shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-07 02:39:48 +09:00
Code Issues Packages Projects Releases Wiki Activity
3,012 Commits 12 Branches 62 Tags
eb86fd8cdfd69f46c60bf0885a2125285e4a22b3
Commit Graph

972 Commits

Author SHA1 Message Date
Andreas Schneider
e403596d98 pki: Add a size limit for pubkey files. 2012-11-21 12:44:00 +01:00
Andreas Schneider
571dc42335 CVE-2012-4559: Make sure we don't free name and longname twice on error. 2012-11-14 17:36:24 +01:00
Andreas Schneider
68d04c8e47 CVE-2012-4559: Ensure that we don't free req twice. 2012-11-14 17:36:24 +01:00
Andreas Schneider
bd3acae4f3 CVE-2012-4560: Fix a write one past the end of 'buf'. 2012-11-14 17:36:24 +01:00
Andreas Schneider
894bbf3137 CVE-2012-4560: Fix a write one past the end of the 'u' buffer. 2012-11-14 17:36:24 +01:00
Andreas Schneider
f61813eaea CVE-2012-4562: Fix a possible infinite loop in buffer_reinit(). 
If needed is bigger than the highest power of two or a which fits in an
integer we will loop forever.
 2012-11-14 17:36:22 +01:00
Xi Wang
ad5f306884 CVE-2012-4562: Fix multiple integer overflows in buffer-related functions. 2012-11-14 17:36:19 +01:00
Xi Wang
5ffb8c7cde CVE-2012-4562: Fix possible integer overflows. 2012-11-14 17:36:16 +01:00
Xi Wang
efaebad323 CVE-2012-4562: Fix possible integer overflow in ssh_get_hexa(). 
No exploit known, but it is better to check the string length.
 2012-11-14 17:36:11 +01:00
Xi Wang
cab00c3bfc pki: Fix integer overflow in ssh_pki_import_privkey_file(). 
If the file size is ULONG_MAX, the call to malloc() may allocate a
small buffer, leading to a memory corruption.
 2012-10-22 21:00:08 +02:00
Xi Wang
d404ad7152 channels: Fix integer overflow in generate_cookie(). 
Since the type of rnd[i] is signed char, (rnd[i] >> 4), which is
considered as arithmetic shift by gcc, could be negative, leading
to out-of-bounds read.
 2012-10-22 21:00:08 +02:00
Andreas Schneider
a4ffaff550 channels1: Add missing request_state and set it to accepted. 
This fixes bug #88.
 2012-10-22 18:05:06 +02:00
Andreas Schneider
e164b236c6 auth1: Reset error state to no error. 
This fixes bug #89.
 2012-10-22 18:01:39 +02:00
Andreas Schneider
166ccef8dc session: Fix a possible use after free in ssh_free(). 
We need to cleanup the channels first cause we call ssh_channel_close()
on the channels which still require a working socket and poll context.

Thanks to sh4rm4!
 2012-10-22 17:37:32 +02:00
Andreas Schneider
13c26f0733 options: Fix documentation of ssh_options_get_port(). 2012-10-14 19:53:51 +02:00
Andreas Schneider
95ab34696b kex: Use getter functions to access kex arrays. 
This should fix the build on OpenIndiana.
 2012-10-12 17:46:37 +02:00
Andreas Schneider
0bd2bbefa7 scp: Make sure buffer is initialzed. 
Found by Coverity.
 2012-10-12 14:45:54 +02:00
Andreas Schneider
3d390cf6ff pki: Make sure the key_buf is null terminated. 
Found by Coverity.
 2012-10-12 14:45:54 +02:00
Andreas Schneider
e04dc45f20 misc: Use a fixed buffer for getenv(). 2012-10-12 14:45:54 +02:00
Andreas Schneider
de34a64895 poll: Fix sizeof in ssh_poll_ctx_resize(). 
sizeof(ssh_poll_handle *) is to be equal to sizeof(ssh_poll_handle), but
this is not a portable assumption.

Found by Coverity.
 2012-10-12 14:45:54 +02:00
Andreas Schneider
46f22576b0 legacy: Use snprintf instead of sprintf. 
Found by Coverity.
 2012-10-12 14:45:54 +02:00
Andreas Schneider
2f8ddc6e65 dh: Don't use strcat for ssh_get_hexa(). 
This is just hardening the code.

