OpenCoverage

sshd.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssh/src/sshd.c
Switch to Source codePreprocessed file
LineSourceCount
1-
2-
3-
4-
5-
6-
7-
8-
9-
10-
11-
12-
13-
14-
15-
16-
17-
18-
19-
20-
21-
22-
23-
24-
25-
26-
27-
28-
29-
30-
31-
32-
33-
34-
35-
36-
37-
38-
39-
40extern char *__progname;-
41-
42-
43ServerOptions options;-
44-
45-
46char *config_file_name = "/var/tmp/openssh-test/etc" "/sshd_config";-
47-
48-
49-
50-
51-
52-
53-
54int debug_flag = 0;-
55-
56-
57-
58-
59-
60-
61-
62int test_flag = 0;-
63-
64-
65int inetd_flag = 0;-
66-
67-
68int no_daemon_flag = 0;-
69-
70-
71int log_stderr = 0;-
72-
73-
74char **saved_argv;-
75int saved_argc;-
76-
77-
78int rexeced_flag = 0;-
79int rexec_flag = 1;-
80int rexec_argc = 0;-
81char **rexec_argv;-
82-
83-
84-
85-
86-
87-
88int listen_socks[16];-
89int num_listen_socks = 0;-
90-
91-
92-
93-
94-
95char *client_version_string = -
96 ((void *)0)-
97 ;-
98char *server_version_string = -
99 ((void *)0)-
100 ;-
101-
102-
103int auth_sock = -1;-
104int have_agent = 0;-
105struct {-
106 struct sshkey **host_keys;-
107 struct sshkey **host_pubkeys;-
108 struct sshkey **host_certificates;-
109 int have_ssh2_key;-
110} sensitive_data;-
111-
112-
113static volatile sig_atomic_t received_sighup = 0;-
114static volatile sig_atomic_t received_sigterm = 0;-
115-
116-
117u_char session_id[16];-
118-
119-
120u_char *session_id2 = -
121 ((void *)0)-
122 ;-
123u_int session_id2_len = 0;-
124-
125-
126u_int utmp_len = -
127 64-
128 +1;-
129-
130-
131int *startup_pipes = -
132 ((void *)0)-
133 ;-
134int startup_pipe;-
135-
136-
137int use_privsep = -1;-
138struct monitor *pmonitor = -
139 ((void *)0)-
140 ;-
141int privsep_is_preauth = 1;-
142static int privsep_chroot = 1;-
143-
144-
145Authctxt *the_authctxt = -
146 ((void *)0)-
147 ;-
148-
149-
150struct sshauthopt *auth_opts = -
151 ((void *)0)-
152 ;-
153-
154-
155struct sshbuf *cfg;-
156-
157-
158struct sshbuf *loginmsg;-
159-
160-
161struct passwd *privsep_pw = -
162 ((void *)0)-
163 ;-
164-
165-
166void destroy_sensitive_data(void);-
167void demote_sensitive_data(void);-
168static void do_ssh2_kex(void);-
169-
170-
171-
172-
173static void-
174close_listen_socks(void)-
175{-
176 int i;-
177-
178 for (i = 0; i < num_listen_socks
i < num_listen_socksDescription
TRUEnever evaluated
FALSEnever evaluated
; i++)
0
179 close(listen_socks[i]);
never executed: close(listen_socks[i]);
0
180 num_listen_socks = -1;-
181}
never executed: end of block
0
182-
183static void-
184close_startup_pipes(void)-
185{-
186 int i;-
187-
188 if (startup_pipes
startup_pipesDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
189 for (i = 0; i < options.max_startups
i < options.max_startupsDescription
TRUEnever evaluated
FALSEnever evaluated
; i++)
0
190 if (startup_pipes[i] != -1
startup_pipes[i] != -1Description
TRUEnever evaluated
FALSEnever evaluated
)
0
191 close(startup_pipes[i]);
never executed: close(startup_pipes[i]);
0
192}
never executed: end of block
0
193static void-
194sighup_handler(int sig)-
195{-
196 int save_errno = -
197 (*__errno_location ())-
198 ;-
199-
200 received_sighup = 1;-
201 -
202(*__errno_location ()) -
203 = save_errno;-
204}
never executed: end of block
0
205-
206-
207-
208-
209-
210static void-
211sighup_restart(void)-
212{-
213 logit("Received SIGHUP; restarting.");-
214 if (options.pid_file !=
options.pid_fi...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
215 ((void *)0)
options.pid_fi...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
216 )-
217 unlink(options.pid_file);
never executed: unlink(options.pid_file);
0
218 platform_pre_restart();-
219 close_listen_socks();-
220 close_startup_pipes();-
221 alarm(0);-
222 mysignal(-
2231-
224,-
225((__sighandler_t) 1)-
226);-
227 execv(saved_argv[0], saved_argv);-
228 logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],-
229 strerror(-
230 (*__errno_location ())-
231 ));-
232 exit(1);
never executed: exit(1);
0
233}-
234-
235-
236-
237-
238-
239static void-
240sigterm_handler(int sig)-
241{-
242 received_sigterm = sig;-
243}
never executed: end of block
0
244-
245-
246-
247-
248-
249-
250static void-
251main_sigchld_handler(int sig)-
252{-
253 int save_errno = -
254 (*__errno_location ())-
255 ;-
256 pid_t pid;-
257 int status;-
258-
259 while ((
(pid = waitpid...atus, 1 )) > 0Description
TRUEnever evaluated
FALSEnever evaluated
pid = waitpid(-1, &status,
(pid = waitpid...atus, 1 )) > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
260 1
(pid = waitpid...atus, 1 )) > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
261 )) > 0
(pid = waitpid...atus, 1 )) > 0Description
TRUEnever evaluated
FALSEnever evaluated
||
0
262 (pid < 0
pid < 0Description
TRUEnever evaluated
FALSEnever evaluated
&&
0
263 (*
(*__errno_location ()) == 4Description
TRUEnever evaluated
FALSEnever evaluated
__errno_location ())
(*__errno_location ()) == 4Description
TRUEnever evaluated
FALSEnever evaluated
0
264 ==
(*__errno_location ()) == 4Description
TRUEnever evaluated
FALSEnever evaluated
0
265 4
(*__errno_location ()) == 4Description
TRUEnever evaluated
FALSEnever evaluated
0
266 ))-
267 ;
never executed: ;
0
268 -
269(*__errno_location ()) -
270 = save_errno;-
271}
never executed: end of block
0
272-
273-
274-
275-
276-
277static void-
278grace_alarm_handler(int sig)-
279{-
280 if (use_privsep
use_privsepDescription
TRUEnever evaluated
FALSEnever evaluated
&& pmonitor !=
pmonitor != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
281 ((void *)0)
pmonitor != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
282 && pmonitor->m_pid > 0
pmonitor->m_pid > 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
283 kill(pmonitor->m_pid,
never executed: kill(pmonitor->m_pid, 14 );
0
284 14
never executed: kill(pmonitor->m_pid, 14 );
0
285 );
never executed: kill(pmonitor->m_pid, 14 );
0
286-
287-
288-
289-
290-
291 if (getpgid(0) == getpid()
getpgid(0) == getpid()Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
292 mysignal(-
293 15-
294 ,-
295 ((__sighandler_t) 1)-
296 );-
297 kill(0, -
298 15-
299 );-
300 }
never executed: end of block
0
301-
302-
303 sigdie("Timeout before authentication for %s port %d",-
304 ssh_remote_ipaddr(active_state), ssh_remote_port(active_state));-
305}
never executed: end of block
0
306-
307static void-
308sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)-
309{-
310 u_int i;-
311 int remote_major, remote_minor;-
312 char *s;-
313 char buf[256];-
314 char remote_version[256];-
315-
316 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",-
317 2, 0, "OpenSSH_7.8",-
318 *options.version_addendum == '\0' ? "" : " ",-
319 options.version_addendum);-
320-
321-
322 if (atomicio((ssize_t (*)(int, void *, size_t))write, sock_out, server_version_string,
atomicio((ssiz...ersion_string)Description
TRUEnever evaluated
FALSEnever evaluated
0
323 strlen(server_version_string))
atomicio((ssiz...ersion_string)Description
TRUEnever evaluated
FALSEnever evaluated
0
324 != strlen(server_version_string)
atomicio((ssiz...ersion_string)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
325 logit("Could not write ident string to %s port %d",-
326 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));-
327 cleanup_exit(255);-
328 }
never executed: end of block
0
329-
330-
331 memset(buf, 0, sizeof(buf));-
332 for (i = 0; i < sizeof(buf) - 1
i < sizeof(buf) - 1Description
TRUEnever evaluated
FALSEnever evaluated
; i++) {
0
333 if (atomicio(read, sock_in, &buf[i], 1) != 1
atomicio(read,...uf[i], 1) != 1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
334 logit("Did not receive identification string "-
335 "from %s port %d",-
336 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));-
337 cleanup_exit(255);-
338 }
never executed: end of block
0
339 if (buf[i] == '\r'
buf[i] == '\r'Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
340 buf[i] = 0;-
341-
342 if (i == 12
i == 12Description
TRUEnever evaluated
FALSEnever evaluated
&&
0
343 -
344 (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__extension__ (__builtin_constant_p (
__builtin_constant_p ( 12 )Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
345 12
__builtin_constant_p ( 12 )Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
346 )
__builtin_constant_p ( 12 )Description
TRUEnever evaluated
FALSEnever evaluated
&& ((__builtin_constant_p (
__builtin_constant_p ( buf )Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
347 buf
__builtin_constant_p ( buf )Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
348 )
__builtin_constant_p ( buf )Description
TRUEnever evaluated
FALSEnever evaluated
&& strlen (
strlen ( buf )...ize_t) ( 12 ))Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
349 buf
strlen ( buf )...ize_t) ( 12 ))Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
350 ) < ((size_t) (
strlen ( buf )...ize_t) ( 12 ))Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
351 12
strlen ( buf )...ize_t) ( 12 ))Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
352 ))
strlen ( buf )...ize_t) ( 12 ))Description
TRUEnever evaluated
FALSEnever evaluated
) || (__builtin_constant_p (
__builtin_cons...SH-1.5-W1.0" )Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
353 "SSH-1.5-W1.0"
__builtin_cons...SH-1.5-W1.0" )Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
354 )
__builtin_cons...SH-1.5-W1.0" )Description
TRUEnever evaluated
FALSEnever evaluated
&& strlen (
strlen ( "SSH-...ize_t) ( 12 ))Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
355 "SSH-1.5-W1.0"
strlen ( "SSH-...ize_t) ( 12 ))Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
356 ) < ((size_t) (
strlen ( "SSH-...ize_t) ( 12 ))Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
357 12
strlen ( "SSH-...ize_t) ( 12 ))Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
358 ))
strlen ( "SSH-...ize_t) ( 12 ))Description
TRUEnever evaluated
FALSEnever evaluated
)) ? __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
359 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
360 ) && __builtin_constant_p (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
361 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
362 ) && (__s1_len = __builtin_strlen (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
363 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
364 ), __s2_len = __builtin_strlen (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
365 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
366 ), (!((size_t)(const void *)((
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
367 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
368 ) + 1) - (size_t)(const void *)(
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
369 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
370 ) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
371 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
372 ) + 1) - (size_t)(const void *)(
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
373 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
374 ) == 1) || __s2_len >= 4)) ? __builtin_strcmp (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
375 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
376 ,
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
377 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
378 ) : (__builtin_constant_p (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
379 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
380 ) && ((size_t)(const void *)((
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
381 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
382 ) + 1) - (size_t)(const void *)(
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
383 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
384 ) == 1) && (__s1_len = __builtin_strlen (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
385 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
386 ), __s1_len < 4) ? (__builtin_constant_p (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
387 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
388 ) && ((size_t)(const void *)((
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
389 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
390 ) + 1) - (size_t)(const void *)(
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
391 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
392 ) == 1) ? __builtin_strcmp (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
393 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
394 ,
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
395 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
396 ) : (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
397 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
398 ); int __result = (((const unsigned char *) (const char *) (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
399 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
400 ))[0] - __s2[0]); if (__s1_len > 0
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) { __result = (((const unsigned char *) (const char *) (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
401 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
402 ))[1] - __s2[1]); if (__s1_len > 1
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) { __result = (((const unsigned char *) (const char *) (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
403 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
404 ))[2] - __s2[2]); if (__s1_len > 2
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) __result = (((const unsigned char *) (const char *) (
never executed: __result = (((const unsigned char *) (const char *) ( buf ))[3] - __s2[3]);
0
405 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
never executed: __result = (((const unsigned char *) (const char *) ( buf ))[3] - __s2[3]);
0
406 ))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
407 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
408 ) && ((size_t)(const void *)((
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
409 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
410 ) + 1) - (size_t)(const void *)(
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
411 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
412 ) == 1) && (__s2_len = __builtin_strlen (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
413 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
414 ), __s2_len < 4) ? (__builtin_constant_p (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
415 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
416 ) && ((size_t)(const void *)((
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
417 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
418 ) + 1) - (size_t)(const void *)(
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
419 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
420 ) == 1) ? __builtin_strcmp (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
421 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
422 ,
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
423 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
424 ) : -(__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
425 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
426 ); int __result = (((const unsigned char *) (const char *) (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
427 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
428 ))[0] - __s2[0]); if (__s2_len > 0
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) { __result = (((const unsigned char *) (const char *) (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
429 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
430 ))[1] - __s2[1]); if (__s2_len > 1
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) { __result = (((const unsigned char *) (const char *) (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
431 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
432 ))[2] - __s2[2]); if (__s2_len > 2
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) __result = (((const unsigned char *) (const char *) (
never executed: __result = (((const unsigned char *) (const char *) ( "SSH-1.5-W1.0" ))[3] - __s2[3]);
0
433 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
never executed: __result = (((const unsigned char *) (const char *) ( "SSH-1.5-W1.0" ))[3] - __s2[3]);
0
434 ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
435 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
436 ,
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
437 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
438 )))); }) : strncmp (
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
439 buf
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
440 ,
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
441 "SSH-1.5-W1.0"
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
442 ,
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
443 12
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
444 )))
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
445 == 0
(__extension__... , 12 ))) == 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
446 break;
never executed: break;
0
447 continue;
never executed: continue;
0
448 }-
449 if (buf[i] == '\n'
buf[i] == '\n'Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
450 buf[i] = 0;-
451 break;
never executed: break;
0
452 }-
453 }
never executed: end of block
0
454 buf[sizeof(buf) - 1] = 0;-
455 client_version_string = xstrdup(buf);-
456-
457-
458-
459-
460-
461 if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",
sscanf(client_..._version) != 3Description
TRUEnever evaluated
FALSEnever evaluated
0
462 &remote_major, &remote_minor, remote_version) != 3
sscanf(client_..._version) != 3Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
463 s = "Protocol mismatch.\n";-
464 (void) atomicio((ssize_t (*)(int, void *, size_t))write, sock_out, s, strlen(s));-
465 logit("Bad protocol version identification '%.100s' "-
466 "from %s port %d", client_version_string,-
467 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));-
468 close(sock_in);-
469 close(sock_out);-
470 cleanup_exit(255);-
471 }
never executed: end of block
0
472 debug("Client protocol version %d.%d; client software version %.100s",-
473 remote_major, remote_minor, remote_version);-
474-
475 ssh->compat = compat_datafellows(remote_version);-
476-
477 if ((
(ssh->compat &...00400000) != 0Description
TRUEnever evaluated
FALSEnever evaluated
ssh->compat & 0x00400000) != 0
(ssh->compat &...00400000) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
478 logit("probed from %s port %d with %s. Don't panic.",-
479 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),-
480 client_version_string);-
481 cleanup_exit(255);-
482 }
never executed: end of block
0
483 if ((
(ssh->compat &...00000800) != 0Description
TRUEnever evaluated
FALSEnever evaluated
ssh->compat & 0x00000800) != 0
(ssh->compat &...00000800) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
484 logit("scanned from %s port %d with %s. Don't panic.",-
485 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),-
486 client_version_string);-
487 cleanup_exit(255);-
488 }
never executed: end of block
0
489 if ((
(ssh->compat &...00002000) != 0Description
TRUEnever evaluated
