📄 rijndael.c(51.57 KB)
📄 rijndael.h(2.07 KB)
📄 sandbox-capsicum.c(3.39 KB)
📄 sandbox-darwin.c(2.49 KB)
📄 sandbox-null.c(1.62 KB)
📄 sandbox-pledge.c(1.83 KB)
📄 sandbox-rlimit.c(2.43 KB)
📄 sandbox-seccomp-filter.c(9.88 KB)
📄 sandbox-solaris.c(2.9 KB)
📄 sandbox-systrace.c(6.27 KB)
📄 sc25519.c(7.16 KB)
📄 sc25519.h(2.83 KB)
📄 scp.1(5.56 KB)
📄 scp.c(39.14 KB)
📄 servconf.c(79.73 KB)
📄 servconf.h(10.13 KB)
📄 serverloop.c(26.03 KB)
📄 serverloop.h(1000 B)
📄 session.c(66.72 KB)
📄 session.h(2.59 KB)
📄 sftp-client.c(49.62 KB)
📄 sftp-client.h(4.29 KB)
📄 sftp-common.c(6.83 KB)
📄 sftp-common.h(2.02 KB)
📄 sftp-glob.c(3.38 KB)
📄 sftp-server-main.c(1.49 KB)
📄 sftp-server.8(4.98 KB)
📄 sftp-server.c(42.36 KB)
📄 sftp.1(14.53 KB)
📄 sftp.c(59.73 KB)
📄 sftp.h(3.33 KB)
📄 smult_curve25519_ref.c(6.71 KB)
📄 ssh-add.1(6.45 KB)
📄 ssh-add.c(17.69 KB)
📄 ssh-agent.1(7.16 KB)
📄 ssh-agent.c(33.19 KB)
📄 ssh-dss.c(5.55 KB)
📄 ssh-ecdsa.c(5.54 KB)
📄 ssh-ed25519.c(4.21 KB)
📄 ssh-gss.h(4.71 KB)
📄 ssh-keygen.1(26.5 KB)
📄 ssh-keygen.c(78.58 KB)
📄 ssh-keyscan.1(3.82 KB)
📄 ssh-keyscan.c(17.83 KB)
📄 ssh-keysign.8(2.95 KB)
📄 ssh-keysign.c(8.26 KB)
📄 ssh-pkcs11-client.c(6.65 KB)
📄 ssh-pkcs11-helper.8(1.33 KB)
📄 ssh-pkcs11-helper.c(9.79 KB)
📄 ssh-pkcs11.c(19.56 KB)
📄 ssh-pkcs11.h(1.06 KB)
📄 ssh-rsa.c(11.89 KB)
📄 ssh-sandbox.h(1.09 KB)
📄 ssh-xmss.c(5 KB)
📄 ssh.1(44.3 KB)
📄 ssh.c(61.58 KB)
📄 ssh.h(2.6 KB)
📄 ssh2.h(5.66 KB)
📄 ssh_api.c(13.81 KB)
📄 ssh_api.h(4.33 KB)
📄 ssh_config(1.53 KB)
📄 ssh_config.5(51.41 KB)
📄 ssh_namespace.h(44.25 KB)
📄 sshbuf-getput-basic.c(11.81 KB)
📄 sshbuf-getput-crypto.c(5.64 KB)
📄 sshbuf-misc.c(3.53 KB)
📄 sshbuf.c(8.96 KB)
📄 sshbuf.h(12.2 KB)
📄 sshconnect.c(43.92 KB)
📄 sshconnect.h(2.3 KB)
📄 sshconnect2.c(59.05 KB)
📄 sshd.8(30.87 KB)
📄 sshd.c(64.58 KB)
📄 sshd_config(3.18 KB)
📄 sshd_config.5(50.55 KB)
📄 ssherr.c(5.04 KB)
📄 ssherr.h(3.28 KB)
📄 sshkey-xmss.c(28.17 KB)
📄 sshkey-xmss.h(2.89 KB)
📄 sshkey.c(102.94 KB)
📄 sshkey.h(10.09 KB)
📄 sshlogin.c(5.25 KB)
📄 sshlogin.h(935 B)
📄 sshpty.c(5.59 KB)
📄 sshpty.h(1.03 KB)
📄 sshtty.c(2.95 KB)
📄 survey.sh.in(1.68 KB)
📄 ttymodes.c(10.1 KB)
📄 ttymodes.h(4.85 KB)
📄 uidswap.c(7.09 KB)
📄 uidswap.h(680 B)
📄 umac.c(44.91 KB)
📄 umac.h(4.58 KB)
📄 umac128.c(414 B)
📄 utf8.c(8.09 KB)
📄 utf8.h(1.17 KB)
📄 uuencode.c(2.94 KB)
📄 uuencode.h(1.5 KB)
📄 verify.c(668 B)
📄 version.h(385 B)
📄 xmalloc.c(2.41 KB)
📄 xmalloc.h(1.08 KB)
📄 xmss_commons.c(630 B)
📄 xmss_commons.h(450 B)
📄 xmss_fast.c(32.16 KB)
📄 xmss_fast.h(3.64 KB)
📄 xmss_hash.c(3.35 KB)
📄 xmss_hash.h(841 B)
📄 xmss_hash_address.c(1.2 KB)
📄 xmss_hash_address.h(836 B)
📄 xmss_wots.c(4.74 KB)
📄 xmss_wots.h(1.86 KB)

