shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 20:30:38 +09:00
Code Issues Packages Projects Releases Wiki Activity
4,140 Commits 12 Branches 62 Tags
69740ea841d30860ac070ea7b94ca1ececaa0338
Commit Graph

1609 Commits

Author SHA1 Message Date
Andreas Schneider
69740ea841 cmake: Bump library version 
(cherry picked from commit 9c37c8c5a5)
 2018-09-20 17:23:42 +02:00
Chris Townsend
1bb7895cd9 sftpserver: Support some openssh extensions 
Add support for "hardlink@openssh.com" and
"posix-rename@openssh.com" extensions.

Signed-off-by: Chris Townsend <christopher.townsend@canonical.com>
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 6c56c1e0d7)
 2018-09-20 17:23:41 +02:00
Andreas Schneider
a028b88aed pki: Use strndup in ssh_pki_export_privkey_base64() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e4711c469f)
 2018-09-20 17:23:41 +02:00
DavidWed
2db453db16 pki: Add ssh_pki_export_privkey_base64() 
Fixes T53

Signed-off-by: DavidWedderwille <davidwe@posteo.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit d0ce2d1ecd)
 2018-09-20 17:23:41 +02:00
Andreas Schneider
95d0c143b3 dh: Use ssh_get_fingerprint_hash() in ssh_print_hash() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 92aa2cf496)
 2018-09-20 17:23:41 +02:00
Andreas Schneider
3dcdafa6d7 dh: Add ssh_get_fingerprint_hash() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit bbed139eca)
 2018-09-20 17:23:41 +02:00
Anderson Toshiyuki Sasaki
75c446c529 dh: Removed duplicated code 
The code for calculating SHA 512 in ssh_make_sessionid() had been
duplicated; the cases were unified.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 0eab270754)
 2018-09-20 16:35:05 +02:00
Anderson Toshiyuki Sasaki
4a9c32fc81 dh: Add diffie-hellman-group18-sha512 support 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 71594f9d6c)
 2018-09-20 16:35:05 +02:00
Andreas Schneider
1634c5a91a buffer: Don't call va_end() twice 
This is handled in the cleanup.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 2ae2baf9ca)
 2018-09-20 16:35:04 +02:00
Andreas Schneider
034af66338 sftp: Include stdint.h 
Thanks to Apex Liu

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a30d542207)
 2018-09-19 12:42:51 +02:00
Anderson Toshiyuki Sasaki
55c7b93a0a dh: Add diffie-hellman-group16-sha512 support 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d9d3b65df2)
 2018-09-19 12:42:50 +02:00
Harald Sitter
4818cf5606 sftp: fix buffer_unpack argument to be char** rather than char* 
Summary:
buffer variable 's' gets unpacked as char**, the previous code was passing
a char* causing segfaults on all readlink calls inside the unpacking code

Test Plan:
- without patchy examples/samplesftp segfaults in readlink
- with patchy it doesn't

Reviewers: asn

Differential Revision: https://bugs.libssh.org/D14

Signed-off-by: Harald Sitter <sitter@kde.org>
(cherry picked from commit 97cb302c0e)
 2018-09-19 11:56:10 +02:00
Andreas Schneider
316a3a42a4 buffer: Do cleanup if ssh_buffer_unpack() fails in the first loop 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 90373d8394)
 2018-09-19 11:56:10 +02:00
Andreas Schneider
546d9da185 buffer: Fix invalid memory access in ssh_buffer_unpack() 
Found by oss-fuzz.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 07f7fa7806)
 2018-09-19 11:56:09 +02:00
Andreas Schneider
ded4a81ffe sftp: Fix a possible null pointer dereference 
CID 1395721