FALSEnever evaluated
ssh->compat & 0x00002000) != 0
(ssh->compat &...00002000) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
490 logit("Client version \"%.100s\" uses unsafe RSA signature "-
491 "scheme; disabling use of RSA keys", remote_version);-
492 }
never executed: end of block
0
493-
494 chop(server_version_string);-
495 debug("Local version string %.200s", server_version_string);-
496-
497 if (remote_major != 2
remote_major != 2Description
TRUEnever evaluated
FALSEnever evaluated
&&
0
498 !(remote_major == 1
remote_major == 1Description
TRUEnever evaluated
FALSEnever evaluated
&& remote_minor == 99
remote_minor == 99Description
TRUEnever evaluated
FALSEnever evaluated
)) {
0
499 s = "Protocol major versions differ.\n";-
500 (void) atomicio((ssize_t (*)(int, void *, size_t))write, sock_out, s, strlen(s));-
501 close(sock_in);-
502 close(sock_out);-
503 logit("Protocol major versions differ for %s port %d: "-
504 "%.200s vs. %.200s",-
505 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),-
506 server_version_string, client_version_string);-
507 cleanup_exit(255);-
508 }
never executed: end of block
0
509}
never executed: end of block
0
510-
511-
512void-
513destroy_sensitive_data(void)-
514{-
515 u_int i;-
516-
517 for (i = 0; i < options.num_host_key_files
i < options.num_host_key_filesDescription
TRUEnever evaluated
FALSEnever evaluated
; i++) {
0
518 if (sensitive_data.host_keys[i]
sensitive_data.host_keys[i]Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
519 sshkey_free(sensitive_data.host_keys[i]);-
520 sensitive_data.host_keys[i] = -
521 ((void *)0)-
522 ;-
523 }
never executed: end of block
0
524 if (sensitive_data.host_certificates[i]
sensitive_data...ertificates[i]Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
525 sshkey_free(sensitive_data.host_certificates[i]);-
526 sensitive_data.host_certificates[i] = -
527 ((void *)0)-
528 ;-
529 }
never executed: end of block
0
530 }
never executed: end of block
0
531}
never executed: end of block
0
532-
533-
534void-
535demote_sensitive_data(void)-
536{-
537 struct sshkey *tmp;-
538 u_int i;-
539 int r;-
540-
541 for (i = 0; i < options.num_host_key_files
i < options.num_host_key_filesDescription
TRUEnever evaluated
FALSEnever evaluated
; i++) {
0
542 if (sensitive_data.host_keys[i]
sensitive_data.host_keys[i]Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
543 if ((
(r = sshkey_fr...], &tmp)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshkey_from_private(
(r = sshkey_fr...], &tmp)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
544 sensitive_data.host_keys[i], &tmp)) != 0
(r = sshkey_fr...], &tmp)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
545 fatal("could not demote host %s key: %s",
never executed: fatal("could not demote host %s key: %s", sshkey_type(sensitive_data.host_keys[i]), ssh_err(r));
0
546 sshkey_type(sensitive_data.host_keys[i]),
never executed: fatal("could not demote host %s key: %s", sshkey_type(sensitive_data.host_keys[i]), ssh_err(r));
0
547 ssh_err(r));
never executed: fatal("could not demote host %s key: %s", sshkey_type(sensitive_data.host_keys[i]), ssh_err(r));
0
548 sshkey_free(sensitive_data.host_keys[i]);-
549 sensitive_data.host_keys[i] = tmp;-
550 }
never executed: end of block
0
551-
552 }
never executed: end of block
0
553}
never executed: end of block
0
554-
555static void-
556reseed_prngs(void)-
557{-
558 u_int32_t rnd[256];-
559-
560-
561 RAND_poll();-
562-
563 arc4random_stir();-
564 arc4random_buf(rnd, sizeof(rnd));-
565-
566-
567 RAND_seed(rnd, sizeof(rnd));-
568-
569 if ((
(RAND_bytes((u...)rnd, 1)) != 1Description
TRUEnever evaluated
FALSEnever evaluated
RAND_bytes((u_char *)rnd, 1)) != 1
(RAND_bytes((u...)rnd, 1)) != 1Description
TRUEnever evaluated
FALSEnever evaluated
)
0
570 fatal("%s: RAND_bytes failed", __func__);
never executed: fatal("%s: RAND_bytes failed", __func__);
0
571-
572-
573 explicit_bzero(rnd, sizeof(rnd));-
574}
never executed: end of block
0
575-
576static void-
577privsep_preauth_child(void)-
578{-
579 gid_t gidset[1];-
580-
581-
582 privsep_challenge_enable();-
583-
584-
585-
586-
587-
588-
589 reseed_prngs();-
590-
591-
592 demote_sensitive_data();-
593-
594-
595 if (privsep_chroot
privsep_chrootDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
596-
597 if (chroot("/var/run/openssh-test") == -1
chroot("/var/r...h-test") == -1Description
TRUEnever evaluated
FALSEnever evaluated
)
0
598 fatal("chroot(\"%s\"): %s", "/var/run/openssh-test",
never executed: fatal("chroot(\"%s\"): %s", "/var/run/openssh-test", strerror( (*__errno_location ()) ));
0
599 strerror(
never executed: fatal("chroot(\"%s\"): %s", "/var/run/openssh-test", strerror( (*__errno_location ()) ));
0
600 (*__errno_location ())
never executed: fatal("chroot(\"%s\"): %s", "/var/run/openssh-test", strerror( (*__errno_location ()) ));
0
601 ));
never executed: fatal("chroot(\"%s\"): %s", "/var/run/openssh-test", strerror( (*__errno_location ()) ));
0
602 if (chdir("/") == -1
chdir("/") == -1Description
TRUEnever evaluated
FALSEnever evaluated
)
0
603 fatal("chdir(\"/\"): %s", strerror(
never executed: fatal("chdir(\"/\"): %s", strerror( (*__errno_location ()) ));
0
604 (*__errno_location ())
never executed: fatal("chdir(\"/\"): %s", strerror( (*__errno_location ()) ));
0
605 ));
never executed: fatal("chdir(\"/\"): %s", strerror( (*__errno_location ()) ));
0
606-
607-
608 debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,-
609 (u_int)privsep_pw->pw_gid);-
610 gidset[0] = privsep_pw->pw_gid;-
611 if (setgroups(1, gidset) < 0
setgroups(1, gidset) < 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
612 fatal("setgroups: %.100s", strerror(
never executed: fatal("setgroups: %.100s", strerror( (*__errno_location ()) ));
0
613 (*__errno_location ())
never executed: fatal("setgroups: %.100s", strerror( (*__errno_location ()) ));
0
614 ));
never executed: fatal("setgroups: %.100s", strerror( (*__errno_location ()) ));
0
615 permanently_set_uid(privsep_pw);-
616 }
never executed: end of block
0
617}
never executed: end of block
0
618-
619static int-
620privsep_preauth(Authctxt *authctxt)-
621{-
622 int status, r;-
623 pid_t pid;-
624 struct ssh_sandbox *box = -
625 ((void *)0)-
626 ;-
627-
628-
629 pmonitor = monitor_init();-
630-
631 pmonitor->m_pkex = &active_state->kex;-
632-
633 if (use_privsep == 1
use_privsep == 1Description
TRUEnever evaluated
FALSEnever evaluated
)
0
634 box = ssh_sandbox_init(pmonitor);
never executed: box = ssh_sandbox_init(pmonitor);
0
635 pid = fork();-
636 if (pid == -1
pid == -1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
637 fatal("fork of unprivileged child failed");-
638 }
never executed: end of block
else if (pid != 0
pid != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
639 debug2("Network child is on pid %ld", (long)pid);-
640-
641 pmonitor->m_pid = pid;-
642 if (have_agent
have_agentDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
643 r = ssh_get_authentication_socket(&auth_sock);-
644 if (r != 0
r != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
645 error("Could not get agent socket: %s",-
646 ssh_err(r));-
647 have_agent = 0;-
648 }
never executed: end of block
0
649 }
never executed: end of block
0
650 if (box !=
box != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
651 ((void *)0)
box != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
652 )-
653 ssh_sandbox_parent_preauth(box, pid);
never executed: ssh_sandbox_parent_preauth(box, pid);
0
654 monitor_child_preauth(authctxt, pmonitor);-
655-
656-
657 while (waitpid(pid, &status, 0) < 0
waitpid(pid, &status, 0) < 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
658 if (-
659 (*
(*__errno_location ()) == 4Description
TRUEnever evaluated
FALSEnever evaluated
__errno_location ())
(*__errno_location ()) == 4Description
TRUEnever evaluated
FALSEnever evaluated
0
660 ==
(*__errno_location ()) == 4Description
TRUEnever evaluated
FALSEnever evaluated
0
661 4
(*__errno_location ()) == 4Description
TRUEnever evaluated
FALSEnever evaluated
0
662 )-
663 continue;
never executed: continue;
0
664 pmonitor->m_pid = -1;-
665 fatal("%s: waitpid: %s", __func__, strerror(-
666 (*__errno_location ())-
667 ));-
668 }
never executed: end of block
0
669 privsep_is_preauth = 0;-
670 pmonitor->m_pid = -1;-
671 if (-
672 (((
((( status ) & 0x7f) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
673 status
((( status ) & 0x7f) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
674 ) & 0x7f) == 0)
((( status ) & 0x7f) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
675 ) {-
676 if (-
677 (((
((( status ) &...00) >> 8) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
678 status
((( status ) &...00) >> 8) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
679 ) & 0xff00) >> 8)
((( status ) &...00) >> 8) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
680 != 0
((( status ) &...00) >> 8) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
681 fatal("%s: preauth child exited with status %d",
never executed: fatal("%s: preauth child exited with status %d", __func__, ((( status ) & 0xff00) >> 8) );
0
682 __func__,
never executed: fatal("%s: preauth child exited with status %d", __func__, ((( status ) & 0xff00) >> 8) );
0
683 (((
never executed: fatal("%s: preauth child exited with status %d", __func__, ((( status ) & 0xff00) >> 8) );
0
684 status
never executed: fatal("%s: preauth child exited with status %d", __func__, ((( status ) & 0xff00) >> 8) );
0
685 ) & 0xff00) >> 8)
never executed: fatal("%s: preauth child exited with status %d", __func__, ((( status ) & 0xff00) >> 8) );
0
686 );
never executed: fatal("%s: preauth child exited with status %d", __func__, ((( status ) & 0xff00) >> 8) );
0
687 }
never executed: end of block
else if (
0
688 (((
(((signed char... 1) >> 1) > 0)Description
TRUEnever evaluated
FALSEnever evaluated
signed char) (((
(((signed char... 1) >> 1) > 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
689 status
(((signed char... 1) >> 1) > 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
690 ) & 0x7f) + 1) >> 1) > 0)
(((signed char... 1) >> 1) > 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
691 )-
692 fatal("%s: preauth child terminated by signal %d",
never executed: fatal("%s: preauth child terminated by signal %d", __func__, (( status ) & 0x7f) );
0
693 __func__,
never executed: fatal("%s: preauth child terminated by signal %d", __func__, (( status ) & 0x7f) );
0
694 ((
never executed: fatal("%s: preauth child terminated by signal %d", __func__, (( status ) & 0x7f) );
0
695 status
never executed: fatal("%s: preauth child terminated by signal %d", __func__, (( status ) & 0x7f) );
0
696 ) & 0x7f)
never executed: fatal("%s: preauth child terminated by signal %d", __func__, (( status ) & 0x7f) );
0
697 );
never executed: fatal("%s: preauth child terminated by signal %d", __func__, (( status ) & 0x7f) );
0
698 if (box !=
box != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
699 ((void *)0)
box != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
700 )-
701 ssh_sandbox_parent_finish(box);
never executed: ssh_sandbox_parent_finish(box);
0
702 return
never executed: return 1;
1;
never executed: return 1;
0
703 } else {-
704-
705 close(pmonitor->m_sendfd);-
706 close(pmonitor->m_log_recvfd);-
707-
708-
709 set_log_handler(mm_log_handler, pmonitor);-
710-
711 privsep_preauth_child();-
712 setproctitle("%s", "[net]");-
713 if (box !=
box != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
714 ((void *)0)
box != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
715 )-
716 ssh_sandbox_child(box);
never executed: ssh_sandbox_child(box);
0
717-
718 return
never executed: return 0;
0;
never executed: return 0;
0
719 }-
720}-
721-
722static void-
723privsep_postauth(Authctxt *authctxt)-
724{-
725-
726-
727-
728 if (authctxt->pw->pw_uid == 0
authctxt->pw->pw_uid == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
729-
730-
731 use_privsep = 0;-
732 goto
never executed: goto skip;
skip;
never executed: goto skip;
0
733 }-
734-
735-
736 monitor_reinit(pmonitor);-
737-
738 pmonitor->m_pid = fork();-
739 if (pmonitor->m_pid == -1
pmonitor->m_pid == -1Description
TRUEnever evaluated
FALSEnever evaluated
)
0
740 fatal("fork of unprivileged child failed");
never executed: fatal("fork of unprivileged child failed");
0
741 else if (pmonitor->m_pid != 0
pmonitor->m_pid != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
742 verbose("User child is on pid %ld", (long)pmonitor->m_pid);-
743 sshbuf_reset(loginmsg);-
744 monitor_clear_keystate(pmonitor);-
745 monitor_child_postauth(pmonitor);-
746-
747-
748 exit(0);
never executed: exit(0);
0
749 }-
750-
751-
752-
753 close(pmonitor->m_sendfd);-
754 pmonitor->m_sendfd = -1;-
755-
756-
757 demote_sensitive_data();-
758-
759 reseed_prngs();-
760-
761-
762 do_setusercontext(authctxt->pw);-
763-
764 skip:
code before this statement never executed: skip:
0
765-
766 monitor_apply_keystate(pmonitor);-
767-
768-
769-
770-
771-
772 ssh_packet_set_authenticated(active_state);-
773}
never executed: end of block
0
774-
775static void-
776append_hostkey_type(struct sshbuf *b, const char *s)-
777{-
778 int r;-
779-
780 if (match_pattern_list(s, options.hostkeyalgorithms, 0) != 1
match_pattern_...ithms, 0) != 1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
781 debug3("%s: %s key not permitted by HostkeyAlgorithms",-
782 __func__, s);-
783 return;
never executed: return;
0
784 }-
785 if ((
(r = sshbuf_pu...: "", s)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshbuf_putf(b, "%s%s", sshbuf_len(b) > 0 ? "," : "", s)) != 0
(r = sshbuf_pu...: "", s)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
786 fatal("%s: sshbuf_putf: %s", __func__, ssh_err(r));
never executed: fatal("%s: sshbuf_putf: %s", __func__, ssh_err(r));
0
787}
never executed: end of block
0
788-
789static char *-
790list_hostkey_types(void)-
791{-
792 struct sshbuf *b;-
793 struct sshkey *key;-
794 char *ret;-
795 u_int i;-
796-
797 if ((
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
b = sshbuf_new()) ==
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
798 ((void *)0)
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
799 )-
800 fatal("%s: sshbuf_new failed", __func__);
never executed: fatal("%s: sshbuf_new failed", __func__);
0
801 for (i = 0; i < options.num_host_key_files
i < options.num_host_key_filesDescription
TRUEnever evaluated
FALSEnever evaluated
; i++) {
0
802 key = sensitive_data.host_keys[i];-
803 if (key ==
key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
804 ((void *)0)
key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
805 )-
806 key = sensitive_data.host_pubkeys[i];
never executed: key = sensitive_data.host_pubkeys[i];
0
807 if (key ==
key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
808 ((void *)0)
key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
809 )-
810 continue;
never executed: continue;
0
811 switch (key->type) {-
812 case
never executed: case KEY_RSA:
KEY_RSA:
never executed: case KEY_RSA:
0
813-
814 append_hostkey_type(b, "rsa-sha2-512");-
815 append_hostkey_type(b, "rsa-sha2-256");-
816-
817 case
never executed: case KEY_DSA:
KEY_DSA:
never executed: case KEY_DSA:
code before this statement never executed: case KEY_DSA:
0
818 case
never executed: case KEY_ECDSA:
KEY_ECDSA:
never executed: case KEY_ECDSA:
0
819 case
never executed: case KEY_ED25519:
KEY_ED25519:
never executed: case KEY_ED25519:
0
820 case
never executed: case KEY_XMSS:
KEY_XMSS:
never executed: case KEY_XMSS:
0
821 append_hostkey_type(b, sshkey_ssh_name(key));-
822 break;
never executed: break;
0
823 }-
824-
825 key = sensitive_data.host_certificates[i];-
826 if (key ==
key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
827 ((void *)0)
key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
828 )-
829 continue;
never executed: continue;
0
830 switch (key->type) {-
831 case
never executed: case KEY_RSA_CERT:
KEY_RSA_CERT:
never executed: case KEY_RSA_CERT:
0
832-
833 append_hostkey_type(b,-
834 "rsa-sha2-512-cert-v01@openssh.com");-
835 append_hostkey_type(b,-
836 "rsa-sha2-256-cert-v01@openssh.com");-
837-
838 case
never executed: case KEY_DSA_CERT:
KEY_DSA_CERT:
never executed: case KEY_DSA_CERT:
code before this statement never executed: case KEY_DSA_CERT:
0
839 case
never executed: case KEY_ECDSA_CERT:
KEY_ECDSA_CERT:
never executed: case KEY_ECDSA_CERT:
0
840 case
never executed: case KEY_ED25519_CERT:
KEY_ED25519_CERT:
never executed: case KEY_ED25519_CERT:
0
841 case
never executed: case KEY_XMSS_CERT:
KEY_XMSS_CERT:
never executed: case KEY_XMSS_CERT:
0
842 append_hostkey_type(b, sshkey_ssh_name(key));-
843 break;
never executed: break;
0
844 }-
845 }
never executed: end of block
0
846 if ((
(ret = sshbuf_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
ret = sshbuf_dup_string(b)) ==
(ret = sshbuf_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
847 ((void *)0)
(ret = sshbuf_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
848 )-
849 fatal("%s: sshbuf_dup_string failed", __func__);
never executed: fatal("%s: sshbuf_dup_string failed", __func__);
0
850 sshbuf_free(b);-
851 debug("%s: %s", __func__, ret);-
852 return
never executed: return ret;
ret;
never executed: return ret;
0
853}-
854-
855static struct sshkey *-
856get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh)-
857{-
858 u_int i;-
859 struct sshkey *key;-
860-
861 for (i = 0; i < options.num_host_key_files
i < options.num_host_key_filesDescription
TRUEnever evaluated
FALSEnever evaluated
; i++) {
0
862 switch (type) {-
863 case
never executed: case KEY_RSA_CERT:
KEY_RSA_CERT:
never executed: case KEY_RSA_CERT:
0
864 case
never executed: case KEY_DSA_CERT:
KEY_DSA_CERT:
never executed: case KEY_DSA_CERT:
0
865 case
never executed: case KEY_ECDSA_CERT:
KEY_ECDSA_CERT:
never executed: case KEY_ECDSA_CERT:
0
866 case
never executed: case KEY_ED25519_CERT:
KEY_ED25519_CERT:
never executed: case KEY_ED25519_CERT:
0
867 case
never executed: case KEY_XMSS_CERT:
KEY_XMSS_CERT:
never executed: case KEY_XMSS_CERT:
0
868 key = sensitive_data.host_certificates[i];-
869 break;
never executed: break;
0
870 default
never executed: default:
:
never executed: default:
0
871 key = sensitive_data.host_keys[i];-
872 if (key ==
key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
873 ((void *)0)
key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
874 && !need_private
!need_privateDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
875 key = sensitive_data.host_pubkeys[i];
never executed: key = sensitive_data.host_pubkeys[i];
0
876 break;
never executed: break;
0
877 }-
878 if (key !=
key != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
879 ((void *)0)
key != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
880 && key->type == type
key->type == typeDescription
TRUEnever evaluated
FALSEnever evaluated
&&
0
881 (key->type != KEY_ECDSA
key->type != KEY_ECDSADescription
TRUEnever evaluated
FALSEnever evaluated
|| key->ecdsa_nid == nid
key->ecdsa_nid == nidDescription
TRUEnever evaluated
FALSEnever evaluated
))
0
882 return
never executed: return need_private ? sensitive_data.host_keys[i] : key;
need_private
need_privateDescription
TRUEnever evaluated
FALSEnever evaluated
?
