Andreas Schneider
e403596d98
pki: Add a size limit for pubkey files.
2012-11-21 12:44:00 +01:00
Andreas Schneider
571dc42335
CVE-2012-4559: Make sure we don't free name and longname twice on error.
2012-11-14 17:36:24 +01:00
Andreas Schneider
68d04c8e47
CVE-2012-4559: Ensure that we don't free req twice.
2012-11-14 17:36:24 +01:00
Andreas Schneider
bd3acae4f3
CVE-2012-4560: Fix a write one past the end of 'buf'.
2012-11-14 17:36:24 +01:00
Andreas Schneider
894bbf3137
CVE-2012-4560: Fix a write one past the end of the 'u' buffer.
2012-11-14 17:36:24 +01:00
Andreas Schneider
f61813eaea
CVE-2012-4562: Fix a possible infinite loop in buffer_reinit().
...
If needed is bigger than the highest power of two or a which fits in an
integer we will loop forever.
2012-11-14 17:36:22 +01:00
Xi Wang
ad5f306884
CVE-2012-4562: Fix multiple integer overflows in buffer-related functions.
2012-11-14 17:36:19 +01:00
Xi Wang
5ffb8c7cde
CVE-2012-4562: Fix possible integer overflows.
2012-11-14 17:36:16 +01:00
Xi Wang
efaebad323
CVE-2012-4562: Fix possible integer overflow in ssh_get_hexa().
...
No exploit known, but it is better to check the string length.
2012-11-14 17:36:11 +01:00
Xi Wang
cab00c3bfc
pki: Fix integer overflow in ssh_pki_import_privkey_file().
...
If the file size is ULONG_MAX, the call to malloc() may allocate a
small buffer, leading to a memory corruption.
2012-10-22 21:00:08 +02:00
Xi Wang
d404ad7152
channels: Fix integer overflow in generate_cookie().
...
Since the type of rnd[i] is signed char, (rnd[i] >> 4), which is
considered as arithmetic shift by gcc, could be negative, leading
to out-of-bounds read.
2012-10-22 21:00:08 +02:00
Andreas Schneider
a4ffaff550
channels1: Add missing request_state and set it to accepted.
...
This fixes bug #88 .
2012-10-22 18:05:06 +02:00
Andreas Schneider
e164b236c6
auth1: Reset error state to no error.
...
This fixes bug #89 .
2012-10-22 18:01:39 +02:00
Andreas Schneider
166ccef8dc
session: Fix a possible use after free in ssh_free().
...
We need to cleanup the channels first cause we call ssh_channel_close()
on the channels which still require a working socket and poll context.
Thanks to sh4rm4!
2012-10-22 17:37:32 +02:00
Andreas Schneider
f2e498c7db
cmake: Set GNU compiler flags also for clang.
2012-10-22 16:05:39 +02:00
Andreas Schneider
dde0404dfb
cmake: Add message if we build with static library.
2012-10-15 11:55:42 +02:00
Andreas Schneider
f86b2bf743
doc: Update copyright policy.
2012-10-14 19:58:07 +02:00
Andreas Schneider
13c26f0733
options: Fix documentation of ssh_options_get_port().
2012-10-14 19:53:51 +02:00
Andreas Schneider
f5d8bdf946
doc: Update doxygen config.
2012-10-14 19:52:28 +02:00
Andreas Schneider
f4f2237263
doc: Use the correct channel functions.
2012-10-14 19:44:02 +02:00
Andreas Schneider
7e93edc722
cmake: Add better check to detect -fvisibility=hidden.
2012-10-14 18:40:05 +02:00
Andreas Schneider
95ab34696b
kex: Use getter functions to access kex arrays.
...
This should fix the build on OpenIndiana.
2012-10-12 17:46:37 +02:00
Andreas Schneider
82711acd39
cmake: Fix building with gcrypt support.
2012-10-12 17:07:20 +02:00
Andreas Schneider
e8118c5be4
tests: Add a valgrind suppression for getaddrino leak.
