ports/libssh2
ports/libssh2
1
1
Форкнуть 0
Код Релизы 1 Активность
2 056 коммитов 3 Ветки 1 Тег
Граф коммитов

2056 Коммитов

This Branch
This Branch
Все ветки
Автор SHA1 Сообщение Дата
Will Cosgrove
f6a8d1202c Merge branch 'MichaelBuckley-michaelbuckley-security-fixes' 2019-03-19 15:18:50 -07:00
Will Cosgrove
c9008ca66d Silence unused var warnings (#329) 
Silence warnings about unused variables in this test
 2019-03-19 15:17:59 -07:00
Will Cosgrove
1e2b63cbff Removed unneeded > 0 check 
When checking `userauth_kybd_num_prompts > 100` we don't care if it's also above zero.
 2019-03-19 15:17:59 -07:00
Matthew D. Fuller
78fdc41c56 Spell OpenSS_H_ right when talking about their specific private key (#321) 
Good catch, thanks.
 2019-03-19 15:17:59 -07:00
Will Cosgrove
4ac1ba7181
Silence unused var warnings (#329) 
Silence warnings about unused variables in this test
 2019-03-19 14:14:34 -07:00
Michael Buckley
9ae4b9e949 Fix more scope and printf warning errors 2019-03-19 10:17:20 -07:00
Michael Buckley
01c67b2e4d Silence unused variable warning 2019-03-19 10:06:42 -07:00
Will Cosgrove
088b376ccd
Removed unneeded > 0 check 
When checking `userauth_kybd_num_prompts > 100` we don't care if it's also above zero.
 2019-03-19 09:57:30 -07:00
Matthew D. Fuller
d47af1bfc7 Spell OpenSS_H_ right when talking about their specific private key (#321) 
Good catch, thanks.
 2019-03-19 09:41:24 -07:00
Michael Buckley
09cc9aba28 Fix errors identified by the build process 2019-03-18 16:40:08 -07:00
Michael Buckley
b242bde524 Fix casting errors after merge 2019-03-18 15:54:13 -07:00
Michael Buckley
94086b0d89
Merge branch 'master' into michaelbuckley-security-fixes 2019-03-18 15:11:43 -07:00
Michael Buckley
31d0b1a853 Move fallback SIZE_MAX and UINT_MAX to libssh2_priv.h 2019-03-18 15:07:12 -07:00
Michael Buckley
5b3cac75b5 Fix type and logic issues with _libssh2_get_u64 2019-03-18 15:04:45 -07:00
Daniel Stenberg
54ff8ffc6d
examples: fix various compiler warnings 2019-03-17 14:33:24 +01:00
Daniel Stenberg
bd5a620d1a
lib: fix various compiler warnings 2019-03-17 14:33:24 +01:00
Daniel Stenberg
0a140b7cb7
session: ignore pedantic warnings for funcpointer <=> void * 2019-03-17 14:33:24 +01:00
Daniel Stenberg
3adb1addad
travis: add a build using configure 
Closes #320
 2019-03-17 14:33:23 +01:00
Daniel Stenberg
1a60c0111c
configure: provide --enable-werror 2019-03-17 14:33:23 +01:00
Daniel Stenberg
157fd15148
appveyor: remove old builds that mostly cause failures 
... and only run on master branch.

Closes #323
 2019-03-17 14:32:33 +01:00
Daniel Stenberg
d436776923
cmake: add two missing man pages to get installed too 
Both libssh2_session_handshake.3 and
libssh2_userauth_publickey_frommemory.3 were installed by the configure
build already.

Reported-by: Arfrever on github
Fixes #278
 2019-03-17 01:03:00 +01:00
Daniel Stenberg
10098f9d4e
include/libssh2.h: warning: "_WIN64" is not defined, evaluates to 0 
We don't use #if for defines that might not be defined.
 2019-03-15 11:56:03 +01:00
Daniel Stenberg
fb43746aaa
pem: //-comments are not allowed 2019-03-15 01:09:18 +01:00
Daniel Stenberg
cd6c353d82 userauth: fix "Function call argument is an uninitialized value" (#318) 
Detected by scan-build.
 2019-03-14 17:06:45 -07:00
Will Cosgrove
2599e2ebf3 fixed unsigned/signed issue 2019-03-14 17:02:28 -07:00
Daniel Stenberg
4d66f6762c
session_disconnect: clear state 
If authentication is started but not completed before the application
gives up and instead wants to shut down the session, the '->state' field
might still be set and thus effectively dead-lock session_disconnect.

This happens because both _libssh2_transport_send() and
_libssh2_transport_read() refuse to do anything as long as state is set
without the LIBSSH2_STATE_KEX_ACTIVE bit.

Reported in curl bug https://github.com/curl/curl/issues/3650

Closes #310
 2019-03-15 01:00:25 +01:00
Will Cosgrove
6394c0dbff Release notes from 1.8.1 2019-03-14 16:22:36 -07:00
Michael Buckley
41fbd4476a Use string_buf in sftp_init(). 2019-03-14 15:24:53 -07:00
Michael Buckley
c02d9b7b73 Guard against out-of-bounds reads in publickey.c 2019-03-14 15:24:53 -07:00
Michael Buckley
09240d8917 Guard against out-of-bounds reads in session.c 2019-03-14 15:24:53 -07:00
Michael Buckley
8031a60518 Guard against out-of-bounds reads in userauth.c 2019-03-14 15:24:53 -07:00
Michael Buckley
959b8e5fa0 Use LIBSSH2_ERROR_BUFFER_TOO_SMALL instead of LIBSSH2_ERROR_OUT_OF_BOUNDARY in sftp.c 2019-03-14 15:24:52 -07:00
Michael Buckley
48d46f0ce2 Additional bounds checking in sftp.c 2019-03-14 15:24:52 -07:00
Michael Buckley
0561cc4c4b Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add(). https://libssh2.org/CVE-2019-3862.html 2019-03-14 15:24:52 -07:00
Michael Buckley
0986673d1a Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short. https://libssh2.org/CVE-2019-3860.html 2019-03-14 15:24:52 -07:00
Michael Buckley
f500724665 Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads. 2019-03-14 15:24:52 -07:00
Michael Buckley
bac8d7d411 Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read. https://libssh2.org/CVE-2019-3858.html 2019-03-14 15:24:52 -07:00
Michael Buckley
8690f0e041 Sanitize padding_length - _libssh2_transport_read(). https://libssh2.org/CVE-2019-3861.html 
This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.
 2019-03-14 15:24:52 -07:00
Michael Buckley
634444a348 Defend against writing beyond the end of the payload in _libssh2_transport_read(). 2019-03-14 15:24:52 -07:00
Michael Buckley
76727cf476 Defend against possible integer overflows in comp_method_zlib_decomp. 2019-03-14 15:24:52 -07:00
Will Cosgrove
dc109a7f51
Security fixes (#315) 
* Bounds checks

Fixes for CVEs
https://www.libssh2.org/CVE-2019-3863.html
https://www.libssh2.org/CVE-2019-3856.html

* Packet length bounds check

CVE
https://www.libssh2.org/CVE-2019-3855.html

* Response length check

CVE
https://www.libssh2.org/CVE-2019-3859.html

* Bounds check

CVE
https://www.libssh2.org/CVE-2019-3857.html

* Bounds checking

CVE
https://www.libssh2.org/CVE-2019-3859.html

and additional data validation

* Check bounds before reading into buffers

* Bounds checking

CVE
https://www.libssh2.org/CVE-2019-3859.html

* declare SIZE_MAX and UINT_MAX if needed
 2019-03-14 15:22:13 -07:00
Will Cosgrove
e1d9bd49e4
fixed type warnings (#309) 2019-03-07 11:17:06 -08:00
Will Cosgrove
bc00a288a8
Bumping version number for pending 1.8.1 release 2019-03-07 11:01:20 -08:00
Daniel Stenberg
3f927a8439 _libssh2_string_buf_free: use correct free (#304) 
Use LIBSSH2_FREE() here, not free(). We allow memory function
replacements so free() is rarely the right choice...
 2019-03-04 09:41:06 -08:00
Will Cosgrove
3c1ff8a0b7
Fix for building against libreSSL #302 
Changed to use the check we use elsewhere.
 2019-02-26 14:48:54 -08:00
Will Cosgrove
ca06fe21c9
Fix for when building against LibreSSL #302 2019-02-26 14:44:50 -08:00
gartens
cfa74b9d14 docs: update libssh2_hostkey_hash.3 [ci skip] (#301) 2019-02-25 10:06:24 -08:00
Will Cosgrove
f7dd7d1d43
fix malloc/free mismatches #296 (#297) 2019-02-21 12:00:44 -08:00
Will Cosgrove
097448107a
Replaced malloc with calloc #295 2019-02-21 09:55:42 -08:00
Will Cosgrove
b45333b2b6
Abstracted OpenSSL calls out of hostkey.c (#294) 2019-02-20 17:02:48 -08:00