never executed: return need_private ? sensitive_data.host_keys[i] : key;
0
883 sensitive_data.host_keys[i] : key;
never executed: return need_private ? sensitive_data.host_keys[i] : key;
0
884 }
never executed: end of block
0
885 return
never executed: return ((void *)0) ;
never executed: return ((void *)0) ;
0
886 ((void *)0)
never executed: return ((void *)0) ;
0
887 ;
never executed: return ((void *)0) ;
0
888}-
889-
890struct sshkey *-
891get_hostkey_public_by_type(int type, int nid, struct ssh *ssh)-
892{-
893 return
never executed: return get_hostkey_by_type(type, nid, 0, ssh);
get_hostkey_by_type(type, nid, 0, ssh);
never executed: return get_hostkey_by_type(type, nid, 0, ssh);
0
894}-
895-
896struct sshkey *-
897get_hostkey_private_by_type(int type, int nid, struct ssh *ssh)-
898{-
899 return
never executed: return get_hostkey_by_type(type, nid, 1, ssh);
get_hostkey_by_type(type, nid, 1, ssh);
never executed: return get_hostkey_by_type(type, nid, 1, ssh);
0
900}-
901-
902struct sshkey *-
903get_hostkey_by_index(int ind)-
904{-
905 if (ind < 0
ind < 0Description
TRUEnever evaluated
FALSEnever evaluated
|| (
(u_int)ind >= ...host_key_filesDescription
TRUEnever evaluated
FALSEnever evaluated
u_int)ind >= options.num_host_key_files
(u_int)ind >= ...host_key_filesDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
906 return
never executed: return ( ((void *)0) );
(
never executed: return ( ((void *)0) );
0
907 ((void *)0)
never executed: return ( ((void *)0) );
0
908 );
never executed: return ( ((void *)0) );
0
909 return
never executed: return (sensitive_data.host_keys[ind]);
(sensitive_data.host_keys[ind]);
never executed: return (sensitive_data.host_keys[ind]);
0
910}-
911-
912struct sshkey *-
913get_hostkey_public_by_index(int ind, struct ssh *ssh)-
914{-
915 if (ind < 0
ind < 0Description
TRUEnever evaluated
FALSEnever evaluated
|| (
(u_int)ind >= ...host_key_filesDescription
TRUEnever evaluated
FALSEnever evaluated
u_int)ind >= options.num_host_key_files
(u_int)ind >= ...host_key_filesDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
916 return
never executed: return ( ((void *)0) );
(
never executed: return ( ((void *)0) );
0
917 ((void *)0)
never executed: return ( ((void *)0) );
0
918 );
never executed: return ( ((void *)0) );
0
919 return
never executed: return (sensitive_data.host_pubkeys[ind]);
(sensitive_data.host_pubkeys[ind]);
never executed: return (sensitive_data.host_pubkeys[ind]);
0
920}-
921-
922int-
923get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh)-
924{-
925 u_int i;-
926-
927 for (i = 0; i < options.num_host_key_files
i < options.num_host_key_filesDescription
TRUEnever evaluated
FALSEnever evaluated
; i++) {
0
928 if (sshkey_is_cert(key)
sshkey_is_cert(key)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
929 if (key == sensitive_data.host_certificates[i]
key == sensiti...ertificates[i]Description
TRUEnever evaluated
FALSEnever evaluated
||
0
930 (compare
compareDescription
TRUEnever evaluated
FALSEnever evaluated
&& sensitive_data.host_certificates[i]
sensitive_data...ertificates[i]Description
TRUEnever evaluated
FALSEnever evaluated
&&
0
931 sshkey_equal(key,
sshkey_equal(k...rtificates[i])Description
TRUEnever evaluated
FALSEnever evaluated
0
932 sensitive_data.host_certificates[i])
sshkey_equal(k...rtificates[i])Description
TRUEnever evaluated
FALSEnever evaluated
))
0
933 return
never executed: return (i);
(i);
never executed: return (i);
0
934 }
never executed: end of block
else {
0
935 if (key == sensitive_data.host_keys[i]
key == sensiti...a.host_keys[i]Description
TRUEnever evaluated
FALSEnever evaluated
||
0
936 (compare
compareDescription
TRUEnever evaluated
FALSEnever evaluated
&& sensitive_data.host_keys[i]
sensitive_data.host_keys[i]Description
TRUEnever evaluated
FALSEnever evaluated
&&
0
937 sshkey_equal(key, sensitive_data.host_keys[i])
sshkey_equal(k....host_keys[i])Description
TRUEnever evaluated
FALSEnever evaluated
))
0
938 return
never executed: return (i);
(i);
never executed: return (i);
0
939 if (key == sensitive_data.host_pubkeys[i]
key == sensiti...ost_pubkeys[i]Description
TRUEnever evaluated
FALSEnever evaluated
||
0
940 (compare
compareDescription
TRUEnever evaluated
FALSEnever evaluated
&& sensitive_data.host_pubkeys[i]
sensitive_data.host_pubkeys[i]Description
TRUEnever evaluated
FALSEnever evaluated
&&
0
941 sshkey_equal(key, sensitive_data.host_pubkeys[i])
sshkey_equal(k...st_pubkeys[i])Description
TRUEnever evaluated
FALSEnever evaluated
))
0
942 return
never executed: return (i);
(i);
never executed: return (i);
0
943 }
never executed: end of block
0
944 }-
945 return
never executed: return (-1);
(-1);
never executed: return (-1);
0
946}-
947-
948-
949static void-
950notify_hostkeys(struct ssh *ssh)-
951{-
952 struct sshbuf *buf;-
953 struct sshkey *key;-
954 u_int i, nkeys;-
955 int r;-
956 char *fp;-
957-
958-
959 if (datafellows & 0x20000000
datafellows & 0x20000000Description
TRUEnever evaluated
FALSEnever evaluated
)
0
960 return;
never executed: return;
0
961-
962 if ((
(buf = sshbuf_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
buf = sshbuf_new()) ==
(buf = sshbuf_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
963 ((void *)0)
(buf = sshbuf_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
964 )-
965 fatal("%s: sshbuf_new", __func__);
never executed: fatal("%s: sshbuf_new", __func__);
0
966 for (i = nkeys = 0; i < options.num_host_key_files
i < options.num_host_key_filesDescription
TRUEnever evaluated
FALSEnever evaluated
; i++) {
0
967 key = get_hostkey_public_by_index(i, ssh);-
968 if (key ==
key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
969 ((void *)0)
key == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
970 || key->type == KEY_UNSPEC
key->type == KEY_UNSPECDescription
TRUEnever evaluated
FALSEnever evaluated
||
0
971 sshkey_is_cert(key)
sshkey_is_cert(key)Description
TRUEnever evaluated
FALSEnever evaluated
)
0
972 continue;
never executed: continue;
0
973 fp = sshkey_fingerprint(key, options.fingerprint_hash,-
974 SSH_FP_DEFAULT);-
975 debug3("%s: key %d: %s %s", __func__, i,-
976 sshkey_ssh_name(key), fp);-
977 free(fp);-
978 if (nkeys == 0
nkeys == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
979 ssh_packet_start(active_state, (80));-
980 ssh_packet_put_cstring(active_state, ("hostkeys-00@openssh.com"));-
981 ssh_packet_put_char(active_state, (0));-
982 }
never executed: end of block
0
983 sshbuf_reset(buf);-
984 if ((
(r = sshkey_pu...ey, buf)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshkey_putb(key, buf)) != 0
(r = sshkey_pu...ey, buf)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
985 fatal("%s: couldn't put hostkey %d: %s",
never executed: fatal("%s: couldn't put hostkey %d: %s", __func__, i, ssh_err(r));
0
986 __func__, i, ssh_err(r));
never executed: fatal("%s: couldn't put hostkey %d: %s", __func__, i, ssh_err(r));
0
987 ssh_packet_put_string(active_state, (sshbuf_ptr(buf)), (sshbuf_len(buf)));-
988 nkeys++;-
989 }
never executed: end of block
0
990 debug3("%s: sent %u hostkeys", __func__, nkeys);-
991 if (nkeys == 0
nkeys == 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
992 fatal("%s: no hostkeys", __func__);
never executed: fatal("%s: no hostkeys", __func__);
0
993 ssh_packet_send(active_state);-
994 sshbuf_free(buf);-
995}
never executed: end of block
0
996-
997-
998-
999-
1000-
1001-
1002-
1003static int-
1004drop_connection(int startups)-
1005{-
1006 int p, r;-
1007-
1008 if (startups < options.max_startups_begin
startups < opt...startups_beginDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
1009 return
never executed: return 0;
0;
never executed: return 0;
0
1010 if (startups >= options.max_startups
startups >= op...s.max_startupsDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
1011 return
never executed: return 1;
1;
never executed: return 1;
0
1012 if (options.max_startups_rate == 100
options.max_st...ps_rate == 100Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1013 return
never executed: return 1;
1;
never executed: return 1;
0
1014-
1015 p = 100 - options.max_startups_rate;-
1016 p *= startups - options.max_startups_begin;-
1017 p /= options.max_startups - options.max_startups_begin;-
1018 p += options.max_startups_rate;-
1019 r = arc4random_uniform(100);-
1020-
1021 debug("drop_connection: p %d, r %d", p, r);-
1022 return
never executed: return (r < p) ? 1 : 0;
(
(r < p)Description
TRUEnever evaluated
FALSEnever evaluated
r < p)
(r < p)Description
TRUEnever evaluated
FALSEnever evaluated
? 1 : 0;
never executed: return (r < p) ? 1 : 0;
0
1023}-
1024-
1025static void-
1026usage(void)-
1027{-
1028 fprintf(-
1029 stderr-
1030 , "%s, %s\n",-
1031 "OpenSSH_7.8" "p1",-
1032-
1033 SSLeay_version(-
1034 0-
1035 )-
1036-
1037-
1038-
1039 );-
1040 fprintf(-
1041 stderr-
1042 ,-
1043"usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]\n"-
1044" [-E log_file] [-f config_file] [-g login_grace_time]\n"-
1045" [-h host_key_file] [-o option] [-p port] [-u len]\n"-
1046 );-
1047 exit(1);
never executed: exit(1);
0
1048}-
1049-
1050static void-
1051send_rexec_state(int fd, struct sshbuf *conf)-
1052{-
1053 struct sshbuf *m;-
1054 int r;-
1055-
1056 debug3("%s: entering fd = %d config len %zu", __func__, fd,-
1057 sshbuf_len(conf));-
1058-
1059-
1060-
1061-
1062-
1063-
1064 if ((
(m = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
m = sshbuf_new()) ==
(m = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1065 ((void *)0)
(m = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1066 )-
1067 fatal("%s: sshbuf_new failed", __func__);
never executed: fatal("%s: sshbuf_new failed", __func__);
0
1068 if ((
(r = sshbuf_pu...m, conf)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshbuf_put_stringb(m, conf)) != 0
(r = sshbuf_pu...m, conf)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1069 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1070-
1071-
1072-
1073-
1074-
1075 if (ssh_msg_send(fd, 0, m) == -1
ssh_msg_send(fd, 0, m) == -1Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1076 fatal("%s: ssh_msg_send failed", __func__);
never executed: fatal("%s: ssh_msg_send failed", __func__);
0
1077-
1078 sshbuf_free(m);-
1079-
1080 debug3("%s: done", __func__);-
1081}
never executed: end of block
0
1082-
1083static void-
1084recv_rexec_state(int fd, struct sshbuf *conf)-
1085{-
1086 struct sshbuf *m;-
1087 u_char *cp, ver;-
1088 size_t len;-
1089 int r;-
1090-
1091 debug3("%s: entering fd = %d", __func__, fd);-
1092-
1093 if ((
(m = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
m = sshbuf_new()) ==
(m = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1094 ((void *)0)
(m = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1095 )-
1096 fatal("%s: sshbuf_new failed", __func__);
never executed: fatal("%s: sshbuf_new failed", __func__);
0
1097 if (ssh_msg_recv(fd, m) == -1
ssh_msg_recv(fd, m) == -1Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1098 fatal("%s: ssh_msg_recv failed", __func__);
never executed: fatal("%s: ssh_msg_recv failed", __func__);
0
1099 if ((
(r = sshbuf_ge...m, &ver)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshbuf_get_u8(m, &ver)) != 0
(r = sshbuf_ge...m, &ver)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1100 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1101 if (ver != 0
ver != 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1102 fatal("%s: rexec version mismatch", __func__);
never executed: fatal("%s: rexec version mismatch", __func__);
0
1103 if ((
(r = sshbuf_ge...p, &len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshbuf_get_string(m, &cp, &len)) != 0
(r = sshbuf_ge...p, &len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1104 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1105 if (conf !=
conf != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1106 ((void *)0)
conf != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1107 && (
(r = sshbuf_pu...onf, cp, len))Description
TRUEnever evaluated
FALSEnever evaluated
r = sshbuf_put(conf, cp, len))
(r = sshbuf_pu...onf, cp, len))Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1108 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1109-
1110-
1111-
1112-
1113 free(cp);-
1114 sshbuf_free(m);-
1115-
1116 debug3("%s: done", __func__);-
1117}
never executed: end of block
0
1118-
1119-
1120static void-
1121server_accept_inetd(int *sock_in, int *sock_out)-
1122{-
1123 int fd;-
1124-
1125 startup_pipe = -1;-
1126 if (rexeced_flag
rexeced_flagDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
1127 close((-
1128 2 -
1129 + 3));-
1130 *sock_in = *sock_out = dup(-
1131 0-
1132 );-
1133 if (!debug_flag
!debug_flagDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
1134 startup_pipe = dup((-
1135 2 -
1136 + 2));-
1137 close((-
1138 2 -
1139 + 2));-
1140 }
never executed: end of block
0
1141 }
never executed: end of block
else {
0
1142 *sock_in = dup(-
1143 0-
1144 );-
1145 *sock_out = dup(-
1146 1-
1147 );-
1148 }
never executed: end of block
0
1149-
1150-
1151-
1152-
1153-
1154 if ((
(fd = open( "/...02 , 0)) != -1Description
TRUEnever evaluated
FALSEnever evaluated
fd = open(
(fd = open( "/...02 , 0)) != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1155 "/dev/null"
(fd = open( "/...02 , 0)) != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1156 ,
(fd = open( "/...02 , 0)) != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1157 02
(fd = open( "/...02 , 0)) != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1158 , 0)) != -1
(fd = open( "/...02 , 0)) != -1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1159 dup2(fd, -
1160 0-
1161 );-
1162 dup2(fd, -
1163 1-
1164 );-
1165 if (!log_stderr
!log_stderrDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
1166 dup2(fd,
never executed: dup2(fd, 2 );
0
1167 2
never executed: dup2(fd, 2 );
0
1168 );
never executed: dup2(fd, 2 );
0
1169 if (fd > (log_stderr ?
