isblank() is only defined for unsigned char values (or EOF). Passing a plain char can be undefined behaviour on platforms where char is signed and the input contains bytes with the high bit set. Cast the tokenizer inputs to unsigned char before calling isblank() so these ctype calls stay within their defined domain.
Signed-off-by: Nuhiat-Arefin <nuhiatarefin@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/806>
Add a CI job that compiles headers under include/libssh in isolation to catch include-order dependencies.
The job uses an allowlist for existing standalone-compilation failures, reports regressions separately, and structures the log for easier review in GitLab.
Keep the check scoped to public headers, make the build directory configurable, and keep allowlist cleanup visible without failing the job just because the list can be reduced.
Signed-off-by: Himaneesh Mishra <himaneeshmishra@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/751>
Replace all usages on atoi() in examples with strtol() and add validation
for the same.
Signed-off-by: Manas Trivedi <manas.trivedi.020@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
There were few leftovers of strerror() after the introduction of
ssh_strerror() some years back so this replaces the outstanding
cases with the portable and thread safe variant.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Use the new name sftp_strerror() to better describe the reality.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Ensure ssh and sftp error codes are consistently set across all
failure paths in sftp_init(). One branch previously returned
-1 leading to ambiguous error reporting.
Signed-off-by: Manas Trivedi <manas.trivedi.020@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The RFC 4253, Section 8 says that the
Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be
sent or accepted by either side. If this condition is violated, the
key exchange fails.
Originally reported by Oren Yomtov
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
Do this both for SSH2_MSG_CHANNEL_OPEN and for
SSH2_MSG_CHANNEL_OPEN_CONFIRMATION. Using the
max packet size 0 would lead to an infinite loop
in channel_write_common.
Originally reported by Rinku Das on on 23th February.
Independently reported by Yi Lin on 26th February and
Haruto Kimura on 22nd March.
We do not consider this as a security issue as connecting
to untrusted servers on the internet brings much worse
security consequences than hanging your clinet.
Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Both examples only depend on getopt, which is now provided by the
bundled fallback. Include the getopt wrapper header and move them
out of the UNIX-only build guard.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Add torture_getopt.c with 11 test cases covering basic option parsing,
arguments, optional arguments, unknown options, missing arguments,
BADARG colon behavior, double-dash termination, combined options,
optind advancement, reset behavior, and no-options edge case.
Registered in the unit test CMakeLists.txt.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Remove _MSC_VER guards from torture_options_getopt and
torture_options_getopt_o_option so they run unconditionally,
now that a bundled getopt fallback is available.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Include the new platform-independent getopt wrapper header and remove
the #ifdef _MSC_VER guard that disabled ssh_options_getopt() on MSVC.
The function is now compiled unconditionally on all platforms.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Add include/libssh/getopt.h that transparently includes the system
<getopt.h> when available, or declares the bundled fallback interface
otherwise.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Add a portable getopt() fallback for platforms that lack it (e.g. MSVC).
Based on FreeBSD lib/libc/stdlib/getopt.c (BSD-3-Clause), adapted by
replacing FreeBSD internal headers and _getprogname() with standard C
equivalents. Only compiled when HAVE_GETOPT is not defined.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Add CMake checks for the getopt function and getopt.h header to
prepare for a bundled getopt fallback on platforms that lack it
(e.g. MSVC).
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Merge ssh_key_type_from_signature_name() and ssh_key_hash_from_name()
into a single function ssh_key_type_and_hash_from_signature_name() to:
- Avoid double string comparisons on the same algorithm name
- Return SSH_ERROR on unknown/NULL input instead of silently returning SSH_DIGEST_AUTO
- Use strlen() before strcmp() to short-circuit string comparisons.
Handle GSSAPI "null" hostkey case in wrapper.c.
Add unit tests for the new function.
Fixes: https://gitlab.com/libssh/libssh-mirror/-/issues/355
Signed-off-by: Haythem666 <haythem.farhat@epfl.ch>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
When using OpenSSH scp to read files larger than a few hundred
kilobytes, downloads stall and never finish. A workaround is to
pass -Xnrequests=1 to scp, which will cause scp to only do a
single concurrent SFTP read request at a time.
The cause for the problem is that if SFTP client messages are
received at a high rate, sftp_channel_default_data_callback() will
potentially be called with multiple messages in the incoming data
buffer, but only the first message will be extracted and handled.
So add a loop to extract as many SFTP client messages as available
from the incoming data buffer.
Signed-off-by: Colin Baumgarten <colin.baumgarten@hubersuhner.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
- Add missing @brief, @param, and @return docs across src/ and include/
- Fix blank lines between doc comments and function definitions
- Move function docs from headers to corresponding .c files
- Use named constants (SSH_OK, SSH_ERROR, SSH_TIMEOUT_INFINITE) in docs
- Fix parameter ordering in error.c, buffer.c, log.c docs
- Place #ifdef-guarded docs inside their respective #ifdef blocks
Signed-off-by: Sudharshan Hegde <sudharshanhegde68@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
