libssh

mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-06 10:27:22 +09:00

Author	SHA1	Message	Date
Jakub Jelen	b759ae557d	CVE-2023-1667:dh: Expose the callback cleanup functions These will be helpful when we already sent the first key exchange packet, but we found out that our guess was wrong and we need to initiate different key exchange method with different callbacks. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-05-04 11:52:17 +02:00
Jakub Jelen	6df2daea04	CVE-2023-1667:kex: Factor out the kex mapping to internal enum Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-05-04 11:52:15 +02:00
Jakub Jelen	99760776d4	CVE-2023-1667:kex: Remove needless function argument The information if the session is client or server session is already part of the session structure so this argument only duplicated information. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-05-04 11:52:13 +02:00
Jakub Jelen	247a4a761c	CVE-2023-1667:packet: Do not allow servers to initiate handshake Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-05-04 11:52:12 +02:00
Jakub Jelen	a30339d7b1	CVE-2023-1667:packet_cb: Log more verbose error if signature verification fails Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-05-04 11:52:06 +02:00
Jakub Jelen	8dde4e1924	token: Add missing whitespace Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:54 +02:00
Jakub Jelen	b1d9bff6ee	kex: Reformat ssh_kex_select_methods Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:52 +02:00
Jakub Jelen	a0f10b9860	client: Reformat ssh_client_connection_callback Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:50 +02:00
Jakub Jelen	7e40f13125	wrapper: Reformat crypto_new Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:47 +02:00
Jakub Jelen	36273e708a	Reformat struct ssh_session_struct Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:44 +02:00
Jakub Jelen	41c63fa88d	server: Reformat ssh_server_connection_callback Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:42 +02:00
Jakub Jelen	d726eca7d2	Reformat ssh_packet_kexinit() Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:40 +02:00
Jakub Jelen	ad2797613e	kex: Reformat ssh_send_kex Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:37 +02:00
Jakub Jelen	653e5ee117	packet: Reformat callback handling functions Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:34 +02:00
Jakub Jelen	d8b1b5e0cc	server: Reformat callback_receive_banner Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:31 +02:00
Jakub Jelen	7341615e2f	server: Reformat ssh_handle_key_exchange Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:29 +02:00
Jakub Jelen	f8ba2b0148	packet: Fix indentation Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:26 +02:00
Jakub Jelen	d26cc63dd5	kex: Clarify the comment Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:18 +02:00
Jakub Jelen	e41dacbf10	gssapi: Free mic_buffer on all code paths (GHSL-2023-042) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:16 +02:00
Jakub Jelen	e786bacb92	gssapi: Release output_token on error path (GHSL-2023-041) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:13 +02:00
Jakub Jelen	19e2521242	gssapi: Release actual_mechs on exit (GHSL-2023-040) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:09 +02:00
Jakub Jelen	429d0422dc	gssapi: Free output token on exit path (GHSL-2023-039) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:06 +02:00
Jakub Jelen	559ebc9ccb	gssapi: Free mic_token_buffer on before return (GHSL-2023-038) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:03 +02:00
Jakub Jelen	d7f18c468e	gssapi: Release output_token (GHSL-2023-037) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:36:00 +02:00
Jakub Jelen	f73dac8eed	gssapi: Avoid memory leaks of selected OID (GHSL-2023-036) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:35:58 +02:00
Jakub Jelen	3c381565c9	gssapi: Release buffer on error path (GHSL-2023-035) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:35:55 +02:00
Jakub Jelen	833c3d3330	gssapi: Free both_supported on error paths (GHSL-2023-033) Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:35:52 +02:00
Jakub Jelen	6d073f2746	fuzz: Avoid the server fuzzer to proceed to the authentication and further Thanks Phil Turnbull from GitHub Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:35:49 +02:00
