libssh

Автор	SHA1	Сообщение	Дата
Aris Adamantiadis	940cb233ce	buffer: buffer_pack & unpack on non-gnu compilers	2015-02-08 18:49:32 +01:00
Aris Adamantiadis	d3f30da158	buffer: fix use-before-nullcheck (coverity #1267979 ) Additionally, the function call was already existing after the NULL check	2015-02-03 22:21:22 +01:00
Aris Adamantiadis	760d93e87b	Revert "pki_gcrypt: fix warnings for SSH_KEYTYPE_ED25519" This reverts commit 10f71c67690cf3c0e1b6a733c3641407df2224e2. Commit was redundant with ed25519 branch	2015-02-03 09:58:28 +01:00
Aris Adamantiadis	8af829a42a	base64: Use secure buffers Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2015-02-02 17:33:58 +01:00
Andreas Schneider	ad8fa427dd	buffer: Abort if the canary is not intact in ssh_buffer_unpack() Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>	2015-02-02 17:32:34 +01:00
Andreas Schneider	de10a7754b	buffer: buffer: Improve argument checking of in ssh_buffer_pack() Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>	2015-02-02 17:32:31 +01:00
Andreas Schneider	6789170799	buffer: Abort if the canary is not intact in ssh_buffer_unpack() Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>	2015-02-02 17:32:28 +01:00
Andreas Schneider	afc9988c93	buffer: Improve argument checking in ssh_buffer_pack() Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>	2015-02-02 17:32:18 +01:00
Aris Adamantiadis	2490404d45	Move all 3rd-party C files to src/external/ Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2015-02-02 14:45:53 +01:00
Aris Adamantiadis	9e4700cdc0	ed25519: Add support for OpenSSH encrypted container export Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2015-02-02 14:45:52 +01:00
Aris Adamantiadis	423fa6818b	ed25519: ADd OpenSSH encrypted container import Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2015-02-02 14:45:52 +01:00
Aris Adamantiadis	61e2c8f0f7	external: Add OpenSSH bcrypt and blowfish implementation Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2015-02-02 14:45:52 +01:00
Aris Adamantiadis	c02b260e7e	server: Add support for ed25519 keys in the server. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2015-02-02 14:45:52 +01:00
Aris Adamantiadis	01a6004171	kex: Add support for ed25519 on client connections. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2015-02-02 14:45:52 +01:00
Aris Adamantiadis	46bc11f977	ed25519: Add support to export OpenSSH container keys Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2015-02-02 14:45:52 +01:00
Aris Adamantiadis	4343ac5b08	libgcrypt: Make the PEM parser ed25519 aware Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2015-02-02 14:45:52 +01:00
Aris Adamantiadis	6b9183a20b	libcrypto: Make the PEM parser ed25519 aware Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2015-02-02 14:45:52 +01:00
Aris Adamantiadis	3ec3a926e5	ed25519: Add support o import OpenSSH container keys Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2015-02-02 14:45:52 +01:00
Aris Adamantiadis	7febad5821	kex: disable des-cbc-ssh1 by default Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2015-01-26 08:57:06 +01:00
Andreas Schneider	b235c380f2	packet_cb: Add misssing include for ntohl(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2015-01-21 09:23:43 +01:00
Andreas Schneider	9a7d450098	pki: Make sure sig is not used unintialized. BUG: https://red.libssh.org/issues/167 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2015-01-20 19:31:12 +01:00
Andreas Schneider	433f8fd550	threads: Fix building with POSIX threads in MinGW. BUG: https://red.libssh.org/issues/181 Originally written by Patrick von Reth <vonreth () kde ! org>. This patch is part of the larger patch: https://projects.kde.org/projects/kdesupport/emerge/repository/revisions/master/changes/portage/win32libs/libssh/0002-add-a-way-to-test-ssh-connections-on-windows.patch MinGW (in particular, the MinGW-w64 fork) can use either posix threads or win32 threads. This patch fixes the MinGW build when using posix threads. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2015-01-20 19:01:15 +01:00
Yanis Kurganov	c6590bd189	channels1: Fix pty request state Signed-off-by: Yanis Kurganov <YKurganov@ptsecurity.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2015-01-20 18:58:13 +01:00
Andreas Schneider	06a0d8ff1c	connect: Fix a memory leak. CID: #1238618 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>	2015-01-14 15:20:52 +01:00
Andreas Schneider	af0dd3fb02	sftp: Fix a possible integer overflow. CID: #1238630 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>	2015-01-14 15:20:49 +01:00
Andreas Schneider	ce02f6576a	sftp: Use a declared variable for data len. CID: #1238632 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>	2015-01-14 15:20:46 +01:00
Tobias Klauser	15d71a8c51	sftp: Fix memory leak on realloc failure If realloc of sftp->ext->name or sftp->ext->data fails, the memory previously allocated for the respective member is leaked. Fix this by storing the return value of realloc() in a temporary variable which only gets assigned to the respective sftp->ext member on success. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2015-01-14 10:22:55 +01:00
Andreas Schneider	a198193723	connect: Fix mingw build. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2015-01-06 15:12:17 +01:00
