and provide helpful warning message
CID 1533680: Memory - illegal accesses (OVERRUN)
Thanks coverity
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Since sftp_init() returns 0 on success, < 0 on error with ssh error set. This
change sets the appropriate ssh error when the SSH_FXP_VERSION packet cannot be
unpacked and sftp_init() return with -1.
Signed-off-by: Ajit Singh <ajeetsinghchahar2@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
fix: memory leak
fix: add defaults after parsing
fix: set defaults in ssh_bind_listen
tests: add test for checking default hostkey paths
remove: null check for hostkey paths, can't happen since we set defaults now
examples: ssh_server remove "no default keys", default hostkeys set in ssh_bind_listen
Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Find the path to the library using cmake and enable this sort of logging only
with TORTURE_PKCS11 environment variable.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
The gcc should be able to select this automatically based on the presence of
-pthread is present on the commandline, but given that we link the tests static,
we do not have this?
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The OpenSSH as part of the new test torture_request_pty_modes attempts to chown
the pty to the faked user, which is obviously not permitted when the test does
not run as a root. But since all the permissions for SSH are faked, just
ignoring these requests should be safe enough giving expected results.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
When opening a PTY on the server, try to use the current TTY's settings
(i.e. based on STDIN). If that fails or STDIN isn't a TTY, use default
modes that avoid any character translation.
Don't rely on stdin to be a TTY (breaks CI). Instead, open a PTY and
temporarily use that as "fake" stdin.
Signed-off-by: Daniel Evers (daniel.evers@utimaco.com)
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Added the new function `ssh_channel_request_pty_size_modes` which allows
to pass additional encoded SSH terminal modes (see opcodes in RFC 4245).
Signed-off-by: Daniel Evers (daniel.evers@utimaco.com)
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Imported targets are highly preferred over the individual variables
for includes and libs because they will be used in a coherent way
and any spelling mistakes or unavailability won't go unnoticed.
Also it will prevent bugs like conan-io/conan-center-index#16900
or using mismatching header/libs combinations.
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
because if a fallback happens, the WITH_(GCRYPT|MBEDTLS) variables
do not match the selection, anymore. Also a silent fallback is pretty
bad if it is unnoticed.
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Socket paths have a length limit, and depending on the working directory of the
source code, these tests occasionally fail if the path is too long. Avoid this
by using a template string that is absolute and in /tmp, which should avoid the
socket path length issues.
This fixes building libssh with pkcs11 provider support in 'fedpkg mockbuild'.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Fix read file with fgets and remove memory leaks
Remove use of ssh_pki_import_pubkey_file in ssh server and update max line size
Fix example server line no. and formatting
Fix check for leading whitespace in line
Reformat to avoid nesting
Remove setting sdata->authenticated to 0, the default is 0
Better error messages and handle case for fgets failing
Increment lineno at start
Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Malicious code can be injected using the username with metacharacters,
therefore the username must be validated before using it with any %u.
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
A section has been added to explain the capping applied by the
sftp aio API. Also the example codes have been changed such that
they expect sftp_aio_begin_*() functions to return an ssize_t
indicating the number of bytes it requested the server to
read/write.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
