Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | | - |
28 | | - |
29 | | - |
30 | | - |
31 | | - |
32 | | - |
33 | | - |
34 | | - |
35 | | - |
36 | | - |
37 | | - |
38 | | - |
39 | #include "includes.h" | - |
40 | | - |
41 | #include <sys/types.h> | - |
42 | #include <sys/stat.h> | - |
43 | | - |
44 | #include <netinet/in.h> | - |
45 | | - |
46 | #include <errno.h> | - |
47 | #include <resolv.h> | - |
48 | #include <stdarg.h> | - |
49 | #include <stdio.h> | - |
50 | #include <stdlib.h> | - |
51 | #include <string.h> | - |
52 | #include <stdarg.h> | - |
53 | #include <unistd.h> | - |
54 | | - |
55 | #include "xmalloc.h" | - |
56 | #include "match.h" | - |
57 | #include "sshkey.h" | - |
58 | #include "hostfile.h" | - |
59 | #include "log.h" | - |
60 | #include "misc.h" | - |
61 | #include "ssherr.h" | - |
62 | #include "digest.h" | - |
63 | #include "hmac.h" | - |
64 | | - |
65 | struct hostkeys { | - |
66 | struct hostkey_entry *entries; | - |
67 | u_int num_entries; | - |
68 | }; | - |
69 | | - |
70 | | - |
71 | | - |
72 | static int | - |
73 | extract_salt(const char *s, u_int l, u_char *salt, size_t salt_len) | - |
74 | { | - |
75 | char *p, *b64salt; | - |
76 | u_int b64len; | - |
77 | int ret; | - |
78 | | - |
79 | if (l < sizeof(HASH_MAGIC) - 1) {TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
| 0-416 |
80 | debug2("extract_salt: string too short"); | - |
81 | return (-1); never executed: return (-1); | 0 |
82 | } | - |
83 | if (strncmp(s, HASH_MAGIC, sizeof(HASH_MAGIC) - 1) != 0) { never executed: __result = (((const unsigned char *) (const char *) ( s ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "|1|" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
TRUE | evaluated 416 times by 1 test | FALSE | never evaluated |
TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | evaluated 416 times by 1 test | FALSE | never evaluated |
TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0-416 |
84 | debug2("extract_salt: invalid magic identifier"); | - |
85 | return (-1); never executed: return (-1); | 0 |
86 | } | - |
87 | s += sizeof(HASH_MAGIC) - 1; | - |
88 | l -= sizeof(HASH_MAGIC) - 1; | - |
89 | if ((p = memchr(s, HASH_DELIM, l)) == NULL) {TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
| 0-416 |
90 | debug2("extract_salt: missing salt termination character"); | - |
91 | return (-1); never executed: return (-1); | 0 |
92 | } | - |
93 | | - |
94 | b64len = p - s; | - |
95 | | - |
96 | if (b64len == 0 || b64len > 1024) {TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
| 0-416 |
97 | debug2("extract_salt: bad encoded salt length %u", b64len); | - |
98 | return (-1); never executed: return (-1); | 0 |
99 | } | - |
100 | b64salt = xmalloc(1 + b64len); | - |
101 | memcpy(b64salt, s, b64len); | - |
102 | b64salt[b64len] = '\0'; | - |
103 | | - |
104 | ret = __b64_pton(b64salt, salt, salt_len); | - |
105 | free(b64salt); | - |
106 | if (ret == -1) {TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
| 0-416 |
107 | debug2("extract_salt: salt decode error"); | - |
108 | return (-1); never executed: return (-1); | 0 |
109 | } | - |
110 | if (ret != (int)ssh_hmac_bytes(SSH_DIGEST_SHA1)) {TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
| 0-416 |
111 | debug2("extract_salt: expected salt len %zd, got %d", | - |
112 | ssh_hmac_bytes(SSH_DIGEST_SHA1), ret); | - |
113 | return (-1); never executed: return (-1); | 0 |
114 | } | - |
115 | | - |
116 | return (0);executed 416 times by 1 test: return (0); | 416 |
117 | } | - |
118 | | - |
119 | char * | - |
120 | host_hash(const char *host, const char *name_from_hostfile, u_int src_len) | - |
121 | { | - |
122 | struct ssh_hmac_ctx *ctx; | - |
123 | u_char salt[256], result[256]; | - |
124 | char uu_salt[512], uu_result[512]; | - |
125 | static char encoded[1024]; | - |
126 | u_int len; | - |
127 | | - |
128 | len = ssh_digest_bytes(SSH_DIGEST_SHA1); | - |
129 | | - |
130 | if (name_from_hostfile == NULL) {TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
| 0-416 |
131 | | - |
132 | arc4random_buf(salt, len); | - |
133 | } else { never executed: end of block | 0 |
134 | | - |
135 | if (extract_salt(name_from_hostfile, src_len, salt,TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
| 0-416 |
136 | sizeof(salt)) == -1)TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
| 0-416 |
137 | return (NULL); never executed: return ( ((void *)0) ); | 0 |
138 | }executed 416 times by 1 test: end of block | 416 |
139 | | - |
140 | if ((ctx = ssh_hmac_start(SSH_DIGEST_SHA1)) == NULL ||TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
| 0-416 |
141 | ssh_hmac_init(ctx, salt, len) < 0 ||TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
| 0-416 |
142 | ssh_hmac_update(ctx, host, strlen(host)) < 0 ||TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
| 0-416 |
143 | ssh_hmac_final(ctx, result, sizeof(result)))TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
| 0-416 |
144 | fatal("%s: ssh_hmac failed", __func__); never executed: fatal("%s: ssh_hmac failed", __func__); | 0 |
145 | ssh_hmac_free(ctx); | - |
146 | | - |
147 | if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 ||TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
