isblank() is only defined for unsigned char values (or EOF). Passing a plain char can be undefined behaviour on platforms where char is signed and the input contains bytes with the high bit set. Cast the tokenizer inputs to unsigned char before calling isblank() so these ctype calls stay within their defined domain.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/806>
Add a CI job that compiles headers under include/libssh in isolation to catch include-order dependencies.
The job uses an allowlist for existing standalone-compilation failures, reports regressions separately, and structures the log for easier review in GitLab.
Keep the check scoped to public headers, make the build directory configurable, and keep allowlist cleanup visible without failing the job just because the list can be reduced.
Signed-off-by: Himaneesh Mishra <himaneeshmishra@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/751>
Replace all usages on atoi() in examples with strtol() and add validation
for the same.
Signed-off-by: Manas Trivedi <manas.trivedi.020@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
There were few leftovers of strerror() after the introduction of
ssh_strerror() some years back so this replaces the outstanding
cases with the portable and thread safe variant.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Use the new name sftp_strerror() to better describe the reality.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Ensure ssh and sftp error codes are consistently set across all
failure paths in sftp_init(). One branch previously returned
-1 leading to ambiguous error reporting.
Signed-off-by: Manas Trivedi <manas.trivedi.020@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The RFC 4253, Section 8 says that the
Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be
sent or accepted by either side. If this condition is violated, the
key exchange fails.
Originally reported by Oren Yomtov
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
Do this both for SSH2_MSG_CHANNEL_OPEN and for
SSH2_MSG_CHANNEL_OPEN_CONFIRMATION. Using the
max packet size 0 would lead to an infinite loop
in channel_write_common.
Originally reported by Rinku Das on on 23th February.
Independently reported by Yi Lin on 26th February and
Haruto Kimura on 22nd March.
We do not consider this as a security issue as connecting
to untrusted servers on the internet brings much worse
security consequences than hanging your clinet.
Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Both examples only depend on getopt, which is now provided by the
bundled fallback. Include the getopt wrapper header and move them
out of the UNIX-only build guard.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Add torture_getopt.c with 11 test cases covering basic option parsing,
arguments, optional arguments, unknown options, missing arguments,
BADARG colon behavior, double-dash termination, combined options,
optind advancement, reset behavior, and no-options edge case.
Registered in the unit test CMakeLists.txt.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Remove _MSC_VER guards from torture_options_getopt and
torture_options_getopt_o_option so they run unconditionally,
now that a bundled getopt fallback is available.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Include the new platform-independent getopt wrapper header and remove
the #ifdef _MSC_VER guard that disabled ssh_options_getopt() on MSVC.
The function is now compiled unconditionally on all platforms.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Add include/libssh/getopt.h that transparently includes the system
<getopt.h> when available, or declares the bundled fallback interface
otherwise.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Add a portable getopt() fallback for platforms that lack it (e.g. MSVC).
Based on FreeBSD lib/libc/stdlib/getopt.c (BSD-3-Clause), adapted by
replacing FreeBSD internal headers and _getprogname() with standard C
equivalents. Only compiled when HAVE_GETOPT is not defined.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
