Andreas Schneider
3567524fb2
torture: Add torture_setup_socket_dir().
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit 13f68fc2 )
2018-10-02 16:31:32 +02:00
Andreas Schneider
4814c188eb
tests: Add ssh host keys for test environment.
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit c2d63627 )
2018-10-02 16:31:16 +02:00
Andreas Schneider
a317188cb7
cmake: Search for cwrap and sshd.
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry-picked from commit 6596d27e )
2018-10-02 16:29:17 +02:00
Andreas Schneider
1d4151e51f
libcrypt: Add missing header for compat
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-30 14:10:32 +02:00
Andreas Schneider
c228fa7631
pki: Fix duplicating ed25519 public keys
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 816234350d )
2018-06-29 17:18:12 +02:00
Andreas Schneider
9658d36087
kex1: Add missing NULL check in make_rsa1_string()
...
CID 1388445
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit c705fb6e3b )
2018-06-29 17:17:27 +02:00
Nikos Mavrogiannopoulos
bbaa3dc869
kex1: Use libcrypto-compat.h for RSA_get0_key with OpenSSL
...
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit a95bc8a016 )
2018-06-29 17:17:03 +02:00
Andreas Schneider
4f10d6cd57
kex1: Fix building with OpenSSL 1.1+
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 8d65edb41f )
2018-06-29 17:16:49 +02:00
Meng Tan
2209fcace3
Set channel as bound when accepting channel open request
...
Signed-off-by: Meng Tan <mtan@wallix.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit f19158cadf )
2018-06-29 17:16:06 +02:00
Andreas Schneider
a1847660a3
pki: Fix random memory corruption
...
Fixes T78
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 1444ae5add )
2018-06-29 17:12:46 +02:00
Jon Simons
e2b48dc662
libcrypto: fix resource leak in hmac_final
...
Fix a resource leak in `hmac_final`: say `HMAC_CTX_free` instead
of `HMAC_CTX_reset`. This matches the error handling as done in
`hmac_init`. Introduced with cf1e808e2f .
The problem is reproducible running the `pkd_hello` test with:
valgrind --leak-check=full ./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_default
Resolves https://red.libssh.org/issues/252 .
Cherry-picked from a64ddff3fe
Signed-off-by: Jon Simons <jon@jonsimons.org >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jon Simons
1a5b6ac472
libcrypto-compat: fix HMAC_CTX_free for OpenSSL < 1.1.0
...
On older OpenSSL versions, the EVP_MD_CTX fields within an HMAC_CTX
structure are contained inlined (change here [1]): be sure to not
try to free those fields on those builds.
Found running the `pkd_hello` test with:
valgrind ./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_default
^ valgrind will cite "Invalid free() ..." errors which are present
before this fix and absent after, when building with OpenSSL 1.0.1.
[1] 6e59a892db
Cherry-picked from 25384e9558
Signed-off-by: Jon Simons <jon@jonsimons.org >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Andreas Schneider
0dd7a963a9
cmake: Only build libcrypto and libcrypto-compat when needed
...
This also fixes the gcrypt build.
Cherry-picked from 2f6a866373
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Andreas Schneider
1642cec280
cmake: Use configure check for CRYPTO_ctr128_encrypt
...
Cherry-picked from 3daf1760a1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jakub Jelen
2f1c6668e7
pki_crypto: Use getters and setters for opaque keys and signatures
...
This is for OpenSSL 1.1.0 support.
Cherry-picked from 3341f49a49
Signed-off-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jakub Jelen
fbeecf388c
libcrypto: Use a pointer for EVP_MD_CTX
...
This is for OpenSSL 1.1.0 support.
Cherry-picked from 607c671f67
Signed-off-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jakub Jelen
7933756b5a
libcrypto: Use newer API for HMAC
...
This is for OpenSSL 1.1.0 support.
Cherry-picked from cf1e808e2f
Signed-off-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jakub Jelen
837e367d2d
libcrypto: Introduce a libcrypto compat file
...