| 0-416 |
148 | __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1)TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
| 0-416 |
149 | fatal("%s: __b64_ntop failed", __func__); never executed: fatal("%s: __b64_ntop failed", __func__); | 0 |
150 | | - |
151 | snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt, | - |
152 | HASH_DELIM, uu_result); | - |
153 | | - |
154 | return (encoded);executed 416 times by 1 test: return (encoded); | 416 |
155 | } | - |
156 | | - |
157 | | - |
158 | | - |
159 | | - |
160 | | - |
161 | | - |
162 | int | - |
163 | hostfile_read_key(char **cpp, u_int *bitsp, struct sshkey *ret) | - |
164 | { | - |
165 | char *cp; | - |
166 | int r; | - |
167 | | - |
168 | | - |
169 | for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++)TRUE | never evaluated | FALSE | evaluated 90 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 90 times by 1 test |
| 0-90 |
170 | ; never executed: ; | 0 |
171 | | - |
172 | if ((r = sshkey_read(ret, &cp)) != 0)TRUE | evaluated 10 times by 1 test | FALSE | evaluated 80 times by 1 test |
| 10-80 |
173 | return 0;executed 10 times by 1 test: return 0; | 10 |
174 | | - |
175 | | - |
176 | for (; *cp == ' ' || *cp == '\t'; cp++)TRUE | never evaluated | FALSE | evaluated 80 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 80 times by 1 test |
| 0-80 |
177 | ; never executed: ; | 0 |
178 | | - |
179 | | - |
180 | *cpp = cp; | - |
181 | if (bitsp != NULL)TRUE | evaluated 80 times by 1 test | FALSE | never evaluated |
| 0-80 |
182 | *bitsp = sshkey_size(ret);executed 80 times by 1 test: *bitsp = sshkey_size(ret); | 80 |
183 | return 1;executed 80 times by 1 test: return 1; | 80 |
184 | } | - |
185 | | - |
186 | static HostkeyMarker | - |
187 | check_markers(char **cpp) | - |
188 | { | - |
189 | char marker[32], *sp, *cp = *cpp; | - |
190 | int ret = MRK_NONE; | - |
191 | | - |
192 | while (*cp == '@') {TRUE | evaluated 72 times by 1 test | FALSE | evaluated 648 times by 1 test |
| 72-648 |
193 | | - |
194 | if (ret != MRK_NONE)TRUE | never evaluated | FALSE | evaluated 72 times by 1 test |
| 0-72 |
195 | return MRK_ERROR; never executed: return MRK_ERROR; | 0 |
196 | | - |
197 | if ((sp = strchr(cp, ' ')) == NULL &&TRUE | never evaluated | FALSE | evaluated 72 times by 1 test |
TRUE | evaluated 72 times by 1 test | FALSE | never evaluated |
TRUE | evaluated 72 times by 1 test | FALSE | never evaluated |
TRUE | never evaluated | FALSE | evaluated 72 times by 1 test |
| 0-72 |
198 | (sp = strchr(cp, '\t')) == NULL)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
199 | return MRK_ERROR; never executed: return MRK_ERROR; | 0 |
200 | | - |
201 | if (sp <= cp + 1 || sp >= cp + sizeof(marker))TRUE | never evaluated | FALSE | evaluated 72 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 72 times by 1 test |
| 0-72 |
202 | return MRK_ERROR; never executed: return MRK_ERROR; | 0 |
203 | memcpy(marker, cp, sp - cp); | - |
204 | marker[sp - cp] = '\0'; | - |
205 | if (strcmp(marker, CA_MARKER) == 0) never executed: __result = (((const unsigned char *) (const char *) ( marker ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "@cert-authority" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | evaluated 36 times by 1 test | FALSE | evaluated 36 times by 1 test |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0-36 |
206 | ret = MRK_CA;executed 36 times by 1 test: ret = MRK_CA; | 36 |
207 | else if (strcmp(marker, REVOKE_MARKER) == 0) never executed: __result = (((const unsigned char *) (const char *) ( marker ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "@revoked" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | evaluated 18 times by 1 test | FALSE | evaluated 18 times by 1 test |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0-18 |
208 | ret = MRK_REVOKE;executed 18 times by 1 test: ret = MRK_REVOKE; | 18 |
209 | else | - |
210 | return MRK_ERROR;executed 18 times by 1 test: return MRK_ERROR; | 18 |
211 | | - |
212 | | - |
213 | cp = sp; | - |
214 | for (; *cp == ' ' || *cp == '\t'; cp++)TRUE | evaluated 54 times by 1 test | FALSE | evaluated 54 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 54 times by 1 test |
| 0-54 |
215 | ;executed 54 times by 1 test: ; | 54 |
216 | }executed 54 times by 1 test: end of block | 54 |
217 | *cpp = cp; | - |
218 | return ret;executed 648 times by 1 test: return ret; | 648 |
219 | } | - |
220 | | - |
221 | struct hostkeys * | - |
222 | init_hostkeys(void) | - |
223 | { | - |
224 | struct hostkeys *ret = xcalloc(1, sizeof(*ret)); | - |
225 | | - |
226 | ret->entries = NULL; | - |
227 | return ret; never executed: return ret; | 0 |
228 | } | - |
229 | | - |
230 | struct load_callback_ctx { | - |
231 | const char *host; | - |
232 | u_long num_loaded; | - |
233 | struct hostkeys *hostkeys; | - |
234 | }; | - |
235 | | - |
236 | static int | - |
237 | record_hostkey(struct hostkey_foreach_line *l, void *_ctx) | - |
238 | { | - |
239 | struct load_callback_ctx *ctx = (struct load_callback_ctx *)_ctx; | - |
240 | struct hostkeys *hostkeys = ctx->hostkeys; | - |
241 | struct hostkey_entry *tmp; | - |
242 | | - |