Jakub Jelen	fe83733a7c	kex: Avoid NULL pointer dereference (GHSL-2023-032) Thanks Phil Turnbull from Github Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2023-04-28 11:35:45 +02:00
Ran Park	d3d7eeab75	Add tests for run ssh_execute_command Signed-off-by: Ran Park <bagayonghuming@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `d109b5bd5f`)	2023-04-28 11:06:16 +02:00
Ran Park	8a037e9afe	solve incorrect parsing of the ProxyCommand configuration option Signed-off-by: Ran Park <bagayonghuming@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `9cd23fecac`)	2023-04-28 11:06:13 +02:00
Jakub Jelen	dd0aaec67e	cmake: Return back the DEFAULT_C_COMPILE_FLAGS Accidentally removed in `1689b83d0f`. Reported in #185 by Peter Kästle Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> (cherry picked from commit `3058549bf7`)	2023-04-17 13:46:41 +02:00
Jakub Jelen	8b3b041096	ci: Add CentOS 8 as there are no other OpenSSL 1.1.1 platforms Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> (cherry picked from commit `7f40974802`)	2023-04-17 13:46:41 +02:00
Jakub Jelen	e9e9190079	ci: Suse is already on OpenSSL 3.0 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> (cherry picked from commit `f6f1bfaa4e`)	2023-04-17 13:46:41 +02:00
Jakub Jelen	bc4afc1067	ci: Actually build the package with x86 cross-compiler Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> (cherry picked from commit `91279e0aac`)	2023-04-17 13:46:41 +02:00
Jakub Jelen	6a187990c1	tests: Update to unbreak agent_cert test for CentOS 8 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit `2ba5a5e976`)	2023-04-17 13:46:41 +02:00
khalid	ec5bd83e50	Remove zlib from the default compression methods and fips methods Signed-off-by: Khalid Mamdouh <khalidmamdou7@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `f9147a3cf4`)	2023-04-17 13:46:41 +02:00
khalid	e818700734	Disabled preauth compression (zlib) by default Removed it from the wanted methods list in the ssh_options_set function. Now users have to set the compression value to 'zlib' explicitly to enable it. Updated unit tests to reflect removing zlib compression algo from the defaults compression algorithms. Signed-off-by: Khalid Mamdouh <khalidmamdou7@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `cb19677d2e`)	2023-04-17 13:46:41 +02:00
Andreas Schneider	9e20e180e6	gitlab-ci: We have cmake in Windows runners in the default path now Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `0c6995b149`)	2023-04-17 13:46:41 +02:00
Norbert Pocs	e426664623	doc: Fix doxygen errors when QUIET=yes EXTRACT_ALL=yes Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `7b12876f04`)	2023-03-20 13:41:04 +01:00
Andreas Schneider	921efbeea1	gitlab-ci: Don't install CMake The choco server is somtimes ratelimited. Avoid running into issues and use cmake already installed on the runner. Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `0b826c986c`)	2023-03-20 13:41:04 +01:00
Ahsen Kamal	03f8fcae84	fix null dereference of error The Coverity scan CID 1506418 found the null pointer dereferencing Signed-off-by: Ahsen Kamal <itsahsenkamal@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `6d3e7e1c44`)	2023-03-20 13:41:04 +01:00
Andreas Schneider	ea639b0258	poll: Rename lock to lock_cnt and make it unsigned Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `2ed0525f40`)	2023-03-20 13:41:04 +01:00
Jakub Jelen	bb5bdac321	poll: Change the lock to block only POLLIN events Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit `30b5a2e33b`)	2023-03-20 13:41:04 +01:00
Jakub Jelen	554fe06aeb	socket: Reformat Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit `e15f493d4a`)	2023-03-20 13:41:04 +01:00
Jakub Jelen	298155da71	Reformat ssh_packet_socket_callback Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit `19c4de7350`)	2023-03-20 13:41:04 +01:00
Jakub Jelen	44ceeb4d53	Reformat ssh_connector_fd_out_cb Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit `832b94a660`)	2023-03-20 13:41:04 +01:00
Jakub Jelen	0c725d7602	config: Fix indentation Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit `5506aadf05`)	2023-03-20 13:41:04 +01:00
Jakub Jelen	2461027f72	bignum: Avoid bogus newline in the log Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit `258560da16`)	2023-03-20 13:41:04 +01:00
Ahsen Kamal	967082c207	free memory of peer_discon_msg Signed-off-by: Ahsen Kamal <itsahsenkamal@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit `e364b1e793`)	2023-03-20 13:41:04 +01:00

1 2 3 4 5 ...

5634 Commits