1
1
Граф коммитов

4302 Коммитов

Автор SHA1 Сообщение Дата
Tilo Eckert
b227c12ad2 socket: Add missing braces
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-21 12:25:50 +01:00
Tilo Eckert
f369d02932 socket: Remove redundant code
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-20 07:59:32 +01:00
Tilo Eckert
0b9e07fbdc socket: Fix potential buffer overrun
If nread is < 0 and no exception callback is set,
the following code block would cause a buffer overrun.

Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-20 07:58:08 +01:00
Tilo Eckert
c47cdc0f97 pki: Fix typos in documentation
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-20 07:57:33 +01:00
Tilo Eckert
4b6eb05023 packet: Fix timeout on hostkey type mismatch instead of proper error
If the hostkey type was not in the list of acceptable hostkey
types, the function failed to set the error state. Due to the
fact that the calling function ssh_packet_process() does not
handle the SSH_ERROR return code, the newkeys packet from the
server was silently ignored, stalling the connection until a
timeout occurred.

Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-20 07:56:04 +01:00
Nicolas Viennot
59ada799d7 packets: Fix ssh_send_keepalive()
ssh_send_keepalive() should use global_request() to properly configure
the state machine for packet filtering.

Signed-off-by: Nicolas Viennot <nicolas@viennot.biz>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-20 07:55:08 +01:00
Andreas Schneider
bb5d46c190 COPYING: Reformat the last paragraph
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-17 20:11:51 +01:00
Andreas Schneider
aa56b8ca53 tests: Fix chroot_wrapper location
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-15 13:38:02 +01:00
Sanne Raymaekers
67f418218b knownhosts: Take StrictHostKeyChecking option into account
Signed-off-by: Sanne Raymaekers <sraymaek@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-08 16:19:18 +01:00
Sanne Raymaekers
03c30e9c8a tests: Ensure the ssh session fd is read-/writeable in torture_proxycommand
Signed-off-by: Sanne Raymaekers <sraymaek@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-08 16:18:16 +01:00
Rosen Penev
61cac32288 crypto: Fix compilation for OpenSSL without deprecated APIs
Added missing bn.h include.

Made engine.h include conditional, otherwise it would fail.

DSA_generate_parameters was deprecated long before 1.1.0.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-11-08 09:32:28 +01:00
Christophe Giboudeaux
aa899f8ec0 cmake: Refresh the CMake Config files
This commit fixes a couple issues in the CMake configuration files and uses
native features from CMake:

* libssh-build-tree-settings.cmake is deleted. There was a typo that made
this file unusable, anyway.
* use the macros available in CMakePackageConfigHelpers.cmake to generate
the version file and check that the files exist
* Remove the LIBSSH_THREADS_LIBRARY variable, it used the non-existent
  LIBSSH_THREADS_LIBRARY_NAME variable.
* Fix the in tree build. libssh can be used uninstalled again.

Test plan:
The values were tested after installing the new files and also without running
'make install'.

Signed-off-by: Christophe Giboudeaux <christophe@krop.fr>
2018-11-06 13:53:43 +01:00
Andreas Schneider
c88fb4c55b tests: Use correct assert function in torture_client_config
CID 1396565
CID 1396564
CID 1396563

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-05 07:57:13 +01:00
Andreas Schneider
a8ed5e31dc tests: Check for NULL in torture_client_config
CID 1396566

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-05 07:54:30 +01:00
Andreas Schneider
86dabfe7e4 cmake: Only check for bounded attribute on OpenBSD
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02 16:42:06 +01:00
Jakub Jelen
1650d8178e config: Avoid potential file descriptor leak
Found by csbuild runner.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02 13:26:09 +01:00
Jakub Jelen
6eb43fcbf3 tests: Verify the configuration reparsing with real client
This tests verifies that the only the first seen option is applied
throughout all the configuration files processed. It also verifies
that the configuration files are parsed automatically and that this
behavior can be overridden by configuration option.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02 11:16:38 +01:00
Jakub Jelen
9aa47fef99 tests: Adjust test that require complete config re-parsing
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02 11:16:38 +01:00
Jakub Jelen
de7405f1c7 config: Preserve the seen array among invocations
This follows the OpenSSH behavior of parsing subseqent configuration
files, while applying only the first option.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02 11:16:38 +01:00
Jakub Jelen
4a95a35bc6 tests: Properly set the bob's UID also in other tests than pubkey
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02 11:16:38 +01:00
Jakub Jelen
f6b390084e tests: Make sure that no other configuration options will get pulled to the auth test from system
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02 11:16:38 +01:00
Jakub Jelen
b7fefb0500 options: Provide a way of disabling automatic config parsing
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02 11:16:35 +01:00
Jakub Jelen
89a8a6fcf0 Process OpenSSH configuration files by default.
This will allow to use the same configuration in client applications
including the users aliases or system wide cryptographic configuration.

