Implement support for the SSH2_AGENTC_REMOVE_IDENTITY
agent protocol message.
The implementation mirrors ssh_agent_sign_data()
and reuses agent_talk(). A single cleanup path is
used to ensure proper resource handling.
Signed-off-by: Madhav Vasisth <mv2363@srmist.edu.in>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
All newly reported leaks are categorized as
reachable and they mostly relate to global
variables in krb5 which are free'd before
each re-initialization.
Fixes#352.
Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The SSH_OPTIONS_SSH_DIR/session->opts.sshdir value
is passed through ssh_path_expand_tilde which does not expand %s.
Amending f643c34ee8.
Signed-off-by: Jan Pazdziora <jan.pazdziora@code.adelton.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Doxygen interprets comments placed beside struct fields to belong
to the next field instead of the current field.
This could be fixed by moving the comments atop the fields,
or by using the `/**< COMMENT */` format.
Stay consistent with the comment format used for other structs
and move the comments atop the fields.
Signed-off-by: Shiva Kiran Koninty <shiva_kr@riseup.net>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
The derived shared secret in SNTRUP761 is converted into a bignum,
only to be converted back to binary during use in kex.c.
Instead use field 'hybrid_shared_secret' in ssh_crypto_struct
to store it, just like the Hybrid MLKEM implementation.
Fixes#338
Signed-off-by: Shiva Kiran Koninty <shiva_kr@riseup.net>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
- Add a warning to ssh_bind_listen() clarifying that it implicitly
calls ssh_bind_options_parse_config(), which may override options
previously set via ssh_bind_options_set().
- Add a warning to ssh_bind_options_set() and ssh_bind_config_parse_string()
explaining that options may be overridden if configuration files are parsed
afterwards, either implicitly via ssh_bind_listen() or by an explicit call to
ssh_bind_options_parse_config().
Signed-off-by: Francesco <eferollo@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Allow passing server configuration options via the -o flag and expose
ssh_bind_config_parse_string() as a public API.
Signed-off-by: Francesco <eferollo@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Add torture_server_sftp_opendir_handles_exhaustion test that
exercises the error path in process_opendir() when all SFTP
handles are occupied. This covers the memory leak fix for
h->name that was missing in the sftp_handle_alloc() failure path.
The test exhausts all 256 handle slots with sftp_open(), then
verifies that sftp_opendir() fails gracefully without crashing
or leaking memory.
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
When sftp_handle_alloc() fails in process_opendir(), the error path
frees the handle struct h but does not free h->name which was
allocated by strdup(). This causes a memory leak every time the
server runs out of available SFTP handles while processing an
opendir request.
Also add a missing NULL check for the strdup() call itself to
handle out-of-memory conditions gracefully.
This is the same class of bug that was fixed in process_open() by
commit db7f101d (CVE-2025-5449), but was missed in process_opendir().
Signed-off-by: Mingyuan Li <2560359315@qq.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Clarify the session-coupled nature of the ssh-agent interface,
document lifecycle and ownership expectations of agent-related
objects, and describe common error cases and limitations.
No functional changes.
Signed-off-by: Madhav Vasisth <mv2363@srmist.edu.in>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Upon unsuccessful alloc of the gssapi context, the function
would return early without freeing the supported OID set.
With opts->gss_client_identity enabled, the function would
not free the client_id allocated by gss_import_name.
Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This adds a new test suite 'torture_tinyssh' that verifies interoperability with the TinySSH server using various key exchange methods.
Fixes#271
Signed-off-by: Bulitha Kawushika De Zoysa <bulithakaushika99@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The fix allows the code to properly check if the strdup failed to allocate a
char buffer for the exit signal.
Signed-off-by: Antoni Bertolin Monferrer <antoni.monferrer@canonical.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
In 20d9642c and parent commits, log levels were
recategorized to be less verbose when using the
level INFO and lower. These levels should not
print any information redundant to the end user.
This commit fixes recently added uses of logging
that are not consistent with the abovementioned
categorization, in particular:
- logs in ssh_strict_fopen should not have
the RARE/WARNING level since failing to open
a file may not be an issue at all (e.g., when
trying to open the knownhosts file).
- logging the username used in authentication
or proxyjump-related information should be done
at the DEBUG level, otherwise it could pollute
the output of, e.g., curl.
Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Changes also the reading of known_hosts to use the new helper function
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The specially crafted patterns (from configuration files) could cause
exhaustive search or timeouts.
Previous attempts to fix this by limiting recursion to depth 16 avoided
stack overflow, but not timeouts. This is due to the backtracking,
which caused the exponential time complexity O(N^16) of existing algorithm.
This is code comes from the same function from OpenSSH, where this code
originates from, which is not having this issue (due to not limiting the number
of recursion), but will also easily exhaust stack due to unbound recursion:
05bcd0cadf
This is an attempt to simplify the algorithm by preventing the backtracking
to previous wildcard, which should keep the same behavior for existing inputs
while reducing the complexity to linear O(N*M).
This fixes the long-term issue we had with fuzzing as well as recently reported
security issue by Kang Yang.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
This affects libgcrypt and mbedTLS backends. The OpenSSL backend is
using OpenSSL implementation of the Ed25519 which is compared correctly.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
