shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 12:20:42 +09:00
Code Issues Packages Projects Releases Wiki Activity
4,505 Commits 12 Branches 62 Tags
b44987a164c6bec176bbc3ac395cd0c29c701b5c
Commit Graph

4505 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jon Simons
b44987a164 dh-gex: fix double-ssh_dh_init_common memory leak 
Fix a memory leak whereby the x, y, and k bignum fields within
a session's next_crypto structure were being unintentionally
initialized twice.

The leak can be seen before the fix with valgrind and the pkd
tests with:

    valgrind \
      --leak-check=full \
      --show-leak-kinds=definite \
      ./pkd_hello -i1 -t torture_pkd_openssh_rsa_rsa_diffie_hellman_group_exchange_sha256

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-30 13:22:59 +01:00
Jon Simons
886681a421 dh-gex: fix moduli file stream leak 
Ensure to close the moduli file stream in `ssh_retrieve_dhgroup`.
The leak is observable with the pkd tests and valgrind with:

    valgrind \
      --track-fds=yes \
      ./pkd_hello -i1 \
      -t torture_pkd_openssh_rsa_rsa_diffie_hellman_group_exchange_sha256

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-30 13:22:59 +01:00
Till Wimmer
04c97c0eaf session: Repects timeout=0 for packets on blocking sessions 
Signed-off-by: Till Wimmer <g4-lisz@tonarchiv.ch>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-30 09:24:29 +01:00
Till Wimmer
d27b817acc options: Removed outdated param annotations of ssh_options_set() 
Signed-off-by: Till Wimmer <g4-lisz@tonarchiv.ch>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-30 09:24:29 +01:00
Till Wimmer
16a52a8362 connector: Don't NULL connector (in|out) channels on event remove 
Signed-off-by: Till Wimmer <g4-lisz@tonarchiv.ch>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-30 09:24:26 +01:00
Andreas Schneider
5bc7432b10 gitlab-ci: Enable DEBUG build options on Fedora 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-27 17:47:31 +01:00
Jakub Jelen
8c7b6bffff bignum: Reformat ssh_make_string_bn and unbreak build with DEBUG_CRYPTO 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 16:40:14 +01:00
Jakub Jelen
42185fbf6e dh: Reformat ssh_dh_debug, ssh_dh_build_k and unbreak build with DEBUG_CRYPTO 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 16:40:09 +01:00
Andreas Schneider
303bdc5a4f tests: Initialize ssh_cipher_struct in torture_crypto_aes256_cbc() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 15:47:49 +01:00
Andreas Schneider
9b694f396c packet: Add missing error check in packet_send2() 
Found by csbuild.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 14:21:46 +01:00
Andreas Schneider
d41042f92d pki: Avoid a possible segfaults in error paths 
Found by csbuild.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 14:21:26 +01:00
Andreas Schneider
9b2eefe62c dh-gex: Add error check for ssh_packet_send() in ssh_packet_server_dhgex_request 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 14:15:01 +01:00
Andreas Schneider
8ec80d1f5d libcrypto: Use size_t for size calculations 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 14:09:44 +01:00
Anderson Toshiyuki Sasaki
8ddbe7bec6 sftp: Add NULL check in sftp_ext_free() 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 13:56:25 +01:00
Anderson Toshiyuki Sasaki
61ad276a87 sftp: Reformat sftp_ext_free() 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 13:56:22 +01:00
Anderson Toshiyuki Sasaki
9c5a1967c3 tests: Add NULL checks in pki tests 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 13:56:22 +01:00
Anderson Toshiyuki Sasaki
27caaa000b tests: Prefer assert_non_null() over assert_false() 
This also replaces some occurrences of assert_true() with assert_null()

