On Thu, Nov 03, 2022 at 07:06:48AM +0000, Mikolaj Kucharski wrote: > Hi, > > I'm using below type of config for few years now. Today I've upgraded to: > > > OpenBSD 7.2-current (GENERIC.MP) #823: Wed Nov 2 11:56:37 MDT 2022 > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > > and see following problem: > > > $ ssh -vv pce-0035 > OpenSSH_9.1, LibreSSL 3.6.0 > debug1: Reading configuration data /home/mk1/.ssh/config > debug1: /home/mk1/.ssh/config line 127: Applying options for pce-0035 > debug1: /home/mk1/.ssh/config line 1527: Applying options for * > debug1: Reading configuration data /etc/ssh/ssh_config > debug2: resolve_addr: could not resolve name [fde4:f456:48c2:13c0::cc35] as > address: name or service is not known > debug1: resolve_canonicalize: hostname [fde4:f456:48c2:13c0::cc35] is an > unrecognised address > debug1: Executing proxy command: exec ssh -q -W > [fde4:f456:48c2:13c0::cc35]:22 ks2 > ... > debug1: load_hostkeys: fopen /home/mk1/.ssh/known_hosts2: No such file or > directory > debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or > directory > debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or > directory > debug1: check_host_key: invalid hostname "[fde4:f456:48c2:13c0::cc35]"; will > not record: domain name "[fde4:f456:48c2:13c0::cc35]" starts with invalid > character > Host key verification failed. > $ _ > > > # ~/.ssh/config > Host pce-0035 > User root > HostName [fde4:f456:48c2:13c0::cc35] > ProxyCommand ssh -q -W %h:%p ks2 > Host ks2 > User root > HostName ks2.example.com > Host * > AddressFamily any > Protocol 2 > ServerAliveInterval 120 > ConnectionAttempts 3 > ConnectTimeout 30 > ForwardAgent no >
Reverting below helps with above: commit 64416e996841f6651db1721672edf837c235712c Author: djm <[email protected]> Date: Mon Oct 24 22:43:36 2022 +0000 Be more paranoid with host/domain names coming from the resolver: don't follow CNAMEs with invalid characters when canonicalising and never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ diff --git usr.bin/ssh/ssh.c usr.bin/ssh/ssh.c index c4860fdd43a..d3c864f8807 100644 --- usr.bin/ssh/ssh.c +++ usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.578 2022/10/13 09:09:28 jsg Exp $ */ +/* $OpenBSD: ssh.c,v 1.579 2022/10/24 22:43:36 djm Exp $ */ /* * Author: Tatu Ylonen <[email protected]> * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland @@ -235,6 +235,7 @@ static struct addrinfo * resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) { char strport[NI_MAXSERV]; + const char *errstr = NULL; struct addrinfo hints, *res; int gaierr; LogLevel loglevel = SYSLOG_LEVEL_DEBUG1; @@ -260,7 +261,10 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) return NULL; } if (cname != NULL && res->ai_canonname != NULL) { - if (strlcpy(cname, res->ai_canonname, clen) >= clen) { + if (!valid_domain(res->ai_canonname, 0, &errstr)) { + error("ignoring bad CNAME \"%s\" for host \"%s\": %s", + res->ai_canonname, name, errstr); + } else if (strlcpy(cname, res->ai_canonname, clen) >= clen) { error_f("host \"%s\" cname \"%s\" too long (max %lu)", name, res->ai_canonname, (u_long)clen); if (clen > 0) diff --git usr.bin/ssh/sshconnect.c usr.bin/ssh/sshconnect.c index 7d87c625302..cd4f0ccbcea 100644 --- usr.bin/ssh/sshconnect.c +++ usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.358 2022/08/26 08:16:27 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.359 2022/10/24 22:43:36 djm Exp $ */ /* * Author: Tatu Ylonen <[email protected]> * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland @@ -897,7 +897,7 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, char *ip = NULL, *host = NULL; char hostline[1000], *hostp, *fp, *ra; char msg[1024]; - const char *type, *fail_reason; + const char *type, *fail_reason = NULL; const struct hostkey_entry *host_found = NULL, *ip_found = NULL; int len, cancelled_forwarding = 0, confirmed; int local = sockaddr_is_local(hostaddr); @@ -980,6 +980,13 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, (host_found != NULL && host_found->note != 0))) readonly = RDONLY; + /* Don't ever try to write an invalid name to a known hosts file */ + if (!valid_domain(hostname, 0, &fail_reason)) { + debug_f("invalid hostname \"%s\"; will not record: %s", + hostname, fail_reason); + readonly = RDONLY; + } + /* * Also perform check for the ip address, skip the check if we are * localhost, looking for a certificate, or the hostname was an ip -- Regards, Mikolaj