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit cc83b463ce)
 2018-09-18 13:30:29 +02:00
Jakub Jelen
f7ab481b22 pki: Implement reading public key from OpenSSH private key container 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1226de875b)
 2018-09-18 10:17:32 +02:00
Jakub Jelen
91d8f1a256 pki: Allow reading keys in new OpenSSH format 
This implements reading the OpenSSH key format accross the
cryptographic backends. Most of the code is shared and moved
to pki.c, just the building of the keys is implemented in
pki_privkey_build_*() functions.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 39102224b2)
 2018-09-18 10:17:31 +02:00
Jakub Jelen
4468a78ee2 pki: Use unpack to simplify public key reading 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d23bda8181)
 2018-09-18 10:17:31 +02:00
Jakub Jelen
8f18063b6d buffer: Make sure unpack of secure buffers securely cleans up 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 86d521cbe7)
 2018-09-18 10:17:31 +02:00
Andreas Schneider
a167faee3e libmbedcrypto: Fix creating evp hash 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 856dc698a9)
 2018-09-18 10:17:31 +02:00
Jakub Jelen
0e8f6aaee5 buffer: Reformat ssh_buffer_get_ssh_string 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 4d09c6dc31)
 2018-09-17 19:00:31 +02:00
Jakub Jelen
5d1ddf5920 pki_crypto: Clarify that memory passed with set0 is managed by openssl objects 
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c04eac40f3)
 2018-09-17 19:00:31 +02:00
Jakub Jelen
152ae623c2 pki_mbedcrypto: pki_pubkey_build_rsa: properly clean up on error 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8cc0672c0c)
 2018-09-17 19:00:31 +02:00
Jakub Jelen
e7bd9d02bc pki: Initialize pointers to NULL 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8f7214a584)
 2018-09-17 19:00:31 +02:00
Jakub Jelen
786d7e39a3 buffer: Fix typo 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 039c066da5)
 2018-09-17 19:00:31 +02:00
Andreas Schneider
a14a80f35f auth: Fix ecdsa pubkey auth 
Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit e5170107c9)
 2018-09-17 19:00:31 +02:00
Andreas Schneider
332df98fc9 sftp: Move the packet payload to the message 
This reduces memory allocations and copying.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0762057eb9)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
d4cc3f69c6 sftp: Use SSH_BUFFER_FREE in sftp_message_free() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 57153f6481)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
534c58c475 sftp: Reformat sftp_message_free() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 4c32befd93)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
84fd910423 sftp: Allocate a new buffer in sftp_packet_read() if needed 
We will move the buffer to the message instead of duplicating the
memory.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit be8302e2f3)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
d51f77c2b1 sftp: Reformat sftp_read_and_dispatch() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 97d2e1f4cb)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
47376cbc77 sftp: Validate the packet handle before we allocate memory 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 12fc0ea1bf)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
85c3db3e89 sftp: Reformat sftp_get_message() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 573eab0d51)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
3f8a522c7f sftp: Use bool for is_eof in sftp_packet_read() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0e317e612f)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
eb08802b7c sftp: Use 's' only in the scope it is needed 
This revaled a bug when reading the packet type.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 01135703a3)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
dc587045bf sftp: Use 16K for the transfer buffer size 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c070414309)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
9b495b72c5 sftp: Get the packet type directly from the buffer 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d2cc4eccc7)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
2ce6c56609 sftp: Limit packet size to 256 MB 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 38781f69b0)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
9caef95899 sftp: Directly read and validate the packet size from the bufffer 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit dc4faf9952)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
66c2630aaf sftp: Use read_packet from sftp handle 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit cbbc6ddcb6)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
b8f63ee2df sftp: Simplify the code for reading data 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a7456bf4d5)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
68adb49996 sftp: Reformat sftp_packet_read() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit afc14fe003)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
12e94bfd18 sftp: Keep a ssh_packet for reading in the sftp handle 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 79a3fcac72)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
4fc3d7a27f sftp: Remove ZERO_STRUCTP from sftp_free() 
The structure doesn't hold any sensitive data and this would be
optimized away anyway.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 945afaa6b4)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
466bb332c1 sftp: Reformat sftp_free() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d840a05be3)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
ff25b45367 sftp: Reformat sftp_new() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 662c30eb72)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
5bda3ab9f6 cmake: Correctly detect if glob has gl_flags member 
Thanks to Baruch Siach.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 2e8f2f03e7)
 2018-09-17 10:53:01 +02:00
Andreas Schneider
9a057159a2 config: Fix size type 
src/config.c:562:12: error: assuming signed overflow does not occur when
    simplifying conditional to constant [-Werror=strict-overflow]

         if (args < 1) {
            ^

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ceecd3fd6f)
 2018-09-06 09:25:05 +02:00
Jakub Jelen
04e290a19b config: Parse Match keyword 
Amends f818e63f8, which introduced the constants and matching of this
configuration option, but did not implement the handling of the values
which was causing the configuration parser failing for certain
configurations.

This commit exposes match_pattern_list() from match.c

Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1624425

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e9b44d26b1)
 2018-09-05 12:39:02 +02:00
Jakub Jelen
bad407f5e2 config: Do not overwrite previously matched result in Host blocks 
The match_hostname() expects comma separated list, while the Host
config keyword in openssh uses spaces separated list by default.
Therefore any subseqent match or negated match in space separated
list will overwrite the previous matches.

This also adjusts the tests to make sure both of the versions work.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 9f5f10552b)
 2018-09-05 12:39:02 +02:00