shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-05 04:40:31 +09:00
Code Issues Packages Projects Releases Wiki Activity
3,224 Commits 12 Branches 62 Tags
1613ed556d94ab9f7601836b3371e2c19bb2a1c6
Commit Graph

3224 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andreas Schneider
1613ed556d cmake: Fail if can't find OpenSSL aes and des headers 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 70cc11618a)
 2015-07-03 10:52:56 +02:00
Andreas Schneider
8f5b7b65eb include: Add stdarg.h so we can check for va_copy macro 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-06-30 09:59:21 +02:00
Andreas Schneider
053f72c671 Bump version to 0.7.1 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
libssh-0.7.1 		2015-06-30 09:34:28 +02:00
Tilo Eckert
63a8f333b8 SSH_AUTH_PARTIAL is now correctly passed to the caller of ssh_userauth_publickey_auto(). 
Implicitly fixed unsafe return code handling that could result in use-after-free.

Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0423057424)
 2015-06-29 11:11:26 +02:00
Tilo Eckert
57fd8e3187 available auth_methods must be reset on partial authentication 
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit cc25d747d4)
 2015-06-29 11:11:25 +02:00
Peter Volpe
03972b16c9 channels: Fix exit-signal data unpacking 
Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 7637351065)
 2015-06-29 09:50:28 +02:00
Peter Volpe
ac7ed82585 agent: Add ssh_set_agent_socket 
Allow callers to specify their own socket
for an ssh agent.

Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 7aeba71a92)
 2015-06-29 09:47:35 +02:00
Seb Boving
196c2e9c1f Don't allocate a new identity list in the new session's options. 
The previous list is not freed. Since the new session just got
created, an identity list is already allocated and empty.

Signed-off-by: Sebastien Boving <seb@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e020dd8d59)
 2015-06-24 18:36:10 +02:00
Douglas Heriot
1accbcb98b cmake: Do not use CMAKE_(SOURCE|BINARY)_DIR 
(cherry picked from commit a65af1b3b8)
 2015-06-24 18:36:08 +02:00
Tiamo Laitakari
342ae10f08 pki: Fix allocation of ed25519 public keys 
Signed-off-by: Tiamo Laitakari <tiamo.laitakari@cs.helsinki.fi>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5478de1a64)
 2015-06-24 18:36:08 +02:00
Jordy Moos
eb98a780ed Documentation fix where unsigned is used where signed is expected 
Signed-off-by: Jordy Moos <jordymoos@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit fa9fbb1d67)
 2015-06-24 18:36:08 +02:00
Andreas Schneider
64233fa3bb misc: Correctly guard the sys/time.h include 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ef751a26d0)
 2015-06-24 18:36:08 +02:00
Andreas Schneider
cbf5cf4ac3 include: Add support for older MSVC versions 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 30a7229fc5)
 2015-06-24 16:24:12 +02:00
Andreas Schneider
a3f3f9cb76 kex: Add comments to #if clauses 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1d69e073af)
 2015-06-24 16:24:08 +02:00
Aris Adamantiadis
5aeae08be0 channels: fix exit-status not correctly set 2015-06-03 16:41:19 +02:00
Mike DePaulo
64a658acaa Comment that ssh_forward_cancel() is deprecated. 
Signed-off-by: Aris Adamantiadis <aris@badcode.be>
 2015-05-29 11:30:32 +02:00
Mike DePaulo
361940a5d7 Reintroduce ssh_forward_listen() (Fixes: #194) 
Signed-off-by: Aris Adamantiadis <aris@badcode.be>
 2015-05-29 11:24:27 +02:00
Andreas Schneider
2721cbc8ee ChangeLog: Set release date for 0.7.0 libssh-0.7.0 2015-05-11 10:42:08 +02:00
Andreas Schneider
5eb7a6ca38 cpack: Use application version. 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-08 13:54:56 +02:00
Andreas Schneider
3f4b5436e5 Bump version to 0.7.0 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-06 11:01:33 +02:00
Andreas Schneider
82cf5ea24c Update ChangeLog 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-06 11:00:43 +02:00
Andreas Schneider
90e4786523 valgrind: Add suppression for openssl FIPS dlopen leak 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-06 10:27:09 +02:00
Andreas Schneider
f65f41acc2 valgrind: Ignore valgrind free bug on exit 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-06 10:23:27 +02:00
Andreas Schneider
8979150745 tests: Migrate torture_keyfiles to testkey functions 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-06 09:47:37 +02:00
Andreas Schneider
f81d296e54 torture: Move TORTURE_TESTKEY_PASSWORD to header 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-06 09:47:17 +02:00
Andreas Schneider
57afe78167 tests: Fix memory leak in torture_server_x11 test 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-06 09:33:51 +02:00
Jon Simons
ee460dc04b kex: also compare host keys for 'first_kex_packet_follows' 
Also consider the host key type at hand when computing whether a
'first_kex_packet_follows' packet matches the current server settings.
Without this change libssh may incorrectly believe that guessed
settings which match by kex algorithm alone fully match: the host
key types must also match.  Observed when testing with dropbear
clients.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-05 22:03:47 +02:00
Jon Simons
f134cb3d57 server: return SSH_OK for ignored SSH_MSG_KEXDH_INIT case 
Return SSH_OK for the case that an incoming SSH_MSG_KEXDH_INIT should be
ignored.  That is, for the case that the initial 'first_kex_packet_follows'
guess is incorrect.  Before this change sessions served with libssh can be
observed to error out unexpectedly early when testing with dropbear clients
that send an incompatible guess.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-05 22:03:32 +02:00
Andreas Schneider
3eaad77de2 tests: Only link against threading library if available 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-05 19:09:51 +02:00
Andreas Schneider
9244750a63 cmake: Add missing OpenSSL include directory 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-05 19:04:49 +02:00
Andreas Schneider
e8720a30e2 cmake: Add --enable-stdcall-fixup for MinGW builds 
This fixes warnings for getaddrinfo() and freeaddrinfo().