Found by Coverity.
 2012-10-12 14:45:54 +02:00
Andreas Schneider
b1287cd946 server: Use strncat instead of strcat. 
This is just hardening the code.

Found by Coverity.
 2012-10-12 14:45:54 +02:00
Andreas Schneider
a660177a6e misc: Use strncpy instead of strcat. 
This is just hardening the code.

Found by Coverity.
 2012-10-12 14:45:36 +02:00
Andreas Schneider
0a4ea19982 pki: Fix a possible null pointer dereference. 
Found by Coverity.
 2012-10-12 08:07:02 +02:00
Andreas Schneider
0bf2dd81e6 messages: Fix memory leaks in user request callback. 2012-10-12 08:07:02 +02:00
Andreas Schneider
ecb6cfd053 connect: Don't leak the addressinfo on error. 2012-10-12 08:07:02 +02:00
Andreas Schneider
ba220adb84 connect: Don't leak the file descriptor on error. 
Found by Coverity.
 2012-10-12 08:07:02 +02:00
Andreas Schneider
802e4133cb session: Don't leak memory in ssh_send_debug(). 
Found by Coverity.
 2012-10-12 08:07:02 +02:00
Andreas Schneider
dde3deb9ea channels: Don't leak memory in channel_rcv_request callback. 
Found by Coverity.
 2012-10-12 08:07:02 +02:00
Andreas Schneider
66045054f4 auth: Don't leak memory on error in info request callback. 
Found by Coverity.
 2012-10-12 08:07:01 +02:00
Andreas Schneider
96e0301b58 dh: Don't leak 'f' on error. 
Found by Coverity.
 2012-10-12 08:07:01 +02:00
Andreas Schneider
029d165b61 legacy: Don't leak the key struct on error. 
Found by Coverity.
 2012-10-12 08:07:01 +02:00
Andreas Schneider
4e7736444f server: Don't leak memory on calling ssh_string_from_char(). 
Also check the return values.

Found by Coverity.
 2012-10-12 08:07:01 +02:00
Andreas Schneider
7254390ac2 pki: Don't leak the signature on error paths. 
Found by Coverity.
 2012-10-12 08:07:01 +02:00
Andreas Schneider
188c596803 sftp: Don't leak owner and group in sftp_parse_attr_4. 2012-10-12 08:07:01 +02:00
Andreas Schneider
0295301928 known_hosts: Don't leak memory in ssh_write_knownhost error paths. 
Found by Coverity.
 2012-10-12 08:07:01 +02:00
Andreas Schneider
a6e7d1f255 agent: Fix some memory leaks in error paths. 
Found by Coverity.
 2012-10-12 08:07:01 +02:00
Andreas Schneider
5e8e21d106 options: Check return code of ssh_iterator_value. 
Found by Coverity.
 2012-10-12 08:07:01 +02:00
Andreas Schneider
bcc00eec9b kex: Don't compare an array to null. 
Found by Coverity.
 2012-10-12 08:07:01 +02:00
Andreas Schneider
53008fb5d4 string: Don't compare an array to null. 
Found by Coverity.
 2012-10-12 08:07:01 +02:00
Andreas Schneider
9338fb8e5e message: Set correct request type. 
Found by Coverity.
 2012-10-12 08:07:01 +02:00
Andreas Schneider
ec5b4d377f sftpserver: Add missing break statement. 
Found by Coverity.
 2012-10-12 08:07:01 +02:00
Andreas Schneider
6352b3d93a server: Fix for loop to free server methods. 
Found by Coverity.
 2012-10-12 08:06:55 +02:00
Andreas Schneider
b8de9e75d0 client: If session is NULL we can't set an error. 
Found by Coverity.
 2012-10-09 11:09:34 +02:00
Andreas Schneider
ec56d1d453 match: Don't dereference 's' directly. 
Found by Coverity.
 2012-10-09 11:09:34 +02:00
Andreas Schneider
131a0de32e auth: Make error handling code reachable again. 
Found by Coverity.
 2012-10-09 11:09:34 +02:00
Andreas Schneider
3e93836e8b pki: Make error handling code reachable again. 
Found by Coverity.
 2012-10-09 11:09:34 +02:00
Andreas Schneider
21db70888a socket: Check return value of buffer function. 
Found by Coverity.
 2012-10-09 11:09:34 +02:00
Andreas Schneider
bb2848de5a channels: Check return values of buffer functions. 
Found by Coverity.
 2012-10-09 11:09:34 +02:00