1
1
Граф коммитов

2742 Коммитов

Автор SHA1 Сообщение Дата
Andreas Schneider
e403596d98 pki: Add a size limit for pubkey files. 2012-11-21 12:44:00 +01:00
Andreas Schneider
571dc42335 CVE-2012-4559: Make sure we don't free name and longname twice on error. 2012-11-14 17:36:24 +01:00
Andreas Schneider
68d04c8e47 CVE-2012-4559: Ensure that we don't free req twice. 2012-11-14 17:36:24 +01:00
Andreas Schneider
bd3acae4f3 CVE-2012-4560: Fix a write one past the end of 'buf'. 2012-11-14 17:36:24 +01:00
Andreas Schneider
894bbf3137 CVE-2012-4560: Fix a write one past the end of the 'u' buffer. 2012-11-14 17:36:24 +01:00
Andreas Schneider
f61813eaea CVE-2012-4562: Fix a possible infinite loop in buffer_reinit().
If needed is bigger than the highest power of two or a which fits in an
integer we will loop forever.
2012-11-14 17:36:22 +01:00
Xi Wang
ad5f306884 CVE-2012-4562: Fix multiple integer overflows in buffer-related functions. 2012-11-14 17:36:19 +01:00
Xi Wang
5ffb8c7cde CVE-2012-4562: Fix possible integer overflows. 2012-11-14 17:36:16 +01:00
Xi Wang
efaebad323 CVE-2012-4562: Fix possible integer overflow in ssh_get_hexa().
No exploit known, but it is better to check the string length.
2012-11-14 17:36:11 +01:00
Xi Wang
cab00c3bfc pki: Fix integer overflow in ssh_pki_import_privkey_file().
If the file size is ULONG_MAX, the call to malloc() may allocate a
small buffer, leading to a memory corruption.
2012-10-22 21:00:08 +02:00
Xi Wang
d404ad7152 channels: Fix integer overflow in generate_cookie().
Since the type of rnd[i] is signed char, (rnd[i] >> 4), which is
considered as arithmetic shift by gcc, could be negative, leading
to out-of-bounds read.
2012-10-22 21:00:08 +02:00
Andreas Schneider
a4ffaff550 channels1: Add missing request_state and set it to accepted.
This fixes bug #88.
2012-10-22 18:05:06 +02:00
Andreas Schneider
e164b236c6 auth1: Reset error state to no error.
This fixes bug #89.
2012-10-22 18:01:39 +02:00
Andreas Schneider
166ccef8dc session: Fix a possible use after free in ssh_free().
We need to cleanup the channels first cause we call ssh_channel_close()
on the channels which still require a working socket and poll context.

Thanks to sh4rm4!
2012-10-22 17:37:32 +02:00
Andreas Schneider
f2e498c7db cmake: Set GNU compiler flags also for clang. 2012-10-22 16:05:39 +02:00
Andreas Schneider
dde0404dfb cmake: Add message if we build with static library. 2012-10-15 11:55:42 +02:00
Andreas Schneider
f86b2bf743 doc: Update copyright policy. 2012-10-14 19:58:07 +02:00
Andreas Schneider
13c26f0733 options: Fix documentation of ssh_options_get_port(). 2012-10-14 19:53:51 +02:00
Andreas Schneider
f5d8bdf946 doc: Update doxygen config. 2012-10-14 19:52:28 +02:00
Andreas Schneider
f4f2237263 doc: Use the correct channel functions. 2012-10-14 19:44:02 +02:00
Andreas Schneider
7e93edc722 cmake: Add better check to detect -fvisibility=hidden. 2012-10-14 18:40:05 +02:00
Andreas Schneider
95ab34696b kex: Use getter functions to access kex arrays.
This should fix the build on OpenIndiana.
2012-10-12 17:46:37 +02:00
Andreas Schneider
82711acd39 cmake: Fix building with gcrypt support. 2012-10-12 17:07:20 +02:00
Andreas Schneider
e8118c5be4 tests: Add a valgrind suppression for getaddrino leak.
https://bugzilla.redhat.com/show_bug.cgi?id=859717
2012-10-12 14:45:54 +02:00
Andreas Schneider
a59a379ce4 tests: Add a valgrind suppression for OPENSSL_cleanse(). 2012-10-12 14:45:54 +02:00
Andreas Schneider
0bd2bbefa7 scp: Make sure buffer is initialzed.
Found by Coverity.
2012-10-12 14:45:54 +02:00
Andreas Schneider
3d390cf6ff pki: Make sure the key_buf is null terminated.
Found by Coverity.
2012-10-12 14:45:54 +02:00
Andreas Schneider
e04dc45f20 misc: Use a fixed buffer for getenv(). 2012-10-12 14:45:54 +02:00
Andreas Schneider
de34a64895 poll: Fix sizeof in ssh_poll_ctx_resize().
sizeof(ssh_poll_handle *) is to be equal to sizeof(ssh_poll_handle), but
this is not a portable assumption.

Found by Coverity.
2012-10-12 14:45:54 +02:00
Andreas Schneider
46f22576b0 legacy: Use snprintf instead of sprintf.
Found by Coverity.
2012-10-12 14:45:54 +02:00
Andreas Schneider
2f8ddc6e65 dh: Don't use strcat for ssh_get_hexa().
This is just hardening the code.

Found by Coverity.
2012-10-12 14:45:54 +02:00
Andreas Schneider
b1287cd946 server: Use strncat instead of strcat.
This is just hardening the code.

Found by Coverity.
2012-10-12 14:45:54 +02:00
Andreas Schneider
a660177a6e misc: Use strncpy instead of strcat.
This is just hardening the code.

Found by Coverity.
2012-10-12 14:45:36 +02:00
Andreas Schneider
0a4ea19982 pki: Fix a possible null pointer dereference.
Found by Coverity.
2012-10-12 08:07:02 +02:00
Andreas Schneider
0bf2dd81e6 messages: Fix memory leaks in user request callback. 2012-10-12 08:07:02 +02:00
Andreas Schneider
ecb6cfd053 connect: Don't leak the addressinfo on error. 2012-10-12 08:07:02 +02:00
Andreas Schneider
ba220adb84 connect: Don't leak the file descriptor on error.
Found by Coverity.
2012-10-12 08:07:02 +02:00
Andreas Schneider
802e4133cb session: Don't leak memory in ssh_send_debug().
Found by Coverity.
2012-10-12 08:07:02 +02:00
Andreas Schneider
dde3deb9ea channels: Don't leak memory in channel_rcv_request callback.
Found by Coverity.
2012-10-12 08:07:02 +02:00
Andreas Schneider
66045054f4 auth: Don't leak memory on error in info request callback.
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
96e0301b58 dh: Don't leak 'f' on error.
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
029d165b61 legacy: Don't leak the key struct on error.
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
4e7736444f server: Don't leak memory on calling ssh_string_from_char().
Also check the return values.

Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
7254390ac2 pki: Don't leak the signature on error paths.
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
188c596803 sftp: Don't leak owner and group in sftp_parse_attr_4. 2012-10-12 08:07:01 +02:00
Andreas Schneider
0295301928 known_hosts: Don't leak memory in ssh_write_knownhost error paths.
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
a6e7d1f255 agent: Fix some memory leaks in error paths.
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
f2c183b413 include: Fix an include recursion.
It includes itself: libssh.h -> legacy.h -> libssh.h.

Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
5e8e21d106 options: Check return code of ssh_iterator_value.
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
bcc00eec9b kex: Don't compare an array to null.
Found by Coverity.
2012-10-12 08:07:01 +02:00