When parsing the result of a successful fstat call, make sure to free
the resulting reply message.
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit bc78383fac)
This saves a round-trip with SSHv2 connecting to the server. See RFC
4253 section 5.2 (New Client, Old Server).
Thanks to Yang Yubo <yang@yangyubo.com> for the suggestion.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1da5c94b44)
According to RFC 4253 the max banner length is 255.
Thanks to Saju Panikulam <spanikulam@ipswitch.com> for the report.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit cb52ed7b12)
The function is hard to read as the indentation is not correctly
applied.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 22799b107d)
Comply with RFC 4253 compliance section 4.2.
Allow data other than "SSH-" to be sent across prior to the actual
version striong.
Signed-off-by: Ken Reister <reister.kenneth@CIMCOR.COM>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c3ce3d5cc3)
In Cockpit we've seen this memory leak:
at 0x4C2A9C7: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5B76B03: ssh_userauth_agent (auth.c:778)
by 0x40DD5A: cockpit_ssh_authenticate (cockpitsshtransport.c:327)
BUG: https://red.libssh.org/issues/208
Signed-off-by: Stef Walter <stefw@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ffe8b98cc2)
Due to a byte/bit confusion, the DH secret was too short. This file was
completely reworked and will be commited in a future version.
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Documentation now is congruent with the code:
- SSH_OK is returned on success,
- SSH_ERROR is returned on error.
Signed-off-by: Younes Serraj <younes.serraj@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 66c6ae1a55)
This should fix the build on Windows and would not install pkg files.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5b586fdfec)
Implicitly fixed unsafe return code handling that could result in use-after-free.
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0423057424)
Allow callers to specify their own socket
for an ssh agent.
Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 7aeba71a92)
The previous list is not freed. Since the new session just got
created, an identity list is already allocated and empty.
Signed-off-by: Sebastien Boving <seb@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e020dd8d59)
Also consider the host key type at hand when computing whether a
'first_kex_packet_follows' packet matches the current server settings.
Without this change libssh may incorrectly believe that guessed
settings which match by kex algorithm alone fully match: the host
key types must also match. Observed when testing with dropbear
clients.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Return SSH_OK for the case that an incoming SSH_MSG_KEXDH_INIT should be
ignored. That is, for the case that the initial 'first_kex_packet_follows'
guess is incorrect. Before this change sessions served with libssh can be
observed to error out unexpectedly early when testing with dropbear clients
that send an incompatible guess.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
