[SSSD] [PATCH] SSH: Verify that names received from client are valid UTF-8 in responder

Mon, 13 Feb 2012 08:21:29 -0800

Also added a comment describing the wire format of client requests and responses. 

https://fedorahosted.org/sssd/ticket/1177

Honza

--
Jan Cholasta

>From b1007b1c911c804bb70caf0fdd0fe3962be64374 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <[email protected]>
Date: Mon, 13 Feb 2012 10:10:40 -0500
Subject: [PATCH] SSH: Verify that names received from client are valid UTF-8
 in responder

Also added a comment describing the wire format of client requests and
responses.

https://fedorahosted.org/sssd/ticket/1177
---
 src/responder/ssh/sshsrv_cmd.c |    4 ++++
 src/sss_client/ssh/sss_ssh.c   |   17 +++++++++++++++++
 2 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/src/responder/ssh/sshsrv_cmd.c b/src/responder/ssh/sshsrv_cmd.c
index eea1516..0a182f3 100644
--- a/src/responder/ssh/sshsrv_cmd.c
+++ b/src/responder/ssh/sshsrv_cmd.c
@@ -436,6 +436,10 @@ ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx)
     }
 
     name = (char *)(body+c);
+    if (!sss_utf8_check((const uint8_t *)name, name_len-1)) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Supplied data is not valid UTF-8 string\n"));
+        return EINVAL;
+    }
     if (strnlen(name, name_len) != name_len-1) {
         return EINVAL;
     }
diff --git a/src/sss_client/ssh/sss_ssh.c b/src/sss_client/ssh/sss_ssh.c
index 921f002..bb76800 100644
--- a/src/sss_client/ssh/sss_ssh.c
+++ b/src/sss_client/ssh/sss_ssh.c
@@ -67,6 +67,23 @@ int set_locale(void)
     return EOK;
 }
 
+/* SSH public key request:
+ * 
+ * 0..3: flags (unsigned int, must be 0)
+ * 4..7: name length (unsigned int)
+ * 8..$: name (null-terminated UTF-8 string)
+ * 
+ * SSH public key reply:
+ * 
+ * 0..3: number of results (unsigned int)
+ * 4..7: reserved (unsigned int, must be 0)
+ * 8..$: array of results:
+ *   0..3:     flags (unsigned int, must be 0)
+ *   4..7:     name length (unsigned int)
+ *   8..(X-1): name (null-terminated UTF-8 string)
+ *   X..(X+3): key length (unsigned int)
+ *   (X+4)..Y: key (public key blob as defined in RFC4253, section 6.6)
+ */
 errno_t
 sss_ssh_get_pubkeys(TALLOC_CTX *mem_ctx,
                     enum sss_cli_command command,
-- 
1.7.6.5


_______________________________________________
sssd-devel mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to