As the configuration parsing is the last thing before doing the
actual connection, it might overwrite previously set options.
If this is not intended, the client application can
ask the configuration files to be parsed before setting some other
options that should not ve overwritten. The code ensures that
the configuration is not parsed again.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02 11:15:30 +01:00
Jakub Jelen
7e44ce1556 tests: Improve error reporting in auth test
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02 10:08:20 +01:00
Jakub Jelen
5fc4d5b22a tests: Typo -- the flags should be checked according to the comment
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02 10:08:20 +01:00
Jakub Jelen
5159cd96e8 knownhosts: Make sure we have both knownhosts files ready
If either one is missing at this point, fill it with default vaules in
ssh_options_apply().

Previously, when setting up only knownhosts, global_knownhosts file
was left pointing to NULL and the ssh_known_hosts_read_entries()
was trying to open NULL file which is invalid.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02 10:08:20 +01:00
Jakub Jelen
35c417312c client: Reformat comment
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-30 16:22:17 +01:00
Jakub Jelen
e1a8b359c1 tests/pkd: Properly clean up memory
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-30 16:22:17 +01:00
Jakub Jelen
c8519c435e session: Drop unused structure member (SSHv1)
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-30 16:22:17 +01:00
Jakub Jelen
d85bc347d3 misc: Properly check for errors returned from getpwuid_r()
Resolves: T118

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-30 16:22:17 +01:00
Jakub Jelen
9c4baa7fd5 misc: Reformat ssh_get_user_home_dir and ssh_file_readaccess_ok
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-30 16:22:17 +01:00
Andreas Schneider
a4342b97d6 Bump SO version to 4.7.2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-29 09:33:46 +01:00
Mike Frysinger
963c3077a4 doc: fix up various typos and trailing whitespace
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-28 12:15:02 +01:00
Andreas Schneider
a280747462 libcrypto: Fix memory leak in evp_final()
Fixes T116

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-27 22:15:56 +02:00
Meng Tan
bce8d56705 gssapi: Set correct state after sending GSSAPI_RESPONSE (select mechanism OID)
Signed-off-by: Meng Tan <mtan@wallix.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-26 07:28:20 +02:00
Sanne Raymaekers
ced05eb6db socket: Undouble socket fds
Signed-off-by: Sanne Raymaekers <sraymaek@redhat.com>
2018-10-25 18:49:29 +02:00
Meng Tan
b796924fea client: Send KEX as soon as banners are exchanged
Signed-off-by: Meng Tan <mtan@wallix.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 19:56:15 +02:00
Andreas Schneider
2af4e3970e gitlab-ci: Add static analysis with csbuild
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 14:30:38 +02:00
Andreas Schneider
cf3c2ee5b3 tests: Improve asserts in torture_pki_ecdsa
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Andreas Schneider
57eb6a400a tests: Init pubkey string with NULL in torture_keyfiles
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Andreas Schneider
8c77a49729 tests: Fix pointer arithmetic in torture_pki_*_publickey_base64
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Andreas Schneider
8c8026b892 tests: Init cipher structure in thread_crypto_aes256_cbc()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Andreas Schneider
80be1d0ee9 legacy: Fix possible null pointer dereference
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Andreas Schneider
9c3ba94960 buffer: Fix size comparison with count
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Andreas Schneider
194c34ebe3 messages: Use SSH_MESSAGE_FREE
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Andreas Schneider
00cd5b1c83 messages: Add SSH_MESSAGE_FREE
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Andreas Schneider
9fbbdcc154 messages: Rework ssh_message_queue()
Return early and make it easier to understand.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Andreas Schneider
b9ac61d5a3 messages: Use calloc in ssh_message_new()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Andreas Schneider
ca425ebe67 messages: Make ssh_message_queue() static
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Andreas Schneider
7e6b540277 exmpales: Init rc in ssh_server_fork
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00