OpenCoverage

dns.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssh/src/dns.c
Switch to Source codePreprocessed file
LineSourceCount
1-
2-
3-
4-
5-
6-
7-
8-
9-
10-
11static const char *errset_text[] = {-
12 "success",-
13 "out of memory",-
14 "general failure",-
15 "invalid parameter",-
16 "name does not exist",-
17 "data does not exist",-
18};-
19-
20static const char *-
21dns_result_totext(unsigned int res)-
22{-
23 switch (res) {-
24 case
never executed: case 0:
 0:
never executed: case 0:
0
25 return
never executed: return errset_text[0];
 errset_text[0];
never executed: return errset_text[0];
0
26 case
never executed: case 1:
 1:
never executed: case 1:
0
27 return
never executed: return errset_text[1];
 errset_text[1];
never executed: return errset_text[1];
0
28 case
never executed: case 2:
 2:
never executed: case 2:
0
29 return
never executed: return errset_text[2];
 errset_text[2];
never executed: return errset_text[2];
0
30 case
never executed: case 3:
 3:
never executed: case 3:
0
31 return
never executed: return errset_text[3];
 errset_text[3];
never executed: return errset_text[3];
0
32 case
never executed: case 4:
 4:
never executed: case 4:
0
33 return
never executed: return errset_text[4];
 errset_text[4];
never executed: return errset_text[4];
0
34 case
never executed: case 5:
 5:
never executed: case 5:
0
35 return
never executed: return errset_text[5];
 errset_text[5];
never executed: return errset_text[5];
0
36 default
never executed: default:
:
never executed: default:
0
37 return
never executed: return "unknown error";
 "unknown error";
never executed: return "unknown error";
0
38 }-
39}-
40-
41-
42-
43-
44static int-
45dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,-
46 u_char **digest, size_t *digest_len, struct sshkey *key)-
47{-
48 int r, success = 0;-
49 int fp_alg = -1;-
50-
51 switch (key->type) {-
52 case
never executed: case KEY_RSA:
 KEY_RSA:
never executed: case KEY_RSA:
0
53 *algorithm = SSHFP_KEY_RSA;-
54 if (!*digest_type
!*digest_typeDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
55 *
never executed: *digest_type = SSHFP_HASH_SHA1;
digest_type = SSHFP_HASH_SHA1;
never executed: *digest_type = SSHFP_HASH_SHA1;
0
56 break;
never executed: break;
0
57 case
never executed: case KEY_DSA:
 KEY_DSA:
never executed: case KEY_DSA:
0
58 *algorithm = SSHFP_KEY_DSA;-
59 if (!*digest_type
!*digest_typeDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
60 *
never executed: *digest_type = SSHFP_HASH_SHA1;
digest_type = SSHFP_HASH_SHA1;
never executed: *digest_type = SSHFP_HASH_SHA1;
0
61 break;
never executed: break;
0
62 case
never executed: case KEY_ECDSA:
 KEY_ECDSA:
never executed: case KEY_ECDSA:
0
63 *algorithm = SSHFP_KEY_ECDSA;-
64 if (!*digest_type
!*digest_typeDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
65 *
never executed: *digest_type = SSHFP_HASH_SHA256;
digest_type = SSHFP_HASH_SHA256;
never executed: *digest_type = SSHFP_HASH_SHA256;
0
66 break;
never executed: break;
0
67 case
never executed: case KEY_ED25519:
 KEY_ED25519:
never executed: case KEY_ED25519:
0
68 *algorithm = SSHFP_KEY_ED25519;-
69 if (!*digest_type
!*digest_typeDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
70 *
never executed: *digest_type = SSHFP_HASH_SHA256;
digest_type = SSHFP_HASH_SHA256;
never executed: *digest_type = SSHFP_HASH_SHA256;
0
71 break;
never executed: break;
0
72 case
never executed: case KEY_XMSS:
 KEY_XMSS:
never executed: case KEY_XMSS:
0
73 *algorithm = SSHFP_KEY_XMSS;-
74 if (!*digest_type
!*digest_typeDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
75 *
never executed: *digest_type = SSHFP_HASH_SHA256;
digest_type = SSHFP_HASH_SHA256;
never executed: *digest_type = SSHFP_HASH_SHA256;
0
76 break;
never executed: break;
0
77 default
never executed: default:
:
never executed: default:
0
78 *algorithm = SSHFP_KEY_RESERVED;-