243 | if (l->status == HKF_STATUS_INVALID) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
244 | | - |
245 | debug("%s:%ld: parse error in hostkeys file", | - |
246 | l->path, l->linenum); | - |
247 | return 0; never executed: return 0; | 0 |
248 | } | - |
249 | | - |
250 | debug3("%s: found %skey type %s in file %s:%lu", __func__, | - |
251 | l->marker == MRK_NONE ? "" : | - |
252 | (l->marker == MRK_CA ? "ca " : "revoked "), | - |
253 | sshkey_type(l->key), l->path, l->linenum); | - |
254 | if ((tmp = recallocarray(hostkeys->entries, hostkeys->num_entries,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
255 | hostkeys->num_entries + 1, sizeof(*hostkeys->entries))) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
256 | return SSH_ERR_ALLOC_FAIL; never executed: return -2; | 0 |
257 | hostkeys->entries = tmp; | - |
258 | hostkeys->entries[hostkeys->num_entries].host = xstrdup(ctx->host); | - |
259 | hostkeys->entries[hostkeys->num_entries].file = xstrdup(l->path); | - |
260 | hostkeys->entries[hostkeys->num_entries].line = l->linenum; | - |
261 | hostkeys->entries[hostkeys->num_entries].key = l->key; | - |
262 | l->key = NULL; | - |
263 | hostkeys->entries[hostkeys->num_entries].marker = l->marker; | - |
264 | hostkeys->num_entries++; | - |
265 | ctx->num_loaded++; | - |
266 | | - |
267 | return 0; never executed: return 0; | 0 |
268 | } | - |
269 | | - |
270 | void | - |
271 | load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path) | - |
272 | { | - |
273 | int r; | - |
274 | struct load_callback_ctx ctx; | - |
275 | | - |
276 | ctx.host = host; | - |
277 | ctx.num_loaded = 0; | - |
278 | ctx.hostkeys = hostkeys; | - |
279 | | - |
280 | if ((r = hostkeys_foreach(path, record_hostkey, &ctx, host, NULL,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
281 | HKF_WANT_MATCH|HKF_WANT_PARSE_KEY)) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
282 | if (r != SSH_ERR_SYSTEM_ERROR && errno != ENOENT)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
283 | debug("%s: hostkeys_foreach failed for %s: %s", never executed: debug("%s: hostkeys_foreach failed for %s: %s", __func__, path, ssh_err(r)); | 0 |
284 | __func__, path, ssh_err(r)); never executed: debug("%s: hostkeys_foreach failed for %s: %s", __func__, path, ssh_err(r)); | 0 |
285 | } never executed: end of block | 0 |
286 | if (ctx.num_loaded != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
287 | debug3("%s: loaded %lu keys from %s", __func__, never executed: debug3("%s: loaded %lu keys from %s", __func__, ctx.num_loaded, host); | 0 |
288 | ctx.num_loaded, host); never executed: debug3("%s: loaded %lu keys from %s", __func__, ctx.num_loaded, host); | 0 |
289 | } never executed: end of block | 0 |
290 | | - |
291 | void | - |
292 | free_hostkeys(struct hostkeys *hostkeys) | - |
293 | { | - |
294 | u_int i; | - |
295 | | - |
296 | for (i = 0; i < hostkeys->num_entries; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
297 | free(hostkeys->entries[i].host); | - |
298 | free(hostkeys->entries[i].file); | - |
299 | sshkey_free(hostkeys->entries[i].key); | - |
300 | explicit_bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); | - |
301 | } never executed: end of block | 0 |
302 | free(hostkeys->entries); | - |
303 | explicit_bzero(hostkeys, sizeof(*hostkeys)); | - |
304 | free(hostkeys); | - |
305 | } never executed: end of block | 0 |
306 | | - |
307 | static int | - |
308 | check_key_not_revoked(struct hostkeys *hostkeys, struct sshkey *k) | - |
309 | { | - |
310 | int is_cert = sshkey_is_cert(k); | - |
311 | u_int i; | - |
312 | | - |
313 | for (i = 0; i < hostkeys->num_entries; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
314 | if (hostkeys->entries[i].marker != MRK_REVOKE)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
315 | continue; never executed: continue; | 0 |
316 | if (sshkey_equal_public(k, hostkeys->entries[i].key))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
317 | return -1; never executed: return -1; | 0 |
318 | if (is_cert &&TRUE | never evaluated | FALSE | never evaluated |
| 0 |
319 | sshkey_equal_public(k->cert->signature_key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
320 | hostkeys->entries[i].key))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
321 | return -1; never executed: return -1; | 0 |
322 | } never executed: end of block | 0 |
323 | return 0; never executed: return 0; | 0 |
324 | } | - |
325 | | - |
326 | | - |
327 | | - |
328 | | - |
329 | | - |
330 | | - |
331 | | - |
332 | | - |
333 | | - |
334 | | - |
335 | | - |
336 | | - |
337 | | - |
338 | | - |
339 | | - |
340 | | - |
341 | static HostStatus | - |
342 | check_hostkeys_by_key_or_type(struct hostkeys *hostkeys, | - |
343 | struct sshkey *k, int keytype, const struct hostkey_entry **found) | - |
344 | { | - |
345 | u_int i; | - |
346 | HostStatus end_return = HOST_NEW; | - |
347 | int want_cert = sshkey_is_cert(k); | - |
348 | HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE;TRUE | never evaluated | FALSE | never evaluated |
| 0 |
349 | | - |
350 | if (found != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
351 | *found = NULL; never executed: *found = ((void *)0) ; | 0 |
352 | | - |
