libssh

mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-05 12:50:30 +09:00

Author	SHA1	Message	Date
Jakub Jelen	abcf9699aa	CVE-2023-1667:kex: Remove needless function argument The information if the session is client or server session is already part of the session structure so this argument only duplicated information. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-05-04 13:40:37 +02:00
Jakub Jelen	6887a5bb20	CVE-2023-1667:packet: Do not allow servers to initiate handshake Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-05-04 13:40:36 +02:00
Jakub Jelen	85ddd8b34e	CVE-2023-1667:packet_cb: Log more verbose error if signature verification fails Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-05-04 13:40:23 +02:00
Jakub Jelen	4637c87f2d	token: Add missing whitespace Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:52 +02:00
Jakub Jelen	d1e1aea0b6	kex: Reformat ssh_kex_select_methods Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:50 +02:00
Jakub Jelen	e9741edcde	client: Reformat ssh_client_connection_callback Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:48 +02:00
Jakub Jelen	1529bbd7ac	wrapper: Reformat crypto_new Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:45 +02:00
Jakub Jelen	27e39655c5	Reformat struct ssh_session_struct Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:43 +02:00
Jakub Jelen	1b5e183544	server: Reformat ssh_server_connection_callback Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:41 +02:00
Jakub Jelen	fef76366db	Reformat ssh_packet_kexinit() Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:38 +02:00
Jakub Jelen	cef34a78ef	kex: Reformat ssh_send_kex Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:36 +02:00
Jakub Jelen	cf1c67ddb4	packet: Reformat callback handling functions Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:34 +02:00
Jakub Jelen	e72f58811f	server: Reformat callback_receive_banner Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:32 +02:00
Jakub Jelen	b923d25fef	server: Reformat ssh_handle_key_exchange Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:30 +02:00
Jakub Jelen	545724b7df	packet: Fix indentation Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:28 +02:00
Jakub Jelen	9844dd5f79	kex: Clarify the comment Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:25 +02:00
Jakub Jelen	cd8ef68b84	gssapi: Free mic_buffer on all code paths (GHSL-2023-042) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:22 +02:00
Jakub Jelen	cee5f9f69c	gssapi: Release output_token on error path (GHSL-2023-041) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:20 +02:00
Jakub Jelen	acfa6e3cac	gssapi: Release actual_mechs on exit (GHSL-2023-040) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:17 +02:00
Jakub Jelen	3f92520c74	gssapi: Free output token on exit path (GHSL-2023-039) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:15 +02:00
Jakub Jelen	587166577f	gssapi: Free mic_token_buffer on before return (GHSL-2023-038) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:12 +02:00
Jakub Jelen	6a7c1f4e5d	gssapi: Release output_token (GHSL-2023-037) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:10 +02:00
Jakub Jelen	dd899b7591	gssapi: Avoid memory leaks of selected OID (GHSL-2023-036) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:07 +02:00
Jakub Jelen	6c85771200	gssapi: Release buffer on error path (GHSL-2023-035) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:05 +02:00
Jakub Jelen	2830726c53	gssapi: Free both_supported on error paths (GHSL-2023-033) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:51:02 +02:00
Jakub Jelen	e8c959084f	kex: Avoid NULL pointer dereference (GHSL-2023-032) Thanks Phil Turnbull from Github Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:50:59 +02:00
Anderson Toshiyuki Sasaki	a94ac4c080	tests: Verify error returned by kill Verify the error code returned by kill() in torture_terminate_process(). The error code is raised when killing the process failed. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `c8222dc1f6`) Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:50:22 +02:00
Anderson Toshiyuki Sasaki	7f20bbca62	tests: Use a common function to start sshd In torture_reload_sshd_server(), instead of trying to use SIGHUP to reload the configuration file, kill the original process and create a new one with the new configuration. With this change, both torture_setup_sshd_server() and torture_reload_sshd_server() need to start sshd, with the only difference in the configuration setup. The shared code to start the sshd server was moved to a new introduced internal function torture_start_sshd_server(). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `35224092eb`) Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:50:22 +02:00
Jakub Jelen	761ba97145	tests: Give server more time to start Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit `12d5c136f2`) Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:50:22 +02:00
