shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 12:20:42 +09:00
Code Issues Packages Projects Releases Wiki Activity
4,185 Commits 12 Branches 62 Tags
9763563c022d0d1c21fb10d7844172749f7e0a70
Commit Graph

4185 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andreas Schneider
9763563c02 options: Add support for getting the known_hosts locations 
Fixes T111

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 85fc0d5b83)
 2018-10-19 14:05:21 +02:00
Andreas Schneider
5f9d9f4a53 examples: Explicitly track auth state in samplesshd-kbdint 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0ff566b6dd)
 2018-10-19 14:05:16 +02:00
Andreas Schneider
e8f3207a0d messages: Check that the requested service is 'ssh-connection' 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 9c200d3ef4)
 2018-10-19 14:05:14 +02:00
Meng Tan
e5cee205c1 server: Set correct state after sending INFO_REQUEST (Kbd Interactive) 
Signed-off-by: Meng Tan <mtan@wallix.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 4ea46eecce)
 2018-10-19 14:05:12 +02:00
Andreas Schneider
63056d1bb1 priv: Add ssize_t if not available with MSVC 
Fixes T113

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Tested-by: Wolf Wolfswinkel <wolf.wolfswinkel@objectplus.nl>
(cherry picked from commit 009ca5c9dd)
 2018-10-19 14:05:08 +02:00
Andreas Schneider
09e4f3d331 packet: Add missing break in ssh_packet_incoming_filter() 
CID 1396239

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit fe618a35dc)
 2018-10-19 14:05:05 +02:00
Andreas Schneider
4b886ac656 src: Fix typos 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 795389ae1b)
 2018-10-19 14:05:02 +02:00
Andreas Schneider
789df0b7d0 Bump version to 0.8.4 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
libssh-0.8.4 		2018-10-16 09:25:01 +02:00
Andreas Schneider
66a222a73c Bump ABI to 4.7.1 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 60037f3275)
 2018-10-16 09:25:01 +02:00
Anderson Toshiyuki Sasaki
09a7638575 CVE-2018-10933: Add tests for packet filtering 
Created the test torture_packet_filter.c which tests if packets are
being correctly filtered.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-16 09:19:40 +02:00
Anderson Toshiyuki Sasaki
203818608a CVE-2018-10933: Introduced packet filtering 
The packet filter checks required states for the incoming packets and
reject them if they arrived in the wrong state.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-16 09:19:40 +02:00
Anderson Toshiyuki Sasaki
f8c452cbef CVE-2018-10933: Check channel state when OPEN_FAILURE arrives 
When a SSH2_MSG_OPEN_FAILURE arrives, the channel state is checked
to be in SSH_CHANNEL_STATE_OPENING.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-16 09:19:40 +02:00
Anderson Toshiyuki Sasaki
adeaa69cc5 CVE-2018-10933: Check channel state when OPEN_CONFIRMATION arrives 
When a SSH2_MSG_OPEN_CONFIRMATION arrives, the channel state is checked
to be in SSH_CHANNEL_STATE_OPENING.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-16 09:19:40 +02:00
Anderson Toshiyuki Sasaki
72bce5ece7 CVE-2018-10933: Set correct state after sending MIC 
After sending the client token, the auth state is set as
SSH_AUTH_STATE_GSSAPI_MIC_SENT.  Then this can be expected to be the
state when a USERAUTH_FAILURE or USERAUTH_SUCCESS arrives.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-16 09:19:40 +02:00
Anderson Toshiyuki Sasaki
7819621fc2 CVE-2018-10933: Introduce SSH_AUTH_STATE_AUTH_NONE_SENT 
The introduced auth state allows to identify when a request without
authentication information was sent.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-16 09:19:40 +02:00
Anderson Toshiyuki Sasaki
fcfba0d8aa CVE-2018-10933: Introduce SSH_AUTH_STATE_PASSWORD_AUTH_SENT 
The introduced auth state allows to identify when authentication using
password was tried.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-16 09:19:40 +02:00
Anderson Toshiyuki Sasaki
b166ac4749 CVE-2018-10933: Introduced new auth states 
Introduced the states SSH_AUTH_STATE_PUBKEY_OFFER_SENT and
SSH_AUTH_STATE_PUBKEY_AUTH_SENT to know when SSH2_MSG_USERAUTH_PK_OK and
SSH2_MSG_USERAUTH_SUCCESS should be expected.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-16 09:19:40 +02:00
Tilo Eckert
160a416ef6 chacha: remove re-declared type 
re-declaring typedefs are not supported by some compilers

Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
(cherry picked from commit d13517e922)
 2018-10-13 22:09:18 +02:00
Tilo Eckert
59071bc4c5 knownhosts: Fix invalid read of known_hosts token 
Fixes invalid read introduced by commit 21962d.
Accessing tokens[4] for a known_hosts line of
three tokens led to randomly rejected host keys.