79 *digest_type = SSHFP_HASH_RESERVED;-
80 }
never executed: end of block
0
81-
82 switch (*digest_type) {-
83 case
never executed: case SSHFP_HASH_SHA1:
 SSHFP_HASH_SHA1:
never executed: case SSHFP_HASH_SHA1:
0
84 fp_alg = 1;-
85 break;
never executed: break;
0
86 case
never executed: case SSHFP_HASH_SHA256:
 SSHFP_HASH_SHA256:
never executed: case SSHFP_HASH_SHA256:
0
87 fp_alg = 2;-
88 break;
never executed: break;
0
89 default
never executed: default:
:
never executed: default:
0
90 *digest_type = SSHFP_HASH_RESERVED;-
91 }
never executed: end of block
0
92-
93 if (*
*algorithmDescription
TRUEnever evaluated
FALSEnever evaluated
algorithm
*algorithmDescription
TRUEnever evaluated
FALSEnever evaluated
 && *
*digest_typeDescription
TRUEnever evaluated
FALSEnever evaluated
digest_type
*digest_typeDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
94 if ((
(r = sshkey_fi...est_len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshkey_fingerprint_raw(key, fp_alg, digest,
(r = sshkey_fi...est_len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
95 digest_len)) != 0
(r = sshkey_fi...est_len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
96 fatal("%s: sshkey_fingerprint_raw: %s", __func__,
never executed: fatal("%s: sshkey_fingerprint_raw: %s", __func__, ssh_err(r));
0
97 ssh_err(r));
never executed: fatal("%s: sshkey_fingerprint_raw: %s", __func__, ssh_err(r));
0
98 success = 1;-
99 }
never executed: end of block
 else {		0
100 *digest = -
101 ((void *)0)-
102 ;-
103 *digest_len = 0;-
104 success = 0;-
105 }
never executed: end of block
0
106-
107 return
never executed: return success;
 success;
never executed: return success;
0
108}-
109-
110-
111-
112-
113static int-
114dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,-
115 u_char **digest, size_t *digest_len, u_char *rdata, int rdata_len)-
116{-
117 int success = 0;-
118-
119 *algorithm = SSHFP_KEY_RESERVED;-
120 *digest_type = SSHFP_HASH_RESERVED;-
121-
122 if (rdata_len >= 2
rdata_len >= 2Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
123 *algorithm = rdata[0];-
124 *digest_type = rdata[1];-
125 *digest_len = rdata_len - 2;-
126-
127 if (*
*digest_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
digest_len > 0
*digest_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
128 *digest = xmalloc(*digest_len);-
129 memcpy(*digest, rdata + 2, *digest_len);-
130 }
never executed: end of block
 else {		0
131 *digest = (u_char *)xstrdup("");-
132 }
never executed: end of block
0
133-
134 success = 1;-
135 }
never executed: end of block
0
136-
137 return
never executed: return success;
 success;
never executed: return success;
0
138}-
139-
140-
141-
142-
143-
144static int-
145is_numeric_hostname(const char *hostname)-
146{-
147 struct addrinfo hints, *ai;-
148-
149-
150-
151-
152-
153 if (hostname ==
hostname == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
154 ((void *)0)
hostname == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
155 ) {-
156 error("is_numeric_hostname called with NULL hostname");-
157 return
never executed: return -1;
 -1;
never executed: return -1;
0
158 }-
159-
160 memset(&hints, 0, sizeof(hints));-
161 hints.ai_socktype = -
162 SOCK_DGRAM-
163 ;-
164 hints.ai_flags = -
165 0x0004-
166 ;-
167-
168 if (getaddrinfo(hostname,
getaddrinfo(ho...nts, &ai) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
169 ((void *)0)
getaddrinfo(ho...nts, &ai) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
170 , &hints, &ai) == 0
getaddrinfo(ho...nts, &ai) == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
171 freeaddrinfo(ai);-
172 return
never executed: return -1;
 -1;
never executed: return -1;
0
173 }-
174-
175 return
never executed: return 0;
 0;
never executed: return 0;
0
176}-
177-
178-
179-
180-
181-
182int-
183verify_host_key_dns(const char *hostname, struct sockaddr *address,-