...
https://bugzilla.redhat.com/show_bug.cgi?id=859717
2012-10-12 14:45:54 +02:00
Andreas Schneider
a59a379ce4
tests: Add a valgrind suppression for OPENSSL_cleanse().
2012-10-12 14:45:54 +02:00
Andreas Schneider
0bd2bbefa7
scp: Make sure buffer is initialzed.
...
Found by Coverity.
2012-10-12 14:45:54 +02:00
Andreas Schneider
3d390cf6ff
pki: Make sure the key_buf is null terminated.
...
Found by Coverity.
2012-10-12 14:45:54 +02:00
Andreas Schneider
e04dc45f20
misc: Use a fixed buffer for getenv().
2012-10-12 14:45:54 +02:00
Andreas Schneider
de34a64895
poll: Fix sizeof in ssh_poll_ctx_resize().
...
sizeof(ssh_poll_handle *) is to be equal to sizeof(ssh_poll_handle), but
this is not a portable assumption.
Found by Coverity.
2012-10-12 14:45:54 +02:00
Andreas Schneider
46f22576b0
legacy: Use snprintf instead of sprintf.
...
Found by Coverity.
2012-10-12 14:45:54 +02:00
Andreas Schneider
2f8ddc6e65
dh: Don't use strcat for ssh_get_hexa().
...
This is just hardening the code.
Found by Coverity.
2012-10-12 14:45:54 +02:00
Andreas Schneider
b1287cd946
server: Use strncat instead of strcat.
...
This is just hardening the code.
Found by Coverity.
2012-10-12 14:45:54 +02:00
Andreas Schneider
a660177a6e
misc: Use strncpy instead of strcat.
...
This is just hardening the code.
Found by Coverity.
2012-10-12 14:45:36 +02:00
Andreas Schneider
0a4ea19982
pki: Fix a possible null pointer dereference.
...
Found by Coverity.
2012-10-12 08:07:02 +02:00
Andreas Schneider
0bf2dd81e6
messages: Fix memory leaks in user request callback.
2012-10-12 08:07:02 +02:00
Andreas Schneider
ecb6cfd053
connect: Don't leak the addressinfo on error.
2012-10-12 08:07:02 +02:00
Andreas Schneider
ba220adb84
connect: Don't leak the file descriptor on error.
...
Found by Coverity.
2012-10-12 08:07:02 +02:00
Andreas Schneider
802e4133cb
session: Don't leak memory in ssh_send_debug().
...
Found by Coverity.
2012-10-12 08:07:02 +02:00
Andreas Schneider
dde3deb9ea
channels: Don't leak memory in channel_rcv_request callback.
...
Found by Coverity.
2012-10-12 08:07:02 +02:00
Andreas Schneider
66045054f4
auth: Don't leak memory on error in info request callback.
...
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
96e0301b58
dh: Don't leak 'f' on error.
...
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
029d165b61
legacy: Don't leak the key struct on error.
...
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
4e7736444f
server: Don't leak memory on calling ssh_string_from_char().
...
Also check the return values.
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
7254390ac2
pki: Don't leak the signature on error paths.
...
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
188c596803
sftp: Don't leak owner and group in sftp_parse_attr_4.
2012-10-12 08:07:01 +02:00
Andreas Schneider
0295301928
known_hosts: Don't leak memory in ssh_write_knownhost error paths.
...
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
a6e7d1f255
agent: Fix some memory leaks in error paths.
...
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
f2c183b413
include: Fix an include recursion.
...
It includes itself: libssh.h -> legacy.h -> libssh.h.
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
5e8e21d106
options: Check return code of ssh_iterator_value.
...
Found by Coverity.
2012-10-12 08:07:01 +02:00
Andreas Schneider
bcc00eec9b
kex: Don't compare an array to null.
...
Found by Coverity.
2012-10-12 08:07:01 +02:00