validate routing domain is in range 0-RT_TABLEID_MAX.

'Looks right' deraadt@

5 files changed, 34 insertions, 10 deletions

diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c
index 04a54068872..883a62f9950 100644
--- a/usr.bin/ssh/misc.c
+++ b/usr.bin/ssh/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.73 2009/11/20 03:24:07 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.74 2009/12/25 19:40:21 stevesk Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -261,6 +261,18 @@ a2port(const char *s)
 }
 
 int
+a2rdomain(const char *s)
+{
+	long long rdomain;
+	const char *errstr;
+
+	rdomain = strtonum(s, 0, RT_TABLEID_MAX, &errstr);
+	if (errstr != NULL)
+		return -1;
+	return (int)rdomain;
+}
+
+int
 a2tun(const char *s, int *remote)
 {
 	const char *errstr = NULL;
diff --git a/usr.bin/ssh/misc.h b/usr.bin/ssh/misc.h
index 3d5ec0cf3a0..f3b94636ad8 100644
--- a/usr.bin/ssh/misc.h
+++ b/usr.bin/ssh/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.39 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: misc.h,v 1.40 2009/12/25 19:40:21 stevesk Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -23,6 +23,7 @@ int	 set_nonblock(int);
 int	 unset_nonblock(int);
 void	 set_nodelay(int);
 int	 a2port(const char *);
+int	 a2rdomain(const char *);
 int	 a2tun(const char *, int *);
 char	*put_host_port(const char *, u_short);
 char	*hpdelim(char **);
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index ec5bb8d0b6f..835744bbfbc 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.179 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: readconf.c,v 1.180 2009/12/25 19:40:21 stevesk Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -920,7 +920,7 @@ parse_int:
 		if (!arg || *arg == '\0')
 			fatal("%.200s line %d: Missing argument.",
 			    filename, linenum);
-		value = a2port(arg);
+		value = a2rdomain(arg);
 		if (value == -1)
 			fatal("%.200s line %d: Bad rdomain.",
 			    filename, linenum);
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index 3c9ca8a7eed..77cc7d85bb3 100644
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.197 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: servconf.c,v 1.198 2009/12/25 19:40:21 stevesk Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1255,7 +1255,16 @@ process_server_config_line(ServerOptions *options, char *line,
 
 	case sRDomain:
 		intptr = &options->rdomain;
-		goto parse_int;
+		arg = strdelim(&cp);
+		if (!arg || *arg == '\0')
+			fatal("%s line %d: missing rdomain value.",
+			    filename, linenum);
+		if ((value = a2rdomain(arg)) == -1)
+			fatal("%s line %d: invalid rdomain value.",
+			    filename, linenum);
+		if (*intptr == -1)
+			*intptr = value;
+		break;
 
 	case sDeprecated:
 		logit("%s line %d: Deprecated option %s",
diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c
index 8f581ba78ff..d5c5a42a39c 100644
--- a/usr.bin/ssh/ssh-keyscan.c
+++ b/usr.bin/ssh/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.79 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.80 2009/12/25 19:40:21 stevesk Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -789,9 +789,11 @@ main(int argc, char **argv)
 			IPv4or6 = AF_INET6;
 			break;
 		case 'V':
-			scan_rdomain = a2port(optarg);
-			if (scan_rdomain < 0)
-				scan_rdomain = -1;
+			scan_rdomain = a2rdomain(optarg);
+			if (scan_rdomain == -1) {
+				fprintf(stderr, "Bad rdomain '%s'\n", optarg);
+				exit(1);
+			}
 			break;
 		case '?':
 		default: