1
1
Граф коммитов

3075 Коммитов

Автор SHA1 Сообщение Дата
Aris Adamantiadis
8d450ef81a knownhosts: add test case for bug #138 2014-02-01 16:48:36 +01:00
Aris Adamantiadis
c433ac02bd known_hosts: add ssh_knownhosts_algorithms()
Goal of that function is to test the preferred key exchange methods
based on what's available in the known_hosts file
2014-02-01 16:42:29 +01:00
Aris Adamantiadis
1c24a0508f Added known host test cases 2014-02-01 15:33:15 +01:00
Aris Adamantiadis
f0d6ce8958 tests: fix compilation on OSX (libargp detection) 2014-02-01 14:49:57 +01:00
Andreas Schneider
75be42df75 pki_crypto: Fix memory leak with EC_KEY_set_public_key().
BUG: https://red.libssh.org/issues/146
2014-01-28 11:56:59 +01:00
Andreas Schneider
3224506fe0 doc: Document the unit for ssh_select() timeout.
BUG: https://red.libssh.org/issues/143
2014-01-23 11:29:39 +01:00
Rod Vagg
d4d30d0375 dh: Fix NULL check for p_group14.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-23 11:21:51 +01:00
Jon Simons
7ff6b3537f pki_crypto: fix DSA signature extraction
Fix the DSA portion of 'pki_signature_to_blob': before this change, it
is possible to sometimes observe DSA signature validation failure when
testing with OpenSSH clients.  The problem ended up being the following
snippet which did not account for the case when 'ssh_string_len(x)' may
be less than 20:

  r = make_bignum_string(sig->dsa_sig->r);
  ...
  memcpy(buffer,
         ((char *) ssh_string_data(r)) + ssh_string_len(r) - 20,
         20);

Above consider the case that ssh_string_len(r) is 19; in that case the
memcpy unintentionally starts in the wrong place.  The same situation
can happen for value 's' in this code.

To fix, adjust the offsets used for the input and output pointers, taking
into account that the lengths of 'r' and 's' can be less than 20.  With
the fix I am no longer able to reproduce the original failure mode.

BUG: https://red.libssh.org/issues/144

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-23 11:17:13 +01:00
Andreas Schneider
368509f5d1 pki: Use ssh_buffer_add_data() in pki_gcrypt.. 2014-01-22 16:12:31 +01:00
Alan Dunn
7eff889384 doc: Fix description of error parameter for ssh_get_error*
ssh_get_error can actually work on anything with an ssh_common_struct
as its first member.  It is already used in examples in the
distribution with ssh_sessions and ssh_binds.

Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-22 09:45:45 +01:00
Jon Simons
465816f4a0 pki_crypto: pad RSA signature blobs
Pad RSA signature blobs to the expected RSA signature length
when processing via 'pki_signature_to_blob'.

Some clients, notably PuTTY, may send unpadded RSA signatures
during the public key exchange: before this change, one can
sometimes observe failure in signature validation when using
PuTTY's 'plink' client, along these lines:

   ssh_packet_process: ssh_packet_process: Dispatching handler for packet type 50
   ssh_packet_userauth_request: ssh_packet_userauth_request: Auth request for service ssh-connection, method publickey for user 'foo'
   ssh_pki_signature_verify_blob: ssh_pki_signature_verify_blob: Going to verify a ssh-rsa type signature
   pki_signature_verify: pki_signature_verify: RSA error: error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length
   ssh_packet_userauth_request: ssh_packet_userauth_request: Received an invalid  signature from peer

For cross-reference this issue once also existed between
PuTTY and OpenSSH:

  http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rsa-verify-failed.html

  http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-rsa.c?rev=1.19;content-type=text%2Fx-cvsweb-markup

With the fix I am unable to reproduce the above failure mode when
testing with 'plink'.

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-21 16:11:12 +01:00
Alan Dunn
9fff70fa41 Test change to ssh_bind_accept_fd
Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-21 16:07:09 +01:00
Alan Dunn
d3e081ba44 Import keys during ssh_bind_accept_fd
Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-21 16:07:04 +01:00
Alan Dunn
086847f997 Separate out key import functionality from ssh_bind_listen
Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-21 16:06:53 +01:00
Andreas Schneider
cb9786b3ae src: Rename buffer_add_data() to ssh_buffer_add_data(). 2014-01-19 20:55:55 +01:00
Andreas Schneider
9c4144689d src: Rename buffer_init to ssh_buffer_init(). 2014-01-19 20:43:29 +01:00
Andreas Schneider
e745236ae5 doc: Fix channel documentation. 2014-01-17 11:08:49 +01:00
Andreas Schneider
13eef19000 pki: Do not use deprecated string functions. 2014-01-17 09:29:24 +01:00
Andreas Schneider
2fe59071b2 src: Do not use deprecated functions. 2014-01-16 15:27:46 +01:00
Andreas Schneider
a7157b7907 include: Mark functions as deprecated! 2014-01-16 15:27:23 +01:00
Jon Simons
6007c3c43f bind: fix possible double-frees in ssh_bind_free
Make sure to explicitly set key pointers to NULL following the use
of 'ssh_key_free' throughout bind.c.