353 | for (i = 0; i < hostkeys->num_entries; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
354 | if (hostkeys->entries[i].marker != want_marker)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
355 | continue; never executed: continue; | 0 |
356 | if (k == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
357 | if (hostkeys->entries[i].key->type != keytype)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
358 | continue; never executed: continue; | 0 |
359 | end_return = HOST_FOUND; | - |
360 | if (found != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
361 | *found = hostkeys->entries + i; never executed: *found = hostkeys->entries + i; | 0 |
362 | k = hostkeys->entries[i].key; | - |
363 | break; never executed: break; | 0 |
364 | } | - |
365 | if (want_cert) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
366 | if (sshkey_equal_public(k->cert->signature_key,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
367 | hostkeys->entries[i].key)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
368 | | - |
369 | end_return = HOST_OK; | - |
370 | if (found != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
371 | *found = hostkeys->entries + i; never executed: *found = hostkeys->entries + i; | 0 |
372 | break; never executed: break; | 0 |
373 | } | - |
374 | } else { never executed: end of block | 0 |
375 | if (sshkey_equal(k, hostkeys->entries[i].key)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
376 | end_return = HOST_OK; | - |
377 | if (found != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
378 | *found = hostkeys->entries + i; never executed: *found = hostkeys->entries + i; | 0 |
379 | break; never executed: break; | 0 |
380 | } | - |
381 | | - |
382 | end_return = HOST_CHANGED; | - |
383 | if (found != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
384 | *found = hostkeys->entries + i; never executed: *found = hostkeys->entries + i; | 0 |
385 | } never executed: end of block | 0 |
386 | } | - |
387 | if (check_key_not_revoked(hostkeys, k) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
388 | end_return = HOST_REVOKED; | - |
389 | if (found != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
390 | *found = NULL; never executed: *found = ((void *)0) ; | 0 |
391 | } never executed: end of block | 0 |
392 | return end_return; never executed: return end_return; | 0 |
393 | } | - |
394 | | - |
395 | HostStatus | - |
396 | check_key_in_hostkeys(struct hostkeys *hostkeys, struct sshkey *key, | - |
397 | const struct hostkey_entry **found) | - |
398 | { | - |
399 | if (key == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
400 | fatal("no key to look up"); never executed: fatal("no key to look up"); | 0 |
401 | return check_hostkeys_by_key_or_type(hostkeys, key, 0, found); never executed: return check_hostkeys_by_key_or_type(hostkeys, key, 0, found); | 0 |
402 | } | - |
403 | | - |
404 | int | - |
405 | lookup_key_in_hostkeys_by_type(struct hostkeys *hostkeys, int keytype, | - |
406 | const struct hostkey_entry **found) | - |
407 | { | - |
408 | return (check_hostkeys_by_key_or_type(hostkeys, NULL, keytype, never executed: return (check_hostkeys_by_key_or_type(hostkeys, ((void *)0) , keytype, found) == HOST_FOUND); | 0 |
409 | found) == HOST_FOUND); never executed: return (check_hostkeys_by_key_or_type(hostkeys, ((void *)0) , keytype, found) == HOST_FOUND); | 0 |
410 | } | - |
411 | | - |
412 | static int | - |
413 | write_host_entry(FILE *f, const char *host, const char *ip, | - |
414 | const struct sshkey *key, int store_hash) | - |
415 | { | - |
416 | int r, success = 0; | - |
417 | char *hashed_host = NULL, *lhost; | - |
418 | | - |
419 | lhost = xstrdup(host); | - |
420 | lowercase(lhost); | - |
421 | | - |
422 | if (store_hash) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
423 | if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
424 | error("%s: host_hash failed", __func__); | - |
425 | free(lhost); | - |
426 | return 0; never executed: return 0; | 0 |
427 | } | - |
428 | fprintf(f, "%s ", hashed_host); | - |
429 | } else if (ip != NULL) never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
| 0 |
430 | fprintf(f, "%s,%s ", lhost, ip); never executed: fprintf(f, "%s,%s ", lhost, ip); | 0 |
431 | else { | - |
432 | fprintf(f, "%s ", lhost); | - |
433 | } never executed: end of block | 0 |
434 | free(lhost); | - |
435 | if ((r = sshkey_write(key, f)) == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
436 | success = 1; never executed: success = 1; | 0 |
437 | else | - |
438 | error("%s: sshkey_write failed: %s", __func__, ssh_err(r)); never executed: error("%s: sshkey_write failed: %s", __func__, ssh_err(r)); | 0 |
439 | fputc('\n', f); | - |
440 | return success; never executed: return success; | 0 |
441 | } | - |
442 | | - |
443 | | - |
444 | | - |
445 | | - |
446 | | - |
447 | int | - |
448 | add_host_to_hostfile(const char *filename, const char *host, | - |
449 | const struct sshkey *key, int store_hash) | - |
450 | { | - |
451 | FILE *f; | - |
452 | int success; | - |
453 | | - |
454 | if (key == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
455 | return 1; never executed: return 1; | 0 |
