Re: ssh_config: Match exec broken

2018-03-07 Thread Stuart Henderson 
On 2018/03/08 10:47, Damien Miller wrote:
> I've reverted it

Thank you.

Re: ssh_config: Match exec broken

2018-03-07 Thread Damien Miller 
I've reverted it

On Wed, 7 Mar 2018, Stuart Henderson wrote:

> On 2018/03/03 04:52, Klemens Nanni wrote:
> > Just upgraded the latest snapshot
> > 
> > OpenBSD 6.3-beta (GENERIC.MP) #25: Fri Mar  2 14:41:23 MST 2018
> > 
> > The following ssh_config(5) snippet is now broken:
> > 
> > Match exec "echo %n | grep -qxE 'some|nifty|regex'"
> > Include some/config
> > 
> > $ ssh some_host
> > Unsupported Match attribute echo
> > /home/kn/.ssh/config line 42: Bad Match condition
> > 
> > Reverting the following commit fixes this and I can connect again
> > regardless of matching:
> > 
> > revision 1.124
> > date: 2018/03/02 03:02:11;  author: djm;  state: Exp;  lines: +19 -8;  
> > commitid: nNRsCijZiGG6SUTT;
> > Allow escaped quotes \" and \' in ssh_config and sshd_config quotes
> > option strings. bz#1596 ok markus@
> > 
> 
> Related, I have a bunch of machines with address match lines including quotes:
> 
> Match Address "192.168.0.0/16,2001:xxx:::/48"
> 
> It seems this wasn't required before (for some reason I thought it was), but
> it was accepted - this now prevents sshd startup until the "s are removed.
> 
> Fortunately I discovered this on a machine where I have serial console :-)
>

Re: Bus error in smtpctl spf walk

2018-03-07 Thread Otto Moerbeek 
On Wed, Mar 07, 2018 at 08:30:25AM +0100, Gilles Chehade wrote:

> On Tue, Mar 06, 2018 at 01:13:11PM +0100, Otto Moerbeek wrote:
> > On Tue, Mar 06, 2018 at 10:46:23AM +0100, Jan Johansson wrote:
> > 
> > > >Synopsis:Bus error in smtpctl spf walk (on certain domains)
> > > >Category:user
> > > >Environment:
> > >   System  : OpenBSD 6.3
> > >   Details : OpenBSD 6.3-beta (GENERIC.MP) #26: Fri Mar  2 22:56:04 
> > > MST 2018
> > >
> > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > > 
> > >   Architecture: OpenBSD.amd64
> > >   Machine : amd64
> > > >Description:
> > > Got a mail with "Return-Path: 
> > > bounces+abcd1...@sendgrid.meetup.com" and wanted to add it to my white 
> > > list but smtpctl spf walk says "Bus error". Other domains like 
> > > facebookmail.com works without problem. 
> > > http://www.kitterman.com/spf/validate.html seems to think 
> > > sendgrid.meetup.com has a valid record.
> > > 
> > > >How-To-Repeat:
> > > echo sendgrid.meetup.com | smtpctl spf walk
> > > 
> > > >Fix:
> > > Not known
> > 
> > Try this,
> > 
> > -Otto
> > 
> > Index: spfwalk.c
> > ===
> > RCS file: /cvs/src/usr.sbin/smtpd/spfwalk.c,v
> > retrieving revision 1.5
> > diff -u -p -r1.5 spfwalk.c
> > --- spfwalk.c   26 Jan 2018 08:00:54 -  1.5
> > +++ spfwalk.c   6 Mar 2018 12:12:42 -
> > @@ -140,6 +140,8 @@ dispatch_txt(struct dns_rr *rr)
> > char *end;
> > ssize_t n;
> >  
> > +   if (rr->rr_type != T_TXT)
> > +   return;
> > n = parse_txt(rr->rr.other.rdata, rr->rr.other.rdlen, buf, sizeof(buf));
> > if (n == -1 || n == sizeof(buf))
> > return;
> > 
> 
> ok gilles@, the check can't hurt
> 
> I'm curious why we can even get rr_type != T_TXT when res_query_async()
> is called with a type == T_TXT though, I'll look into this to ensure we
> don't use a broken pattern in multiple places.

It is because there's a cname record involved:

;; QUESTION SECTION:
;sendgrid.meetup.com.   IN  TXT

;; ANSWER SECTION:
sendgrid.meetup.com.300 IN  CNAME   u3863915.wl166.sendgrid.net.
u3863915.wl166.sendgrid.net. 1800 INTXT "v=spf1 include:sendgrid.net 
~all"

-Otto