ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность
3 452 коммитов 3 Ветки 1 Тег
Граф коммитов

1235 Коммитов

Автор SHA1 Сообщение Дата
Aris Adamantiadis
3091025472 buffers: Fix a possible null pointer dereference 
This is an addition to CVE-2015-3146 to fix the null pointer
dereference. The patch is not required to fix the CVE but prevents
issues in future.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-23 10:33:52 +02:00
Aris Adamantiadis
bf0c7ae0ae CVE-2015-3146: Fix state validation in packet handlers 
The state validation in the packet handlers for SSH_MSG_NEWKEYS and
SSH_MSG_KEXDH_REPLY had a bug which did not raise an error.

The issue has been found and reported by Mariusz Ziule.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-23 10:15:47 +02:00
Kevin Fan
b5dc8197f7 Fix leak of sftp->ext when sftp_new() fails 
Signed-off-by: Kevin Fan <kevinfan@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-14 20:56:56 +02:00
Andreas Schneider
1cb940c44a socket: Cleanup ssh_socket_close() code. 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-10 13:32:09 +02:00
Andreas Schneider
3f04367fb8 bind: Correctly close sockets and invalidate them. 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-10 13:32:09 +02:00
Andreas Schneider
6c7e552509 cmake: Require cmake version 2.8.0 2015-04-10 13:32:09 +02:00
Andreas Schneider
b1cb8de385 cmake: Check for sys/param.h header file 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-10 13:07:12 +02:00
Andreas Schneider
69c9cd029f cmake: Check for arpa/inet.h header file 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-10 13:02:56 +02:00
Andreas Schneider
c699b9ca94 external: Use standard int types 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-10 13:02:56 +02:00
Andreas Schneider
5236358a48 messages: Don't leak memory after callback execution 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-02 16:13:20 +02:00
Andreas Schneider
e0a73d3dbe poll: Fix compilation with struct ssh_timestamp 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-02 15:02:29 +02:00
Andreas Schneider
a3357b8920 include: We should use __func__ which is C99 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-02 10:58:36 +02:00
Seb Boving
7ec798d3e7 Locally restart ssh_poll() upon EINTR. 
BUG: https://red.libssh.org/issues/186

Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
Signed-off-by: Sebastien Boving <seb@google.com>
 2015-02-23 22:05:54 +01:00
xjoaalm
f32e5f2191 Sending EOF on Socket that received a Broken Pipe makes call to poll to hang 
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
Signed-off-by: Joao Pedro Almeida Pereira <joao.almeida@blue-tc.com>
 2015-02-23 22:01:15 +01:00
Aris Adamantiadis
940cb233ce buffer: buffer_pack & unpack on non-gnu compilers 2015-02-08 18:49:32 +01:00
Aris Adamantiadis
d3f30da158 buffer: fix use-before-nullcheck (coverity #1267979) 
Additionally, the function call was already existing after
the NULL check
 2015-02-03 22:21:22 +01:00
Aris Adamantiadis
760d93e87b Revert "pki_gcrypt: fix warnings for SSH_KEYTYPE_ED25519" 
This reverts commit 10f71c67690cf3c0e1b6a733c3641407df2224e2.
Commit was redundant with ed25519 branch
 2015-02-03 09:58:28 +01:00
Aris Adamantiadis
8af829a42a base64: Use secure buffers 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-02-02 17:33:58 +01:00
Andreas Schneider
ad8fa427dd buffer: Abort if the canary is not intact in ssh_buffer_unpack() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
 2015-02-02 17:32:34 +01:00
Andreas Schneider
de10a7754b buffer: buffer: Improve argument checking of in ssh_buffer_pack() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
 2015-02-02 17:32:31 +01:00
Andreas Schneider
6789170799 buffer: Abort if the canary is not intact in ssh_buffer_unpack() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
 2015-02-02 17:32:28 +01:00
Andreas Schneider
afc9988c93 buffer: Improve argument checking in ssh_buffer_pack() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
 2015-02-02 17:32:18 +01:00
Aris Adamantiadis
2490404d45 Move all 3rd-party C files to src/external/ 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-02-02 14:45:53 +01:00
Aris Adamantiadis
9e4700cdc0 ed25519: Add support for OpenSSH encrypted container export 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-02-02 14:45:52 +01:00
Aris Adamantiadis
423fa6818b ed25519: ADd OpenSSH encrypted container import 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-02-02 14:45:52 +01:00
Aris Adamantiadis
61e2c8f0f7 external: Add OpenSSH bcrypt and blowfish implementation 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-02-02 14:45:52 +01:00
Aris Adamantiadis
c02b260e7e server: Add support for ed25519 keys in the server. 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-02-02 14:45:52 +01:00
Aris Adamantiadis
01a6004171 kex: Add support for ed25519 on client connections. 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-02-02 14:45:52 +01:00
Aris Adamantiadis
46bc11f977 ed25519: Add support to export OpenSSH container keys 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-02-02 14:45:52 +01:00
Aris Adamantiadis
4343ac5b08 libgcrypt: Make the PEM parser ed25519 aware 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-02-02 14:45:52 +01:00
Aris Adamantiadis
6b9183a20b libcrypto: Make the PEM parser ed25519 aware 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-02-02 14:45:52 +01:00
Aris Adamantiadis
3ec3a926e5 ed25519: Add support o import OpenSSH container keys 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-02-02 14:45:52 +01:00
Aris Adamantiadis
7febad5821 kex: disable des-cbc-ssh1 by default 
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-01-26 08:57:06 +01:00
Andreas Schneider
b235c380f2 packet_cb: Add misssing include for ntohl(). 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-01-21 09:23:43 +01:00
Andreas Schneider
9a7d450098 pki: Make sure sig is not used unintialized. 
BUG: https://red.libssh.org/issues/167

