From 19cfb22d30b5db285a8561b33d60e4155179651c Mon Sep 17 00:00:00 2001 From: HansH111 Date: Sun, 13 Mar 2022 17:37:44 +0000 Subject: [PATCH 1/4] add pubkey_info field to authstate structure --- auth.h | 1 + 1 file changed, 1 insertion(+) diff --git a/auth.h b/auth.h index 9279619..2063cad 100644 --- a/auth.h +++ b/auth.h @@ -125,6 +125,7 @@ struct AuthState { char *pw_passwd; #if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT struct PubKeyOptions* pubkey_options; + char *pubkey_info; #endif }; From 80e7143fd2d42901eb95d1a2942bf1221708eaac Mon Sep 17 00:00:00 2001 From: HansH111 Date: Sun, 13 Mar 2022 17:38:13 +0000 Subject: [PATCH 2/4] extract pubkey_info when seuccesfully auth with a key and free it in the cleanup function --- svr-authpubkey.c | 23 ++++++++++++++++++++--- svr-authpubkeyoptions.c | 3 +++ 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/svr-authpubkey.c b/svr-authpubkey.c index a33cc39..10356a8 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -261,7 +261,7 @@ static int checkpubkey_line(buffer* line, int line_num, const char* filename, const char* algo, unsigned int algolen, const unsigned char* keyblob, unsigned int keybloblen) { buffer *options_buf = NULL; - unsigned int pos, len; + unsigned int pos, len, infopos, infolen; int ret = DROPBEAR_FAILURE; if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) { @@ -344,6 +344,11 @@ static int checkpubkey_line(buffer* line, int line_num, const char* filename, for (len = 0; line->pos < line->len; len++) { if (buf_getbyte(line) == ' ') break; } + /* findout the length of the public key info */ + infopos = line->pos; + for (infolen = 0; line->pos < line->len; infolen++) { + if (buf_getbyte(line) == ' ') break; + } buf_setpos(line, pos); buf_setlen(line, line->pos + len); @@ -351,8 +356,20 @@ static int checkpubkey_line(buffer* line, int line_num, const char* filename, ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algo, algolen, line, NULL); - if (ret == DROPBEAR_SUCCESS && options_buf) { - ret = svr_add_pubkey_options(options_buf, line_num, filename); + if (ret == DROPBEAR_SUCCESS) { + if (options_buf) { + ret = svr_add_pubkey_options(options_buf, line_num, filename); + } + /* save the (optional) public key information */ + if (infolen) { + ses.authstate.pubkey_info = m_malloc(infolen + 1); + if (ses.authstate.pubkey_info) { + strncpy(ses.authstate.pubkey_info, &line->data[infopos], infolen); + ses.authstate.pubkey_info[infolen]='\0'; + } + } else { + ses.authstate.pubkey_info = NULL; + } } out: diff --git a/svr-authpubkeyoptions.c b/svr-authpubkeyoptions.c index 7ddf680..447f4b7 100644 --- a/svr-authpubkeyoptions.c +++ b/svr-authpubkeyoptions.c @@ -115,6 +115,9 @@ void svr_pubkey_options_cleanup() { } m_free(ses.authstate.pubkey_options); } + if (ses.authstate.pubkey_info) { + m_free(ses.authstate.pubkey_info); + } } /* helper for svr_add_pubkey_options. returns DROPBEAR_SUCCESS if the option is matched, From 35631a21a230321d6a42ca6891157e099dc91333 Mon Sep 17 00:00:00 2001 From: HansH111 Date: Sun, 13 Mar 2022 17:38:38 +0000 Subject: [PATCH 3/4] set envvar SSH_PUBKEYINFO if authstate.pubkey_info contains information --- svr-chansession.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/svr-chansession.c b/svr-chansession.c index 02cb035..71e0e46 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -1030,6 +1030,9 @@ static void execchild(const void *user_data) { if (chansess->original_command) { addnewvar("SSH_ORIGINAL_COMMAND", chansess->original_command); } + if (ses.authstate.pubkey_info != NULL) { + addnewvar("SSH_PUBKEYINFO", ses.authstate.pubkey_info); + } /* change directory */ if (chdir(ses.authstate.pw_dir) < 0) { From 212583544a7e3c8ff988904e7c69037b4d1d612c Mon Sep 17 00:00:00 2001 From: HansH111 Date: Tue, 15 Mar 2022 18:57:21 +0000 Subject: [PATCH 4/4] use buf_getptr and m_free on every iteration before m_malloc to insure no memory leaks are happening --- svr-authpubkey.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/svr-authpubkey.c b/svr-authpubkey.c index 10356a8..70e7f70 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -356,6 +356,11 @@ static int checkpubkey_line(buffer* line, int line_num, const char* filename, ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algo, algolen, line, NULL); + /* free pubkey_info if it is filled */ + if (ses.authstate.pubkey_info) { + m_free(ses.authstate.pubkey_info); + ses.authstate.pubkey_info = NULL; + } if (ret == DROPBEAR_SUCCESS) { if (options_buf) { ret = svr_add_pubkey_options(options_buf, line_num, filename); @@ -364,11 +369,9 @@ static int checkpubkey_line(buffer* line, int line_num, const char* filename, if (infolen) { ses.authstate.pubkey_info = m_malloc(infolen + 1); if (ses.authstate.pubkey_info) { - strncpy(ses.authstate.pubkey_info, &line->data[infopos], infolen); + strncpy(ses.authstate.pubkey_info,(const char *) buf_getptr(line, infopos), infolen); ses.authstate.pubkey_info[infolen]='\0'; } - } else { - ses.authstate.pubkey_info = NULL; } }