Andreas Schneider	e051135a05	connect: Check that errno is 0 to fix Windows build. Thanks to Viktor Butskih. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2014-12-25 12:34:59 +01:00
Andreas Schneider	bb18442fe8	options: Fix setting the port. Make sure we correctly read the port from the config file. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2014-12-25 12:32:16 +01:00
Jon Simons	c2aed4ca78	CVE-2014-8132: Fixup error path in ssh_packet_kexinit() Before this change, dangling pointers can be unintentionally left in the respective next_crypto kex methods slots. Ensure to set all slots to NULL in the error-out path. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-12-17 19:45:09 +01:00
Andreas Schneider	b7b535816d	libcrypto: Fix Windows build with ssh_reseed(). gettimeofday() is not available on Windows and we need it only in case of forking. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2014-12-17 19:39:18 +01:00
William Orr	52968b1a11	config: Also tokenize on equal sign. The ssh config specifies it as a valid separator. BUG: https://red.libssh.org/issues/166 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-12-17 10:34:27 +01:00
Jon Simons	b35f1f488c	pki_gcrypt: fix DSA signature extraction Fix DSA signature extraction for the LIBGCRYPT build. Here, the same fix that was applied to the LIBCRYPTO build for https://red.libssh.org/issues/144 is now adapted for pki_gcrypt. Additionally, ensure to set the resulting output sig_blob buffer before returning. Before this fix, one can observe the failure with the pkd test on a LIBGCRYPT build as so: # ./pkd_hello -i 1 -t torture_pkd_openssh_dsa_dsa_default After, runs of 10000 back-to-back iterations of the same test are passing. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-12-09 19:21:47 +01:00
Jon Simons	10f71c6769	pki_gcrypt: fix warnings for SSH_KEYTYPE_ED25519 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-12-09 19:21:34 +01:00
Jon Simons	ca2acec34a	bignum: no-op make_string_bn_inplace for LIBGCRYPT Disable the 'make_string_bn_inplace' helper function for the LIBGCRYPT build, rather than using '#error' to fail the build completely. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-12-09 19:20:46 +01:00
Hani Benhabiles	03095f1516	Set the correct error in ssh_options_set(). Signed-off-by: Hani Benhabiles <hani@linux.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-12-05 11:03:55 +01:00
Jon Simons	6895d0b727	session: add getter for kexalgo Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-12-05 10:48:07 +01:00
Jon Simons	4745d652b5	pki_crypto.c: plug ecdsa_sig->[r,s] bignum leaks Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields. Fix a bug where the initial 'r' and 's' bignums were being overwritten with newly-allocated bignums, resulting in a memory leak. BUG: https://red.libssh.org/issues/175 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-12-05 10:42:32 +01:00
Andreas Schneider	a48711ae7e	connect: Do not fail if the connect is in progress. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2014-10-15 10:27:55 +02:00
Stef Walter	cd2dc3770a	gssapi: ssh_gssapi_set_creds() is a client side function It should not be guarded by the WITH_SERVER #ifdef Signed-off-by: Stef Walter <stefw@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-10-12 15:41:15 +02:00
William Orr	250f506487	Check return code of connect(2). Signed-off-by: William Orr <will@worrbase.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-10-12 15:39:58 +02:00
Artyom V. Poptsov	aaae6cd97d	pki_gcrypt: Initialize 'type_c' in 'pki_do_sign_sessionid' Add missing initialization of 'type_c' field of a SSH signature in 'pki_do_sign_sessionid' procedure. If libssh is compiled with GCrypt, 'dh_handshake_server' fails with "Could not sign the session id" error. The change fixes that. Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-10-02 08:30:17 +02:00
Jon Simons	509676e3a4	server: fix auth_interactive_request reply Fix a missing 'buffer_pack' formatter in 'ssh_message_auth_interactive_request'. With this fix the 'examples/samplesshd-kbdint' program is working again for me. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-10-02 08:29:22 +02:00
Jon Simons	a6d412f0d7	ed25519: fix leak in pki_ed25519_sign Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-10-02 08:28:51 +02:00
Jon Simons	59da8dab50	pki: check ssh_buffer_pack return in ssh_pki_do_sign Check the 'ssh_buffer_pack' return in ssh_pki_do_sign for the ED25519 case. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-10-02 08:28:05 +02:00
Jon Simons	7edbedf0dd	pki: fail when pubkey buffer length is not ED25519_PK_LEN Fail fast in 'pki_import_pubkey_buffer' for the ED25519 case if a buffer sized ED25519_PK_LEN can not be retrieved. Before, the 'memcpy' could have read beyond the bounds of 'ssh_string_data(pubkey)'. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-10-02 08:27:05 +02:00
Jon Simons	af25c5e668	crypto: check malloc return in ssh_mac_ctx_init Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-10-02 08:25:53 +02:00
Jon Simons	092fe0b727	wrapper: fix z_stream leak Ensure to free the z_stream structures as allocated from the gzip.c initcompress, initdecompress functions. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2014-10-02 08:25:10 +02:00
Andreas Schneider	1ddb99c46f	string: Correctly burn the string buffer. Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>	2014-09-15 20:45:47 +02:00

... 4 5 6 7 8 ...

1321 Коммитов