diff --git a/overlays/patches/srv-records.patch b/overlays/patches/srv-records.patch index 7fc74ec..2b55b66 100644 --- a/overlays/patches/srv-records.patch +++ b/overlays/patches/srv-records.patch @@ -1,7 +1,7 @@ From f568270c4ec5b0472e0a49af510fd58f1f65155b Mon Sep 17 00:00:00 2001 From: Mara Sophie Grosch Date: Sat, 13 Feb 2021 23:01:02 +0100 -Subject: [PATCH 1/4] Resolve SRV record for hostname +Subject: [PATCH 1/3] Resolve SRV record for hostname Very crude first implementation, needs more polishing. @@ -296,7 +296,7 @@ index 0019281f4..95871013f 100644 From 885aca548189e24d50431f59b1c7c14b378c4d91 Mon Sep 17 00:00:00 2001 From: Mara Sophie Grosch Date: Sat, 13 Feb 2021 23:12:31 +0100 -Subject: [PATCH 2/4] Move DNS name decoding to dns.{c/h} +Subject: [PATCH 2/3] Move DNS name decoding to dns.{c/h} --- dns.c | 43 +++++++++++++++++++++++++++++++++++++++++++ @@ -421,228 +421,10 @@ index 95871013f..c295653e4 100644 2.44.1 -From ac087b03f2733b128616bb575c11c511b81b6b39 Mon Sep 17 00:00:00 2001 -From: Mara Sophie Grosch -Date: Sun, 14 Feb 2021 00:20:26 +0100 -Subject: [PATCH 3/4] Add some unit tests for dns_decode_name - ---- - Makefile.in | 17 +++++++++++++ - dns.c | 32 ++++++++++++++++------- - regress/Makefile | 1 + - regress/unittests/Makefile | 3 ++- - regress/unittests/dns/tests.c | 48 +++++++++++++++++++++++++++++++++++ - 5 files changed, 91 insertions(+), 10 deletions(-) - create mode 100644 regress/unittests/dns/tests.c - -diff --git a/Makefile.in b/Makefile.in -index e1b77ebc6..4f30d0c5f 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -288,6 +288,8 @@ clean: regressclean - rm -f regress/unittests/bitmap/test_bitmap$(EXEEXT) - rm -f regress/unittests/conversion/*.o - rm -f regress/unittests/conversion/test_conversion$(EXEEXT) -+ rm -f regress/unittests/dns/*.o -+ rm -f regress/unittests/dns/test_dns$(EXEEXT) - rm -f regress/unittests/hostkeys/*.o - rm -f regress/unittests/hostkeys/test_hostkeys$(EXEEXT) - rm -f regress/unittests/kex/*.o -@@ -325,6 +327,8 @@ distclean: regressclean - rm -f regress/unittests/bitmap/test_bitmap - rm -f regress/unittests/conversion/*.o - rm -f regress/unittests/conversion/test_conversion -+ rm -f regress/unittests/dns/*.o -+ rm -f regress/unittests/dns/test_dns - rm -f regress/unittests/hostkeys/*.o - rm -f regress/unittests/hostkeys/test_hostkeys - rm -f regress/unittests/kex/*.o -@@ -510,6 +514,7 @@ regress-prep: - $(MKDIR_P) `pwd`/regress/unittests/authopt - $(MKDIR_P) `pwd`/regress/unittests/bitmap - $(MKDIR_P) `pwd`/regress/unittests/conversion -+ $(MKDIR_P) `pwd`/regress/unittests/dns - $(MKDIR_P) `pwd`/regress/unittests/hostkeys - $(MKDIR_P) `pwd`/regress/unittests/kex - $(MKDIR_P) `pwd`/regress/unittests/match -@@ -629,6 +634,17 @@ regress/unittests/conversion/test_conversion$(EXEEXT): \ - regress/unittests/test_helper/libtest_helper.a \ - -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) - -+UNITTESTS_TEST_DNS_OBJS=\ -+ regress/unittests/dns/tests.o \ -+ $(SKOBJS) -+ -+regress/unittests/dns/test_dns$(EXEEXT): \ -+ ${UNITTESTS_TEST_DNS_OBJS} \ -+ regress/unittests/test_helper/libtest_helper.a libssh.a -+ $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_DNS_OBJS) \ -+ regress/unittests/test_helper/libtest_helper.a \ -+ -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) -+ - UNITTESTS_TEST_KEX_OBJS=\ - regress/unittests/kex/tests.o \ - regress/unittests/kex/test_kex.o \ -@@ -718,6 +734,7 @@ regress-unit-binaries: regress-prep $(REGRESSLIBS) \ - regress/unittests/authopt/test_authopt$(EXEEXT) \ - regress/unittests/bitmap/test_bitmap$(EXEEXT) \ - regress/unittests/conversion/test_conversion$(EXEEXT) \ -+ regress/unittests/dns/test_dns$(EXEEXT) \ - regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \ - regress/unittests/kex/test_kex$(EXEEXT) \ - regress/unittests/match/test_match$(EXEEXT) \ -diff --git a/dns.c b/dns.c -index ab156f5c3..dfd4a49bb 100644 ---- a/dns.c -+++ b/dns.c -@@ -351,23 +351,34 @@ export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic, - */ - char* - dns_decode_name(const char* data, size_t len) { -- size_t index = 0; -+ if(len < 1) { -+ return NULL; -+ } - - char* decoded = NULL; - size_t size = 0; - -- uint8_t next_label_len; -- do { -- next_label_len = data[index]; -+ size_t index = 0; -+ uint8_t next_label_len = data[index++]; -+ -+ while(1) { -+ if(index + next_label_len > len) { -+ return NULL; -+ } -+ -+ if(!next_label_len) { -+ return decoded; -+ } - - char* old_decoded = decoded; - - if(old_decoded) { - decoded = malloc(size + next_label_len + 2); -+ decoded[size + next_label_len + 1] = 0; -+ - memcpy(decoded, old_decoded, size); - decoded[size] = '.'; -- memcpy(decoded + size + 1, data + index + 1, next_label_len); -- decoded[size + next_label_len + 1] = 0; -+ memcpy(decoded + size + 1, data + index, next_label_len); - - size += 1; - -@@ -375,13 +386,16 @@ dns_decode_name(const char* data, size_t len) { - } - else { - decoded = malloc(next_label_len + 1); -- memcpy(decoded, data + index + 1, next_label_len); - decoded[next_label_len] = 0; -+ -+ memcpy(decoded, data + index, next_label_len); - } - - size += next_label_len; -- index += next_label_len + 1; -- } while(next_label_len > 0 && index + next_label_len <= len); -+ index += next_label_len; -+ -+ next_label_len = data[index++]; -+ } - - return decoded; - } -diff --git a/regress/Makefile b/regress/Makefile -index 7f7349706..af22225c5 100644 ---- a/regress/Makefile -+++ b/regress/Makefile -@@ -305,6 +305,7 @@ unit: - -d ${.CURDIR}/unittests/authopt/testdata ; \ - $$V ${.OBJDIR}/unittests/bitmap/test_bitmap ; \ - $$V ${.OBJDIR}/unittests/conversion/test_conversion ; \ -+ $$V ${.OBJDIR}/unittests/dns/test_dns ; \ - $$V ${.OBJDIR}/unittests/kex/test_kex ; \ - $$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \ - -d ${.CURDIR}/unittests/hostkeys/testdata ; \ -diff --git a/regress/unittests/Makefile b/regress/unittests/Makefile -index e370900e4..3032c2d1b 100644 ---- a/regress/unittests/Makefile -+++ b/regress/unittests/Makefile -@@ -1,6 +1,7 @@ - # $OpenBSD: Makefile,v 1.13 2023/09/24 08:14:13 claudio Exp $ - --SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion -+REGRESS_FAIL_EARLY?= yes -+SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion dns - SUBDIR+=authopt misc sshsig - - .include -diff --git a/regress/unittests/dns/tests.c b/regress/unittests/dns/tests.c -new file mode 100644 -index 000000000..53e6d0a6e ---- /dev/null -+++ b/regress/unittests/dns/tests.c -@@ -0,0 +1,48 @@ -+/* $OpenBSD: tests.c,v 1.3 2021/01/18 11:43:34 dtucker Exp $ */ -+/* -+ * Regress test for dns utility functions -+ * -+ * Placed in the public domain -+ */ -+ -+#include "includes.h" -+ -+#include -+#include -+#include -+#ifdef HAVE_STDINT_H -+#include -+#endif -+#include -+#include -+ -+#include "../test_helper/test_helper.h" -+ -+#include "sshkey.h" -+#include "dns.h" -+ -+void -+tests(void) -+{ -+ TEST_START("dns_decode_name"); -+ -+ // no data at all -+ ASSERT_PTR_EQ(dns_decode_name(0, 0), NULL); -+ -+ // some data, but truncated a lot -+ ASSERT_PTR_EQ(dns_decode_name("\04example", 4), NULL); -+ -+ // some data, but truncated (trailing zero length label missing) -+ ASSERT_PTR_EQ(dns_decode_name("\07example", 8), NULL); -+ -+ // single label, correct data -+ ASSERT_STRING_EQ(dns_decode_name("\07example", 9), "example"); -+ -+ // two labels, correct data -+ ASSERT_STRING_EQ(dns_decode_name("\07example\03com", 13), "example.com"); -+ -+ // three labels, correct data -+ ASSERT_STRING_EQ(dns_decode_name("\03www\07example\03com", 17), "www.example.com"); -+ -+ TEST_DONE(); -+} --- -2.44.1 - - -From d17e6c0b75b56914b755356e464b8aa77b442fa3 Mon Sep 17 00:00:00 2001 +From afa1e00156dc0fb899e3ed48d08480cece390d03 Mon Sep 17 00:00:00 2001 From: Mara Sophie Grosch Date: Sun, 14 Feb 2021 00:35:53 +0100 -Subject: [PATCH 4/4] Code reordering: fix uninitialized use +Subject: [PATCH 3/3] Code reordering: fix uninitialized use --- ssh.c | 5 +++-- diff --git a/todo.md b/todo.md index c03bc8f..b214d6d 100644 --- a/todo.md +++ b/todo.md @@ -47,7 +47,7 @@ # Certificate Authority - [ ] SSH CA - https://vriska.dev/trusting-ssh-keys-using-a-centralized-hardware-secret/ -- [ ] SSL CA +- [x] SSL CA - [ ] Signing server? # NixVim