Make sure we correctly read the port from the config file.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit bb18442fe8)
Before this change, dangling pointers can be unintentionally left in the
respective next_crypto kex methods slots. Ensure to set all slots to
NULL in the error-out path.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 2ced24ddd67a261dc364ad4d8958c068c1671ae7)
gettimeofday() is not available on Windows and we need it only in case
of forking.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit b7b535816d)
Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields.
Fix a bug where the initial 'r' and 's' bignums were being overwritten with
newly-allocated bignums, resulting in a memory leak.
BUG: https://red.libssh.org/issues/175
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 4745d652b5)
It should not be guarded by the WITH_SERVER #ifdef
Signed-off-by: Stef Walter <stefw@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit cd2dc3770a)
Add missing initialization of 'type_c' field of a SSH signature in
'pki_do_sign_sessionid' procedure.
If libssh is compiled with GCrypt, 'dh_handshake_server' fails with
"Could not sign the session id" error. The change fixes that.
Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit aaae6cd97d)
Ensure to free the z_stream structures as allocated from
the gzip.c initcompress, initdecompress functions.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 092fe0b727)
Enable retrieving the "ecdsa-sha2-nistpNNN" name of ECDSA keys with a
new 'ssh_pki_key_ecdsa_name' API. This gives more information than the
'ssh_key_type_to_char' API, which yields "ssh-ecdsa" for ECDSA keys.
The motivation is that this info is useful to have in a server context.
The torture_pki unit test is updated to include the new API, and a few
more passes are added to additionally test 384 and 521-bit keys.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
In packet_send2, rather than issue two separate buffer_prepend_data calls
(each of which may entail realloc + memmove + memcpy), elide the prepend
work into a single buffer_prepend_data: the header information is computed
locally, and a single 5 byte prepend operation is now done instead of
prepending 1, then 4 bytes.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit aa05248ca8)
Conflicts:
src/packet.c
If the sockets are created manually and passed to libssh the internal session
state is set to SSH_SESSION_STATE_SOCKET_CONNECTED. Result of this fix can be
verified by running torture_connect test (torture_connect_socket) with -vvvv
flags.
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit dbb2de272b)
On Mar 16, 09:41, Aris Adamantiadis wrote:
> Hi Petar,
> I agree with the principle, but I don't think this code can work...
> RSA_generate_key takes an RSA* as parameter and in our code we probably
> have key->rsa==NULL. (if we don't then the old code had a memory leak).
>
> Does the test case work ?
>
> Aris
>
Yes, you are right. This works, tested with tests/unittests/torture_pki
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
(cherry picked from commit 0b8d24f800)
The commit fixes this build warning:
====
src/server.c:223:8: warning: ‘privkey’ may be used uninitialized in this function [-Wmaybe-uninitialized]
rc = ssh_pki_export_privkey_to_pubkey(*privkey, &pubkey);
^
src/server.c:243:11: note: ‘privkey’ was declared here
ssh_key privkey;
====
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
In 'ssh_bind_listen', move setting of 'sshbind->bindfd' to only happen after
the listen call: otherwise 'bindfd' can be set to a bogus descriptor for the
case that listen fails.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
When accepting a new connection, a forking server based on libssh forks
and the child process handles the request. The RAND_bytes() function of
openssl doesn't reset its state after the fork, but simply adds the
current process id (getpid) to the PRNG state, which is not guaranteed
to be unique.
This can cause several children to end up with same PRNG state which is
a security issue.