Jakub Jelen	5d8c346225	ci: Test FIPS mode only on CentOS 8 CentOS 9 FIPS mode is too different for this libssh version and Fedora FIPS mode is not maintained. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:50:19 +02:00
Jakub Jelen	754048b419	ci: Add CentOS 8 and 9 to CI Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:50:17 +02:00
Jakub Jelen	7b44e23e6f	tests: Skip ciphers not supported by OpenSSH This is a problem in recent Fedora, as the 0.9 branch still supports blowfish, while OpenSSH dropped this support in 7.6. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:50:14 +02:00
Jakub Jelen	c26414972a	ci: Sync VS targets with master Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:50:11 +02:00
Jakub Jelen	31a33fd2fd	tests: Send a bit more to make sure rekey is completed This was for some reason failing on CentOS 7 in 0.10 branch so bringing this to the master too. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-28 11:49:15 +02:00
Jakub Jelen	3beac46361	tests: Update to unbreak agent_cert test for CentOS 8 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit `2ba5a5e976`) Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-17 18:11:30 +02:00
Jakub Jelen	fea290212a	tests: Skip the workaround forcing SHA1 signatures In certificate authentication with OpenSSH 8.0, the SHA2 signatures were not accepted correctly [1]. This was not an issue up until the OpenSSH 8.8p1, which does no longer allow SHA1 signatures by default so this broke the CI and tests against the new OpenSSH [2]. Fixes !107 [1] https://bugzilla.mindrot.org/show_bug.cgi?id=3016 [2] https://gitlab.com/libssh/libssh-mirror/-/issues/107 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit `86ee3f5a00`) Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-17 18:11:30 +02:00
Jakub Jelen	81320d35f3	examples: Fix build issue with new clang 15 The error was the following /builds/libssh/libssh-mirror/examples/sshnetcat.c:241:18: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes] void cleanup_pcap(){ ^ void and similar Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> (cherry picked from commit `22f0f0dd60`) Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-17 18:11:29 +02:00
Andreas Schneider	cb8245a0e4	misc: Fix expanding port numbers Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `648baf0f3c`) Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-17 18:11:29 +02:00
Andreas Schneider	fd1add66cf	misc: Fix format truncation in ssh_path_expand_escape() error: ‘%u’ directive output may be truncated writing between 1 and 10 bytes into a region of size 6. Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `20406e51c9`) Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-17 15:52:36 +02:00
Andreas Schneider	ea075e3f2e	tests: Fix rekey test so it passes on build systems The test failed on Fedora Koji and openSUSE Build Service on i686 only. Probably the rekey on the server needs longer here to collect enough entropy. So we need to try harder before we stop :-) Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `b3b3fbfa1d`) Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-04-17 15:34:54 +02:00
Andreas Schneider	6b89f4d206	cpack: Do not package .cache directory used by clangd	2021-08-26 15:11:07 +02:00
Jakub Jelen	da6d026c12	Relase 0.9.6 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> libssh-0.9.6	2021-08-19 09:49:25 +02:00
Jakub Jelen	240bda21dc	ChangeLog: Fix release date of 0.9.5 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2021-08-18 19:53:10 +02:00
Jakub Jelen	f3652f6da0	tests: Simple reproducer for rekeying with different kex We do not use SHA1 as it is disabled in many systems Verifies CVE-2021-3634 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2021-08-18 14:16:23 +02:00
Jakub Jelen	d3060bc84e	CVE-2021-3634: Create a separate length for session_id Normally, the length of session_id and secret_hash is the same, but if we will get into rekeying with a peer that changes preference of key exchange algorithm, the new secret hash can be larger or smaller than the previous session_id causing invalid reads or writes. Resolves https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35485 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2021-08-18 14:16:18 +02:00
Jakub Jelen	948bcb773e	.gitlab-ci: Allow failure of windows runners as they are broken Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit `6daa95f9c1`)	2021-08-17 18:33:24 +02:00
Jakub Jelen	64b3e358f9	Enable freebsd runner also for jjelen Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit `592d256a0b`)	2021-08-17 18:33:17 +02:00
Andreas Schneider	2422081e55	gitlab-ci: Enable new freebsd runner Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `ae44d846b8`)	2021-08-17 18:32:45 +02:00
Andreas Schneider	a10aeb9490	gitlab-ci: Use shared Windows runners from gitlab Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `7657994aed`)	2021-08-17 16:12:32 +02:00
Norbert Pocs	a629f687cd	Fix some compiler warnings Covscan analyzer was used Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit `63f97a3d03`)	2021-08-17 15:46:54 +02:00

1 2 3 4 5 ...

5158 Commits