Commit Graph

3316 Commits

Author SHA1 Message Date
Andreas Schneider
3567524fb2 torture: Add torture_setup_socket_dir().
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 13f68fc2)
2018-10-02 16:31:32 +02:00
Andreas Schneider
4814c188eb tests: Add ssh host keys for test environment.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit c2d63627)
2018-10-02 16:31:16 +02:00
Andreas Schneider
a317188cb7 cmake: Search for cwrap and sshd.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 6596d27e)
2018-10-02 16:29:17 +02:00
Andreas Schneider
1d4151e51f libcrypt: Add missing header for compat
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-30 14:10:32 +02:00
Andreas Schneider
c228fa7631 pki: Fix duplicating ed25519 public keys
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 816234350d)
2018-06-29 17:18:12 +02:00
Andreas Schneider
9658d36087 kex1: Add missing NULL check in make_rsa1_string()
CID 1388445

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c705fb6e3b)
2018-06-29 17:17:27 +02:00
Nikos Mavrogiannopoulos
bbaa3dc869 kex1: Use libcrypto-compat.h for RSA_get0_key with OpenSSL
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a95bc8a016)
2018-06-29 17:17:03 +02:00
Andreas Schneider
4f10d6cd57 kex1: Fix building with OpenSSL 1.1+
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8d65edb41f)
2018-06-29 17:16:49 +02:00
Meng Tan
2209fcace3 Set channel as bound when accepting channel open request
Signed-off-by: Meng Tan <mtan@wallix.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f19158cadf)
2018-06-29 17:16:06 +02:00
Andreas Schneider
a1847660a3 pki: Fix random memory corruption
Fixes T78

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1444ae5add)
2018-06-29 17:12:46 +02:00
Jon Simons
e2b48dc662 libcrypto: fix resource leak in hmac_final
Fix a resource leak in `hmac_final`: say `HMAC_CTX_free` instead
of `HMAC_CTX_reset`.  This matches the error handling as done in
`hmac_init`.  Introduced with cf1e808e2f.

The problem is reproducible running the `pkd_hello` test with:

    valgrind --leak-check=full ./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_default

Resolves https://red.libssh.org/issues/252.

Cherry-picked from a64ddff3fe

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 17:08:54 +02:00
Jon Simons
1a5b6ac472 libcrypto-compat: fix HMAC_CTX_free for OpenSSL < 1.1.0
On older OpenSSL versions, the EVP_MD_CTX fields within an HMAC_CTX
structure are contained inlined (change here [1]): be sure to not
try to free those fields on those builds.

Found running the `pkd_hello` test with:

    valgrind ./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_default

^ valgrind will cite "Invalid free() ..." errors which are present
before this fix and absent after, when building with OpenSSL 1.0.1.

[1] 6e59a892db

Cherry-picked from 25384e9558

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 17:08:54 +02:00
Andreas Schneider
0dd7a963a9 cmake: Only build libcrypto and libcrypto-compat when needed
This also fixes the gcrypt build.

Cherry-picked from 2f6a866373

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 17:08:54 +02:00
Andreas Schneider
1642cec280 cmake: Use configure check for CRYPTO_ctr128_encrypt
Cherry-picked from 3daf1760a1

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 17:08:54 +02:00
Jakub Jelen
2f1c6668e7 pki_crypto: Use getters and setters for opaque keys and signatures
This is for OpenSSL 1.1.0 support.

Cherry-picked from 3341f49a49

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 17:08:54 +02:00
Jakub Jelen
fbeecf388c libcrypto: Use a pointer for EVP_MD_CTX
This is for OpenSSL 1.1.0 support.

Cherry-picked from 607c671f67

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 17:08:54 +02:00
Jakub Jelen
7933756b5a libcrypto: Use newer API for HMAC
This is for OpenSSL 1.1.0 support.

Cherry-picked from cf1e808e2f

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 17:08:54 +02:00
Jakub Jelen
837e367d2d libcrypto: Introduce a libcrypto compat file
This is for OpenSSL 1.1.0 support.

Cherry-picked from b6cfde8987

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 17:08:54 +02:00
Jakub Jelen
f81c3ada9c libcrypto: Remove AES_ctr128_encrypt()
This is for OpenSSL 1.1.0.

Cherry-picked from d73f665edd

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 17:08:54 +02:00
Artyom V. Poptsov
83663895f4 config: Bugfix: Don't skip unseen opcodes
libssh fails to read the configuration from a config file due to a
wrong check in 'ssh_config_parse_line' procedure in 'config.c'; it's
effectively skipping every opcode (and therefore every option) from
the file.  The change fixes that behaviour.

Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5333be5988)
2018-06-29 17:08:54 +02:00
Andreas Schneider
239d0f75b5 messages: Do not leak memory of previously allocated answers
Found by ozz-fuzz

BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1222

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 7c79b5c154)
2017-04-25 16:21:11 +02:00
Andreas Schneider
d88cc720fb messages: Do not leak memory if answeres had been allocated previously
Found by ozz-fuzz

BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1222

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5eb41492c4)
2017-04-24 13:28:17 +02:00
Andreas Schneider
ee13becf9c messages: Do not leak memory if answered had been allocated previously
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1184

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c78c6c6542)
2017-04-21 11:14:51 +02:00
Andreas Schneider
95b2dbbeca misc: Validate integers converted from the SSH banner
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1181

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d5d8349224)
2017-04-21 11:14:46 +02:00
Andreas Schneider
02c0a3b99b messages: Fix memory leaks in the ssh_packet_global_request callback
BUG: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1208

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 67a2ba6f99)
2017-04-21 11:14:42 +02:00
Andreas Schneider
419731a189 auth: Use calloc in ssh_userauth_agent_pubkey()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 79437fa0c9)
2017-04-21 11:14:39 +02:00
Peter Volpe
2ac987bce9 session: Free session->kbdint in ssh_free()
Makes sure we free pending keyboard auth prompts
so prompts that have not be replied to do not leak.

Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 76ba2b0055)
2017-04-20 17:04:54 +02:00
Andreas Schneider
0588cbf9d4 Bump version to 0.7.5
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
libssh-0.7.5
2017-04-13 16:33:04 +02:00
Andreas Schneider
a7cce77550 buffer: Validate the length before before memory allocation
Check if the size the other party sent is a valid size in the
transmitted buffer.

Thanks to Alex Gaynor for finding and reporting the issue.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 68b7ca6e92)
2017-04-13 16:28:18 +02:00
Andreas Schneider
5e63b40cde buffer: Create ssh_buffer_validate_length()
This functions allows if a given length can be obtained from the buffer.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c165c396de)
2017-04-13 16:27:33 +02:00
Alex Hermann
7b8b5eb4ea config: Only use first occurence of each parameter
ssh_config's manpage says:
"For each parameter, the first obtained value will be used."

Make libssh adhere to this rule.

BUG: https://red.libssh.org/issues/256

Signed-off-by: Alex Hermann <alex@hexla.nl>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5f202d7ffa)
2017-04-13 16:10:10 +02:00
Alex Hermann
8dc3d883b8 config: Don't expand Host variable
Tokens are not allowed (according to the manpage).
Expansion was introduced by a wrong fix for #127.

This commit reverts part of 6eea08a9ef

Signed-off-by: Alex Hermann <alex@hexla.nl>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c3a8b5009f)
2017-04-13 16:10:09 +02:00
Alex Hermann
24a3f7020c config: Support expansion in the HostName variable
BUG: https://red.libssh.org/issues/127

The original "fix" for 127 was expanding the wrong variable: Host instead
of HostName.

Signed-off-by: Alex Hermann <alex@hexla.nl>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 9ef7e90821)
2017-04-13 16:10:07 +02:00
Yanis Kurganov
f74d5d5df4 session: Add SSH1 support in ssh_send_debug()
Signed-off-by: Yanis Kurganov <ykurganov@ptsecurity.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 38cb19268a)
2017-04-11 17:40:58 +02:00
Yanis Kurganov
7a21187fb9 session: Add SSH1 support in ssh_send_ignore()
Signed-off-by: Yanis Kurganov <ykurganov@ptsecurity.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 72fdb4867e)
2017-04-11 17:40:57 +02:00
Max Bachmann
439d3039e3 messages: Utilize the message queue for SSH_REQUEST_GLOBAL.
Signed-off-by: Max Bachmann <mabahltm@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 3ec8babfaf)
2017-04-11 09:55:46 +02:00
Andreas Schneider
61cbf160a0 cmake: Fix GCRYPT_ROOT_DIR and check correct paths
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 462c7726c3)
2017-04-11 09:55:05 +02:00
Andreas Schneider
ce029c0735 pki: Use byte mode for fopen()
BUG: https://red.libssh.org/issues/251

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit de369b46b1)
2017-02-03 13:19:24 +01:00
Andreas Schneider
8a2deeb3cc Bump version to 0.7.4 libssh-0.7.4 2017-02-03 09:47:18 +01:00
Andreas Schneider
40164c348e Update ChangeLog 2017-02-03 09:47:09 +01:00
Tilo Eckert
9d7f873fd3 session: Add missing ifdef that prevented Windows builds
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 4f392ebc7e)
2016-11-25 13:11:37 +01:00
Andreas Schneider
c5d320811b sftpserver: Fix SSH_FXP_FSTAT arguments
Thanks to Игорь Коваленко <igor.a.kovalenko@gmail.com>

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 47d21b6420)
2016-11-07 19:56:10 +01:00
Andreas Schneider
410f722ae5 misc: Use simpler macros for htonll and ntohll
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 52efbc3a23)
2016-11-07 09:43:09 +01:00
Andreas Schneider
8155b3c0a0 cmake: Always check for strtoull
This fixes building with different compilers on Windows

BUG: https://red.libssh.org/issues/225

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit fab85b495e)
2016-11-06 11:42:04 +01:00
Andreas Schneider
6836ffa103 options: Fix log level documentation
BUG: https://red.libssh.org/issues/210

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 801bc29494)
2016-11-05 17:16:14 +01:00
Andreas Schneider
b62b822100 cmake: Correctly check for *snprintf functions on Windows
BUG: https://red.libssh.org/issues/205

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1bf6c965e4)
2016-11-05 16:41:50 +01:00
Andreas Schneider
849f5db5d1 config: Fix build warning
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-05 16:33:29 +01:00
Pino Toscano
a6493efcae sftp: Fix memory leak in sftp_fstat
When parsing the result of a successful fstat call, make sure to free
the resulting reply message.

Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit bc78383fac)
2016-10-22 16:04:00 +02:00
Andreas Schneider
1b0bf852be sftp: Correctly check for EOF else keep spinning if there is no data
This fixes an issue introduced with
dbf72ffba2

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f561e6bcb3)
2016-10-07 13:37:48 +02:00
Andreas Schneider
2b3185ec29 gssapi: Use correct return code in ssh_gssapi_auth_mic()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 83421c0e8c)
2016-10-06 19:39:06 +02:00