Editing: addrmatch.c

/*	$OpenBSD: addrmatch.c,v 1.14 2018/07/31 03:07:24 djm Exp $ */

/*
 * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include "includes.h"

#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <stdarg.h>

#include "match.h"
#include "log.h"

struct xaddr {
	sa_family_t	af;
	union {
		struct in_addr		v4;
		struct in6_addr		v6;
		u_int8_t		addr8[16];
		u_int32_t		addr32[4];
	} xa;		    /* 128-bit address */
	u_int32_t	scope_id;	/* iface scope id for v6 */
#define v4	xa.v4
#define v6	xa.v6
#define addr8	xa.addr8
#define addr32	xa.addr32
};

static int
addr_unicast_masklen(int af)
{
	switch (af) {
	case AF_INET:
		return 32;
	case AF_INET6:
		return 128;
	default:
		return -1;
	}
}

static inline int
masklen_valid(int af, u_int masklen)
{
	switch (af) {
	case AF_INET:
		return masklen <= 32 ? 0 : -1;
	case AF_INET6:
		return masklen <= 128 ? 0 : -1;
	default:
		return -1;
	}
}

/*
 * Convert struct sockaddr to struct xaddr
 * Returns 0 on success, -1 on failure.
 */
static int
addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
{
	struct sockaddr_in *in4 = (struct sockaddr_in *)sa;
	struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;

memset(xa, '\0', sizeof(*xa));

switch (sa->sa_family) {
	case AF_INET:
		if (slen < (socklen_t)sizeof(*in4))
			return -1;
		xa->af = AF_INET;
		memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4));
		break;
	case AF_INET6:
		if (slen < (socklen_t)sizeof(*in6))
			return -1;
		xa->af = AF_INET6;
		memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
		xa->scope_id = in6->sin6_scope_id;
#endif
		break;
	default:
		return -1;
	}

return 0;
}

/*
 * Calculate a netmask of length 'l' for address family 'af' and
 * store it in 'n'.
 * Returns 0 on success, -1 on failure.
 */
static int
addr_netmask(int af, u_int l, struct xaddr *n)
{
	int i;

if (masklen_valid(af, l) != 0 || n == NULL)
		return -1;

memset(n, '\0', sizeof(*n));
	switch (af) {
	case AF_INET:
		n->af = AF_INET;
		if (l == 0)
			return 0;
		n->v4.s_addr = htonl((0xffffffff << (32 - l)) & 0xffffffff);
		return 0;
	case AF_INET6:
		n->af = AF_INET6;
		for (i = 0; i < 4 && l >= 32; i++, l -= 32)
			n->addr32[i] = 0xffffffffU;
		if (i < 4 && l != 0)
			n->addr32[i] = htonl((0xffffffff << (32 - l)) &
			    0xffffffff);
		return 0;
	default:
		return -1;
	}
}

/*
 * Perform logical AND of addresses 'a' and 'b', storing result in 'dst'.
 * Returns 0 on success, -1 on failure.
 */
static int
addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
{
	int i;

if (dst == NULL || a == NULL || b == NULL || a->af != b->af)
		return -1;

memcpy(dst, a, sizeof(*dst));
	switch (a->af) {
	case AF_INET:
		dst->v4.s_addr &= b->v4.s_addr;
		return 0;
	case AF_INET6:
		dst->scope_id = a->scope_id;
		for (i = 0; i < 4; i++)
			dst->addr32[i] &= b->addr32[i];
		return 0;
	default:
		return -1;
	}
}