456 | f = fopen(filename, "a"); | - |
457 | if (!f)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
458 | return 0; never executed: return 0; | 0 |
459 | success = write_host_entry(f, host, NULL, key, store_hash); | - |
460 | fclose(f); | - |
461 | return success; never executed: return success; | 0 |
462 | } | - |
463 | | - |
464 | struct host_delete_ctx { | - |
465 | FILE *out; | - |
466 | int quiet; | - |
467 | const char *host; | - |
468 | int *skip_keys; | - |
469 | struct sshkey * const *keys; | - |
470 | size_t nkeys; | - |
471 | int modified; | - |
472 | }; | - |
473 | | - |
474 | static int | - |
475 | host_delete(struct hostkey_foreach_line *l, void *_ctx) | - |
476 | { | - |
477 | struct host_delete_ctx *ctx = (struct host_delete_ctx *)_ctx; | - |
478 | int loglevel = ctx->quiet ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_VERBOSE;TRUE | never evaluated | FALSE | never evaluated |
| 0 |
479 | size_t i; | - |
480 | | - |
481 | if (l->status == HKF_STATUS_MATCHED) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
482 | if (l->marker != MRK_NONE) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
483 | | - |
484 | fprintf(ctx->out, "%s\n", l->line); | - |
485 | return 0; never executed: return 0; | 0 |
486 | } | - |
487 | | - |
488 | | - |
489 | | - |
490 | | - |
491 | | - |
492 | | - |
493 | for (i = 0; i < ctx->nkeys; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
494 | if (sshkey_equal(ctx->keys[i], l->key)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
495 | ctx->skip_keys[i] = 1; | - |
496 | fprintf(ctx->out, "%s\n", l->line); | - |
497 | debug3("%s: %s key already at %s:%ld", __func__, | - |
498 | sshkey_type(l->key), l->path, l->linenum); | - |
499 | return 0; never executed: return 0; | 0 |
500 | } | - |
501 | } never executed: end of block | 0 |
502 | | - |
503 | | - |
504 | | - |
505 | | - |
506 | | - |
507 | do_log2(loglevel, "%s%s%s:%ld: Removed %s key for host %s", | - |
508 | ctx->quiet ? __func__ : "", ctx->quiet ? ": " : "", | - |
509 | l->path, l->linenum, sshkey_type(l->key), ctx->host); | - |
510 | ctx->modified = 1; | - |
511 | return 0; never executed: return 0; | 0 |
512 | } | - |
513 | | - |
514 | if (l->status == HKF_STATUS_INVALID) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
515 | do_log2(loglevel, "%s%s%s:%ld: invalid known_hosts entry", | - |
516 | ctx->quiet ? __func__ : "", ctx->quiet ? ": " : "", | - |
517 | l->path, l->linenum); | - |
518 | } never executed: end of block | 0 |
519 | fprintf(ctx->out, "%s\n", l->line); | - |
520 | return 0; never executed: return 0; | 0 |
521 | } | - |
522 | | - |
523 | int | - |
524 | hostfile_replace_entries(const char *filename, const char *host, const char *ip, | - |
525 | struct sshkey **keys, size_t nkeys, int store_hash, int quiet, int hash_alg) | - |
526 | { | - |
527 | int r, fd, oerrno = 0; | - |
528 | int loglevel = quiet ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_VERBOSE;TRUE | never evaluated | FALSE | never evaluated |
| 0 |
529 | struct host_delete_ctx ctx; | - |
530 | char *fp, *temp = NULL, *back = NULL; | - |
531 | mode_t omask; | - |
532 | size_t i; | - |
533 | | - |
534 | omask = umask(077); | - |
535 | | - |
536 | memset(&ctx, 0, sizeof(ctx)); | - |
537 | ctx.host = host; | - |
538 | ctx.quiet = quiet; | - |
539 | if ((ctx.skip_keys = calloc(nkeys, sizeof(*ctx.skip_keys))) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
540 | return SSH_ERR_ALLOC_FAIL; never executed: return -2; | 0 |
541 | ctx.keys = keys; | - |
542 | ctx.nkeys = nkeys; | - |
543 | ctx.modified = 0; | - |
544 | | - |
545 | | - |
546 | | - |
547 | | - |
548 | if ((r = asprintf(&temp, "%s.XXXXXXXXXXX", filename)) < 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
549 | (r = asprintf(&back, "%s.old", filename)) < 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
550 | r = SSH_ERR_ALLOC_FAIL; | - |
551 | goto fail; never executed: goto fail; | 0 |
552 | } | - |
553 | | - |
554 | if ((fd = mkstemp(temp)) == -1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
555 | oerrno = errno; | - |
556 | error("%s: mkstemp: %s", __func__, strerror(oerrno)); | - |
557 | r = SSH_ERR_SYSTEM_ERROR; | - |
558 | goto fail; never executed: goto fail; | 0 |
559 | } | - |
560 | if ((ctx.out = fdopen(fd, "w")) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
561 | oerrno = errno; | - |
562 | close(fd); | - |
563 | error("%s: fdopen: %s", __func__, strerror(oerrno)); | - |
564 | r = SSH_ERR_SYSTEM_ERROR; | - |
565 | goto fail; never executed: goto fail; | 0 |
566 | } | - |
567 | | - |
568 | | - |
569 | if ((r = hostkeys_foreach(filename, host_delete, &ctx, host, ip,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
570 | HKF_WANT_PARSE_KEY)) != 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
571 | error("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); | - |
572 | goto fail; never executed: goto fail; | 0 |
573 | } | - |
574 | | - |
575 | | - |
576 | for (i = 0; i < nkeys; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
577 | if (ctx.skip_keys[i])TRUE | never evaluated | FALSE | never evaluated |
| 0 |
578 | continue; never executed: continue; | 0 |