This is for OpenSSL 1.1.0 support.
Cherry-picked from b6cfde8987
Signed-off-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Jakub Jelen
f81c3ada9c
libcrypto: Remove AES_ctr128_encrypt()
...
This is for OpenSSL 1.1.0.
Cherry-picked from d73f665edd
Signed-off-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 17:08:54 +02:00
Artyom V. Poptsov
83663895f4
config: Bugfix: Don't skip unseen opcodes
...
libssh fails to read the configuration from a config file due to a
wrong check in 'ssh_config_parse_line' procedure in 'config.c'; it's
effectively skipping every opcode (and therefore every option) from
the file. The change fixes that behaviour.
Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 5333be5988 )
2018-06-29 17:08:54 +02:00
Andreas Schneider
239d0f75b5
messages: Do not leak memory of previously allocated answers
...
Found by ozz-fuzz
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1222
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 7c79b5c154 )
2017-04-25 16:21:11 +02:00
Andreas Schneider
d88cc720fb
messages: Do not leak memory if answeres had been allocated previously
...
Found by ozz-fuzz
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1222
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 5eb41492c4 )
2017-04-24 13:28:17 +02:00
Andreas Schneider
ee13becf9c
messages: Do not leak memory if answered had been allocated previously
...
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1184
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit c78c6c6542 )
2017-04-21 11:14:51 +02:00
Andreas Schneider
95b2dbbeca
misc: Validate integers converted from the SSH banner
...
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1181
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit d5d8349224 )
2017-04-21 11:14:46 +02:00
Andreas Schneider
02c0a3b99b
messages: Fix memory leaks in the ssh_packet_global_request callback
...
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1208
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 67a2ba6f99 )
2017-04-21 11:14:42 +02:00
Andreas Schneider
419731a189
auth: Use calloc in ssh_userauth_agent_pubkey()
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 79437fa0c9 )
2017-04-21 11:14:39 +02:00
Peter Volpe
2ac987bce9
session: Free session->kbdint in ssh_free()
...
Makes sure we free pending keyboard auth prompts
so prompts that have not be replied to do not leak.
Signed-off-by: Peter Volpe <pvolpe@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 76ba2b0055 )
2017-04-20 17:04:54 +02:00
Andreas Schneider
0588cbf9d4
Bump version to 0.7.5
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
libssh-0.7.5
2017-04-13 16:33:04 +02:00
Andreas Schneider
a7cce77550
buffer: Validate the length before before memory allocation
...
Check if the size the other party sent is a valid size in the
transmitted buffer.
Thanks to Alex Gaynor for finding and reporting the issue.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 68b7ca6e92 )
2017-04-13 16:28:18 +02:00
Andreas Schneider
5e63b40cde
buffer: Create ssh_buffer_validate_length()
...
This functions allows if a given length can be obtained from the buffer.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit c165c396de )
2017-04-13 16:27:33 +02:00
Alex Hermann
7b8b5eb4ea
config: Only use first occurence of each parameter
...
ssh_config's manpage says:
"For each parameter, the first obtained value will be used."
Make libssh adhere to this rule.
BUG: https://red.libssh.org/issues/256
Signed-off-by: Alex Hermann <alex@hexla.nl >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 5f202d7ffa )
2017-04-13 16:10:10 +02:00
Alex Hermann
8dc3d883b8
config: Don't expand Host variable
...
Tokens are not allowed (according to the manpage).
Expansion was introduced by a wrong fix for #127 .
This commit reverts part of 6eea08a9ef
Signed-off-by: Alex Hermann <alex@hexla.nl >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit c3a8b5009f )
2017-04-13 16:10:09 +02:00
Alex Hermann
24a3f7020c
config: Support expansion in the HostName variable
...
BUG: https://red.libssh.org/issues/127
The original "fix" for 127 was expanding the wrong variable: Host instead
of HostName.