This commit completely removes the check because
the optional comments field may contain whitespace.

Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
(cherry picked from commit 45058285fc)
 2018-10-13 22:09:16 +02:00
Andreas Schneider
2ae63251d3 init: Only add DllMain if we create a shared library 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f747e46f33)
 2018-10-09 11:40:54 +02:00
Andreas Schneider
eefae820b5 cmake: Always build position independent code 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-02 15:26:52 +02:00
Anderson Toshiyuki Sasaki
0792fb37b0 messages: Fixed possible memory leak in ssh_message_queue 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit cc513c4c9a)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
e23c28a82b examples: Add null checks in libssh_scp.c 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 31202822a7)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
7291b50420 examples: Fix libssh_scp.c code style 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 6118628424)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
c1d61617fb examples: Fix possible memory leak in libssh_scp.c 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 00e5ef1b3c)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
488fb47c32 tests: Add frees to avoid memory leak errors 
The added frees are unnecessary, but the static analyser does not know.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 6eef4b4a3c)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
721132696c tests: Replace ssh_buffer_free() with SSH_BUFFER_FREE() 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 79e907402e)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
ee034e0484 tests: Replace ssh_string_free() with SSH_STRING_FREE() 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ca7da823c3)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
d56c8fdfc6 tests: Replace ssh_key_free() with SSH_KEY_FREE() 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 2eaa23a20e)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
4269b62153 tests: Use SSH_STRING_FREE_CHAR 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 143b5e2e50)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
c6c63030c5 include: Add SSH_KEY_FREE 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 11d480134c)
 2018-09-27 15:39:20 +02:00
Alberto Aguirre
afa5dbb8b1 sftpserver: allocate packet on sftp_server_new 
Ensure sftp_server_new allocates the packet and payload as
sftp_packet_read now expects the packet and payload to be
pre-allocated.

Similarly, ensure sftp_get_client_message does not free the packet.

Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 14f5624ff5)
 2018-09-25 16:42:08 +02:00
David Wedderwille
bd7e8295e2 connector: Add checks if file descriptor is a socket 
Fixes T104

Signed-off-by: David Wedderwille <davidwe@posteo.de>
(cherry picked from commit 9adc2d36eb)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
933d9c6b07 socket: Pass MSG_NOSIGNAL to send() 
This avoid that we get a SIGPIPE.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1e5e09563a)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
0f0eb05e03 socket: Return ssize_t for ssh_socket_unbuffered_write() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 35bf5334b8)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
171a950a80 socket: Reformat ssh_socket_write() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a7604c7d6e)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
b1b1da0f97 socket: Reformat ssh_socket_unbuffered_write() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c5cadaa982)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
7453038d74 socket: Return ssize_t for ssh_socket_unbuffered_read() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit caf50270c6)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
29ef92a95e socket: Reformat ssh_socket_pollcallback() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit b7a29c7ffd)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
6650685758 socket: Reformat ssh_socket_unbuffered_read() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 491a42d046)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
bdca6b7efa connect: Fix build warning on Windows 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 642a1b1aa4)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
97b2a61d74 config: Fix building without globbing support 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f709c3ac58)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
781ce47dea include: Do not declare ssh_channel_new() twice 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ae2b9a3bde)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
277ee932d6 cmake: Add -Wattributs for configure checks 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1d7520b68a)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
c91f530610 Bump version to 0.8.3 libssh-0.8.3 2018-09-21 09:56:06 +02:00
Andreas Schneider
69740ea841 cmake: Bump library version 
(cherry picked from commit 9c37c8c5a5)
 2018-09-20 17:23:42 +02:00
Chris Townsend
1bb7895cd9 sftpserver: Support some openssh extensions 
Add support for "hardlink@openssh.com" and
"posix-rename@openssh.com" extensions.

Signed-off-by: Chris Townsend <christopher.townsend@canonical.com>
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 6c56c1e0d7)
 2018-09-20 17:23:41 +02:00
Andreas Schneider
a028b88aed pki: Use strndup in ssh_pki_export_privkey_base64() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e4711c469f)
 2018-09-20 17:23:41 +02:00
Andreas Schneider
8a25f6bb07 tests: Add a test for ssh_pki_export_privkey_base64() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8410f43d8b)
 2018-09-20 17:23:41 +02:00
DavidWed
2db453db16 pki: Add ssh_pki_export_privkey_base64() 
Fixes T53

Signed-off-by: DavidWedderwille <davidwe@posteo.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit d0ce2d1ecd)
 2018-09-20 17:23:41 +02:00