579 | if ((fp = sshkey_fingerprint(keys[i], hash_alg,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
580 | SSH_FP_DEFAULT)) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
581 | r = SSH_ERR_ALLOC_FAIL; | - |
582 | goto fail; never executed: goto fail; | 0 |
583 | } | - |
584 | do_log2(loglevel, "%s%sAdding new key for %s to %s: %s %s", | - |
585 | quiet ? __func__ : "", quiet ? ": " : "", host, filename, | - |
586 | sshkey_ssh_name(keys[i]), fp); | - |
587 | free(fp); | - |
588 | if (!write_host_entry(ctx.out, host, ip, keys[i], store_hash)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
589 | r = SSH_ERR_INTERNAL_ERROR; | - |
590 | goto fail; never executed: goto fail; | 0 |
591 | } | - |
592 | ctx.modified = 1; | - |
593 | } never executed: end of block | 0 |
594 | fclose(ctx.out); | - |
595 | ctx.out = NULL; | - |
596 | | - |
597 | if (ctx.modified) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
598 | | - |
599 | if (unlink(back) == -1 && errno != ENOENT) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
600 | oerrno = errno; | - |
601 | error("%s: unlink %.100s: %s", __func__, | - |
602 | back, strerror(errno)); | - |
603 | r = SSH_ERR_SYSTEM_ERROR; | - |
604 | goto fail; never executed: goto fail; | 0 |
605 | } | - |
606 | if (link(filename, back) == -1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
607 | oerrno = errno; | - |
608 | error("%s: link %.100s to %.100s: %s", __func__, | - |
609 | filename, back, strerror(errno)); | - |
610 | r = SSH_ERR_SYSTEM_ERROR; | - |
611 | goto fail; never executed: goto fail; | 0 |
612 | } | - |
613 | if (rename(temp, filename) == -1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
614 | oerrno = errno; | - |
615 | error("%s: rename \"%s\" to \"%s\": %s", __func__, | - |
616 | temp, filename, strerror(errno)); | - |
617 | r = SSH_ERR_SYSTEM_ERROR; | - |
618 | goto fail; never executed: goto fail; | 0 |
619 | } | - |
620 | } else { never executed: end of block | 0 |
621 | | - |
622 | if (unlink(temp) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
623 | error("%s: unlink \"%s\": %s", __func__, never executed: error("%s: unlink \"%s\": %s", __func__, temp, strerror( (*__errno_location ()) )); | 0 |
624 | temp, strerror(errno)); never executed: error("%s: unlink \"%s\": %s", __func__, temp, strerror( (*__errno_location ()) )); | 0 |
625 | } never executed: end of block | 0 |
626 | | - |
627 | | - |
628 | r = 0; | - |
629 | fail: code before this statement never executed: fail: | 0 |
630 | if (temp != NULL && r != 0)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
631 | unlink(temp); never executed: unlink(temp); | 0 |
632 | free(temp); | - |
633 | free(back); | - |
634 | if (ctx.out != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
635 | fclose(ctx.out); never executed: fclose(ctx.out); | 0 |
636 | free(ctx.skip_keys); | - |
637 | umask(omask); | - |
638 | if (r == SSH_ERR_SYSTEM_ERROR)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
639 | errno = oerrno; never executed: (*__errno_location ()) = oerrno; | 0 |
640 | return r; never executed: return r; | 0 |
641 | } | - |
642 | | - |
643 | static int | - |
644 | match_maybe_hashed(const char *host, const char *names, int *was_hashed) | - |
645 | { | - |
646 | int hashed = *names == HASH_DELIM; | - |
647 | const char *hashed_host; | - |
648 | size_t nlen = strlen(names); | - |
649 | | - |
650 | if (was_hashed != NULL)TRUE | evaluated 936 times by 1 test | FALSE | never evaluated |
| 0-936 |
651 | *was_hashed = hashed;executed 936 times by 1 test: *was_hashed = hashed; | 936 |
652 | if (hashed) {TRUE | evaluated 416 times by 1 test | FALSE | evaluated 520 times by 1 test |
| 416-520 |
653 | if ((hashed_host = host_hash(host, names, nlen)) == NULL)TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
| 0-416 |
654 | return -1; never executed: return -1; | 0 |
655 | return nlen == strlen(hashed_host) &&executed 416 times by 1 test: return nlen == strlen(hashed_host) && (__extension__ (__builtin_constant_p ( nlen ) && ((__builtin_constant_p ( hashed_host ) && strlen ( hashed_host ) < ((size_t) ( nlen ))) || (__builtin_constant_p ( names ) && strlen ( names ) < ((size_t) ( nlen )))) ?... names ))[2] - __s2[2]); if (__s2_len > 2 && __result == 0) __result = (((const unsigned char *) (const char *) ( names ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp ( hashed_host , names )))); }) : strncmp ( hashed_host , names , nlen ))) == 0; TRUE | evaluated 416 times by 1 test | FALSE | never evaluated |
| 0-416 |
656 | strncmp(hashed_host, names, nlen) == 0;executed 416 times by 1 test: return nlen == strlen(hashed_host) && (__extension__ (__builtin_constant_p ( nlen ) && ((__builtin_constant_p ( hashed_host ) && strlen ( hashed_host ) < ((size_t) ( nlen ))) || (__builtin_constant_p ( names ) && strlen ( names ) < ((size_t) ( nlen )))) ?... names ))[2] - __s2[2]); if (__s2_len > 2 && __result == 0) __result = (((const unsigned char *) (const char *) ( names ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp ( hashed_host , names )))); }) : strncmp ( hashed_host , names , nlen ))) == 0; never executed: __result = (((const unsigned char *) (const char *) ( hashed_host ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( names ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | evaluated 64 times by 1 test | FALSE | evaluated 352 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 416 times by 1 test |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0-416 |