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-01-20 19:31:12 +01:00
Andreas Schneider
433f8fd550 threads: Fix building with POSIX threads in MinGW. 
BUG: https://red.libssh.org/issues/181

Originally written by Patrick von Reth <vonreth () kde ! org>.

This patch is part of the larger patch:
https://projects.kde.org/projects/kdesupport/emerge/repository/revisions/master/changes/portage/win32libs/libssh/0002-add-a-way-to-test-ssh-connections-on-windows.patch

MinGW (in particular, the MinGW-w64 fork) can use either posix threads
or win32 threads. This patch fixes the MinGW build when using posix
threads.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-01-20 19:01:15 +01:00
Yanis Kurganov
c6590bd189 channels1: Fix pty request state 
Signed-off-by: Yanis Kurganov <YKurganov@ptsecurity.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-01-20 18:58:13 +01:00
Andreas Schneider
06a0d8ff1c connect: Fix a memory leak. 
CID: #1238618

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
 2015-01-14 15:20:52 +01:00
Andreas Schneider
af0dd3fb02 sftp: Fix a possible integer overflow. 
CID: #1238630

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
 2015-01-14 15:20:49 +01:00
Andreas Schneider
ce02f6576a sftp: Use a declared variable for data len. 
CID: #1238632

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
 2015-01-14 15:20:46 +01:00
Tobias Klauser
15d71a8c51 sftp: Fix memory leak on realloc failure 
If realloc of sftp->ext->name or sftp->ext->data fails, the memory
previously allocated for the respective member is leaked. Fix this by
storing the return value of realloc() in a temporary variable which only
gets assigned to the respective sftp->ext member on success.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-01-14 10:22:55 +01:00
Andreas Schneider
a198193723 connect: Fix mingw build. 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-01-06 15:12:17 +01:00
Andreas Schneider
e051135a05 connect: Check that errno is 0 to fix Windows build. 
Thanks to Viktor Butskih.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2014-12-25 12:34:59 +01:00
Andreas Schneider
bb18442fe8 options: Fix setting the port. 
Make sure we correctly read the port from the config file.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2014-12-25 12:32:16 +01:00
Jon Simons
c2aed4ca78 CVE-2014-8132: Fixup error path in ssh_packet_kexinit() 
Before this change, dangling pointers can be unintentionally left in the
respective next_crypto kex methods slots.  Ensure to set all slots to
NULL in the error-out path.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2014-12-17 19:45:09 +01:00
Andreas Schneider
b7b535816d libcrypto: Fix Windows build with ssh_reseed(). 
gettimeofday() is not available on Windows and we need it only in case
of forking.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2014-12-17 19:39:18 +01:00
William Orr
52968b1a11 config: Also tokenize on equal sign. 
The ssh config specifies it as a valid separator.

BUG: https://red.libssh.org/issues/166

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2014-12-17 10:34:27 +01:00
Jon Simons
b35f1f488c pki_gcrypt: fix DSA signature extraction 
Fix DSA signature extraction for the LIBGCRYPT build.  Here, the same fix
that was applied to the LIBCRYPTO build for https://red.libssh.org/issues/144
is now adapted for pki_gcrypt.  Additionally, ensure to set the resulting
output sig_blob buffer before returning.

Before this fix, one can observe the failure with the pkd test on a LIBGCRYPT
build as so:

  # ./pkd_hello -i 1 -t torture_pkd_openssh_dsa_dsa_default

After, runs of 10000 back-to-back iterations of the same test are passing.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2014-12-09 19:21:47 +01:00
Jon Simons
10f71c6769 pki_gcrypt: fix warnings for SSH_KEYTYPE_ED25519 
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2014-12-09 19:21:34 +01:00
Jon Simons
ca2acec34a bignum: no-op make_string_bn_inplace for LIBGCRYPT 
Disable the 'make_string_bn_inplace' helper function for the LIBGCRYPT
build, rather than using '#error' to fail the build completely.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2014-12-09 19:20:46 +01:00