fd > (log_stderr ? 2 : 1 )Description
TRUEnever evaluated
FALSEnever evaluated
0
1170 2
fd > (log_stderr ? 2 : 1 )Description
TRUEnever evaluated
FALSEnever evaluated
0
1171 :
fd > (log_stderr ? 2 : 1 )Description
TRUEnever evaluated
FALSEnever evaluated
0
1172 1
fd > (log_stderr ? 2 : 1 )Description
TRUEnever evaluated
FALSEnever evaluated
0
1173 )
fd > (log_stderr ? 2 : 1 )Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1174 close(fd);
never executed: close(fd);
0
1175 }
never executed: end of block
0
1176 debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out);-
1177}
never executed: end of block
0
1178-
1179-
1180-
1181-
1182static void-
1183listen_on_addrs(struct listenaddr *la)-
1184{-
1185 int ret, listen_sock;-
1186 struct addrinfo *ai;-
1187 char ntop[-
1188 1025-
1189 ], strport[-
1190 32-
1191 ];-
1192-
1193 for (ai = la->addrs; ai
aiDescription
TRUEnever evaluated
FALSEnever evaluated
; ai = ai->ai_next) {
0
1194 if (ai->ai_family !=
ai->ai_family != 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1195 2
ai->ai_family != 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1196 && ai->ai_family !=
ai->ai_family != 10Description
TRUEnever evaluated
FALSEnever evaluated
0
1197 10
ai->ai_family != 10Description
TRUEnever evaluated
FALSEnever evaluated
0
1198 )-
1199 continue;
never executed: continue;
0
1200 if (num_listen_socks >= 16
num_listen_socks >= 16Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1201 fatal("Too many listen sockets. "
never executed: fatal("Too many listen sockets. " "Enlarge MAX_LISTEN_SOCKS");
0
1202 "Enlarge MAX_LISTEN_SOCKS");
never executed: fatal("Too many listen sockets. " "Enlarge MAX_LISTEN_SOCKS");
0
1203 if ((
(ret = getname... 1 | 2 )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,
(ret = getname... 1 | 2 )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1204 ntop, sizeof(ntop), strport, sizeof(strport),
(ret = getname... 1 | 2 )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1205
(ret = getname... 1 | 2 )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1206 1
(ret = getname... 1 | 2 )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1207 |
(ret = getname... 1 | 2 )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1208 2
(ret = getname... 1 | 2 )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1209 )) != 0
(ret = getname... 1 | 2 )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1210 error("getnameinfo failed: %.100s",-
1211 ssh_gai_strerror(ret));-
1212 continue;
never executed: continue;
0
1213 }-
1214-
1215 listen_sock = socket(ai->ai_family, ai->ai_socktype,-
1216 ai->ai_protocol);-
1217 if (listen_sock < 0
listen_sock < 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1218-
1219 verbose("socket: %.100s", strerror(-
1220 (*__errno_location ())-
1221 ));-
1222 continue;
never executed: continue;
0
1223 }-
1224 if (set_nonblock(listen_sock) == -1
set_nonblock(l...en_sock) == -1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1225 close(listen_sock);-
1226 continue;
never executed: continue;
0
1227 }-
1228 if (fcntl(listen_sock,
fcntl(listen_s... 2 , 1 ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1229 2
fcntl(listen_s... 2 , 1 ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1230 ,
fcntl(listen_s... 2 , 1 ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1231 1
fcntl(listen_s... 2 , 1 ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1232 ) == -1
fcntl(listen_s... 2 , 1 ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1233 verbose("socket: CLOEXEC: %s", strerror(-
1234 (*__errno_location ())-
1235 ));-
1236 close(listen_sock);-
1237 continue;
never executed: continue;
0
1238 }-
1239-
1240 set_reuseaddr(listen_sock);-
1241 if (la->rdomain !=
la->rdomain != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1242 ((void *)0)
la->rdomain != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1243 &&-
1244 set_rdomain(listen_sock, la->rdomain) == -1
set_rdomain(li...rdomain) == -1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1245 close(listen_sock);-
1246 continue;
never executed: continue;
0
1247 }-
1248-
1249-
1250 if (ai->ai_family ==
ai->ai_family == 10Description
TRUEnever evaluated
FALSEnever evaluated
0
1251 10
ai->ai_family == 10Description
TRUEnever evaluated
FALSEnever evaluated
0
1252 )-
1253 sock_set_v6only(listen_sock);
never executed: sock_set_v6only(listen_sock);
0
1254-
1255 debug("Bind to port %s on %s.", strport, ntop);-
1256-
1257-
1258 if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0
bind(listen_so...i_addrlen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1259 error("Bind to port %s on %s failed: %.200s.",-
1260 strport, ntop, strerror(-
1261 (*__errno_location ())-
1262 ));-
1263 close(listen_sock);-
1264 continue;
never executed: continue;
0
1265 }-
1266 listen_socks[num_listen_socks] = listen_sock;-
1267 num_listen_socks++;-
1268-
1269-
1270 if (listen(listen_sock, 128) < 0
listen(listen_sock, 128) < 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1271 fatal("listen on [%s]:%s: %.100s",
never executed: fatal("listen on [%s]:%s: %.100s", ntop, strport, strerror( (*__errno_location ()) ));
0
1272 ntop, strport, strerror(
never executed: fatal("listen on [%s]:%s: %.100s", ntop, strport, strerror( (*__errno_location ()) ));
0
1273 (*__errno_location ())
never executed: fatal("listen on [%s]:%s: %.100s", ntop, strport, strerror( (*__errno_location ()) ));
0
1274 ));
never executed: fatal("listen on [%s]:%s: %.100s", ntop, strport, strerror( (*__errno_location ()) ));
0
1275 logit("Server listening on %s port %s%s%s.",-
1276 ntop, strport,-
1277 la->rdomain == -
1278 ((void *)0) -
1279 ? "" : " rdomain ",-
1280 la->rdomain == -
1281 ((void *)0) -
1282 ? "" : la->rdomain);-
1283 }
never executed: end of block
0
1284}
never executed: end of block
0
1285-
1286static void-
1287server_listen(void)-
1288{-
1289 u_int i;-
1290-
1291 for (i = 0; i < options.num_listen_addrs
i < options.num_listen_addrsDescription
TRUEnever evaluated
FALSEnever evaluated
; i++) {
0
1292 listen_on_addrs(&options.listen_addrs[i]);-
1293 freeaddrinfo(options.listen_addrs[i].addrs);-
1294 free(options.listen_addrs[i].rdomain);-
1295 memset(&options.listen_addrs[i], 0,-
1296 sizeof(options.listen_addrs[i]));-
1297 }
never executed: end of block
0
1298 free(options.listen_addrs);-
1299 options.listen_addrs = -
1300 ((void *)0)-
1301 ;-
1302 options.num_listen_addrs = 0;-
1303-
1304 if (!num_listen_socks
!num_listen_socksDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
1305 fatal("Cannot bind any address.");
never executed: fatal("Cannot bind any address.");
0
1306}
never executed: end of block
0
1307-
1308-
1309-
1310-
1311-
1312static void-
1313server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)-
1314{-
1315 fd_set *fdset;-
1316 int i, j, ret, maxfd;-
1317 int startups = 0;-
1318 int startup_p[2] = { -1 , -1 };-
1319 struct sockaddr_storage from;-
1320 socklen_t fromlen;-
1321 pid_t pid;-
1322 u_char rnd[256];-
1323-
1324-
1325 fdset = -
1326 ((void *)0)-
1327 ;-
1328 maxfd = 0;-
1329 for (i = 0; i < num_listen_socks
i < num_listen_socksDescription
TRUEnever evaluated
FALSEnever evaluated
; i++)
0
1330 if (listen_socks[i] > maxfd
listen_socks[i] > maxfdDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
1331 maxfd = listen_socks[i];
never executed: maxfd = listen_socks[i];
0
1332-
1333 startup_pipes = xcalloc(options.max_startups, sizeof(int));-
1334 for (i = 0; i < options.max_startups
i < options.max_startupsDescription
TRUEnever evaluated
FALSEnever evaluated
; i++)
0
1335 startup_pipes[i] = -1;
never executed: startup_pipes[i] = -1;
0
1336-
1337-
1338-
1339-
1340-
1341 for (;;) {-
1342 if (received_sighup
received_sighupDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
1343 sighup_restart();
never executed: sighup_restart();
0
1344 free(fdset);-
1345 fdset = xcalloc(-
1346 (((-
1347 maxfd + 1-
1348 ) + (((8 * (int) sizeof (__fd_mask))) - 1)) / ((8 * (int) sizeof (__fd_mask))))-
1349 ,-
1350 sizeof(fd_mask));-
1351-
1352 for (i = 0; i < num_listen_socks
i < num_listen_socksDescription
TRUEnever evaluated
FALSEnever evaluated
; i++)
0
1353 kludge_FD_SET(listen_socks[i], fdset);
never executed: kludge_FD_SET(listen_socks[i], fdset);
0
1354 for (i = 0; i < options.max_startups
i < options.max_startupsDescription
TRUEnever evaluated
FALSEnever evaluated
; i++)
0
1355 if (startup_pipes[i] != -1
startup_pipes[i] != -1Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1356 kludge_FD_SET(startup_pipes[i], fdset);
never executed: kludge_FD_SET(startup_pipes[i], fdset);
0
1357-
1358-
1359 ret = select(maxfd+1, fdset, -
1360 ((void *)0)-
1361 , -
1362 ((void *)0)-
1363 , -
1364 ((void *)0)-
1365 );-
1366 if (ret < 0
ret < 0Description
TRUEnever evaluated
FALSEnever evaluated
&&
0
1367 (*
(*__errno_location ()) != 4Description
TRUEnever evaluated
FALSEnever evaluated
__errno_location ())
(*__errno_location ()) != 4Description
TRUEnever evaluated
FALSEnever evaluated
0
1368 !=
(*__errno_location ()) != 4Description
TRUEnever evaluated
FALSEnever evaluated
0
1369 4
(*__errno_location ()) != 4Description
TRUEnever evaluated
FALSEnever evaluated
0
1370 )-
1371 error("select: %.100s", strerror(
never executed: error("select: %.100s", strerror( (*__errno_location ()) ));
0
1372 (*__errno_location ())
never executed: error("select: %.100s", strerror( (*__errno_location ()) ));
0
1373 ));
never executed: error("select: %.100s", strerror( (*__errno_location ()) ));
0
1374 if (received_sigterm
received_sigtermDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
1375 logit("Received signal %d; terminating.",-
1376 (int) received_sigterm);-
1377 close_listen_socks();-
1378 if (options.pid_file !=
options.pid_fi...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1379 ((void *)0)
options.pid_fi...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1380 )-
1381 unlink(options.pid_file);
never executed: unlink(options.pid_file);
0
1382 exit(received_sigterm ==
never executed: exit(received_sigterm == 15 ? 0 : 255);
0
1383 15
never executed: exit(received_sigterm == 15 ? 0 : 255);
0
1384 ? 0 : 255);
never executed: exit(received_sigterm == 15 ? 0 : 255);
0
1385 }-
1386 if (ret < 0
ret < 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1387 continue;
never executed: continue;
0
1388-
1389 for (i = 0; i < options.max_startups
i < options.max_startupsDescription
TRUEnever evaluated
FALSEnever evaluated
; i++)
0
1390 if (startup_pipes[i] != -1
startup_pipes[i] != -1Description
TRUEnever evaluated
FALSEnever evaluated
&&
0
1391 kludge_FD_ISSET(startup_pipes[i], fdset)
kludge_FD_ISSE...pes[i], fdset)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1392-
1393-
1394-
1395-
1396-
1397-
1398 close(startup_pipes[i]);-
1399 startup_pipes[i] = -1;-
1400 startups--;-
1401 }
never executed: end of block
0
1402 for (i = 0; i < num_listen_socks
i < num_listen_socksDescription
TRUEnever evaluated
FALSEnever evaluated
; i++) {
0
1403 if (!kludge_FD_ISSET(listen_socks[i], fdset)
!kludge_FD_ISS...cks[i], fdset)Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1404 continue;
never executed: continue;
0
1405 fromlen = sizeof(from);-
1406 *newsock = accept(listen_socks[i],-
1407 (struct sockaddr *)&from, &fromlen);-
1408 if (*
*newsock < 0Description
TRUEnever evaluated
FALSEnever evaluated
newsock < 0
*newsock < 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1409 if (-
1410 (*
(*__errno_location ()) != 4Description
TRUEnever evaluated
FALSEnever evaluated
__errno_location ())
(*__errno_location ()) != 4Description
TRUEnever evaluated
FALSEnever evaluated
0
1411 !=
(*__errno_location ()) != 4Description
TRUEnever evaluated
FALSEnever evaluated
0
1412 4
(*__errno_location ()) != 4Description
TRUEnever evaluated
FALSEnever evaluated
0
1413 && -
1414 (*
(*__errno_location ()) != 11Description
TRUEnever evaluated
FALSEnever evaluated
__errno_location ())
(*__errno_location ()) != 11Description
TRUEnever evaluated
FALSEnever evaluated
0
1415 !=
(*__errno_location ()) != 11Description
TRUEnever evaluated
FALSEnever evaluated
0
1416 11
(*__errno_location ()) != 11Description
TRUEnever evaluated
FALSEnever evaluated
0
1417 &&-
1418 -
1419 (*
(*__errno_location ()) != 103Description
TRUEnever evaluated
FALSEnever evaluated
__errno_location ())
(*__errno_location ()) != 103Description
TRUEnever evaluated
FALSEnever evaluated
0
1420 !=
(*__errno_location ()) != 103Description
TRUEnever evaluated
FALSEnever evaluated
0
1421 103
(*__errno_location ()) != 103Description
TRUEnever evaluated
FALSEnever evaluated
0
1422 && -
1423 (*
(*__errno_location ()) != 11Description
TRUEnever evaluated
FALSEnever evaluated
__errno_location ())
(*__errno_location ()) != 11Description
TRUEnever evaluated
FALSEnever evaluated
0
1424 !=
(*__errno_location ()) != 11Description
TRUEnever evaluated
FALSEnever evaluated
0
1425 11
(*__errno_location ()) != 11Description
TRUEnever evaluated
FALSEnever evaluated
0
1426 )-
1427 error("accept: %.100s",
never executed: error("accept: %.100s", strerror( (*__errno_location ()) ));
0
1428 strerror(
never executed: error("accept: %.100s", strerror( (*__errno_location ()) ));
0
1429 (*__errno_location ())
never executed: error("accept: %.100s", strerror( (*__errno_location ()) ));
0
1430 ));
never executed: error("accept: %.100s", strerror( (*__errno_location ()) ));
0
1431 if (-
1432 (*
(*__errno_location ()) == 24Description
TRUEnever evaluated
FALSEnever evaluated
__errno_location ())
(*__errno_location ()) == 24Description
TRUEnever evaluated
FALSEnever evaluated
0
1433 ==
(*__errno_location ()) == 24Description
TRUEnever evaluated
FALSEnever evaluated
0
1434 24
(*__errno_location ()) == 24Description
TRUEnever evaluated
FALSEnever evaluated
0
1435 || -
1436 (*
(*__errno_location ()) == 23Description
TRUEnever evaluated
FALSEnever evaluated
__errno_location ())
(*__errno_location ()) == 23Description
TRUEnever evaluated
FALSEnever evaluated
0
1437 ==
(*__errno_location ()) == 23Description
TRUEnever evaluated
FALSEnever evaluated
0
1438 23
(*__errno_location ()) == 23Description
TRUEnever evaluated
FALSEnever evaluated
0
1439 )-
1440 usleep(100 * 1000);
never executed: usleep(100 * 1000);
0
1441 continue;
never executed: continue;
0
1442 }-
1443 if (unset_nonblock(*newsock) == -1
unset_nonblock(*newsock) == -1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1444 close(*newsock);-
1445 continue;
never executed: continue;
0
1446 }-
1447 if (drop_connection(startups) == 1
drop_connection(startups) == 1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1448 char *laddr = get_local_ipaddr(*newsock);-
1449 char *raddr = get_peer_ipaddr(*newsock);-
1450-
1451 verbose("drop connection #%d from [%s]:%d "-
1452 "on [%s]:%d past MaxStartups", startups,-
1453 raddr, get_peer_port(*newsock),-
1454 laddr, get_local_port(*newsock));-
1455 free(laddr);-
1456 free(raddr);-
1457 close(*newsock);-
1458 continue;
never executed: continue;
0
1459 }-
1460 if (pipe(startup_p) == -1
pipe(startup_p) == -1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1461 close(*newsock);-
1462 continue;
never executed: continue;
0
1463 }-
1464-
1465 if (rexec_flag
rexec_flagDescription
TRUEnever evaluated
FALSEnever evaluated
&& socketpair(
socketpair( 1 ...onfig_s) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1466 1
socketpair( 1 ...onfig_s) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1467 ,
socketpair( 1 ...onfig_s) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1468
socketpair( 1 ...onfig_s) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1469 SOCK_STREAM
socketpair( 1 ...onfig_s) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1470 , 0, config_s) == -1
socketpair( 1 ...onfig_s) == -1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1471 error("reexec socketpair: %s",-
1472 strerror(-
1473 (*__errno_location ())-
1474 ));-
1475 close(*newsock);-
1476 close(startup_p[0]);-
1477 close(startup_p[1]);-
1478 continue;
never executed: continue;
0
1479 }-
1480-
1481 for (j = 0; j < options.max_startups
j < options.max_startupsDescription
TRUEnever evaluated
FALSEnever evaluated
; j++)
0
1482 if (startup_pipes[j] == -1
startup_pipes[j] == -1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1483 startup_pipes[j] = startup_p[0];-
1484 if (maxfd < startup_p[0]
maxfd < startup_p[0]Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1485 maxfd = startup_p[0];
never executed: maxfd = startup_p[0];
0
1486 startups++;-
1487 break;
never executed: break;
0
1488 }-
1489-
1490-
1491-
1492-
1493-
1494 if (debug_flag
debug_flagDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
1495-
1496-
1497-
1498-
1499-
1500 debug("Server will not fork when running in debugging mode.");-
1501 close_listen_socks();-
1502 *sock_in = *newsock;-
1503 *sock_out = *newsock;-
1504 close(startup_p[0]);-
1505 close(startup_p[1]);-
1506 startup_pipe = -1;-
1507 pid = getpid();-
1508 if (rexec_flag
rexec_flagDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
1509 send_rexec_state(config_s[0], cfg);-
1510 close(config_s[0]);-
1511 }
never executed: end of block
0
1512 break;
never executed: break;
0
1513 }-
1514-
1515-
1516-
1517-
1518-
1519-
1520 platform_pre_fork();-
1521 if ((
(pid = fork()) == 0Description
TRUEnever evaluated
FALSEnever evaluated
pid = fork()) == 0
(pid = fork()) == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1522 platform_post_fork_child();-
