ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность
3 651 коммит 3 Ветки 1 Тег
Граф коммитов

3651 Коммитов

This Branch
This Branch
Все ветки
Автор SHA1 Сообщение Дата
Jon Simons
25384e9558 libcrypto-compat: fix HMAC_CTX_free for OpenSSL < 1.1.0 
On older OpenSSL versions, the EVP_MD_CTX fields within an HMAC_CTX
structure are contained inlined (change here [1]): be sure to not
try to free those fields on those builds.

Found running the `pkd_hello` test with:

    valgrind ./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_default

^ valgrind will cite "Invalid free() ..." errors which are present
before this fix and absent after, when building with OpenSSL 1.0.1.

[1] 6e59a892db

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2017-07-13 19:28:59 +02:00
Andreas Schneider
0cb2974bd8 misc: Use strtoul in ssh_analyze_banner() 
Thanks to Tilo Eckert.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-06-28 12:29:53 +02:00
Andreas Schneider
87527adada Add config file for arcanist 
This is for the commanline-client to access https://bugs.libssh.org

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-06-19 09:36:19 +02:00
Aris Adamantiadis
0cffb88b80 config: fix buffer underflow with unrecognized opcodes 2017-06-08 10:45:53 +02:00
Aris Adamantiadis
b0c2ca1b66 tests: fix buffer overflow in testcase 2017-06-07 18:49:56 +02:00
Andreas Schneider
c50f2d1356 misc: Do not fall through and return a value 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-06-06 10:25:15 +02:00
debevv
48e7b098f8 wrapper: Fix possible crash in ssh_handle_key_exchange() 
If ssh_handle_key_exchange() fails, when ssh_free() is called
cipher->ctx is NULL.

Signed-off-by: debevv <valerio@sonicpengu.in>
 2017-06-06 10:21:55 +02:00
Artyom V. Poptsov
5333be5988 config: Bugfix: Don't skip unseen opcodes 
libssh fails to read the configuration from a config file due to a
wrong check in 'ssh_config_parse_line' procedure in 'config.c'; it's
effectively skipping every opcode (and therefore every option) from
the file.  The change fixes that behaviour.

Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2017-06-06 10:19:37 +02:00
Andreas Schneider
e4f80bd142 doc: Fix documentation for ssh_userauth_none() usage 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-06-06 10:18:25 +02:00
Andreas Schneider
abbd6e304a messages: Make sure we always free the answers pointer 
Found by ozz-fuzz

BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1272

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-26 10:55:25 +02:00
Andreas Schneider
7c79b5c154 messages: Do not leak memory of previously allocated answers 
Found by ozz-fuzz

BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1222

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-25 16:20:06 +02:00
Andreas Schneider
5eb41492c4 messages: Do not leak memory if answeres had been allocated previously 
Found by ozz-fuzz

BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1222

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-24 13:27:20 +02:00
Andreas Schneider
c78c6c6542 messages: Do not leak memory if answered had been allocated previously 
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1184

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-21 11:12:10 +02:00
Andreas Schneider
d5d8349224 misc: Validate integers converted from the SSH banner 
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1181

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-21 11:02:29 +02:00
Andreas Schneider
67a2ba6f99 messages: Fix memory leaks in the ssh_packet_global_request callback 
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1208

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-21 10:56:13 +02:00
Andreas Schneider
79437fa0c9 auth: Use calloc in ssh_userauth_agent_pubkey() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-21 10:50:37 +02:00
Peter Volpe
76ba2b0055 session: Free session->kbdint in ssh_free() 
Makes sure we free pending keyboard auth prompts
so prompts that have not be replied to do not leak.

Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-20 17:04:21 +02:00
Andreas Schneider
68b7ca6e92 buffer: Validate the length before before memory allocation 
Check if the size the other party sent is a valid size in the
transmitted buffer.

Thanks to Alex Gaynor for finding and reporting the issue.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-13 16:25:40 +02:00
Andreas Schneider
c165c396de buffer: Create ssh_buffer_validate_length() 
This functions allows if a given length can be obtained from the buffer.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-13 16:25:29 +02:00
Andreas Schneider
f21ddefedb Revert "buffer: Create ssh_buffer_validate_length()" 
This reverts commit 34bdc1ca7871e8e9258077411edd516c8de55299.
 2017-04-13 16:19:28 +02:00
Andreas Schneider
0cf1c85542 Revert "buffer: Validate the length before before memory allocation" 
This reverts commit 57550e6211c19c634a319bed59d39b28d020dcd1.
 2017-04-13 16:19:23 +02:00
Andreas Schneider
57550e6211 buffer: Validate the length before before memory allocation 
Check if the size the other party sent is a valid size in the
transmitted buffer.

Thanks to Alex Gaynor for finding and reporting the issue.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-13 16:12:27 +02:00
Andreas Schneider
34bdc1ca78 buffer: Create ssh_buffer_validate_length() 
This functions allows if a given length can be obtained from the buffer.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-13 16:12:27 +02:00
Alex Hermann
5f202d7ffa config: Only use first occurence of each parameter 
ssh_config's manpage says:
"For each parameter, the first obtained value will be used."

