ssh_packet_socket_callback() will not return error codes like
SSH_ERROR on failure. Instead it will always return an unsigned
size_t value representing the number of bytes which have been
processed.
So adjust the assert in the test accordingly, making sure that all
input bytes have actually been processed.
Signed-off-by: Colin Baumgarten <colin.baumgarten@hubersuhner.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/824>
Extend PubkeyAuthentication to support the OpenSSH-compatible modes no, yes/all, unbound, and host-bound.
Preserve the existing enable/disable flag behavior for callers using the legacy API, while also storing the selected mode and keeping the previous integer normalization in ssh_options_set().
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Extend StrictHostKeyChecking from a boolean-style option to the full OpenSSH-compatible mode set: off, yes, ask and accept-new.
Preserve the legacy integer normalization used by ssh_options_set(), document the supported values in the public API, and switch the default to SSH_STRICT_HOSTKEY_ASK.
Known-host handling now recognizes SSH_STRICT_HOSTKEY_ACCEPT_NEW and stores unknown host keys automatically while still rejecting changes.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Tighten boolean token handling in config parsing.
For auth-related boolean options, reject unknown tokens instead of silently treating them as false. Keep exact yes/no and true/false handling through ssh_config_get_yesno(), but parse Compression through a dedicated exact token map so it remains limited to yes/no.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/814>
Add torture_getopt.c with 11 test cases covering basic option parsing,
arguments, optional arguments, unknown options, missing arguments,
BADARG colon behavior, double-dash termination, combined options,
optind advancement, reset behavior, and no-options edge case.
Registered in the unit test CMakeLists.txt.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Remove _MSC_VER guards from torture_options_getopt and
torture_options_getopt_o_option so they run unconditionally,
now that a bundled getopt fallback is available.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge ssh_key_type_from_signature_name() and ssh_key_hash_from_name()
into a single function ssh_key_type_and_hash_from_signature_name() to:
- Avoid double string comparisons on the same algorithm name
- Return SSH_ERROR on unknown/NULL input instead of silently returning SSH_DIGEST_AUTO
- Use strlen() before strcmp() to short-circuit string comparisons.
Handle GSSAPI "null" hostkey case in wrapper.c.
Add unit tests for the new function.
Fixes: https://gitlab.com/libssh/libssh-mirror/-/issues/355
Signed-off-by: Haythem666 <haythem.farhat@epfl.ch>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Changes also the reading of known_hosts to use the new helper function
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The specially crafted patterns (from configuration files) could cause
exhaustive search or timeouts.
Previous attempts to fix this by limiting recursion to depth 16 avoided
stack overflow, but not timeouts. This is due to the backtracking,
which caused the exponential time complexity O(N^16) of existing algorithm.
This is code comes from the same function from OpenSSH, where this code
originates from, which is not having this issue (due to not limiting the number
of recursion), but will also easily exhaust stack due to unbound recursion:
05bcd0cadf
This is an attempt to simplify the algorithm by preventing the backtracking
to previous wildcard, which should keep the same behavior for existing inputs
while reducing the complexity to linear O(N*M).
This fixes the long-term issue we had with fuzzing as well as recently reported
security issue by Kang Yang.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