184 struct sshkey *hostkey, int *flags)-
185{-
186 u_int counter;-
187 int result;-
188 struct rrsetinfo *fingerprints = -
189 ((void *)0)-
190 ;-
191-
192 u_int8_t hostkey_algorithm;-
193 u_int8_t hostkey_digest_type = SSHFP_HASH_RESERVED;-
194 u_char *hostkey_digest;-
195 size_t hostkey_digest_len;-
196-
197 u_int8_t dnskey_algorithm;-
198 u_int8_t dnskey_digest_type;-
199 u_char *dnskey_digest;-
200 size_t dnskey_digest_len;-
201-
202 *flags = 0;-
203-
204 debug3("verify_host_key_dns");-
205 if (hostkey ==
hostkey == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
206 ((void *)0)
hostkey == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
207 )-
208 fatal("No key to look up!");
never executed: fatal("No key to look up!");
0
209-
210 if (is_numeric_hostname(hostname)
is_numeric_hostname(hostname)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
211 debug("skipped DNS lookup for numerical hostname");-
212 return
never executed: return -1;
 -1;
never executed: return -1;
0
213 }-
214-
215 result = getrrsetbyname(hostname, 1,-
216 44, 0, &fingerprints);-
217 if (result
resultDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
218 verbose("DNS lookup error: %s", dns_result_totext(result));-
219 return
never executed: return -1;
 -1;
never executed: return -1;
0
220 }-
221-
222 if (fingerprints->rri_flags & 1
fingerprints->rri_flags & 1Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
223 *flags |= 0x00000004;-
224 debug("found %d secure fingerprints in DNS",-
225 fingerprints->rri_nrdatas);-
226 }
never executed: end of block
 else {		0
227 debug("found %d insecure fingerprints in DNS",-
228 fingerprints->rri_nrdatas);-
229 }
never executed: end of block
0
230-
231-
232 if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type,
!dns_read_key(..._len, hostkey)Description
TRUEnever evaluated
FALSEnever evaluated
0
233 &hostkey_digest, &hostkey_digest_len, hostkey)
!dns_read_key(..._len, hostkey)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
234 error("Error calculating host key fingerprint.");-
235 freerrset(fingerprints);-
236 return
never executed: return -1;
 -1;
never executed: return -1;
0
237 }-
238-
239 if (fingerprints->rri_nrdatas
fingerprints->rri_nrdatasDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
240 *
never executed: *flags |= 0x00000001;
flags |= 0x00000001;
never executed: *flags |= 0x00000001;
0
241-
242 for (counter = 0; counter < fingerprints->rri_nrdatas
counter < fing...s->rri_nrdatasDescription
TRUEnever evaluated
FALSEnever evaluated
; counter++) {		0
243-
244-
245-
246-
247 if (!dns_read_rdata(&dnskey_algorithm, &dnskey_digest_type,
!dns_read_rdat...r].rdi_length)Description
TRUEnever evaluated
FALSEnever evaluated
0
248 &dnskey_digest, &dnskey_digest_len,
!dns_read_rdat...r].rdi_length)Description
TRUEnever evaluated
FALSEnever evaluated
0
249 fingerprints->rri_rdatas[counter].rdi_data,
!dns_read_rdat...r].rdi_length)Description
TRUEnever evaluated
FALSEnever evaluated
0
250 fingerprints->rri_rdatas[counter].rdi_length)
!dns_read_rdat...r].rdi_length)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
251 verbose("Error parsing fingerprint from DNS.");-
252 continue;
never executed: continue;
0
253 }-
254-
255 if (hostkey_digest_type != dnskey_digest_type
hostkey_digest...ey_digest_typeDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
256 hostkey_digest_type = dnskey_digest_type;-
257 free(hostkey_digest);-
258-
259-
260 if (!dns_read_key(&hostkey_algorithm,
!dns_read_key(..._len, hostkey)Description
TRUEnever evaluated
FALSEnever evaluated
0
261 &hostkey_digest_type, &hostkey_digest,
!dns_read_key(..._len, hostkey)Description
TRUEnever evaluated
FALSEnever evaluated
0
262 &hostkey_digest_len, hostkey)
!dns_read_key(..._len, hostkey)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