1523 startup_pipe = startup_p[1];-
1524 close_startup_pipes();-
1525 close_listen_socks();-
1526 *sock_in = *newsock;-
1527 *sock_out = *newsock;-
1528 log_init(__progname,-
1529 options.log_level,-
1530 options.log_facility,-
1531 log_stderr);-
1532 if (rexec_flag
rexec_flagDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
1533 close(config_s[0]);
never executed: close(config_s[0]);
0
1534 break;
never executed: break;
0
1535 }-
1536-
1537-
1538 platform_post_fork_parent(pid);-
1539 if (pid < 0
pid < 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1540 error("fork: %.100s", strerror(
never executed: error("fork: %.100s", strerror( (*__errno_location ()) ));
0
1541 (*__errno_location ())
never executed: error("fork: %.100s", strerror( (*__errno_location ()) ));
0
1542 ));
never executed: error("fork: %.100s", strerror( (*__errno_location ()) ));
0
1543 else-
1544 debug("Forked child %ld.", (long)pid);
never executed: debug("Forked child %ld.", (long)pid);
0
1545-
1546 close(startup_p[1]);-
1547-
1548 if (rexec_flag
rexec_flagDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
1549 send_rexec_state(config_s[0], cfg);-
1550 close(config_s[0]);-
1551 close(config_s[1]);-
1552 }
never executed: end of block
0
1553 close(*newsock);-
1554-
1555-
1556-
1557-
1558-
1559 arc4random_stir();-
1560 arc4random_buf(rnd, sizeof(rnd));-
1561-
1562 RAND_seed(rnd, sizeof(rnd));-
1563 if ((
(RAND_bytes((u...)rnd, 1)) != 1Description
TRUEnever evaluated
FALSEnever evaluated
RAND_bytes((u_char *)rnd, 1)) != 1
(RAND_bytes((u...)rnd, 1)) != 1Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1564 fatal("%s: RAND_bytes failed", __func__);
never executed: fatal("%s: RAND_bytes failed", __func__);
0
1565-
1566 explicit_bzero(rnd, sizeof(rnd));-
1567 }
never executed: end of block
0
1568-
1569-
1570 if (num_listen_socks < 0
num_listen_socks < 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1571 break;
never executed: break;
0
1572 }
never executed: end of block
0
1573}
never executed: end of block
0
1574static void-
1575check_ip_options(struct ssh *ssh)-
1576{-
1577-
1578 int sock_in = ssh_packet_get_connection_in(ssh);-
1579 struct sockaddr_storage from;-
1580 u_char opts[200];-
1581 socklen_t i, option_size = sizeof(opts), fromlen = sizeof(from);-
1582 char text[sizeof(opts) * 3 + 1];-
1583-
1584 memset(&from, 0, sizeof(from));-
1585 if (getpeername(sock_in, (struct sockaddr *)&from,
getpeername(so... &fromlen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1586 &fromlen) < 0
getpeername(so... &fromlen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1587 return;
never executed: return;
0
1588 if (from.ss_family !=
from.ss_family != 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1589 2
from.ss_family != 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1590 )-
1591 return;
never executed: return;
0
1592-
1593-
1594 if (getsockopt(sock_in,
getsockopt(soc...ion_size) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1595 IPPROTO_IP
getsockopt(soc...ion_size) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1596 ,
getsockopt(soc...ion_size) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1597 4
getsockopt(soc...ion_size) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1598 , opts,
getsockopt(soc...ion_size) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1599 &option_size) >= 0
getsockopt(soc...ion_size) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
&& option_size != 0
option_size != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1600 text[0] = '\0';-
1601 for (i = 0; i < option_size
i < option_sizeDescription
TRUEnever evaluated
FALSEnever evaluated
; i++)
0
1602 snprintf(text + i*3, sizeof(text) - i*3,
never executed: snprintf(text + i*3, sizeof(text) - i*3, " %2.2x", opts[i]);
0
1603 " %2.2x", opts[i]);
never executed: snprintf(text + i*3, sizeof(text) - i*3, " %2.2x", opts[i]);
0
1604 fatal("Connection from %.100s port %d with IP opts: %.800s",-
1605 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text);-
1606 }
never executed: end of block
0
1607 return;
never executed: return;
0
1608-
1609}-
1610-
1611-
1612static void-
1613set_process_rdomain(struct ssh *ssh, const char *name)-
1614{-
1615 fatal("Unable to set routing domain: not supported in this platform");-
1616-
1617}
never executed: end of block
0
1618-
1619static void-
1620accumulate_host_timing_secret(struct sshbuf *server_cfg,-
1621 const struct sshkey *key)-
1622{-
1623 static struct ssh_digest_ctx *ctx;-
1624 u_char *hash;-
1625 size_t len;-
1626 struct sshbuf *buf;-
1627 int r;-
1628-
1629 if (ctx ==
ctx == ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
2-4
1630 ((void *)0)
ctx == ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
2-4
1631 && (
(ctx = ssh_dig...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
ctx = ssh_digest_start(4)) ==
(ctx = ssh_dig...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1632 ((void *)0)
(ctx = ssh_dig...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1633 )-
1634 fatal("%s: ssh_digest_start", __func__);
never executed: fatal("%s: ssh_digest_start", __func__);
0
1635 if (key ==
key == ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
2-4
1636 ((void *)0)
key == ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
2-4
1637 ) {-
1638-
1639 if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
ssh_digest_upd...ver_cfg)) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1640 sshbuf_len(server_cfg)) != 0
ssh_digest_upd...ver_cfg)) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
)
0-2
1641 fatal("%s: ssh_digest_update", __func__);
never executed: fatal("%s: ssh_digest_update", __func__);
0
1642 len = ssh_digest_bytes(4);-
1643 hash = xmalloc(len);-
1644 if (ssh_digest_final(ctx, hash, len) != 0
ssh_digest_fin...ash, len) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
)
0-2
1645 fatal("%s: ssh_digest_final", __func__);
never executed: fatal("%s: ssh_digest_final", __func__);
0
1646 options.timing_secret = (((u_int64_t)(((const u_char *)(hash))[0]) << 56) | ((u_int64_t)(((const u_char *)(hash))[1]) << 48) | ((u_int64_t)(((const u_char *)(hash))[2]) << 40) | ((u_int64_t)(((const u_char *)(hash))[3]) << 32) | ((u_int64_t)(((const u_char *)(hash))[4]) << 24) | ((u_int64_t)(((const u_char *)(hash))[5]) << 16) | ((u_int64_t)(((const u_char *)(hash))[6]) << 8) | (u_int64_t)(((const u_char *)(hash))[7]));-
1647 freezero(hash, len);-
1648 ssh_digest_free(ctx);-
1649 ctx = -
1650 ((void *)0)-
1651 ;-
1652 return;
executed 2 times by 1 test: return;
Executed by:
  • sshd
2
1653 }-
1654 if ((
(buf = sshbuf_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
buf = sshbuf_new()) ==
(buf = sshbuf_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
0-4
1655 ((void *)0)
(buf = sshbuf_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
0-4
1656 )-
1657 fatal("%s could not allocate buffer", __func__);
never executed: fatal("%s could not allocate buffer", __func__);
0
1658 if ((
(r = sshkey_pr...ey, buf)) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
r = sshkey_private_serialize(key, buf)) != 0
(r = sshkey_pr...ey, buf)) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
)
0-4
1659 fatal("sshkey_private_serialize: %s", ssh_err(r));
never executed: fatal("sshkey_private_serialize: %s", ssh_err(r));
0
1660 if (ssh_digest_update(ctx, sshbuf_ptr(buf), sshbuf_len(buf)) != 0
ssh_digest_upd...len(buf)) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
)
0-4
1661 fatal("%s: ssh_digest_update", __func__);
never executed: fatal("%s: ssh_digest_update", __func__);
0
1662 sshbuf_reset(buf);-
1663 sshbuf_free(buf);-
1664}
executed 4 times by 1 test: end of block
Executed by:
  • sshd
4
1665-
1666-
1667-
1668-
1669int-
1670main(int ac, char **av)-
1671{-
1672 struct ssh *ssh = -
1673 ((void *)0)-
1674 ;-
1675 extern char *BSDoptarg;-
1676 extern int BSDoptind;-
1677 int r, opt, on = 1, already_daemon, remote_port;-
1678 int sock_in = -1, sock_out = -1, newsock = -1;-
1679 const char *remote_ip, *rdomain;-
1680 char *fp, *line, *laddr, *logfile = -
1681 ((void *)0)-
1682 ;-
1683 int config_s[2] = { -1 , -1 };-
1684 u_int i, j;-
1685 u_int64_t ibytes, obytes;-
1686 mode_t new_umask;-
1687 struct sshkey *key;-
1688 struct sshkey *pubkey;-
1689 int keytype;-
1690 Authctxt *authctxt;-
1691 struct connection_info *connection_info = -
1692 ((void *)0)-
1693 ;-
1694-
1695 ssh_malloc_init();-
1696-
1697-
1698-
1699-
1700 __progname = ssh_get_progname(av[0]);-
1701-
1702-
1703 saved_argc = ac;-
1704 rexec_argc = ac;-
1705 saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));-
1706 for (i = 0; (
(int)i < acDescription
TRUEevaluated 8 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
int)i < ac
(int)i < acDescription
TRUEevaluated 8 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
; i++)
2-8
1707 saved_argv[i] = xstrdup(av[i]);
executed 8 times by 1 test: saved_argv[i] = xstrdup(av[i]);
Executed by:
  • sshd
8
1708 saved_argv[i] = -
1709 ((void *)0)-
1710 ;-
1711-
1712-
1713-
1714 compat_init_setproctitle(ac, av);-
1715 av = saved_argv;-
1716-
1717-
1718 if (geteuid() == 0
geteuid() == 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
&& setgroups(0,
setgroups(0, (...d *)0) ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0-2
1719 ((void *)0)
setgroups(0, (...d *)0) ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1720 ) == -1
setgroups(0, (...d *)0) ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1721 debug("setgroups(): %.200s", strerror(
never executed: debug("setgroups(): %.200s", strerror( (*__errno_location ()) ));
0
1722 (*__errno_location ())
never executed: debug("setgroups(): %.200s", strerror( (*__errno_location ()) ));
0
1723 ));
never executed: debug("setgroups(): %.200s", strerror( (*__errno_location ()) ));
0
1724-
1725-
1726 sanitise_stdfd();-
1727-
1728-
1729 initialize_server_options(&options);-
1730-
1731-
1732 while ((
(opt = BSDgeto...iqrt") ) != -1Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
opt = BSDgetopt(ac, av, "C:E:b:c:f:g:h:k:o:p:u:46DQRTdeiqrt")
(opt = BSDgeto...iqrt") ) != -1Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
2-4
1733 ) != -1
(opt = BSDgeto...iqrt") ) != -1Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
) {
2-4
1734 switch (opt) {-
1735 case
never executed: case '4':
'4':
never executed: case '4':
0
1736 options.address_family = -
1737 2-
1738 ;-
1739 break;
never executed: break;
0
1740 case
never executed: case '6':
'6':
never executed: case '6':
0
1741 options.address_family = -
1742 10-
1743 ;-
1744 break;
never executed: break;
0
1745 case
executed 2 times by 1 test: case 'f':
Executed by:
  • sshd
'f':
executed 2 times by 1 test: case 'f':
Executed by:
  • sshd
2
1746 config_file_name = BSDoptarg;-
1747 break;
executed 2 times by 1 test: break;
Executed by:
  • sshd
2
1748 case
never executed: case 'c':
'c':
never executed: case 'c':
0
1749 servconf_add_hostcert("[command-line]", 0,-
1750 &options, BSDoptarg);-
1751 break;
never executed: break;
0
1752 case
never executed: case 'd':
'd':
never executed: case 'd':
0
1753 if (debug_flag == 0
debug_flag == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1754 debug_flag = 1;-
1755 options.log_level = SYSLOG_LEVEL_DEBUG1;-
1756 }
never executed: end of block
else if (options.log_level < SYSLOG_LEVEL_DEBUG3
options.log_le...G_LEVEL_DEBUG3Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1757 options.log_level++;
never executed: options.log_level++;
0
1758 break;
never executed: break;
0
1759 case
never executed: case 'D':
'D':
never executed: case 'D':
0
1760 no_daemon_flag = 1;-
1761 break;
never executed: break;
0
1762 case
never executed: case 'E':
'E':
never executed: case 'E':
0
1763 logfile = BSDoptarg;-
1764-
1765 case
never executed: case 'e':
'e':
never executed: case 'e':
code before this statement never executed: case 'e':
0
1766 log_stderr = 1;-
1767 break;
never executed: break;
0
1768 case
never executed: case 'i':
'i':
never executed: case 'i':
0
1769 inetd_flag = 1;-
1770 break;
never executed: break;
0
1771 case
never executed: case 'r':
'r':
never executed: case 'r':
0
1772 rexec_flag = 0;-
1773 break;
never executed: break;
0
1774 case
never executed: case 'R':
'R':
never executed: case 'R':
0
1775 rexeced_flag = 1;-
1776 inetd_flag = 1;-
1777 break;
never executed: break;
0
1778 case
never executed: case 'Q':
'Q':
never executed: case 'Q':
0
1779-
1780 break;
never executed: break;
0
1781 case
never executed: case 'q':
'q':
never executed: case 'q':
0
1782 options.log_level = SYSLOG_LEVEL_QUIET;-
1783 break;
never executed: break;
0
1784 case
never executed: case 'b':
'b':
never executed: case 'b':
0
1785-
1786 break;
never executed: break;
0
1787 case
never executed: case 'p':
'p':
never executed: case 'p':
0
1788 options.ports_from_cmdline = 1;-
1789 if (options.num_ports >= 256
options.num_ports >= 256Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1790 fprintf(-
1791 stderr-
1792 , "too many ports.\n");-
1793 exit(1);
never executed: exit(1);
0
1794 }-
1795 options.ports[options.num_ports++] = a2port(BSDoptarg);-
1796 if (options.ports[options.num_ports-1] <= 0
options.ports[..._ports-1] <= 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1797 fprintf(-
1798 stderr-
1799 , "Bad port number.\n");-
1800 exit(1);
never executed: exit(1);
0
1801 }-
1802 break;
never executed: break;
0
1803 case
never executed: case 'g':
'g':
never executed: case 'g':
0
1804 if ((
(options.login...optarg)) == -1Description
TRUEnever evaluated
FALSEnever evaluated
options.login_grace_time = convtime(BSDoptarg)) == -1
(options.login...optarg)) == -1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1805 fprintf(-
1806 stderr-
1807 , "Invalid login grace time.\n");-
1808 exit(1);
never executed: exit(1);
0
1809 }-
1810 break;
never executed: break;
0
1811 case
never executed: case 'k':
'k':
never executed: case 'k':
0
1812-
1813 break;
never executed: break;
0
1814 case
never executed: case 'h':
'h':
never executed: case 'h':
0
1815 servconf_add_hostkey("[command-line]", 0,-
1816 &options, BSDoptarg);-
1817 break;
never executed: break;
0
1818 case
executed 2 times by 1 test: case 't':
Executed by:
  • sshd
't':
executed 2 times by 1 test: case 't':
Executed by:
  • sshd
2
1819 test_flag = 1;-
1820 break;
executed 2 times by 1 test: break;
Executed by:
  • sshd
2
1821 case
never executed: case 'T':
'T':
never executed: case 'T':
0
1822 test_flag = 2;-
1823 break;
never executed: break;
0
1824 case
never executed: case 'C':
'C':
never executed: case 'C':
0
1825 connection_info = get_connection_info(0, 0);-
1826 if (parse_server_match_testspec(connection_info,
parse_server_m...Doptarg) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1827 BSDoptarg) == -1
parse_server_m...Doptarg) == -1Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1828 exit(1);
never executed: exit(1);
0
1829 break;
never executed: break;
0
1830 case
never executed: case 'u':
'u':
never executed: case 'u':
0
1831 utmp_len = (u_int)strtonum(BSDoptarg, 0, -
1832 64-
1833 +1+1, -
1834 ((void *)0)-
1835 );-
1836 if (utmp_len >
utmp_len > 64 +1Description
TRUEnever evaluated
FALSEnever evaluated
0
1837 64
utmp_len > 64 +1Description
TRUEnever evaluated
FALSEnever evaluated
0
1838 +1
utmp_len > 64 +1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
1839 fprintf(-
1840 stderr-
1841 , "Invalid utmp length.\n");-
1842 exit(1);
never executed: exit(1);
0
1843 }-
1844 break;
never executed: break;
0
1845 case
never executed: case 'o':
'o':
never executed: case 'o':
0
1846 line = xstrdup(BSDoptarg);-
1847 if (process_server_config_line(&options, line,
process_server...id *)0) ) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1848 "command-line", 0,
process_server...id *)0) ) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1849 ((void *)0)
process_server...id *)0) ) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1850 ,
process_server...id *)0) ) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1851 ((void *)0)
process_server...id *)0) ) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1852 ) != 0
process_server...id *)0) ) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1853 exit(1);
never executed: exit(1);
0
1854 free(line);-
1855 break;
never executed: break;
0
1856 case
never executed: case '?':
'?':
never executed: case '?':
0
1857 default
never executed: default:
:
never executed: default:
0
1858 usage();-
1859 break;
never executed: break;
0
1860 }-
1861 }-
1862 if (rexeced_flag
rexeced_flagDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
|| inetd_flag
inetd_flagDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
)
0-2
1863 rexec_flag = 0;
never executed: rexec_flag = 0;
0
1864 if (!test_flag
!test_flagDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
&& (rexec_flag
rexec_flagDescription
TRUEnever evaluated
FALSEnever evaluated
&& (av[0] ==
av[0] == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0-2
1865 ((void *)0)
av[0] == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1866 || *
*av[0] != '/'Description
TRUEnever evaluated
FALSEnever evaluated
av[0] != '/'
*av[0] != '/'Description
TRUEnever evaluated
FALSEnever evaluated
)))
0
1867 fatal("sshd re-exec requires execution with an absolute path");
never executed: fatal("sshd re-exec requires execution with an absolute path");
0
1868 if (rexeced_flag
