ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность
f5211239f9
libssh/src
История
Jakub Jelen f5211239f9 CVE-2021-3634: Create a separate length for session_id 
Normally, the length of session_id and secret_hash is the same,
but if we will get into rekeying with a peer that changes preference
of key exchange algorithm, the new secret hash can be larger or
smaller than the previous session_id causing invalid reads or writes.

Resolves https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35485

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-08-18 14:13:56 +02:00
..
ABI Bump SO version to 4.8.1 2019-06-14 15:22:56 +02:00
external Don't allocate ssh_blf_ctx from stack in bcrypt_pbkdf 2021-05-27 13:45:47 +02:00
threads [winlocks] Include stdlib.h to avoid crash in Windows 2021-03-11 09:02:08 -05:00
agent.c agent: Avoid 1KB temporary buffer in agent_talk 2021-05-31 21:36:26 +02:00
auth.c Fix error in documentation 2021-07-06 11:25:32 +02:00
base64.c base64: Use SSH_BUFFER_FREE() 2019-12-09 16:08:03 +01:00
bignum.c More consistent logging 2021-08-18 14:13:56 +02:00
bind_config.c Make the max file line length configurable 2021-06-16 11:56:53 +02:00
bind.c add moduli file location as an ssh_bind option 2021-06-04 22:27:51 -07:00
buffer.c Fixes typo in src/buffer.c 2021-05-27 13:45:47 +02:00
callbacks.c callbacks: Implement list of callbacks for channels 2016-05-02 16:56:54 +02:00
chachapoly.c chachapoly: Use secure_memcmp() to compare auth tag 2021-01-12 12:54:18 +01:00
channels.c [#48/T22] Added missing server reply on auth-agent-req when a reply was requested by the client. PuTTY for Windows chokes without this reply if "Allow agent forwarding" is enabled. Reply will be successful if channel_auth_agent_req_function callback is defined. Based on an unmerged patch by Jon Simons. 2021-07-07 14:17:07 +02:00
client.c Happy new year 2021! 2021-01-01 16:08:30 +01:00
CMakeLists.txt cmake: Avoid setting compiler flags directly 2021-02-04 18:04:15 +08:00
config_parser.c config_parser: Allow equal sign as a separator and eat up trailing whitespace 2020-04-20 14:14:33 +02:00
config.c Make the max file line length configurable 2021-06-16 11:56:53 +02:00
connect.c Fix error: dereferencing pointer to incomplete type ‘struct timeval’ 2021-05-27 13:45:47 +02:00
connector.c fixed issue with ssh_connector when data has been consumed by a channel callback 2021-07-07 11:05:25 +02:00
crypto_common.c packet_crypt: Move secure_memcmp() to a shared source 2021-01-12 12:54:18 +01:00
curve25519.c Add safety checks for all ssh_string_fill calls 2020-12-11 13:32:02 +01:00
dh_crypto.c kex: Add support for diffie-hellman-group14-sha256 2020-04-06 09:27:26 +02:00
dh_key.c kex: Add support for diffie-hellman-group14-sha256 2020-04-06 09:27:26 +02:00
dh-gex.c add moduli file location as an ssh_bind option 2021-06-04 22:27:51 -07:00
dh.c Clean memory on failure paths 2021-01-12 12:46:25 +01:00
ecdh_crypto.c ecdh_crypto: Use SSH_STRING_FREE() 2019-12-09 16:08:03 +01:00
ecdh_gcrypt.c ecdh_gcrypt: Use SSH_STRING_FREE() 2019-12-09 16:08:03 +01:00
ecdh_mbedcrypto.c ecdh_mbedcrypto: Use SSH_STRING_FREE() 2019-12-09 16:08:03 +01:00
ecdh.c ecdh: Use SSH_STRING_FREE() 2019-12-09 16:08:03 +01:00
error.c error: Add ssh_reset_error() function 2018-08-27 11:29:18 +02:00
gcrypt_missing.c dh: Do some basic refactoring 2019-01-24 11:56:23 +01:00
getpass.c Fix some compiler warnings 2021-08-12 20:02:25 +02:00
gssapi.c CVE-2021-3634: Create a separate length for session_id 2021-08-18 14:13:56 +02:00