263 error("Error calculating key fingerprint.");-
264 freerrset(fingerprints);-
265 return
never executed: return -1;
 -1;
never executed: return -1;
0
266 }-
267 }
never executed: end of block
0
268-
269-
270 if (hostkey_algorithm == dnskey_algorithm
hostkey_algori...skey_algorithmDescription
TRUEnever evaluated
FALSEnever evaluated
 &&		0
271 hostkey_digest_type == dnskey_digest_type
hostkey_digest...ey_digest_typeDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
272 if (hostkey_digest_len == dnskey_digest_len
hostkey_digest...key_digest_lenDescription
TRUEnever evaluated
FALSEnever evaluated
 &&		0
273 timingsafe_bcmp(hostkey_digest, dnskey_digest,
timingsafe_bcm...gest_len) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
274 hostkey_digest_len) == 0
timingsafe_bcm...gest_len) == 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
275 *
never executed: *flags |= 0x00000002;
flags |= 0x00000002;
never executed: *flags |= 0x00000002;
0
276 }
never executed: end of block
0
277 free(dnskey_digest);-
278 }
never executed: end of block
0
279-
280 free(hostkey_digest);-
281 freerrset(fingerprints);-
282-
283 if (*
*flags & 0x00000001Description
TRUEnever evaluated
FALSEnever evaluated
flags & 0x00000001
*flags & 0x00000001Description
TRUEnever evaluated
FALSEnever evaluated
)		0
284 if (*
*flags & 0x00000002Description
TRUEnever evaluated
FALSEnever evaluated
flags & 0x00000002
*flags & 0x00000002Description
TRUEnever evaluated
FALSEnever evaluated
)		0
285 debug("matching host key fingerprint found in DNS");
never executed: debug("matching host key fingerprint found in DNS");
0
286 else-
287 debug("mismatching host key fingerprint found in DNS");
never executed: debug("mismatching host key fingerprint found in DNS");
0
288 else-
289 debug("no host key fingerprint found in DNS");
never executed: debug("no host key fingerprint found in DNS");
0
290-
291 return
never executed: return 0;
 0;
never executed: return 0;
0
292}-
293-
294-
295-
296-
297int-
298export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic)-
299{-
300 u_int8_t rdata_pubkey_algorithm = 0;-
301 u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED;-
302 u_int8_t dtype;-
303 u_char *rdata_digest;-
304 size_t i, rdata_digest_len;-
305 int success = 0;-
306-
307 for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX
dtype < SSHFP_HASH_MAXDescription
TRUEnever evaluated
FALSEnever evaluated
; dtype++) {		0
308 rdata_digest_type = dtype;-
309 if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
dns_read_key(&...gest_len, key)Description
TRUEnever evaluated
FALSEnever evaluated
0
310 &rdata_digest, &rdata_digest_len, key)
dns_read_key(&...gest_len, key)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
311 if (generic
genericDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
312 fprintf(f, "%s IN TYPE%d \\# %zu %02x %02x ",-
313 hostname, 44,-
314 2 + rdata_digest_len,-
315 rdata_pubkey_algorithm, rdata_digest_type);-
316 }
never executed: end of block
 else {		0
317 fprintf(f, "%s IN SSHFP %d %d ", hostname,-
318 rdata_pubkey_algorithm, rdata_digest_type);-
319 }
never executed: end of block
0
320 for (i = 0; i < rdata_digest_len
i < rdata_digest_lenDescription
TRUEnever evaluated
FALSEnever evaluated
; i++)		0
321 fprintf(f, "%02x", rdata_digest[i]);
never executed: fprintf(f, "%02x", rdata_digest[i]);
0
322 fprintf(f, "\n");-
323 free(rdata_digest);-
324 success = 1;-
325 }
never executed: end of block
0
326 }
never executed: end of block
0
327-
328-
329 if (success == 0
success == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
330 error("%s: unsupported algorithm and/or digest_type", __func__);-
331 }
never executed: end of block
0
332-
333 return
never executed: return success;
 success;
never executed: return success;
0
334}-
Switch to Source codePreprocessed file
Generated by Squish Coco 4.2.2