shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 12:20:42 +09:00
Code Issues Packages Projects Releases Wiki Activity
6,397 Commits 12 Branches 62 Tags
53ac23ded4cb2c5463f6c4cd1525331bd578812d
Commit Graph

6397 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andreas Schneider
53ac23ded4 CVE-2025-8114: Fix NULL pointer dereference after allocation failure 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-08-14 10:32:55 +02:00
Jakub Jelen
ffed80f8c0 CVE-2025-8277: mbedtls: Avoid leaking ecdh keys 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-14 10:32:24 +02:00
Jakub Jelen
9ada7aa0e4 CVE-2025-8277: wrapper: Free cv25519 private key on cleanup 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-14 10:32:19 +02:00
Jakub Jelen
d357a9f3e2 tests: Invoke all combinations of wrong guesses during rekey 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-14 10:32:13 +02:00
Jakub Jelen
c9d95ab0c7 CVE-2025-8277: ecdh: Free previously allocated pubkeys 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-14 10:32:10 +02:00
Francesco Rollo
ccff22d378 CVE-2025-8277: Fix memory leak of unused ephemeral key pair after client's wrong KEX guess 
Signed-off-by: Francesco Rollo <eferollo@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-14 10:32:05 +02:00
Jakub Jelen
4310a696f2 CVE-2025-8277: packet: Adjust packet filter to work when DH-GEX is guessed wrongly 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-14 10:31:51 +02:00
Jakub Jelen
771e19a7a9 tests: Enable all key exchange methods in ssh_ping 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-14 10:31:30 +02:00
Jakub Jelen
118a747acd socket: Free poll handle when resetting socket state 
Since 07cb0be12 we are not closing the user provided FDs,
but the above change also resulted in memory leak during
ssh_disconnect that left the poll_handle allocated during
reset.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-12 12:13:31 +02:00
Jakub Jelen
5691e0f609 poll: Initialize ssh_poll_handle pointers 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-12 12:13:31 +02:00
Jakub Jelen
5a6e2fd02a poll: Fix memory leak on failed realloc() 
In cases where this is the initial allocation, the shrinking of the polltrs
buffer would result in 0B realloc, which really does not make sense. Also,
when this second realloc fails, the memory is never freed as the outer code
believes there is nothing allocated on the poll_ctx

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-12 12:13:31 +02:00
Jakub Jelen
e8099375fe poll: Check return value of ssh_poll_ctx_add() 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-12 12:13:27 +02:00
Jakub Jelen
d00f267bc6 Make ssh_socket_set_fd() return errors 
and properly check the return value where it is used

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-12 12:12:47 +02:00
Jakub Jelen
35d337834b options: Avoid memory leaks on allocation failures 
When allocation during tilde expansion fails, libssh could
leak a memory.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-12 12:12:47 +02:00
Jakub Jelen
ba1e8303f8 reformat remains of poll.c 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-12 12:12:43 +02:00
Jakub Jelen
ef50a3c0f0 tests: Remove tests of operations on freed channels 
These tests are flaky because even though the care was taken to guess if
the ssh_channel_free() really freed the channel, it might not always be correct
and call to operation on the freed channel results in use after free.

Generally, no operation should be called after the channel is freed by the user.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-06 11:18:45 +02:00
Jakub Jelen
e7cffe7e1b pki: Simplify ed25519 private key duplication 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-06 11:18:20 +02:00
Jakub Jelen
d1bf9068a9 Use calloc instead of zeroizing structure after malloc 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-06 11:16:58 +02:00
Jakub Jelen
737f9ecc3c agent: Reformat the rest of the file 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-08-06 11:16:58 +02:00
Praneeth Sarode
cc667021e5 tests(pki): add torture tests for security keys 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-08-01 15:28:58 +05:30
Praneeth Sarode
f9f8c939bc tests(pki): add security key testing helper functions to torture library 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-08-01 15:28:54 +05:30
Praneeth Sarode
aab6ce364a tests(pki): add sk type keys to the testing infrastructure 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-08-01 15:28:41 +05:30
Praneeth Sarode
0cec257077 pki: add security key file import/export functionality 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-08-01 15:28:36 +05:30
Praneeth Sarode
957efe51a2 format(pki): format the pki_import_privkey_buffer function 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-08-01 00:29:27 +05:30
Praneeth Sarode
bb85492d4f feat(pki): add support for SK key types in signature handling 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-07-30 23:00:53 +05:30
Praneeth Sarode
22c1b6970c pki: add security key fields to ssh_key_struct and update compare, copying and cleaning functions 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-07-30 22:47:59 +05:30
Praneeth Sarode
09155adb19 tests(string): add unit tests for ssh_string_cmp function 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-07-30 16:06:32 +02:00
Praneeth Sarode
95f8cbc7f0 feat(string): add ssh_string_cmp function for comparing ssh_strings 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-07-30 16:06:31 +02:00
Praneeth Sarode
3423399f98 fix(pki): remove redundant key type_c assignment in pki_import_pubkey_buffer 
We already assign the correct key type_c using ssh_key_type_to_char before this point.

Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-07-30 16:05:52 +02:00
Praneeth Sarode
ccbec9c275 fix(pki): remove redundant key type_c assignment in build pubkey and privkey functions 
Whenever the pki_pubkey_build_ecdsa and pki_privkey_build_ecdsa functions are called, the key type assignment is already done. So, we don't need to assign it again. Moreover, because the pki_key_ecdsa_nid_to_name function was used, for key types like the SSH_KEYTYPE_SK_ECDSA, we assign the wrong type string to the key, based on the nid.

Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-07-30 16:05:51 +02:00
Praneeth Sarode
ed52c88a03 feat(misc): add burn_free function and BURN_FREE macro for secure memory deallocation 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-07-30 12:35:12 +02:00
Till Wimmer
0f0ac314d2 session: add err messages for most common WSA error codes (+ applied clang-format to file) 
Signed-off-by: Till Wimmer <github@tonarchiv.ch>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
 2025-07-30 12:33:42 +02:00
Navid Fayezi
95e4c39e8a Refactor: fix inconsistency in ssh_callback_struct 
Signed-off-by: Navid Fayezi <navidfayezi.98@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-07-30 12:31:07 +02:00
Jakub Jelen
8c89633a45 pki: Avoid possible memory leak 
Actually the condition was duplicated at the beginning of the function and this
one could not be hit (again), but it is an error to be fixed anyway.

Thanks Coverity!

CID 1618865

CID 1618864

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-07-29 15:39:37 +02:00
Rémi Coulom
8069679033 remove unused ssh_string in ssh_channel_open_forward_unix 
Signed-off-by: Rémi Coulom <remi.coulom@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-07-25 19:52:37 +02:00
Jakub Jelen
c2e9d39dbe tests: Fix build script to work also on MacOS correctly 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-07-25 16:40:56 +02:00
Jakub Jelen
ab44f606b2 tests: Add more valgrind supressions for krb5 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-07-25 13:20:15 +02:00
Jakub Jelen
444982b38a tests: Avoid needless call to pthread_exit() 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-07-25 13:20:15 +02:00
Jakub Jelen
3df61a4e86 pkd: Cleanup OpenSSL context 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-07-25 13:20:15 +02:00
Jakub Jelen
961c79637c options: Fix possible memory leaks on error conditions when setting keys for bind 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-07-25 13:20:15 +02:00
Jakub Jelen
7eefbbd478 tests: Cleanup OpenSSL in the forked server processes 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-07-25 13:20:15 +02:00
Jakub Jelen
c4c28c6473 tests: Skip test leaking handle under valgrind 
This is leaking memory allocated in process_open(), which is stored in the
handles list in the sftpserver session. Given that the data is provided by the
use callbacks, we can not universally free them on our side, but we should, in
the long term, introduce some way for the implementers to free outstanding
handles that were not closed by misbehaving clients.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-07-25 13:20:15 +02:00
Jakub Jelen
08a32ac381 tests: Cleanup OpenSSL in tests when GSSAPI is built 
also from the fuzzer tests

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-07-25 13:20:15 +02:00
Jakub Jelen
62762bbbc9 Cleanup the loaded pkcs11 provider 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-07-25 13:20:15 +02:00
Jakub Jelen
ab3e08c2b5 Finalize OpenSSL context from tests to make the valgrind output clean 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-07-25 13:20:15 +02:00
Jakub Jelen
809898b980 tests: Adjust valgrind supression to match new calls stack 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-07-25 13:20:15 +02:00
Jakub Jelen
51bd08027e CentOS 9 and 10 were updated to OpenSSL 3.5 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2025-07-25 13:20:15 +02:00
Praneeth Sarode
0b4b71cc11 fix(callbacks): make is_callback_valid's behaviour consistent with its name 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-07-24 16:10:54 +02:00
Praneeth Sarode
5d3ef7261c refactor(callbacks): reformat to improve readability 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-07-24 16:10:53 +02:00
Jakub Jelen
9817392e26 pkd: Run hmac-sha1 tests with OpenSSH 
This was initially in hurry disabled in
ca4c874a9e because dropbear dropped support for
these HMACs. The follow-up commit enabled running these tests on old dropbear in
c17112f070, but still did not run them on openssh,
when the new dropbear was installed.

This fixes up the above commit to run the HMAC-SHA1 tests with OpenSSH even if
the new dropbear is installed.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-07-24 16:09:55 +02:00