Before this change, a double free can happen via 'ssh_bind_free'
as in this example callpath:

  // create an ssh_bind
  ssh_bind b = ssh_bind_new();

  // provide a path to a wrong key-type
  ssh_bind_options_set(b, SSH_BIND_OPTIONS_DSAKEY, path_to_rsa_key);

  // initialize set key-type
  ssh_bind_listen(b);

    -> error path "The DSA host key has the wrong type: %d",

       ssh_key_free(sshbind->dsa)

         -> ssh_key_clean(key) // OK

         -> SAFE_FREE(key)     // OK, but, sshbind->dsa is *not* set to NULL

  // ssh_bind_listen failed, so clean up ssh_bind
  ssh_bind_free(b);

    -> ssh_key_free(sshbind->dsa)  // double-free here

To fix, set pointers to NULL that have been free'd with 'ssh_key_free'.

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-16 09:27:41 +01:00
Andreas Schneider
9d1ddd0547 doc: Add changes to the forwarding tutorial. 2014-01-16 09:13:06 +01:00
Andreas Schneider
5229253f86 channel: Fix the name scheme of the forward functions. 2014-01-16 09:13:06 +01:00
Oleksandr Shneyder
a1c4fc07d4 channel: Add ssh_channel_accept_forward().
This works same way as ssh_forward_accept() but can return a destination
port of the channel (useful if SSH connection forwarding several TCP/IP
ports).

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-16 09:12:03 +01:00
Andreas Schneider
6d09104ad3 Rename build directory to obj.
Some buildsystem use build in the pathname and so we will filter out
e.g. docs generation.
2014-01-16 08:53:32 +01:00
Aris Adamantiadis
57ef959aa3 threads: support libgcrypt 1.6 hack
Not 100% satisfied of this patch, but the way libgcrypt handles
threading in 1.6 is not compatible with custom handlers. The
new code basicaly uses pthreads in every case. This will probably
not work on windows.
2014-01-08 18:57:31 +01:00
Andreas Schneider
b617d7fa29 include: Remove warning cause VSC doesn't know about it. 2014-01-08 10:55:20 +01:00
Andreas Schneider
4b3363ecf2 include: Fix building if we do not have asm volatile. 2014-01-08 10:52:29 +01:00
Andreas Schneider
6fe51b13fb src: Update my mail address. 2014-01-07 16:08:23 +01:00
Andreas Schneider
8bcbfb1642 cmake: Remove unused macro modules. 2014-01-07 16:07:00 +01:00
Aris Adamantiadis
aecd952d18 update copyright information 2014-01-07 15:18:15 +01:00
Aris Adamantiadis
fedb1b3def tests: avoid reading uninitialized bytes 2014-01-07 14:43:46 +01:00
Aris Adamantiadis
8fdfa13227 pki: fix gcrypt signature process 2014-01-07 14:20:49 +01:00
Andreas Schneider
9d90d15e91 examples: Make sure buffer is initialized. 2014-01-07 09:19:02 +01:00
Andreas Schneider
09a715b147 example: Add missing include for forkpty(). 2014-01-07 09:03:53 +01:00
Aris Adamantiadis
42ad55377f test: fixed torture_auth_none condition 2014-01-06 22:09:43 +01:00
Aris Adamantiadis
d771dafe04 test: test case for async auth_none
This test currently fails
2014-01-06 16:52:44 +01:00
Aris Adamantiadis
09af855b6f tests: auth_agent_nonblocking should run in nonblocking 2014-01-06 16:52:44 +01:00
Aris Adamantiadis
0571360f37 tests: use LC_LIBSSH instead of LANG for env tests.
LANG is stripped and replaced on many distros and LC_* is accepted
by default on debian
2014-01-06 16:17:16 +01:00
Andreas Schneider
f3e3700063 session: Fix a possible memory leak. 2014-01-05 23:05:13 +01:00
Aris Adamantiadis
41fe03e0d6 poll: fix poll_handles ownerships 2014-01-05 22:33:45 +01:00
Aris Adamantiadis
b514957af7 socket: don't attempt reading a non-connected socket 2014-01-05 21:54:08 +01:00
Andreas Schneider
d9c5d0767c examples: Fix building samplesshd-tty on FreeBSD. 2013-12-26 09:42:32 +01:00
Andreas Schneider
8f162e3b13 poll: Correctly free ssh_event_fd_wrapper.
This is allocated by ssh_event_add_fd.
2013-12-22 22:08:45 +01:00
Andreas Schneider
32ba84dac7 config: Support expansion in the Host variable too.
BUG: https://red.libssh.org/issues/127
2013-12-21 12:30:32 +01:00
Andreas Schneider
7f806b7c68 tests: Fix non-blocking auth tests.
The ssh_userauth_none() call should already be non-blocking. However
this this function is broken in non-blocking mode. It should reveal the
existing bug.
2013-12-15 21:03:00 +01:00
Andreas Schneider
a6107f7432 tests: Fix blocking mode in password auth test. 2013-12-15 20:42:18 +01:00
Andreas Schneider
9829aa2236 tests: Use new auth API in the torture_session test. 2013-12-15 20:29:30 +01:00
Andreas Schneider
f8debe9a19 tests: Use new auth API in the torture_auth test. 2013-12-15 20:26:17 +01:00
Andreas Schneider
8b407f1ca2 tests: Fix pki test with gcrypt. 2013-12-11 21:11:49 +01:00