Fix two memory leaks in `ssh_get_pubkey_hash` for some error paths.
The local `h` buffer and `ctx` MD5 context each must be free'd for
the SSH_ERROR cases.
Introduced with 16217454d5.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fix `ssh_get_pubkey_hash` indentation to use softabs
with 4 spaces. No change in behavior.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Ensure to provide the `ssh_string` pubkey blob to the buffer packing
routine when computing the SSH_MSG_KEXDH_REPLY message, rather than
the new `ssh_key` type.
Introduced with 16217454d5.
Testing done: with this change, the `pkd_hello` test is passing on a
mbedTLS build for me. Previously it would segfault during pubkey
exchange with "ecdh-sha2-nistp256".
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Ensure to provide the `ssh_string` pubkey blob to the buffer packing
routine when computing the SSH_MSG_KEXDH_REPLY message, rather than
the new `ssh_key` type.
Introduced with 16217454d5.
Testing done: with this change, the `pkd_hello` test is passing on a
libgcrypt build for me. Previously it would segfault during pubkey
exchange with "ecdh-sha2-nistp256".
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Ensure to provide the `ssh_string` pubkey blob to the buffer packing
routine when computing the SSH_MSG_KEXDH_REPLY message, rather than
the new `ssh_key` type.
Introduced with 16217454d5.
Testing done: with this change, `pkd_hello` test is passing on an
OpenSSL 1.1.0 build for me. Previously it would segfault during
pubkey exchange with "ecdh-sha2-nistp256".
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This is a regression introduced by 16217454d5
We import the pubkey into current_crypto which is NULL instead of
next_crypto.
Fixes T90
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
This allows compiling and testing with undefined sanitizer.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This allows compiling and testing with undefined sanitizer.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Add a new option SSH_OPTIONS_NODELAY to enable or disable the
Nagle Algorithm (TCP_NODELAY) on the session socket.
Improved performance can be achieved for some applications like
sftp servers by enabling SSH_OPTIONS_NODELAY as typically, the
next request won't arrive until the server replies, which are
typically small writes.
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Useful on Windows platforms where SecureZeroMemory is available.
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
ssh_connector_free fails to remove the in/out channel callbacks
as ssh_connector_remove_event sets the in/out channel variables
to NULL.
Have ssh_connector_free, remove the channel callbacks first before
invoking ssh_connector_remove_event.
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
POLLHUP needs to be checked on in_fd, which may be a pipe.
A pipe in Linux signals EOF through POLLHUP (see:
http://www.greenend.org.uk/rjk/tech/poll.html)
Without checking POLLHUP, a client could spin up indefinetely
doing ssh_event_dopoll.
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