rexeced_flagDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
)
0-2
1869 closefrom((
never executed: closefrom(( 2 + 4));
0
1870 2
never executed: closefrom(( 2 + 4));
0
1871 + 4));
never executed: closefrom(( 2 + 4));
0
1872 else-
1873 closefrom((
executed 2 times by 1 test: closefrom(( 2 + 1));
Executed by:
  • sshd
2
1874 2
executed 2 times by 1 test: closefrom(( 2 + 1));
Executed by:
  • sshd
2
1875 + 1));
executed 2 times by 1 test: closefrom(( 2 + 1));
Executed by:
  • sshd
2
1876-
1877-
1878 -
1879OPENSSL_add_all_algorithms_noconf()-
1880 ;-
1881-
1882-
1883-
1884 if (logfile !=
logfile != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1885 ((void *)0)
logfile != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1886 )-
1887 log_redirect_stderr_to(logfile);
never executed: log_redirect_stderr_to(logfile);
0
1888-
1889-
1890-
1891-
1892 log_init(__progname,-
1893 options.log_level == SYSLOG_LEVEL_NOT_SET ?-
1894 SYSLOG_LEVEL_INFO : options.log_level,-
1895 options.log_facility == SYSLOG_FACILITY_NOT_SET ?-
1896 SYSLOG_FACILITY_AUTH : options.log_facility,-
1897 log_stderr || !inetd_flag);-
1898-
1899-
1900-
1901-
1902-
1903 if (getenv("KRB5CCNAME") !=
getenv("KRB5CC...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1904 ((void *)0)
getenv("KRB5CC...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1905 )-
1906 (
never executed: (void) unsetenv("KRB5CCNAME");
void) unsetenv("KRB5CCNAME");
never executed: (void) unsetenv("KRB5CCNAME");
0
1907-
1908 sensitive_data.have_ssh2_key = 0;-
1909-
1910-
1911-
1912-
1913-
1914 if (test_flag < 2
test_flag < 2Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
&& connection_info !=
connection_info != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1915 ((void *)0)
connection_info != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1916 )-
1917 fatal("Config test connection parameter (-C) provided without "
never executed: fatal("Config test connection parameter (-C) provided without " "test mode (-T)");
0
1918 "test mode (-T)");
never executed: fatal("Config test connection parameter (-C) provided without " "test mode (-T)");
0
1919-
1920-
1921 if ((
(cfg = sshbuf_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
cfg = sshbuf_new()) ==
(cfg = sshbuf_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1922 ((void *)0)
(cfg = sshbuf_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1923 )-
1924 fatal("%s: sshbuf_new failed", __func__);
never executed: fatal("%s: sshbuf_new failed", __func__);
0
1925 if (rexeced_flag
rexeced_flagDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
)
0-2
1926 recv_rexec_state((
never executed: recv_rexec_state(( 2 + 3), cfg);
0
1927 2
never executed: recv_rexec_state(( 2 + 3), cfg);
0
1928 + 3), cfg);
never executed: recv_rexec_state(( 2 + 3), cfg);
0
1929 else if (strcasecmp(config_file_name, "none") != 0
strcasecmp(con..., "none") != 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
)
0-2
1930 load_server_config(config_file_name, cfg);
executed 2 times by 1 test: load_server_config(config_file_name, cfg);
Executed by:
  • sshd
2
1931-
1932 parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,-
1933 cfg, -
1934 ((void *)0)-
1935 );-
1936-
1937 seed_rng();-
1938-
1939-
1940 fill_default_server_options(&options);-
1941-
1942-
1943 if (options.challenge_response_authentication
options.challe...authenticationDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
)
0-2
1944 options.kbd_interactive_authentication = 1;
executed 2 times by 1 test: options.kbd_interactive_authentication = 1;
Executed by:
  • sshd
2
1945-
1946-
1947 if (options.authorized_keys_command_user ==
options.author...== ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
1948 ((void *)0)
options.author...== ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
1949 &&-
1950 (options.authorized_keys_command !=
options.author...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1951 ((void *)0)
options.author...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1952 &&-
1953 strcasecmp(options.authorized_keys_command, "none") != 0
strcasecmp(opt..., "none") != 0Description
TRUEnever evaluated
FALSEnever evaluated
))
0
1954 fatal("AuthorizedKeysCommand set without "
never executed: fatal("AuthorizedKeysCommand set without " "AuthorizedKeysCommandUser");
0
1955 "AuthorizedKeysCommandUser");
never executed: fatal("AuthorizedKeysCommand set without " "AuthorizedKeysCommandUser");
0
1956 if (options.authorized_principals_command_user ==
options.author...== ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
1957 ((void *)0)
options.author...== ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
1958 &&-
1959 (options.authorized_principals_command !=
options.author...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1960 ((void *)0)
options.author...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
1961 &&-
1962 strcasecmp(options.authorized_principals_command, "none") != 0
strcasecmp(opt..., "none") != 0Description
TRUEnever evaluated
FALSEnever evaluated
))
0
1963 fatal("AuthorizedPrincipalsCommand set without "
never executed: fatal("AuthorizedPrincipalsCommand set without " "AuthorizedPrincipalsCommandUser");
0
1964 "AuthorizedPrincipalsCommandUser");
never executed: fatal("AuthorizedPrincipalsCommand set without " "AuthorizedPrincipalsCommandUser");
0
1965-
1966-
1967-
1968-
1969-
1970-
1971-
1972 if (options.num_auth_methods != 0
options.num_auth_methods != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
) {
0-2
1973 for (i = 0; i < options.num_auth_methods
i < options.num_auth_methodsDescription
TRUEnever evaluated
FALSEnever evaluated
; i++) {
0
1974 if (auth2_methods_valid(options.auth_methods[i],
auth2_methods_...ds[i], 1) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1975 1) == 0
auth2_methods_...ds[i], 1) == 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
1976 break;
never executed: break;
0
1977 }
never executed: end of block
0
1978 if (i >= options.num_auth_methods
i >= options.num_auth_methodsDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
1979 fatal("AuthenticationMethods cannot be satisfied by "
never executed: fatal("AuthenticationMethods cannot be satisfied by " "enabled authentication methods");
0
1980 "enabled authentication methods");
never executed: fatal("AuthenticationMethods cannot be satisfied by " "enabled authentication methods");
0
1981 }
never executed: end of block
0
1982-
1983-
1984 if (BSDoptind < ac
BSDoptind < acDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
) {
0-2
1985 fprintf(-
1986 stderr-
1987 , "Extra argument %s.\n", av[BSDoptind]);-
1988 exit(1);
never executed: exit(1);
0
1989 }-
1990-
1991 debug("sshd version %s, %s", "OpenSSH_7.8",-
1992-
1993 SSLeay_version(-
1994 0-
1995 )-
1996-
1997-
1998-
1999 );-
2000-
2001-
2002 privsep_chroot = use_privsep
use_privsepDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
&& (getuid() == 0
getuid() == 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
|| geteuid() == 0
geteuid() == 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
);
0-2
2003 if ((
(privsep_pw = ...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
privsep_pw = getpwnam("nobody")) ==
(privsep_pw = ...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
2004 ((void *)0)
(privsep_pw = ...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
0-2
2005 ) {-
2006 if (privsep_chroot
privsep_chrootDescription
TRUEnever evaluated
FALSEnever evaluated
|| options.kerberos_authentication
options.kerber...authenticationDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
2007 fatal("Privilege separation user %s does not exist",
never executed: fatal("Privilege separation user %s does not exist", "nobody");
0
2008 "nobody");
never executed: fatal("Privilege separation user %s does not exist", "nobody");
0
2009 }
never executed: end of block
else {
0
2010 privsep_pw = pwcopy(privsep_pw);-
2011 freezero(privsep_pw->pw_passwd, strlen(privsep_pw->pw_passwd));-
2012 privsep_pw->pw_passwd = xstrdup("*");-
2013 }
executed 2 times by 1 test: end of block
Executed by:
  • sshd
2
2014 endpwent();-
2015-
2016-
2017 sensitive_data.host_keys = xcalloc(options.num_host_key_files,-
2018 sizeof(struct sshkey *));-
2019 sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files,-
2020 sizeof(struct sshkey *));-
2021-
2022 if (options.host_key_agent
options.host_key_agentDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
) {
0-2
2023 if (-
2024 __extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2025 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2026 ) && __builtin_constant_p (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2027 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2028 ) && (__s1_len = __builtin_strlen (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2029 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2030 ), __s2_len = __builtin_strlen (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2031 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2032 ), (!((size_t)(const void *)((
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2033 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2034 ) + 1) - (size_t)(const void *)(
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2035 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2036 ) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2037 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2038 ) + 1) - (size_t)(const void *)(
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2039 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2040 ) == 1) || __s2_len >= 4)) ? __builtin_strcmp (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2041 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2042 ,
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2043 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2044 ) : (__builtin_constant_p (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2045 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2046 ) && ((size_t)(const void *)((
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2047 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2048 ) + 1) - (size_t)(const void *)(
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2049 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2050 ) == 1) && (__s1_len = __builtin_strlen (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2051 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2052 ), __s1_len < 4) ? (__builtin_constant_p (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2053 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2054 ) && ((size_t)(const void *)((
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2055 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2056 ) + 1) - (size_t)(const void *)(
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2057 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2058 ) == 1) ? __builtin_strcmp (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2059 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2060 ,
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2061 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2062 ) : (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2063 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2064 ); int __result = (((const unsigned char *) (const char *) (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2065 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2066 ))[0] - __s2[0]); if (__s1_len > 0
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) { __result = (((const unsigned char *) (const char *) (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2067 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2068 ))[1] - __s2[1]); if (__s1_len > 1
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) { __result = (((const unsigned char *) (const char *) (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2069 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2070 ))[2] - __s2[2]); if (__s1_len > 2
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) __result = (((const unsigned char *) (const char *) (
never executed: __result = (((const unsigned char *) (const char *) ( options.host_key_agent ))[3] - __s2[3]);
0
2071 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
never executed: __result = (((const unsigned char *) (const char *) ( options.host_key_agent ))[3] - __s2[3]);
0
2072 ))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2073 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2074 ) && ((size_t)(const void *)((
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2075 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2076 ) + 1) - (size_t)(const void *)(
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2077 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2078 ) == 1) && (__s2_len = __builtin_strlen (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2079 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2080 ), __s2_len < 4) ? (__builtin_constant_p (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2081 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2082 ) && ((size_t)(const void *)((
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2083 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2084 ) + 1) - (size_t)(const void *)(
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2085 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2086 ) == 1) ? __builtin_strcmp (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2087 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2088 ,
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2089 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2090 ) : -(__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (const char *) (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2091 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2092 ); int __result = (((const unsigned char *) (const char *) (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2093 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2094 ))[0] - __s2[0]); if (__s2_len > 0
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) { __result = (((const unsigned char *) (const char *) (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2095 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2096 ))[1] - __s2[1]); if (__s2_len > 1
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) { __result = (((const unsigned char *) (const char *) (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2097 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2098 ))[2] - __s2[2]); if (__s2_len > 2
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
&& __result == 0
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
) __result = (((const unsigned char *) (const char *) (
never executed: __result = (((const unsigned char *) (const char *) ( "SSH_AUTH_SOCK" ))[3] - __s2[3]);
0
2099 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
never executed: __result = (((const unsigned char *) (const char *) ( "SSH_AUTH_SOCK" ))[3] - __s2[3]);
0
2100 ))[3] - __s2[3]); } } __result; }))) : __builtin_strcmp (
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2101 options.host_key_agent
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2102 ,
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2103 "SSH_AUTH_SOCK"
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2104 )))); })
__extension__ ...SOCK" )))); })Description
TRUEnever evaluated
FALSEnever evaluated
0
2105 )-
2106 setenv("SSH_AUTH_SOCK",
never executed: setenv("SSH_AUTH_SOCK", options.host_key_agent, 1);
0
2107 options.host_key_agent, 1);
never executed: setenv("SSH_AUTH_SOCK", options.host_key_agent, 1);
0
2108 if ((
(r = ssh_get_a...d *)0) )) == 0Description
TRUEnever evaluated
FALSEnever evaluated
r = ssh_get_authentication_socket(
(r = ssh_get_a...d *)0) )) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2109 ((void *)0)
(r = ssh_get_a...d *)0) )) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2110 )) == 0
(r = ssh_get_a...d *)0) )) == 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
2111 have_agent = 1;
never executed: have_agent = 1;
0
2112 else-
2113 error("Could not connect to agent \"%s\": %s",
never executed: error("Could not connect to agent \"%s\": %s", options.host_key_agent, ssh_err(r));
0
2114 options.host_key_agent, ssh_err(r));
never executed: error("Could not connect to agent \"%s\": %s", options.host_key_agent, ssh_err(r));
0
2115 }-
2116-
2117 for (i = 0; i < options.num_host_key_files
i < options.num_host_key_filesDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
; i++) {
2-4
2118 if (options.host_key_files[i] ==
options.host_k...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
0-4
2119 ((void *)0)
options.host_k...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
0-4
2120 )-
2121 continue;
never executed: continue;
0
2122 if ((
(r = sshkey_lo...d *)0) )) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
r = sshkey_load_private(options.host_key_files[i], "",
(r = sshkey_lo...d *)0) )) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
0-4
2123 &key,
(r = sshkey_lo...d *)0) )) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
0-4
2124 ((void *)0)
(r = sshkey_lo...d *)0) )) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
0-4
2125 )) != 0
(r = sshkey_lo...d *)0) )) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