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 13:56:22 +01:00
Anderson Toshiyuki Sasaki
bdf968c178 tests: Added NULL checks in torture_list.c 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 13:56:22 +01:00
Anderson Toshiyuki Sasaki
603b6d7222 tests: Prefer assert_non_null over assert_true 
This also replaces some occurrences of assert_true with assert_null.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 13:56:22 +01:00
Anderson Toshiyuki Sasaki
89f58decb6 misc: Add NULL checks before accessing lists 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 13:56:22 +01:00
Anderson Toshiyuki Sasaki
5ed5e97114 messages: Fix NULL check, preventing SEGFAULT 
The wrong conditional check for newly allocated memory would make the
function to fail when the allocation was successful and access invalid
memory when the allocation failed.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-26 13:56:15 +01:00
Andreas Schneider
6dacc8b26c gitlab-ci: Add (disabled) target with MemorySanitizer 
We can't enable this till we can ignore OpenSSL.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-25 16:08:04 +01:00
Andreas Schneider
d41fd0c465 cmake: Add support for MemorySanitizer 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-25 16:07:50 +01:00
Andreas Schneider
d598e4e52a packet_crypt: Make sure we always operate on initilized memory 
Found by MemorySanitizer.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-25 16:07:50 +01:00
Andreas Schneider
932102bd13 session: Initialize allocated memory 
Found by MemorySanitizer.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-25 14:13:10 +01:00
Andreas Schneider
e260a591f4 gitlab-ci: Fix UndefinedSanitizer 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-25 11:36:07 +01:00
Baruch Siach
6c7eaa9e12 buffer: Convert argc to size_t in ssh_buffer_unpack() as well 
Commit c306a693f3 ("buffer: Use size_t for argc argument in
ssh_buffer_(un)pack()") mentioned unpack in the commit log, but it only
touches the pack variants. Extend the conversion to unpack.

Pre-initialize the p pointer to avoid possible use before
initialization in case of early argc check failure.

This fixes build failure:

.../libssh-0.8.6/src/buffer.c: In function 'ssh_buffer_unpack_va':
.../libssh-0.8.6/src/buffer.c:1229:16: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow]
             if (argc == -1){
		^

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 17:48:08 +01:00
Eric Bentley
83d86ef6a5 examples: add public key auth for specific key 
There was no example of using a specific key for authentication so I added
one.

Signed-off-by: Eric Bentley <ebentley66@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 17:48:08 +01:00
Eric Bentley
db67fcbe88 examples: add public key authentication to ssh_server_fork 
I noticed that there was no example showing server side public key encryption in the examples
so I added this one. I used authorizedkeys as a global to minimize the changes to the original
code as well as I was not sure the correct methodology of determining the .ssh directory location
for a user not using Linux. One code using the user parameter to determine the location to use
instead if desired.

Signed-off-by: Eric Bentley <ebentley66@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 17:48:04 +01:00
Jakub Jelen
be9943132e tests: Extend negative test cases for config Match keyword 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 15:15:39 +01:00
Jakub Jelen
893510db35 tests: Use assert_ssh_return_code() in config test 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 15:15:35 +01:00
Jakub Jelen
e989c4afff config: Add new Match final keyword from OpenSSH 8.0 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 15:15:18 +01:00
Jakub Jelen
3ce31532eb config: Fail if there is missing argument for some of the match keywords 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 15:13:30 +01:00
Aris Adamantiadis
3b5f9ef8d6 pkd: dh-group-exchange testcases 2019-01-24 13:06:33 +01:00
Aris Adamantiadis
53c88375fe dh-gex: Add server implementation 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 13:06:33 +01:00
Aris Adamantiadis
40faa98c5e wrapper: Move dh cleanup into dh.c 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 12:56:14 +01:00
Aris Adamantiadis
9407065879 tests: Added moduli file parsing tests 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 12:56:09 +01:00
Aris Adamantiadis
b36219369d dh-gex: Add support for moduli file parsing 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 12:51:54 +01:00
Aris Adamantiadis
31da8025b2 tests: Add dh-group-exchange algorithm tests 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 11:56:23 +01:00
Aris Adamantiadis
574bfb5459 dh-gex: Add client implementation 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 11:56:23 +01:00
Aris Adamantiadis
154eb91914 dh: move state changes inside DH code 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 11:56:23 +01:00
Aris Adamantiadis
9c88769707 dh: Do some basic refactoring 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 11:56:23 +01:00
Aris Adamantiadis
a6c47099b7 buffer: Support bignums in ssh_buffer_unpack() 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 11:53:22 +01:00
Aris Adamantiadis
2f8239ade3 mbedcrypto: fixed nasty RNG bugs 2019-01-24 11:53:22 +01:00
Aris Adamantiadis
afe2673cfa bignum: harmonize gcrypt, libcrypto and libmcrypt bignum 
Ensure most of the abstraction around the 3 libs are consistent.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 11:04:44 +01:00
Aris Adamantiadis
43a4f86b6e dh: move unrelated functions out of dh.c 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 09:34:18 +01:00
Aris Adamantiadis
e42a423a24 kex: use runtime callbacks (server) 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 09:19:59 +01:00
Aris Adamantiadis
602a1defea kex: use runtime callbacks (client) 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 09:11:30 +01:00
Anderson Toshiyuki Sasaki
fd5770973f tests: Add test for server interactive authentication 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2019-01-22 13:12:26 +01:00
Anderson Toshiyuki Sasaki
416d03b19e tests: Add test for server auth method none 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-22 13:12:26 +01:00