Signed-off-by: Alex Hermann <alex@hexla.nl >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 9ef7e90821 )
2017-04-13 16:10:07 +02:00
Yanis Kurganov
f74d5d5df4
session: Add SSH1 support in ssh_send_debug()
...
Signed-off-by: Yanis Kurganov <ykurganov@ptsecurity.com >
Reviewed-by: Andreas Schneider <asn@samba.org >
(cherry picked from commit 38cb19268a )
2017-04-11 17:40:58 +02:00
Yanis Kurganov
7a21187fb9
session: Add SSH1 support in ssh_send_ignore()
...
Signed-off-by: Yanis Kurganov <ykurganov@ptsecurity.com >
Reviewed-by: Andreas Schneider <asn@samba.org >
(cherry picked from commit 72fdb4867e )
2017-04-11 17:40:57 +02:00
Max Bachmann
439d3039e3
messages: Utilize the message queue for SSH_REQUEST_GLOBAL.
...
Signed-off-by: Max Bachmann <mabahltm@gmail.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 3ec8babfaf )
2017-04-11 09:55:46 +02:00
Andreas Schneider
61cbf160a0
cmake: Fix GCRYPT_ROOT_DIR and check correct paths
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 462c7726c3 )
2017-04-11 09:55:05 +02:00
Andreas Schneider
ce029c0735
pki: Use byte mode for fopen()
...
BUG: https://red.libssh.org/issues/251
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit de369b46b1 )
2017-02-03 13:19:24 +01:00
Andreas Schneider
8a2deeb3cc
Bump version to 0.7.4
libssh-0.7.4
2017-02-03 09:47:18 +01:00
Andreas Schneider
40164c348e
Update ChangeLog
2017-02-03 09:47:09 +01:00
Tilo Eckert
9d7f873fd3
session: Add missing ifdef that prevented Windows builds
...
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 4f392ebc7e )
2016-11-25 13:11:37 +01:00
Andreas Schneider
c5d320811b
sftpserver: Fix SSH_FXP_FSTAT arguments
...
Thanks to Игорь Коваленко <igor.a.kovalenko@gmail.com >
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 47d21b6420 )
2016-11-07 19:56:10 +01:00
Andreas Schneider
410f722ae5
misc: Use simpler macros for htonll and ntohll
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 52efbc3a23 )
2016-11-07 09:43:09 +01:00
Andreas Schneider
8155b3c0a0
cmake: Always check for strtoull
...
This fixes building with different compilers on Windows
BUG: https://red.libssh.org/issues/225
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit fab85b495e )
2016-11-06 11:42:04 +01:00
Andreas Schneider
6836ffa103
options: Fix log level documentation
...
BUG: https://red.libssh.org/issues/210
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 801bc29494 )
2016-11-05 17:16:14 +01:00
Andreas Schneider
b62b822100
cmake: Correctly check for *snprintf functions on Windows
...
BUG: https://red.libssh.org/issues/205
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 1bf6c965e4 )
2016-11-05 16:41:50 +01:00
Andreas Schneider
849f5db5d1
config: Fix build warning
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
2016-11-05 16:33:29 +01:00
Pino Toscano
a6493efcae
sftp: Fix memory leak in sftp_fstat
...
When parsing the result of a successful fstat call, make sure to free
the resulting reply message.
Signed-off-by: Pino Toscano <ptoscano@redhat.com >
Reviewed-by: Andreas Schneider <asn@samba.org >
(cherry picked from commit bc78383fac )
2016-10-22 16:04:00 +02:00
Andreas Schneider
1b0bf852be
sftp: Correctly check for EOF else keep spinning if there is no data
...
This fixes an issue introduced with
dbf72ffba2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit f561e6bcb3 )
2016-10-07 13:37:48 +02:00
Andreas Schneider
2b3185ec29
gssapi: Use correct return code in ssh_gssapi_auth_mic()
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
(cherry picked from commit 83421c0e8c )
2016-10-06 19:39:06 +02:00