gzip.c Make the transfer buffer size configurable 2021-06-16 11:56:44 +02:00
init.c init: Introduce internal is_ssh_initialized() 2020-04-09 11:25:49 +02:00
kdf.c CVE-2021-3634: Create a separate length for session_id 2021-08-18 14:13:56 +02:00
kex.c CVE-2021-3634: Create a separate length for session_id 2021-08-18 14:13:56 +02:00
known_hosts.c Make the max file line length configurable 2021-06-16 11:56:53 +02:00
knownhosts.c Make the max file line length configurable 2021-06-16 11:56:53 +02:00
legacy.c legacy,keys: Fix the macro conditions 2019-12-23 14:45:24 +01:00
libcrypto-compat.c Remove no longer needed compatibility function 2021-01-11 10:45:22 +01:00
libcrypto-compat.h Remove compat reset function 2021-01-11 10:45:22 +01:00
libcrypto.c CVE-2021-3634: Create a separate length for session_id 2021-08-18 14:13:56 +02:00
libgcrypt.c Add basic support for none cipher and MACs 2020-05-05 14:23:06 +02:00
libmbedcrypto.c mbedtls: Change the last argument of cipher_[de|en]crypt_cbc to size_t 2021-05-27 13:45:47 +02:00
libssh.map log: add ssh_vlog to save the stack space 2021-06-10 14:56:29 +02:00
log.c log: add ssh_vlog to save the stack space 2021-06-10 14:56:29 +02:00
match.c match: Limit possible recursion when parsing wildcards to a sensible number 2019-12-09 16:08:03 +01:00
mbedcrypto_missing.c mbedcrypto_missing: Always check return values 2019-12-23 14:31:32 +01:00
messages.c CVE-2021-3634: Create a separate length for session_id 2021-08-18 14:13:56 +02:00
misc.c misc: Avoid the 4KB stack buffer in ssh_path_expand_escape 2021-06-16 11:58:06 +02:00
options.c misc: Avoid the 4KB stack buffer in ssh_bind_options_expand_escape 2021-06-16 11:58:07 +02:00
packet_cb.c Clean memory on failure paths 2021-01-12 12:46:25 +01:00
packet_crypt.c packet_crypt: Move secure_memcmp() to a shared source 2021-01-12 12:54:18 +01:00
packet.c CVE-2021-3634: Create a separate length for session_id 2021-08-18 14:13:56 +02:00
pcap.c pcap: Use SSH_BUFFER_FREE() 2019-12-09 16:08:03 +01:00
pki_container_openssh.c pki: Fix possible information leak via uninitialized stack buffer 2019-12-09 16:08:03 +01:00
pki_crypto.c More consistent logging 2021-08-18 14:13:56 +02:00
pki_ed25519_common.c Add safety checks for all ssh_string_fill calls 2020-12-11 13:32:02 +01:00
pki_ed25519.c pki: Move common Ed25519 functions to pki_ed25519_common.c 2019-09-24 16:49:35 +02:00
pki_gcrypt.c Add safety checks for all ssh_string_fill calls 2020-12-11 13:32:02 +01:00
pki_mbedcrypto.c More consistent logging 2021-08-18 14:13:56 +02:00
pki.c CVE-2021-3634: Create a separate length for session_id 2021-08-18 14:13:56 +02:00
poll.c ssh_event_dopoll can also return SSH_AGAIN 2019-02-27 08:17:53 +01:00
scp.c scp: Avoid allocate 8KB stack buffer in ssh_scp_deny_request 2021-06-01 10:48:41 +08:00
server.c server: Use SSH_STRING_FREE() 2019-12-09 16:08:03 +01:00
session.c add moduli file location as an ssh_bind option 2021-06-04 22:27:51 -07:00
sftp.c sftp: Read the data directly into packet->payload 2021-05-27 13:45:47 +02:00
sftpserver.c sftpserver: Add missing return check for ssh_buffer_add_data() 2020-06-03 10:38:40 +02:00
socket.c socket: Read the data directly into in_buffer 2021-05-31 21:44:08 +02:00
string.c string: Don't allow to allocate strings bigger than 256M 2018-09-04 12:29:20 +02:00
threads.c threads: Automatically call ssh_init on load 2018-08-03 16:43:03 +02:00
token.c token: Added function to remove duplicates 2019-07-04 10:29:20 +02:00
wrapper.c CVE-2021-3634: Create a separate length for session_id 2021-08-18 14:13:56 +02:00