&& r != -24
r != -24Description
TRUEnever evaluated
FALSEnever evaluated
)
0-4
2126 error("Error loading host key \"%s\": %s",
never executed: error("Error loading host key \"%s\": %s", options.host_key_files[i], ssh_err(r));
0
2127 options.host_key_files[i], ssh_err(r));
never executed: error("Error loading host key \"%s\": %s", options.host_key_files[i], ssh_err(r));
0
2128 if ((
(r = sshkey_lo...d *)0) )) != 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
r = sshkey_load_public(options.host_key_files[i],
(r = sshkey_lo...d *)0) )) != 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
2
2129 &pubkey,
(r = sshkey_lo...d *)0) )) != 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
2
2130 ((void *)0)
(r = sshkey_lo...d *)0) )) != 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
2
2131 )) != 0
(r = sshkey_lo...d *)0) )) != 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
&& r != -24
r != -24Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
)
0-2
2132 error("Error loading host key \"%s\": %s",
never executed: error("Error loading host key \"%s\": %s", options.host_key_files[i], ssh_err(r));
0
2133 options.host_key_files[i], ssh_err(r));
never executed: error("Error loading host key \"%s\": %s", options.host_key_files[i], ssh_err(r));
0
2134 if (pubkey ==
pubkey == ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
2
2135 ((void *)0)
pubkey == ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
2
2136 && key !=
key != ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
2137 ((void *)0)
key != ((void *)0)Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-2
2138 )-
2139 if ((
(r = sshkey_fr...&pubkey)) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
r = sshkey_from_private(key, &pubkey)) != 0
(r = sshkey_fr...&pubkey)) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
)
0-2
2140 fatal("Could not demote key: \"%s\": %s",
never executed: fatal("Could not demote key: \"%s\": %s", options.host_key_files[i], ssh_err(r));
0
2141 options.host_key_files[i], ssh_err(r));
never executed: fatal("Could not demote key: \"%s\": %s", options.host_key_files[i], ssh_err(r));
0
2142 sensitive_data.host_keys[i] = key;-
2143 sensitive_data.host_pubkeys[i] = pubkey;-
2144-
2145 if (key ==
key == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
0-4
2146 ((void *)0)
key == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
0-4
2147 && pubkey !=
pubkey != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2148 ((void *)0)
pubkey != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2149 && have_agent
have_agentDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
2150 debug("will rely on agent for hostkey %s",-
2151 options.host_key_files[i]);-
2152 keytype = pubkey->type;-
2153 }
never executed: end of block
else if (key !=
key != ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-4
2154 ((void *)0)
key != ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-4
2155 ) {-
2156 keytype = key->type;-
2157 accumulate_host_timing_secret(cfg, key);-
2158 }
executed 4 times by 1 test: end of block
Executed by:
  • sshd
else {
4
2159 error("Could not load host key: %s",-
2160 options.host_key_files[i]);-
2161 sensitive_data.host_keys[i] = -
2162 ((void *)0)-
2163 ;-
2164 sensitive_data.host_pubkeys[i] = -
2165 ((void *)0)-
2166 ;-
2167 continue;
never executed: continue;
0
2168 }-
2169-
2170 switch (keytype) {-
2171 case
executed 2 times by 1 test: case KEY_RSA:
Executed by:
  • sshd
KEY_RSA:
executed 2 times by 1 test: case KEY_RSA:
Executed by:
  • sshd
2
2172 case
never executed: case KEY_DSA:
KEY_DSA:
never executed: case KEY_DSA:
0
2173 case
never executed: case KEY_ECDSA:
KEY_ECDSA:
never executed: case KEY_ECDSA:
0
2174 case
executed 2 times by 1 test: case KEY_ED25519:
Executed by:
  • sshd
KEY_ED25519:
executed 2 times by 1 test: case KEY_ED25519:
Executed by:
  • sshd
2
2175 case
never executed: case KEY_XMSS:
KEY_XMSS:
never executed: case KEY_XMSS:
0
2176 if (have_agent
have_agentDescription
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
|| key !=
key != ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-4
2177 ((void *)0)
key != ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
0-4
2178 )-
2179 sensitive_data.have_ssh2_key = 1;
executed 4 times by 1 test: sensitive_data.have_ssh2_key = 1;
Executed by:
  • sshd
4
2180 break;
executed 4 times by 1 test: break;
Executed by:
  • sshd
4
2181 }-
2182 if ((
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
fp = sshkey_fingerprint(pubkey, options.fingerprint_hash,
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
0-4
2183 SSH_FP_DEFAULT)) ==
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
0-4
2184 ((void *)0)
(fp = sshkey_f...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • sshd
0-4
2185 )-
2186 fatal("sshkey_fingerprint failed");
never executed: fatal("sshkey_fingerprint failed");
0
2187 debug("%s host key #%d: %s %s",-
2188 key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp);-
2189 free(fp);-
2190 }
executed 4 times by 1 test: end of block
Executed by:
  • sshd
4
2191 accumulate_host_timing_secret(cfg, -
2192 ((void *)0)-
2193 );-
2194 if (!sensitive_data.have_ssh2_key
!sensitive_data.have_ssh2_keyDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
) {
0-2
2195 logit("sshd: no hostkeys available -- exiting.");-
2196 exit(1);
never executed: exit(1);
0
2197 }-
2198-
2199-
2200-
2201-
2202-
2203 sensitive_data.host_certificates = xcalloc(options.num_host_key_files,-
2204 sizeof(struct sshkey *));-
2205 for (i = 0; i < options.num_host_key_files
i < options.num_host_key_filesDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • sshd
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
; i++)
2-4
2206 sensitive_data.host_certificates[i] =
executed 4 times by 1 test: sensitive_data.host_certificates[i] = ((void *)0) ;
Executed by:
  • sshd
4
2207 ((void *)0)
executed 4 times by 1 test: sensitive_data.host_certificates[i] = ((void *)0) ;
Executed by:
  • sshd
4
2208 ;
executed 4 times by 1 test: sensitive_data.host_certificates[i] = ((void *)0) ;
Executed by:
  • sshd
4
2209-
2210 for (i = 0; i < options.num_host_cert_files
i < options.nu...ost_cert_filesDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
; i++) {
0-2
2211 if (options.host_cert_files[i] ==
options.host_c...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2212 ((void *)0)
options.host_c...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2213 )-
2214 continue;
never executed: continue;
0
2215 if ((
(r = sshkey_lo...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = sshkey_load_public(options.host_cert_files[i],
(r = sshkey_lo...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2216 &key,
(r = sshkey_lo...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2217 ((void *)0)
(r = sshkey_lo...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2218 )) != 0
(r = sshkey_lo...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
2219 error("Could not load host certificate \"%s\": %s",-
2220 options.host_cert_files[i], ssh_err(r));-
2221 continue;
never executed: continue;
0
2222 }-
2223 if (!sshkey_is_cert(key)
!sshkey_is_cert(key)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
2224 error("Certificate file is not a certificate: %s",-
2225 options.host_cert_files[i]);-
2226 sshkey_free(key);-
2227 continue;
never executed: continue;
0
2228 }-
2229-
2230 for (j = 0; j < options.num_host_key_files
j < options.num_host_key_filesDescription
TRUEnever evaluated
FALSEnever evaluated
; j++) {
0
2231 if (sshkey_equal_public(key,
sshkey_equal_p....host_keys[j])Description
TRUEnever evaluated
FALSEnever evaluated
0
2232 sensitive_data.host_keys[j])
sshkey_equal_p....host_keys[j])Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
2233 sensitive_data.host_certificates[j] = key;-
2234 break;
never executed: break;
0
2235 }-
2236 }
never executed: end of block
0
2237 if (j >= options.num_host_key_files
j >= options.n...host_key_filesDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
2238 error("No matching private key for certificate: %s",-
2239 options.host_cert_files[i]);-
2240 sshkey_free(key);-
2241 continue;
never executed: continue;
0
2242 }-
2243 sensitive_data.host_certificates[j] = key;-
2244 debug("host certificate: #%u type %d %s", j, key->type,-
2245 sshkey_type(key));-
2246 }
never executed: end of block
0
2247-
2248 if (privsep_chroot
privsep_chrootDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
) {
0-2
2249 struct stat st;-
2250-
2251 if ((
(stat("/var/ru...", &st) == -1)Description
TRUEnever evaluated
FALSEnever evaluated
stat("/var/run/openssh-test", &st) == -1)
(stat("/var/ru...", &st) == -1)Description
TRUEnever evaluated
FALSEnever evaluated
||
0
2252 (
( (((( st.st_m...040000)) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2253 ((((
( (((( st.st_m...040000)) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2254 st.st_mode
( (((( st.st_m...040000)) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2255 )) & 0170000) == (0040000))
( (((( st.st_m...040000)) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2256 == 0)
( (((( st.st_m...040000)) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
)
0
2257 fatal("Missing privilege separation directory: %s",
never executed: fatal("Missing privilege separation directory: %s", "/var/run/openssh-test");
0
2258 "/var/run/openssh-test");
never executed: fatal("Missing privilege separation directory: %s", "/var/run/openssh-test");
0
2259-
2260-
2261-
2262-
2263-
2264-
2265 if (st.st_uid != 0
st.st_uid != 0Description
TRUEnever evaluated
FALSEnever evaluated
|| (
(st.st_mode & ... >> 3) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
st.st_mode & (
(st.st_mode & ... >> 3) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2266 (0200 >> 3)
(st.st_mode & ... >> 3) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2267 |
(st.st_mode & ... >> 3) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2268 ((0200 >> 3) >> 3)
(st.st_mode & ... >> 3) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2269 )) != 0
(st.st_mode & ... >> 3) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
2270-
2271 fatal("%s must be owned by root and not group or "
never executed: fatal("%s must be owned by root and not group or " "world-writable.", "/var/run/openssh-test");
0
2272 "world-writable.", "/var/run/openssh-test");
never executed: fatal("%s must be owned by root and not group or " "world-writable.", "/var/run/openssh-test");
0
2273 }
never executed: end of block
0
2274-
2275 if (test_flag > 1
test_flag > 1Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sshd
) {
0-2
2276-
2277-
2278-
2279-
2280 if (connection_info ==
connection_info == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2281 ((void *)0)
connection_info == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2282 )-
2283 connection_info = get_connection_info(0, 0);
never executed: connection_info = get_connection_info(0, 0);
0
2284 parse_server_match_config(&options, connection_info);-
2285 dump_config(&options);-
2286 }
never executed: end of block
0
2287-
2288-
2289 if (test_flag
test_flagDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • sshd
FALSEnever evaluated
)
0-2
2290 exit(0);
executed 2 times by 1 test: exit(0);
Executed by:
  • sshd
2
2291 if (setgroups(0,
setgroups(0, ((void *)0) ) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2292 ((void *)0)
setgroups(0, ((void *)0) ) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2293 ) < 0
setgroups(0, ((void *)0) ) < 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
2294 debug("setgroups() failed: %.200s", strerror(
never executed: debug("setgroups() failed: %.200s", strerror( (*__errno_location ()) ));
0
2295 (*__errno_location ())
never executed: debug("setgroups() failed: %.200s", strerror( (*__errno_location ()) ));
0
2296 ));
never executed: debug("setgroups() failed: %.200s", strerror( (*__errno_location ()) ));
0
2297-
2298 if (rexec_flag
rexec_flagDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
2299 if (rexec_argc < 0
rexec_argc < 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
2300 fatal("rexec_argc %d < 0", rexec_argc);
never executed: fatal("rexec_argc %d < 0", rexec_argc);
0
2301 rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));-
2302 for (i = 0; i < (u_int)rexec_argc
i < (u_int)rexec_argcDescription
TRUEnever evaluated
FALSEnever evaluated
; i++) {
0
2303 debug("rexec_argv[%d]='%s'", i, saved_argv[i]);-
2304 rexec_argv[i] = saved_argv[i];-
2305 }
never executed: end of block
0
2306 rexec_argv[rexec_argc] = "-R";-
2307 rexec_argv[rexec_argc + 1] = -
2308 ((void *)0)-
2309 ;-
2310 }
never executed: end of block
0
2311-
2312-
2313 new_umask = umask(0077) | 0022;-
2314 (void) umask(new_umask);-
2315-
2316-
2317 if (debug_flag
debug_flagDescription
TRUEnever evaluated
FALSEnever evaluated
&& (!inetd_flag
!inetd_flagDescription
TRUEnever evaluated
FALSEnever evaluated
|| rexeced_flag
rexeced_flagDescription
TRUEnever evaluated
FALSEnever evaluated
))
0
2318 log_stderr = 1;
never executed: log_stderr = 1;
0
2319 log_init(__progname, options.log_level, options.log_facility, log_stderr);-
2320-
2321-
2322-
2323-
2324-
2325-
2326 already_daemon = daemonized();-
2327 if (!(debug_flag
debug_flagDescription
TRUEnever evaluated
FALSEnever evaluated
|| inetd_flag
inetd_flagDescription
TRUEnever evaluated
FALSEnever evaluated
|| no_daemon_flag
no_daemon_flagDescription
TRUEnever evaluated
FALSEnever evaluated
|| already_daemon
already_daemonDescription
TRUEnever evaluated
FALSEnever evaluated
)) {
0
2328-
2329 if (daemon(0, 0) < 0
daemon(0, 0) < 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
2330 fatal("daemon() failed: %.200s", strerror(
never executed: fatal("daemon() failed: %.200s", strerror( (*__errno_location ()) ));
0
2331 (*__errno_location ())
never executed: fatal("daemon() failed: %.200s", strerror( (*__errno_location ()) ));
0
2332 ));
never executed: fatal("daemon() failed: %.200s", strerror( (*__errno_location ()) ));
0
2333-
2334 disconnect_controlling_tty();-
2335 }
never executed: end of block
0
2336-
2337 log_init(__progname, options.log_level, options.log_facility, log_stderr);-
2338-
2339-
2340-
2341 if (chdir("/") == -1
chdir("/") == -1Description
TRUEnever evaluated
FALSEnever evaluated
)
0
2342 error("chdir(\"/\"): %s", strerror(
never executed: error("chdir(\"/\"): %s", strerror( (*__errno_location ()) ));
0
2343 (*__errno_location ())
never executed: error("chdir(\"/\"): %s", strerror( (*__errno_location ()) ));
0
2344 ));
never executed: error("chdir(\"/\"): %s", strerror( (*__errno_location ()) ));
0
2345-
2346-
2347 mysignal(-
234813-
2349,-
2350((__sighandler_t) 1)-
2351);-
2352-
2353-
2354 if (inetd_flag
inetd_flagDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
2355 server_accept_inetd(&sock_in, &sock_out);-
2356 }
never executed: end of block
else {
0
2357 platform_pre_listen();-
2358 server_listen();-
2359-
2360 mysignal(-
2361 1-
2362 ,sighup_handler);-
2363 mysignal(-
2364 17-
2365 ,main_sigchld_handler);-
2366 mysignal(-
2367 15-
2368 ,sigterm_handler);-
2369 mysignal(-
2370 3-
2371 ,sigterm_handler);-
2372-
2373-
2374-
2375-
2376-
2377 if (options.pid_file !=
options.pid_fi...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2378 ((void *)0)
options.pid_fi...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2379 && !debug_flag
!debug_flagDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
2380 FILE *f = fopen(options.pid_file, "w");-
2381-
2382 if (f ==
f == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2383 ((void *)0)
f == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2384 ) {-
2385 error("Couldn't create pid file \"%s\": %s",-
2386 options.pid_file, strerror(-
2387 (*__errno_location ())-
2388 ));-
2389 }
never executed: end of block
else {
0
2390 fprintf(f, "%ld\n", (long) getpid());-
2391 fclose(f);-
2392 }
never executed: end of block
0
2393 }-
2394-
2395-
2396 server_accept_loop(&sock_in, &sock_out,-
2397 &newsock, config_s);-
2398 }
never executed: end of block
0
2399-
2400-
2401 setproctitle("%s", "[accepted]");-
2402 if (!debug_flag
!debug_flagDescription
TRUEnever evaluated
FALSEnever evaluated
&& !inetd_flag
!inetd_flagDescription
TRUEnever evaluated
FALSEnever evaluated
&& setsid() < 0
setsid() < 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
2403 error("setsid: %.100s", strerror(
never executed: error("setsid: %.100s", strerror( (*__errno_location ()) ));
0
2404 (*__errno_location ())
never executed: error("setsid: %.100s", strerror( (*__errno_location ()) ));
0
2405 ));
never executed: error("setsid: %.100s", strerror( (*__errno_location ()) ));
0
2406-
2407-
2408 if (rexec_flag
rexec_flagDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
2409 int fd;-
2410-
2411 debug("rexec start in %d out %d newsock %d pipe %d sock %d",-
2412 sock_in, sock_out, newsock, startup_pipe, config_s[0]);-
2413 dup2(newsock, -
2414 0-
2415 );-
2416 dup2(-
2417 0-
2418 , -
2419 1-
2420 );-
2421 if (startup_pipe == -1
startup_pipe == -1Description
TRUEnever evaluated
FALSEnever evaluated
)
0
2422 close((
never executed: close(( 2 + 2));
0
2423 2
never executed: close(( 2 + 2));
0
2424 + 2));
never executed: close(( 2 + 2));
0
2425 else if (startup_pipe != (
startup_pipe != ( 2 + 2)Description
TRUEnever evaluated
FALSEnever evaluated
0
2426 2