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-05 18:59:30 +02:00
Andreas Schneider
ad09009201 include: Fix variadic macro issues with MSVC 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-05 18:45:47 +02:00
Andreas Schneider
e4e3b3052f tests: Apply umask before calling mkstemp() 
CID: #978660

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-05 11:27:09 +02:00
Andreas Schneider
96882cc58c example: Fix a use after free in the scp example 
CID: #1032343

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-05 11:27:09 +02:00
Andreas Schneider
7c79959e94 example: Check return value of ssh_get_fd() 
CID: #1199454

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-05 11:27:09 +02:00
Andreas Schneider
ca501df8c8 sftp: Fix size check 
CID: #1296588

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-05 11:26:40 +02:00
Andreas Schneider
a4cecf59d5 external: Fix resetting the state 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 18:10:30 +02:00
Andreas Schneider
244881b87d external: Make sure we burn buffers in bcrypt 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 17:54:01 +02:00
Andreas Schneider
cf05e653de external: Fix a possible buffer overrun in bcrypt_pbkdf 
CID: #1250106

This fixes a 1 byte output overflow for large key length (not reachable
in libssh). Pulled from OpenBSD BCrypt PBKDF implementation.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 17:54:01 +02:00
Andreas Schneider
4b9916136d sftp: Add bound check for size 
CID: #1238630

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 17:54:01 +02:00
Andreas Schneider
33ecff11dd buffer: Cleanup vaargs in ssh_buffer_unpack_va() 
CID: #1267977

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 17:54:01 +02:00
Andreas Schneider
83d3ee7fdb string: Improve ssh_string_len() to avoid tainted variables 
CID: #1278978

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 17:54:01 +02:00
Andreas Schneider
b1a3f4ee33 pki_container: Fix a memory leak 
CID: #1267980

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 17:54:01 +02:00
Andreas Schneider
05498e0e33 pki_container: Add check for return value 
CID: #1267982

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 17:54:01 +02:00
Andreas Schneider
4948fe21cd tests: Fix ctest default script 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 15:52:17 +02:00
Andreas Schneider
fe8fcb805c cmake: Add support for Address Sanitizer 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 15:25:17 +02:00
Andreas Schneider
c4af6fbce3 config: Add missing HAVE_ARPA_INET_H define 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-05-04 10:04:26 +02:00
Aris Adamantiadis
3091025472 buffers: Fix a possible null pointer dereference 
This is an addition to CVE-2015-3146 to fix the null pointer
dereference. The patch is not required to fix the CVE but prevents
issues in future.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-23 10:33:52 +02:00
Aris Adamantiadis
bf0c7ae0ae CVE-2015-3146: Fix state validation in packet handlers 
The state validation in the packet handlers for SSH_MSG_NEWKEYS and
SSH_MSG_KEXDH_REPLY had a bug which did not raise an error.

The issue has been found and reported by Mariusz Ziule.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-23 10:15:47 +02:00
Kevin Fan
b5dc8197f7 Fix leak of sftp->ext when sftp_new() fails 
Signed-off-by: Kevin Fan <kevinfan@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-04-14 20:56:56 +02:00