Make libssh adhere to this rule.

BUG: https://red.libssh.org/issues/256

Signed-off-by: Alex Hermann <alex@hexla.nl>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-13 16:08:20 +02:00
Alex Hermann
c3a8b5009f config: Don't expand Host variable 
Tokens are not allowed (according to the manpage).
Expansion was introduced by a wrong fix for #127.

This commit reverts part of 6eea08a9ef

Signed-off-by: Alex Hermann <alex@hexla.nl>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-13 15:58:52 +02:00
Alex Hermann
9ef7e90821 config: Support expansion in the HostName variable 
BUG: https://red.libssh.org/issues/127

The original "fix" for 127 was expanding the wrong variable: Host instead
of HostName.

Signed-off-by: Alex Hermann <alex@hexla.nl>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-13 15:55:12 +02:00
Yanis Kurganov
38cb19268a session: Add SSH1 support in ssh_send_debug() 
Signed-off-by: Yanis Kurganov <ykurganov@ptsecurity.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2017-04-11 17:40:38 +02:00
Yanis Kurganov
72fdb4867e session: Add SSH1 support in ssh_send_ignore() 
Signed-off-by: Yanis Kurganov <ykurganov@ptsecurity.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2017-04-11 17:40:30 +02:00
Alfredo Mazzinghi
9dc650b7fb server: Add option SSH_BIND_OPTIONS_IMPORT_KEY to server 
This sets the bind private key directly from an ssh_key struct instead
of reading a file.

Signed-off-by: Alfredo Mazzinghi <am2419@cl.cam.ac.uk>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-11 10:00:13 +02:00
Max Bachmann
3ec8babfaf messages: Utilize the message queue for SSH_REQUEST_GLOBAL. 
Signed-off-by: Max Bachmann <mabahltm@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-11 09:55:22 +02:00
Andreas Schneider
462c7726c3 cmake: Fix GCRYPT_ROOT_DIR and check correct paths 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-04-11 09:42:53 +02:00
Andreas Schneider
e0fa48d2ed Update SubmittingPatches 2017-02-27 11:49:10 +01:00
Andreas Schneider
73e8277072 libcrypto-compat: Check if EVP_CIPHER_CTX_new is needed 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-02-23 16:59:28 +01:00
Andreas Schneider
c7e9dc2ee3 cmake: Check for EVP_CIPHER_CTX_new 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-02-23 16:54:26 +01:00
Andreas Schneider
166b9f7709 buffer: Use calloc to allocate a zero'ed buffer 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-02-06 09:42:49 +01:00
Andreas Schneider
de369b46b1 pki: Use byte mode for fopen() 
BUG: https://red.libssh.org/issues/251

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-02-03 13:18:16 +01:00
Justus Winter
043560d7dd pki_gcrypt: Fix freeing of ECDSA signatures. 
* src/pki.c (ssh_signature_free): Fix test for ECC using gcrypt.

Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-09 18:20:40 +01:00
Justus Winter
4b33c6bb97 pki_gcrypt: Fix memory leak. 
* src/pki_gcrypt.c (pki_key_ecdsa_to_nid): Release 'sexp'.

Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-09 18:20:19 +01:00
Andreas Schneider
2f6a866373 cmake: Only build libcrypto and libcrypto-compat when needed 
This also fixes the gcrypt build.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-08 10:31:20 +01:00
Andreas Schneider
f8ef200e76 tests: Fix session management of torture_knownhosts 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-08 08:16:20 +01:00
Andreas Schneider
3daf1760a1 cmake: Use configure check for CRYPTO_ctr128_encrypt 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:46:47 +01:00
Andreas Schneider
2dff359a33 threads: Use new API call for OpenSSL CRYPTO THREADID 
BUG: https://red.libssh.org/issues/222

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:46:47 +01:00
Jakub Jelen
3341f49a49 pki_crypto: Use getters and setters for opaque keys and signatures 
This is for OpenSSL 1.1.0 support.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:46:47 +01:00
Jakub Jelen
5d2e9ee66e libcrypto: Use a pointer for EVP_CIPHER_CTX 
This has been made opaque and it needs to be a pointer.

This is for OpenSSL 1.1.0 support.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:46:47 +01:00
Jakub Jelen
607c671f67 libcrypto: Use a pointer for EVP_MD_CTX 
This is for OpenSSL 1.1.0 support.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:46:41 +01:00
Jakub Jelen
cf1e808e2f libcrypto: Use newer API for HMAC 
This is for OpenSSL 1.1.0 support.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:45:07 +01:00
Jakub Jelen
b6cfde8987 libcrypto: Introduce a libcrypto compat file 
This is for OpenSSL 1.1.0 support.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:42:06 +01:00
Jakub Jelen
d73f665edd libcrypto: Remove AES_ctr128_encrypt() 
This is for OpenSSL 1.1.0.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 11:42:06 +01:00
Andreas Schneider
52efbc3a23 misc: Use simpler macros for htonll and ntohll 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 09:39:19 +01:00
Andreas Schneider
639dc3b5fd tests: Fix typo in torture_crypto 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-11-07 07:50:24 +01:00