startup_pipe != ( 2 + 2)Description
TRUEnever evaluated
FALSEnever evaluated
0
2427 + 2)
startup_pipe != ( 2 + 2)Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
2428 dup2(startup_pipe, (-
2429 2 -
2430 + 2));-
2431 close(startup_pipe);-
2432 startup_pipe = (-
2433 2 -
2434 + 2);-
2435 }
never executed: end of block
0
2436-
2437 dup2(config_s[1], (-
2438 2 -
2439 + 3));-
2440 close(config_s[1]);-
2441-
2442 execv(rexec_argv[0], rexec_argv);-
2443-
2444-
2445 error("rexec of %s failed: %s", rexec_argv[0], strerror(-
2446 (*__errno_location ())-
2447 ));-
2448 recv_rexec_state((-
2449 2 -
2450 + 3), -
2451 ((void *)0)-
2452 );-
2453 log_init(__progname, options.log_level,-
2454 options.log_facility, log_stderr);-
2455-
2456-
2457 close((-
2458 2 -
2459 + 3));-
2460 newsock = sock_out = sock_in = dup(-
2461 0-
2462 );-
2463 if ((
(fd = open( "/...02 , 0)) != -1Description
TRUEnever evaluated
FALSEnever evaluated
fd = open(
(fd = open( "/...02 , 0)) != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2464 "/dev/null"
(fd = open( "/...02 , 0)) != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2465 ,
(fd = open( "/...02 , 0)) != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2466 02
(fd = open( "/...02 , 0)) != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2467 , 0)) != -1
(fd = open( "/...02 , 0)) != -1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
2468 dup2(fd, -
2469 0-
2470 );-
2471 dup2(fd, -
2472 1-
2473 );-
2474 if (fd >
fd > 2Description
TRUEnever evaluated
FALSEnever evaluated
0
2475 2
fd > 2Description
TRUEnever evaluated
FALSEnever evaluated
0
2476 )-
2477 close(fd);
never executed: close(fd);
0
2478 }
never executed: end of block
0
2479 debug("rexec cleanup in %d out %d newsock %d pipe %d sock %d",-
2480 sock_in, sock_out, newsock, startup_pipe, config_s[0]);-
2481 }
never executed: end of block
0
2482-
2483-
2484 fcntl(sock_out, -
2485 2-
2486 , -
2487 1-
2488 );-
2489 fcntl(sock_in, -
2490 2-
2491 , -
2492 1-
2493 );-
2494-
2495-
2496-
2497-
2498-
2499-
2500 alarm(0);-
2501 mysignal(-
250214-
2503,-
2504((__sighandler_t) 0)-
2505);-
2506 mysignal(-
25071-
2508,-
2509((__sighandler_t) 0)-
2510);-
2511 mysignal(-
251215-
2513,-
2514((__sighandler_t) 0)-
2515);-
2516 mysignal(-
25173-
2518,-
2519((__sighandler_t) 0)-
2520);-
2521 mysignal(-
252217-
2523,-
2524((__sighandler_t) 0)-
2525);-
2526 mysignal(-
25272-
2528,-
2529((__sighandler_t) 0)-
2530);-
2531-
2532-
2533-
2534-
2535-
2536 packet_set_connection(sock_in, sock_out);-
2537 ssh_packet_set_server(active_state);-
2538 ssh = active_state;-
2539-
2540 check_ip_options(ssh);-
2541-
2542-
2543 channel_init_channels(ssh);-
2544 channel_set_af(ssh, options.address_family);-
2545 process_permitopen(ssh, &options);-
2546-
2547-
2548 if (options.tcp_keep_alive
options.tcp_keep_aliveDescription
TRUEnever evaluated
FALSEnever evaluated
&& ssh_packet_connection_is_on_socket(active_state)
ssh_packet_con...(active_state)Description
TRUEnever evaluated
FALSEnever evaluated
&&
0
2549 setsockopt(sock_in,
setsockopt(soc...izeof(on)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2550 1
setsockopt(soc...izeof(on)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2551 ,
setsockopt(soc...izeof(on)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2552 9
setsockopt(soc...izeof(on)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2553 , &on, sizeof(on)) < 0
setsockopt(soc...izeof(on)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
2554 error("setsockopt SO_KEEPALIVE: %.100s", strerror(
never executed: error("setsockopt SO_KEEPALIVE: %.100s", strerror( (*__errno_location ()) ));
0
2555 (*__errno_location ())
never executed: error("setsockopt SO_KEEPALIVE: %.100s", strerror( (*__errno_location ()) ));
0
2556 ));
never executed: error("setsockopt SO_KEEPALIVE: %.100s", strerror( (*__errno_location ()) ));
0
2557-
2558 if ((
(remote_port =...port(ssh)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
remote_port = ssh_remote_port(ssh)) < 0
(remote_port =...port(ssh)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
2559 debug("ssh_remote_port failed");-
2560 cleanup_exit(255);-
2561 }
never executed: end of block
0
2562-
2563 if (options.routing_domain !=
options.routin...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2564 ((void *)0)
options.routin...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2565 )-
2566 set_process_rdomain(ssh, options.routing_domain);
never executed: set_process_rdomain(ssh, options.routing_domain);
0
2567-
2568-
2569-
2570-
2571-
2572-
2573 remote_ip = ssh_remote_ipaddr(ssh);-
2574-
2575-
2576-
2577-
2578-
2579 rdomain = ssh_packet_rdomain_in(ssh);-
2580-
2581-
2582 laddr = get_local_ipaddr(sock_in);-
2583 verbose("Connection from %s port %d on %s port %d%s%s%s",-
2584 remote_ip, remote_port, laddr, ssh_local_port(ssh),-
2585 rdomain == -
2586 ((void *)0) -
2587 ? "" : " rdomain \"",-
2588 rdomain == -
2589 ((void *)0) -
2590 ? "" : rdomain,-
2591 rdomain == -
2592 ((void *)0) -
2593 ? "" : "\"");-
2594 free(laddr);-
2595 mysignal(-
259614-
2597,grace_alarm_handler);-
2598 if (!debug_flag
!debug_flagDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
2599 alarm(options.login_grace_time);
never executed: alarm(options.login_grace_time);
0
2600-
2601 sshd_exchange_identification(ssh, sock_in, sock_out);-
2602 ssh_packet_set_nonblocking(active_state);-
2603-
2604-
2605 authctxt = xcalloc(1, sizeof(*authctxt));-
2606-
2607 authctxt->loginmsg = loginmsg;-
2608-
2609-
2610 the_authctxt = authctxt;-
2611-
2612-
2613 if ((
(auth_opts = s...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
auth_opts = sshauthopt_new_with_keys_defaults()) ==
(auth_opts = s...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2614 ((void *)0)
(auth_opts = s...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2615 )-
2616 fatal("allocation failed");
never executed: fatal("allocation failed");
0
2617-
2618-
2619 if ((
(loginmsg = ss...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
loginmsg = sshbuf_new()) ==
(loginmsg = ss...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2620 ((void *)0)
(loginmsg = ss...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2621 )-
2622 fatal("%s: sshbuf_new failed", __func__);
never executed: fatal("%s: sshbuf_new failed", __func__);
0
2623 auth_debug_reset();-
2624-
2625 if (use_privsep
use_privsepDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
2626 if (privsep_preauth(authctxt) == 1
privsep_preauth(authctxt) == 1Description
TRUEnever evaluated
FALSEnever evaluated
)
0
2627 goto
never executed: goto authenticated;
authenticated;
never executed: goto authenticated;
0
2628 }
never executed: end of block
else if (have_agent
have_agentDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
2629 if ((
(r = ssh_get_a...th_sock)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = ssh_get_authentication_socket(&auth_sock)) != 0
(r = ssh_get_a...th_sock)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
2630 error("Unable to get agent socket: %s", ssh_err(r));-
2631 have_agent = 0;-
2632 }
never executed: end of block
0
2633 }
never executed: end of block
0
2634-
2635-
2636-
2637 do_ssh2_kex();-
2638 do_authentication2(authctxt);-
2639-
2640-
2641-
2642-
2643-
2644 if (use_privsep
use_privsepDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
2645 mm_send_keystate(pmonitor);-
2646 ssh_packet_clear_keys(active_state);-
2647 exit(0);
never executed: exit(0);
0
2648 }-
2649-
2650 authenticated:
code before this statement never executed: authenticated:
0
2651-
2652-
2653-
2654-
2655 alarm(0);-
2656 mysignal(-
265714-
2658,-
2659((__sighandler_t) 0)-
2660);-
2661 authctxt->authenticated = 1;-
2662 if (startup_pipe != -1
startup_pipe != -1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
2663 close(startup_pipe);-
2664 startup_pipe = -1;-
2665 }
never executed: end of block
0
2666 if (use_privsep
use_privsepDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
2667 privsep_postauth(authctxt);-
2668-
2669 }
never executed: end of block
0
2670-
2671 ssh_packet_set_timeout(active_state, (options.client_alive_interval), (options.client_alive_count_max))-
2672 ;-
2673-
2674-
2675 notify_hostkeys(ssh);-
2676-
2677-
2678 do_authenticated(ssh, authctxt);-
2679-
2680-
2681 ssh_packet_get_bytes(active_state, &ibytes, &obytes);-
2682 verbose("Transferred: sent %llu, received %llu bytes",-
2683 (unsigned long long)obytes, (unsigned long long)ibytes);-
2684-
2685 verbose("Closing connection to %.500s port %d", remote_ip, remote_port);-
2686 packet_close();-
2687-
2688 if (use_privsep
use_privsepDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
2689 mm_terminate();
never executed: mm_terminate();
0
2690-
2691 exit(0);
never executed: exit(0);
0
2692}-
2693-
2694int-
2695sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey,-
2696 u_char **signature, size_t *slenp, const u_char *data, size_t dlen,-
2697 const char *alg, u_int flag)-
2698{-
2699 int r;-
2700-
2701 if (privkey
privkeyDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
2702 if ((
(use_privsep ?...afellows)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
use_privsep
use_privsepDescription
TRUEnever evaluated
FALSEnever evaluated
? mm_sshkey_sign(privkey, signature, slenp, data, dlen, alg, datafellows) : sshkey_sign(privkey, signature, slenp, data, dlen, alg, datafellows))
(use_privsep ?...afellows)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2703 < 0
(use_privsep ?...afellows)) < 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
2704 fatal("%s: key_sign failed", __func__);
never executed: fatal("%s: key_sign failed", __func__);
0
2705 }
never executed: end of block
else if (use_privsep
use_privsepDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
2706 if (mm_sshkey_sign(pubkey, signature, slenp, data, dlen,
mm_sshkey_sign...tafellows) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2707 alg, datafellows) < 0
mm_sshkey_sign...tafellows) < 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
2708 fatal("%s: pubkey_sign failed", __func__);
never executed: fatal("%s: pubkey_sign failed", __func__);
0
2709 }
never executed: end of block
else {
0
2710 if ((
(r = ssh_agent...fellows)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = ssh_agent_sign(auth_sock, pubkey, signature, slenp,
(r = ssh_agent...fellows)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2711 data, dlen, alg, datafellows)) != 0
(r = ssh_agent...fellows)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
2712 fatal("%s: ssh_agent_sign failed: %s",
never executed: fatal("%s: ssh_agent_sign failed: %s", __func__, ssh_err(r));
0
2713 __func__, ssh_err(r));
never executed: fatal("%s: ssh_agent_sign failed: %s", __func__, ssh_err(r));
0
2714 }
never executed: end of block
0
2715 return
never executed: return 0;
0;
never executed: return 0;
0
2716}-
2717-
2718-
2719static void-
2720do_ssh2_kex(void)-
2721{-
2722 char *myproposal[PROPOSAL_MAX] = { "curve25519-sha256," "curve25519-sha256@libssh.org," "ecdh-sha2-nistp256," "ecdh-sha2-nistp384," "ecdh-sha2-nistp521," "diffie-hellman-group-exchange-sha256," "diffie-hellman-group16-sha512," "diffie-hellman-group18-sha512," "diffie-hellman-group14-sha256," "diffie-hellman-group14-sha1", "ecdsa-sha2-nistp256-cert-v01@openssh.com," "ecdsa-sha2-nistp384-cert-v01@openssh.com," "ecdsa-sha2-nistp521-cert-v01@openssh.com," "ssh-ed25519-cert-v01@openssh.com," "rsa-sha2-512-cert-v01@openssh.com," "rsa-sha2-256-cert-v01@openssh.com," "ssh-rsa-cert-v01@openssh.com," "ecdsa-sha2-nistp256," "ecdsa-sha2-nistp384," "ecdsa-sha2-nistp521," "ssh-ed25519," "rsa-sha2-512," "rsa-sha2-256," "ssh-rsa", "chacha20-poly1305@openssh.com," "aes128-ctr,aes192-ctr,aes256-ctr" ",aes128-gcm@openssh.com,aes256-gcm@openssh.com", "chacha20-poly1305@openssh.com," "aes128-ctr,aes192-ctr,aes256-ctr" ",aes128-gcm@openssh.com,aes256-gcm@openssh.com", "umac-64-etm@openssh.com," "umac-128-etm@openssh.com," "hmac-sha2-256-etm@openssh.com," "hmac-sha2-512-etm@openssh.com," "hmac-sha1-etm@openssh.com," "umac-64@openssh.com," "umac-128@openssh.com," "hmac-sha2-256," "hmac-sha2-512," "hmac-sha1", "umac-64-etm@openssh.com," "umac-128-etm@openssh.com," "hmac-sha2-256-etm@openssh.com," "hmac-sha2-512-etm@openssh.com," "hmac-sha1-etm@openssh.com," "umac-64@openssh.com," "umac-128@openssh.com," "hmac-sha2-256," "hmac-sha2-512," "hmac-sha1", "none,zlib@openssh.com", "none,zlib@openssh.com", "", "" };-
2723 struct kex *kex;-
2724 int r;-
2725-
2726 myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(-
2727 options.kex_algorithms);-
2728 myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(-
2729 options.ciphers);-
2730 myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(-
2731 options.ciphers);-
2732 myproposal[PROPOSAL_MAC_ALGS_CTOS] =-
2733 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;-
2734-
2735 if (options.compression == 0
options.compression == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
2736 myproposal[PROPOSAL_COMP_ALGS_CTOS] =-
2737 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";-
2738 }
never executed: end of block
0
2739-
2740 if (options.rekey_limit
options.rekey_limitDescription
TRUEnever evaluated
FALSEnever evaluated
|| options.rekey_interval
options.rekey_intervalDescription
TRUEnever evaluated
FALSEnever evaluated
)
0
2741 ssh_packet_set_rekey_limits(active_state, options.rekey_limit, options.rekey_interval)
never executed: ssh_packet_set_rekey_limits(active_state, options.rekey_limit, options.rekey_interval) ;
0
2742 ;
never executed: ssh_packet_set_rekey_limits(active_state, options.rekey_limit, options.rekey_interval) ;
0
2743-
2744 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(-
2745 list_hostkey_types());-
2746-
2747-
2748 if ((
(r = kex_setup...roposal)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
r = kex_setup(active_state, myproposal)) != 0
(r = kex_setup...roposal)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
)
0
2749 fatal("kex_setup: %s", ssh_err(r));
never executed: fatal("kex_setup: %s", ssh_err(r));
0
2750 kex = active_state->kex;-
2751-
2752 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;-
2753 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;-
2754 kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;-
2755 kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;-
2756 kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;-
2757 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;-
2758 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;-
2759-
2760 kex->kex[KEX_ECDH_SHA2] = kexecdh_server;-
2761-
2762-
2763 kex->kex[KEX_C25519_SHA256] = kexc25519_server;-
2764 kex->server = 1;-
2765 kex->client_version_string=client_version_string;-
2766 kex->server_version_string=server_version_string;-
2767 kex->load_host_public_key=&get_hostkey_public_by_type;-
2768 kex->load_host_private_key=&get_hostkey_private_by_type;-
2769 kex->host_key_index=&get_hostkey_index;-
2770 kex->sign = sshd_hostkey_sign;-
2771-
2772 ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done);-
2773-
2774 session_id2 = kex->session_id;-
2775 session_id2_len = kex->session_id_len;-
2776 debug("KEX done");-
2777}
never executed: end of block
0
2778-
2779-
2780void-
2781cleanup_exit(int i)-
2782{-
2783 struct ssh *ssh = active_state;-
2784-
2785 if (the_authctxt
the_authctxtDescription
TRUEnever evaluated
FALSEnever evaluated
) {
0
2786 do_cleanup(ssh, the_authctxt);-
2787 if (use_privsep
use_privsepDescription
TRUEnever evaluated
FALSEnever evaluated
&& privsep_is_preauth
privsep_is_preauthDescription
TRUEnever evaluated
FALSEnever evaluated
&&
0
2788 pmonitor !=
pmonitor != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2789 ((void *)0)
pmonitor != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2790 && pmonitor->m_pid > 1
pmonitor->m_pid > 1Description
TRUEnever evaluated
FALSEnever evaluated
) {
0
2791 debug("Killing privsep child %d", pmonitor->m_pid);-
2792 if (kill(pmonitor->m_pid,
kill(pmonitor->m_pid, 9 ) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2793 9
kill(pmonitor->m_pid, 9 ) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2794 ) != 0
kill(pmonitor->m_pid, 9 ) != 0Description
TRUEnever evaluated
FALSEnever evaluated
&&
0
2795 -
2796 (*
(*__errno_location ()) != 3Description
TRUEnever evaluated
FALSEnever evaluated
__errno_location ())
(*__errno_location ()) != 3Description
TRUEnever evaluated
FALSEnever evaluated
0
2797 !=
(*__errno_location ()) != 3Description
TRUEnever evaluated
FALSEnever evaluated
0
2798 3
(*__errno_location ()) != 3Description
TRUEnever evaluated
FALSEnever evaluated
0
2799 )-
2800 error("%s: kill(%d): %s", __func__,
never executed: error("%s: kill(%d): %s", __func__, pmonitor->m_pid, strerror( (*__errno_location ()) ));
0
2801 pmonitor->m_pid, strerror(
never executed: error("%s: kill(%d): %s", __func__, pmonitor->m_pid, strerror( (*__errno_location ()) ));
0
2802 (*__errno_location ())
never executed: error("%s: kill(%d): %s", __func__, pmonitor->m_pid, strerror( (*__errno_location ()) ));
0
2803 ));
never executed: error("%s: kill(%d): %s", __func__, pmonitor->m_pid, strerror( (*__errno_location ()) ));
0
2804 }
never executed: end of block
0
2805 }
never executed: end of block
0
2806-
2807-
2808-
2809-
2810-
2811 _exit(i);-
2812}
never executed: end of block
0
Switch to Source codePreprocessed file

Generated by Squish Coco 4.2.2