657 | } | - |
658 | return match_hostname(host, names) == 1;executed 520 times by 1 test: return match_hostname(host, names) == 1; | 520 |
659 | } | - |
660 | | - |
661 | int | - |
662 | hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, | - |
663 | const char *host, const char *ip, u_int options) | - |
664 | { | - |
665 | FILE *f; | - |
666 | char *line = NULL, ktype[128]; | - |
667 | u_long linenum = 0; | - |
668 | char *cp, *cp2; | - |
669 | u_int kbits; | - |
670 | int hashed; | - |
671 | int s, r = 0; | - |
672 | struct hostkey_foreach_line lineinfo; | - |
673 | size_t linesize = 0, l; | - |
674 | | - |
675 | memset(&lineinfo, 0, sizeof(lineinfo)); | - |
676 | if (host == NULL && (options & HKF_WANT_MATCH) != 0)TRUE | evaluated 2 times by 1 test | FALSE | evaluated 16 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 2 times by 1 test |
| 0-16 |
677 | return SSH_ERR_INVALID_ARGUMENT; never executed: return -10; | 0 |
678 | if ((f = fopen(path, "r")) == NULL)TRUE | never evaluated | FALSE | evaluated 18 times by 1 test |
| 0-18 |
679 | return SSH_ERR_SYSTEM_ERROR; never executed: return -24; | 0 |
680 | | - |
681 | debug3("%s: reading file \"%s\"", __func__, path); | - |
682 | while (getline(&line, &linesize, f) != -1) {TRUE | evaluated 900 times by 1 test | FALSE | evaluated 18 times by 1 test |
| 18-900 |
683 | linenum++; | - |
684 | line[strcspn(line, "\n")] = '\0'; | - |
685 | | - |
686 | free(lineinfo.line); | - |
687 | sshkey_free(lineinfo.key); | - |
688 | memset(&lineinfo, 0, sizeof(lineinfo)); | - |
689 | lineinfo.path = path; | - |
690 | lineinfo.linenum = linenum; | - |
691 | lineinfo.line = xstrdup(line); | - |
692 | lineinfo.marker = MRK_NONE; | - |
693 | lineinfo.status = HKF_STATUS_OK; | - |
694 | lineinfo.keytype = KEY_UNSPEC; | - |
695 | | - |
696 | | - |
697 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++)TRUE | never evaluated | FALSE | evaluated 900 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 900 times by 1 test |
| 0-900 |
698 | ; never executed: ; | 0 |
699 | if (!*cp || *cp == '#' || *cp == '\n') {TRUE | evaluated 126 times by 1 test | FALSE | evaluated 774 times by 1 test |
TRUE | evaluated 108 times by 1 test | FALSE | evaluated 666 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 666 times by 1 test |
| 0-774 |
700 | if ((options & HKF_WANT_MATCH) == 0) {TRUE | evaluated 130 times by 1 test | FALSE | evaluated 104 times by 1 test |
| 104-130 |
701 | lineinfo.status = HKF_STATUS_COMMENT; | - |
702 | if ((r = callback(&lineinfo, ctx)) != 0)TRUE | never evaluated | FALSE | evaluated 130 times by 1 test |
| 0-130 |
703 | break; never executed: break; | 0 |
704 | }executed 130 times by 1 test: end of block | 130 |
705 | continue;executed 234 times by 1 test: continue; | 234 |
706 | } | - |
707 | | - |
708 | if ((lineinfo.marker = check_markers(&cp)) == MRK_ERROR) {TRUE | evaluated 18 times by 1 test | FALSE | evaluated 648 times by 1 test |
| 18-648 |
709 | verbose("%s: invalid marker at %s:%lu", | - |
710 | __func__, path, linenum); | - |
711 | if ((options & HKF_WANT_MATCH) == 0)TRUE | evaluated 10 times by 1 test | FALSE | evaluated 8 times by 1 test |
| 8-10 |
712 | goto bad;executed 10 times by 1 test: goto bad; | 10 |
713 | continue;executed 8 times by 1 test: continue; | 8 |
714 | } | - |
715 | | - |
716 | | - |
717 | for (cp2 = cp; *cp2 && *cp2 != ' ' && *cp2 != '\t'; cp2++)TRUE | evaluated 27558 times by 1 test | FALSE | never evaluated |
TRUE | evaluated 26910 times by 1 test | FALSE | evaluated 648 times by 1 test |
TRUE | evaluated 26910 times by 1 test | FALSE | never evaluated |
| 0-27558 |
718 | ;executed 26910 times by 1 test: ; | 26910 |
719 | lineinfo.hosts = cp; | - |
720 | *cp2++ = '\0'; | - |
721 | | - |
722 | | - |
723 | if (host != NULL) {TRUE | evaluated 576 times by 1 test | FALSE | evaluated 72 times by 1 test |
| 72-576 |
724 | if ((s = match_maybe_hashed(host, lineinfo.hosts,TRUE | never evaluated | FALSE | evaluated 576 times by 1 test |
| 0-576 |
725 | &hashed)) == -1) {TRUE | never evaluated | FALSE | evaluated 576 times by 1 test |
| 0-576 |
726 | debug2("%s: %s:%ld: bad host hash \"%.32s\"", | - |
727 | __func__, path, linenum, lineinfo.hosts); | - |
728 | goto bad; never executed: goto bad; | 0 |
729 | } | - |
730 | if (s == 1) {TRUE | evaluated 132 times by 1 test | FALSE | evaluated 444 times by 1 test |
| 132-444 |
731 | lineinfo.status = HKF_STATUS_MATCHED; | - |
732 | lineinfo.match |= HKF_MATCH_HOST | | - |
733 | (hashed ? HKF_MATCH_HOST_HASHED : 0); | - |
734 | }executed 132 times by 1 test: end of block | 132 |
735 | | - |
736 | if (ip != NULL) {TRUE | evaluated 360 times by 1 test | FALSE | evaluated 216 times by 1 test |
| 216-360 |
737 | if ((s = match_maybe_hashed(ip, lineinfo.hosts,TRUE | never evaluated | FALSE | evaluated 360 times by 1 test |
| 0-360 |