/*
 * Compare addresses 'a' and 'b'
 * Return 0 if addresses are identical, -1 if (a < b) or 1 if (a > b)
 */
static int
addr_cmp(const struct xaddr *a, const struct xaddr *b)
{
	int i;

if (a->af != b->af)
		return a->af == AF_INET6 ? 1 : -1;

switch (a->af) {
	case AF_INET:
		if (a->v4.s_addr == b->v4.s_addr)
			return 0;
		return ntohl(a->v4.s_addr) > ntohl(b->v4.s_addr) ? 1 : -1;
	case AF_INET6:
		for (i = 0; i < 16; i++)
			if (a->addr8[i] - b->addr8[i] != 0)
				return a->addr8[i] > b->addr8[i] ? 1 : -1;
		if (a->scope_id == b->scope_id)
			return 0;
		return a->scope_id > b->scope_id ? 1 : -1;
	default:
		return -1;
	}
}

/*
 * Parse string address 'p' into 'n'
 * Returns 0 on success, -1 on failure.
 */
static int
addr_pton(const char *p, struct xaddr *n)
{
	struct addrinfo hints, *ai = NULL;
	int ret = -1;

memset(&hints, '\0', sizeof(hints));
	hints.ai_flags = AI_NUMERICHOST;

if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0)
		goto out;
	if (ai == NULL || ai->ai_addr == NULL)
		goto out;
	if (n != NULL && addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen, n) == -1)
		goto out;
	/* success */
	ret = 0;
 out:
	if (ai != NULL)
		freeaddrinfo(ai);
	return ret;
}

/*
 * Perform bitwise negation of address
 * Returns 0 on success, -1 on failure.
 */
static int
addr_invert(struct xaddr *n)
{
	int i;

if (n == NULL)
		return (-1);

switch (n->af) {
	case AF_INET:
		n->v4.s_addr = ~n->v4.s_addr;
		return (0);
	case AF_INET6:
		for (i = 0; i < 4; i++)
			n->addr32[i] = ~n->addr32[i];
		return (0);
	default:
		return (-1);
	}
}

/*
 * Calculate a netmask of length 'l' for address family 'af' and
 * store it in 'n'.
 * Returns 0 on success, -1 on failure.
 */
static int
addr_hostmask(int af, u_int l, struct xaddr *n)
{
	if (addr_netmask(af, l, n) == -1 || addr_invert(n) == -1)
		return (-1);
	return (0);
}

/*
 * Test whether address 'a' is all zeros (i.e. 0.0.0.0 or ::)
 * Returns 0 on if address is all-zeros, -1 if not all zeros or on failure.
 */
static int
addr_is_all0s(const struct xaddr *a)
{
	int i;

switch (a->af) {
	case AF_INET:
		return (a->v4.s_addr == 0 ? 0 : -1);
	case AF_INET6:;
		for (i = 0; i < 4; i++)
			if (a->addr32[i] != 0)
				return (-1);
		return (0);
	default:
		return (-1);
	}
}

/*
 * Test whether host portion of address 'a', as determined by 'masklen'
 * is all zeros.
 * Returns 0 on if host portion of address is all-zeros,
 * -1 if not all zeros or on failure.
 */
static int
addr_host_is_all0s(const struct xaddr *a, u_int masklen)
{
	struct xaddr tmp_addr, tmp_mask, tmp_result;

memcpy(&tmp_addr, a, sizeof(tmp_addr));
	if (addr_hostmask(a->af, masklen, &tmp_mask) == -1)
		return (-1);
	if (addr_and(&tmp_result, &tmp_addr, &tmp_mask) == -1)
		return (-1);
	return (addr_is_all0s(&tmp_result));
}

/*
 * Parse a CIDR address (x.x.x.x/y or xxxx:yyyy::/z).
 * Return -1 on parse error, -2 on inconsistency or 0 on success.
 */
static int
addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
{
	struct xaddr tmp;
	long unsigned int masklen = 999;
	char addrbuf[64], *mp, *cp;

