-/* $OpenBSD: readconf.c,v 1.408 2026/02/08 19:54:31 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.409 2026/02/11 22:57:55 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
goto parse_flag;
case oRevokedHostKeys:
- charptr = &options->revoked_host_keys;
- goto parse_string;
+ uintptr = &options->num_revoked_host_keys;
+ cppptr = &options->revoked_host_keys;
+ found = *uintptr == 0;
+ while ((arg = argv_next(&ac, &av)) != NULL) {
+ if (*arg == '\0') {
+ error("%s line %d: keyword %s empty argument",
+ filename, linenum, keyword);
+ goto out;
+ }
+ /* Allow "none" only in first position */
+ if (strcasecmp(arg, "none") == 0) {
+ if (nstrs > 0 || ac > 0) {
+ error("%s line %d: keyword %s \"none\" "
+ "argument must appear alone.",
+ filename, linenum, keyword);
+ goto out;
+ }
+ }
+ opt_array_append(filename, linenum, keyword,
+ &strs, &nstrs, arg);
+ }
+ if (nstrs == 0) {
+ fatal("%s line %d: no %s specified",
+ filename, linenum, keyword);
+ }
+ if (found && *activep) {
+ *cppptr = strs;
+ *uintptr = nstrs;
+ strs = NULL; /* transferred */
+ nstrs = 0;
+ }
+ break;
case oFingerprintHash:
intptr = &options->fingerprint_hash;
options->canonicalize_fallback_local = -1;
options->canonicalize_hostname = -1;
options->revoked_host_keys = NULL;
+ options->num_revoked_host_keys = 0;
options->fingerprint_hash = -1;
options->update_hostkeys = -1;
options->hostbased_accepted_algos = NULL;
CLEAR_ON_NONE(options->remote_command);
CLEAR_ON_NONE(options->proxy_command);
CLEAR_ON_NONE(options->control_path);
- CLEAR_ON_NONE(options->revoked_host_keys);
CLEAR_ON_NONE(options->pkcs11_provider);
CLEAR_ON_NONE(options->sk_provider);
CLEAR_ON_NONE(options->known_hosts_command);
CLEAR_ON_NONE_ARRAY(channel_timeouts, num_channel_timeouts, "none");
+ CLEAR_ON_NONE_ARRAY(revoked_host_keys, num_revoked_host_keys, "none");
#undef CLEAR_ON_NONE
#undef CLEAR_ON_NONE_ARRAY
if (options->jump_host != NULL &&
free(o->permitted_cnames[i].source_list);
free(o->permitted_cnames[i].target_list);
}
+ FREE_ARRAY(u_int, o->num_revoked_host_keys, o->revoked_host_keys);
free(o->revoked_host_keys);
free(o->hostbased_accepted_algos);
free(o->pubkey_accepted_algos);
dump_cfg_string(oSecurityKeyProvider, o->sk_provider);
dump_cfg_string(oPreferredAuthentications, o->preferred_authentications);
dump_cfg_string(oPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos);
- dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);
dump_cfg_string(oXAuthLocation, o->xauth_location);
dump_cfg_string(oKnownHostsCommand, o->known_hosts_command);
dump_cfg_string(oTag, o->tag);
dump_cfg_strarray(oCertificateFile, o->num_certificate_files, o->certificate_files);
dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles);
dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles);
+ dump_cfg_strarray_oneline(oRevokedHostKeys, o->num_revoked_host_keys, o->revoked_host_keys);
dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env);
dump_cfg_strarray(oSetEnv, o->num_setenv, o->setenv);
dump_cfg_strarray_oneline(oLogVerbose,
-/* $OpenBSD: ssh.c,v 1.623 2026/02/11 17:05:32 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.624 2026/02/11 22:57:55 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
options.identity_agent = cp;
}
- if (options.revoked_host_keys != NULL) {
- p = tilde_expand_filename(options.revoked_host_keys, getuid());
+ for (j = 0; j < options.num_revoked_host_keys; j++) {
+ p = tilde_expand_filename(options.revoked_host_keys[j],
+ getuid());
cp = default_client_percent_dollar_expand(p, cinfo);
free(p);
- free(options.revoked_host_keys);
- options.revoked_host_keys = cp;
+ free(options.revoked_host_keys[j]);
+ options.revoked_host_keys[j] = cp;
}
if (options.forward_agent_sock_path != NULL) {
-/* $OpenBSD: sshconnect.c,v 1.379 2026/02/11 17:05:32 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.380 2026/02/11 22:57:55 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
goto out;
}
- /* Check in RevokedHostKeys file if specified */
- if (options.revoked_host_keys != NULL) {
- r = sshkey_check_revoked(host_key, options.revoked_host_keys);
+ /* Check in RevokedHostKeys files if specified */
+ for (i = 0; i < options.num_revoked_host_keys; i++) {
+ r = sshkey_check_revoked(host_key,
+ options.revoked_host_keys[i]);
switch (r) {
case 0:
break; /* not revoked */
case SSH_ERR_KEY_REVOKED:
error("Host key %s %s revoked by file %s",
sshkey_type(host_key), fp,
- options.revoked_host_keys);
+ options.revoked_host_keys[i]);
r = -1;
goto out;
default:
error_r(r, "Error checking host key %s %s in "
"revoked keys file %s", sshkey_type(host_key),
- fp, options.revoked_host_keys);
+ fp, options.revoked_host_keys[i]);
r = -1;
goto out;
}
projects / thirdparty / openssh-portable.git / commitdiff