738 | &hashed)) == -1) {TRUE | never evaluated | FALSE | evaluated 360 times by 1 test |
| 0-360 |
739 | debug2("%s: %s:%ld: bad ip hash " | - |
740 | "\"%.32s\"", __func__, path, | - |
741 | linenum, lineinfo.hosts); | - |
742 | goto bad; never executed: goto bad; | 0 |
743 | } | - |
744 | if (s == 1) {TRUE | evaluated 96 times by 1 test | FALSE | evaluated 264 times by 1 test |
| 96-264 |
745 | lineinfo.status = HKF_STATUS_MATCHED; | - |
746 | lineinfo.match |= HKF_MATCH_IP | | - |
747 | (hashed ? HKF_MATCH_IP_HASHED : 0); | - |
748 | }executed 96 times by 1 test: end of block | 96 |
749 | }executed 360 times by 1 test: end of block | 360 |
750 | | - |
751 | | - |
752 | | - |
753 | | - |
754 | if ((options & HKF_WANT_MATCH) != 0 &&TRUE | evaluated 288 times by 1 test | FALSE | evaluated 288 times by 1 test |
| 288 |
755 | lineinfo.status != HKF_STATUS_MATCHED)TRUE | evaluated 191 times by 1 test | FALSE | evaluated 97 times by 1 test |
| 97-191 |
756 | continue;executed 191 times by 1 test: continue; | 191 |
757 | }executed 385 times by 1 test: end of block | 385 |
758 | | - |
759 | | - |
760 | for (; *cp2 == ' ' || *cp2 == '\t'; cp2++)TRUE | evaluated 55 times by 1 test | FALSE | evaluated 457 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 457 times by 1 test |
| 0-457 |
761 | ;executed 55 times by 1 test: ; | 55 |
762 | if (*cp2 == '\0' || *cp2 == '#') {TRUE | evaluated 11 times by 1 test | FALSE | evaluated 446 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 446 times by 1 test |
| 0-446 |
763 | debug2("%s:%ld: truncated before key type", | - |
764 | path, linenum); | - |
765 | goto bad;executed 11 times by 1 test: goto bad; | 11 |
766 | } | - |
767 | lineinfo.rawkey = cp = cp2; | - |
768 | | - |
769 | if ((options & HKF_WANT_PARSE_KEY) != 0) {TRUE | evaluated 90 times by 1 test | FALSE | evaluated 356 times by 1 test |
| 90-356 |
770 | | - |
771 | | - |
772 | | - |
773 | | - |
774 | | - |
775 | if ((lineinfo.key = sshkey_new(KEY_UNSPEC)) == NULL) {TRUE | never evaluated | FALSE | evaluated 90 times by 1 test |
| 0-90 |
776 | error("%s: sshkey_new failed", __func__); | - |
777 | r = SSH_ERR_ALLOC_FAIL; | - |
778 | break; never executed: break; | 0 |
779 | } | - |
780 | if (!hostfile_read_key(&cp, &kbits, lineinfo.key)) {TRUE | evaluated 10 times by 1 test | FALSE | evaluated 80 times by 1 test |
| 10-80 |
781 | goto bad;executed 10 times by 1 test: goto bad; | 10 |
782 | } | - |
783 | lineinfo.keytype = lineinfo.key->type; | - |
784 | lineinfo.comment = cp; | - |
785 | } else {executed 80 times by 1 test: end of block | 80 |
786 | | - |
787 | l = strcspn(lineinfo.rawkey, " \t"); | - |
788 | if (l <= 1 || l >= sizeof(ktype) ||TRUE | never evaluated | FALSE | evaluated 356 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 356 times by 1 test |
| 0-356 |
789 | lineinfo.rawkey[l] == '\0')TRUE | never evaluated | FALSE | evaluated 356 times by 1 test |
| 0-356 |
790 | goto bad; never executed: goto bad; | 0 |
791 | memcpy(ktype, lineinfo.rawkey, l); | - |
792 | ktype[l] = '\0'; | - |
793 | lineinfo.keytype = sshkey_type_from_name(ktype); | - |
794 | | - |
795 | | - |
796 | | - |
797 | | - |
798 | | - |
799 | if (lineinfo.keytype == KEY_UNSPEC && l < 8 &&TRUE | evaluated 18 times by 1 test | FALSE | evaluated 338 times by 1 test |
TRUE | evaluated 18 times by 1 test | FALSE | never evaluated |
| 0-338 |
800 | strspn(ktype, "0123456789") == l)TRUE | never evaluated | FALSE | evaluated 18 times by 1 test |
| 0-18 |
801 | goto bad; never executed: goto bad; | 0 |
802 | | - |
803 | | - |
804 | | - |
805 | | - |
806 | | - |
807 | | - |
808 | cp2 += l; | - |
809 | for (; *cp2 == ' ' || *cp2 == '\t'; cp2++)TRUE | evaluated 356 times by 1 test | FALSE | evaluated 356 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 356 times by 1 test |
| 0-356 |
810 | ;executed 356 times by 1 test: ; | 356 |
811 | if (*cp2 == '\0' || *cp2 == '#') {TRUE | evaluated 10 times by 1 test | FALSE | evaluated 346 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 346 times by 1 test |
| 0-346 |
812 | debug2("%s:%ld: truncated after key type", | - |
813 | path, linenum); | - |
814 | lineinfo.keytype = KEY_UNSPEC; | - |
815 | }executed 10 times by 1 test: end of block | 10 |
816 | if (lineinfo.keytype == KEY_UNSPEC) {TRUE | evaluated 28 times by 1 test | FALSE | evaluated 328 times by 1 test |
| 28-328 |
817 | bad: | - |
818 | sshkey_free(lineinfo.key); | - |
819 | lineinfo.key = NULL; | - |
820 | lineinfo.status = HKF_STATUS_INVALID; | - |
821 | if ((r = callback(&lineinfo, ctx)) != 0)TRUE | never evaluated | FALSE | evaluated 59 times by 1 test |
| 0-59 |
822 | break; never executed: break; | 0 |
823 | continue;executed 59 times by 1 test: continue; | 59 |
824 | } | - |
825 | }executed 328 times by 1 test: end of block | 328 |
826 | if ((r = callback(&lineinfo, ctx)) != 0)TRUE | never evaluated | FALSE | evaluated 408 times by 1 test |
| 0-408 |
827 | break; never executed: break; | 0 |
828 | }executed 408 times by 1 test: end of block | 408 |
829 | sshkey_free(lineinfo.key); | - |
830 | free(lineinfo.line); | - |
831 | free(line); | - |
832 | fclose(f); | - |
833 | return r;executed 18 times by 1 test: return r; | 18 |
834 | } | - |
| | |