/* Don't modify argument */
	if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf))
		return -1;

if ((mp = strchr(addrbuf, '/')) != NULL) {
		*mp = '\0';
		mp++;
		masklen = strtoul(mp, &cp, 10);
		if (*mp == '\0' || *cp != '\0' || masklen > 128)
			return -1;
	}

if (addr_pton(addrbuf, &tmp) == -1)
		return -1;

if (mp == NULL)
		masklen = addr_unicast_masklen(tmp.af);
	if (masklen_valid(tmp.af, masklen) == -1)
		return -2;
	if (addr_host_is_all0s(&tmp, masklen) != 0)
		return -2;

if (n != NULL)
		memcpy(n, &tmp, sizeof(*n));
	if (l != NULL)
		*l = masklen;

return 0;
}

static int
addr_netmatch(const struct xaddr *host, const struct xaddr *net, u_int masklen)
{
	struct xaddr tmp_mask, tmp_result;

if (host->af != net->af)
		return -1;

if (addr_netmask(host->af, masklen, &tmp_mask) == -1)
		return -1;
	if (addr_and(&tmp_result, host, &tmp_mask) == -1)
		return -1;
	return addr_cmp(&tmp_result, net);
}

/*
 * Match "addr" against list pattern list "_list", which may contain a
 * mix of CIDR addresses and old-school wildcards.
 *
 * If addr is NULL, then no matching is performed, but _list is parsed
 * and checked for well-formedness.
 *
 * Returns 1 on match found (never returned when addr == NULL).
 * Returns 0 on if no match found, or no errors found when addr == NULL.
 * Returns -1 on negated match found (never returned when addr == NULL).
 * Returns -2 on invalid list entry.
 */
int
addr_match_list(const char *addr, const char *_list)
{
	char *list, *cp, *o;
	struct xaddr try_addr, match_addr;
	u_int masklen, neg;
	int ret = 0, r;

if (addr != NULL && addr_pton(addr, &try_addr) != 0) {
		debug2("%s: couldn't parse address %.100s", __func__, addr);
		return 0;
	}
	if ((o = list = strdup(_list)) == NULL)
		return -1;
	while ((cp = strsep(&list, ",")) != NULL) {
		neg = *cp == '!';
		if (neg)
			cp++;
		if (*cp == '\0') {
			ret = -2;
			break;
		}
		/* Prefer CIDR address matching */
		r = addr_pton_cidr(cp, &match_addr, &masklen);
		if (r == -2) {
			debug2("%s: inconsistent mask length for "
			    "match network \"%.100s\"", __func__, cp);
			ret = -2;
			break;
		} else if (r == 0) {
			if (addr != NULL && addr_netmatch(&try_addr,
                           &match_addr, masklen) == 0) {
 foundit:
				if (neg) {
					ret = -1;
					break;
				}
				ret = 1;
			}
			continue;
		} else {
			/* If CIDR parse failed, try wildcard string match */
			if (addr != NULL && match_pattern(addr, cp) == 1)
				goto foundit;
		}
	}
	free(o);

return ret;
}

/*
 * Match "addr" against list CIDR list "_list". Lexical wildcards and
 * negation are not supported. If "addr" == NULL, will verify structure
 * of "_list".
 *
 * Returns 1 on match found (never returned when addr == NULL).
 * Returns 0 on if no match found, or no errors found when addr == NULL.
 * Returns -1 on error
 */
int
addr_match_cidr_list(const char *addr, const char *_list)
{
	char *list, *cp, *o;
	struct xaddr try_addr, match_addr;
	u_int masklen;
	int ret = 0, r;

/*
		 * NB. This function is called in pre-auth with untrusted data,
		 * so be extra paranoid about junk reaching getaddrino (via
		 * addr_pton_cidr).
		 */

/* Stop junk from reaching getaddrinfo. +3 is for masklen */
		if (strlen(cp) > INET6_ADDRSTRLEN + 3) {
			error("%s: list entry \"%.100s\" too long",
			    __func__, cp);
			ret = -1;
			break;
		}
#define VALID_CIDR_CHARS "0123456789abcdefABCDEF.:/"
		if (strspn(cp, VALID_CIDR_CHARS) != strlen(cp)) {
			error("%s: list entry \"%.100s\" contains invalid "
			    "characters", __func__, cp);
			ret = -1;
		}

/* Prefer CIDR address matching */
		r = addr_pton_cidr(cp, &match_addr, &masklen);
		if (r == -1) {
			error("Invalid network entry \"%.100s\"", cp);
			ret = -1;
			break;
		} else if (r == -2) {
			error("Inconsistent mask length for "
			    "network \"%.100s\"", cp);
			ret = -1;
			break;
		} else if (r == 0 && addr != NULL) {
			if (addr_netmatch(&try_addr, &match_addr,
			    masklen) == 0)
				ret = 1;
			continue;
		}
	}
	free(o);

return ret;
}

003 File Manager

Editing: addrmatch.c

Upload File

Create Folder