shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-06 18:29:50 +09:00
Code Issues Packages Projects Releases Wiki Activity
5,635 Commits 12 Branches 62 Tags
fc1a8bb4555624f85ba1370721ad2086a4feff8c
Commit Graph

2531 Commits

Author SHA1 Message Date
Jakub Jelen
fc1a8bb455 CVE-2023-1667:kex: Correctly handle last fields of KEXINIT also in the client side 
Previously, the last two fields of KEXINIT were considered as always zero for
the key exchange. This was true for the sending side, but might have not been
true for the received KEXINIT from the peer.

This moves the construction of these two fields closer to their reading or
writing, instead of hardcoding them on the last possible moment before they go
as input to the hashing function.

This also allows accepting the first_kex_packet_follows on the client side, even
though there is no kex algorithm now that would allow this.

It also avoid memory leaks in case the server_set_kex() or ssh_set_client_kex()
gets called multiple times, ensuring the algorithms will not change under our
hands.

It also makes use of a new flag to track if we sent KEXINIT.

Previously, this was tracked only implicitly by the content of the
session->next_crypto->{server,client}_kex (local kex). If it was not set, we
considered it was not send. But given that we need to check the local kex even
before sending it when we receive first_kex_packet_follows flag in the KEXINIT,
this can no longer be used.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-05-04 11:52:18 +02:00
Jakub Jelen
b759ae557d CVE-2023-1667:dh: Expose the callback cleanup functions 
These will be helpful when we already sent the first key exchange packet, but we
found out that our guess was wrong and we need to initiate different key
exchange method with different callbacks.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-05-04 11:52:17 +02:00
Jakub Jelen
6df2daea04 CVE-2023-1667:kex: Factor out the kex mapping to internal enum 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-05-04 11:52:15 +02:00
Jakub Jelen
99760776d4 CVE-2023-1667:kex: Remove needless function argument 
The information if the session is client or server session is already part of
the session structure so this argument only duplicated information.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-05-04 11:52:13 +02:00
Jakub Jelen
247a4a761c CVE-2023-1667:packet: Do not allow servers to initiate handshake 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-05-04 11:52:12 +02:00
Jakub Jelen
a30339d7b1 CVE-2023-1667:packet_cb: Log more verbose error if signature verification fails 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-05-04 11:52:06 +02:00
Jakub Jelen
8dde4e1924 token: Add missing whitespace 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:54 +02:00
Jakub Jelen
b1d9bff6ee kex: Reformat ssh_kex_select_methods 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:52 +02:00
Jakub Jelen
a0f10b9860 client: Reformat ssh_client_connection_callback 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:50 +02:00
Jakub Jelen
7e40f13125 wrapper: Reformat crypto_new 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:47 +02:00
Jakub Jelen
41c63fa88d server: Reformat ssh_server_connection_callback 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:42 +02:00
Jakub Jelen
d726eca7d2 Reformat ssh_packet_kexinit() 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:40 +02:00
Jakub Jelen
ad2797613e kex: Reformat ssh_send_kex 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:37 +02:00
Jakub Jelen
653e5ee117 packet: Reformat callback handling functions 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:34 +02:00
Jakub Jelen
d8b1b5e0cc server: Reformat callback_receive_banner 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:31 +02:00
Jakub Jelen
7341615e2f server: Reformat ssh_handle_key_exchange 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:29 +02:00
Jakub Jelen
f8ba2b0148 packet: Fix indentation 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:26 +02:00
Jakub Jelen
d26cc63dd5 kex: Clarify the comment 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:18 +02:00
Jakub Jelen
e41dacbf10 gssapi: Free mic_buffer on all code paths (GHSL-2023-042) 
Thanks Phil Turnbull from GitHub

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:16 +02:00
Jakub Jelen
e786bacb92 gssapi: Release output_token on error path (GHSL-2023-041) 
Thanks Phil Turnbull from GitHub

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:13 +02:00
Jakub Jelen
19e2521242 gssapi: Release actual_mechs on exit (GHSL-2023-040) 
Thanks Phil Turnbull from GitHub

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:09 +02:00
Jakub Jelen
429d0422dc gssapi: Free output token on exit path (GHSL-2023-039) 
Thanks Phil Turnbull from GitHub

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:06 +02:00
Jakub Jelen
559ebc9ccb gssapi: Free mic_token_buffer on before return (GHSL-2023-038) 
Thanks Phil Turnbull from GitHub

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:03 +02:00
Jakub Jelen
d7f18c468e gssapi: Release output_token (GHSL-2023-037) 
Thanks Phil Turnbull from GitHub

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:36:00 +02:00
Jakub Jelen
f73dac8eed gssapi: Avoid memory leaks of selected OID (GHSL-2023-036) 
Thanks Phil Turnbull from GitHub

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:35:58 +02:00
Jakub Jelen
3c381565c9 gssapi: Release buffer on error path (GHSL-2023-035) 
Thanks Phil Turnbull from GitHub

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:35:55 +02:00
Jakub Jelen
833c3d3330 gssapi: Free both_supported on error paths (GHSL-2023-033) 
Thanks Phil Turnbull from GitHub

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:35:52 +02:00
Jakub Jelen
fe83733a7c kex: Avoid NULL pointer dereference (GHSL-2023-032) 
Thanks Phil Turnbull from Github

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2023-04-28 11:35:45 +02:00
Ran Park
d3d7eeab75 Add tests for run ssh_execute_command 
Signed-off-by: Ran Park <bagayonghuming@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit d109b5bd5f)
 2023-04-28 11:06:16 +02:00
Ran Park
8a037e9afe solve incorrect parsing of the ProxyCommand configuration option 
Signed-off-by: Ran Park <bagayonghuming@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 9cd23fecac)
 2023-04-28 11:06:13 +02:00
Jakub Jelen
dd0aaec67e cmake: Return back the DEFAULT_C_COMPILE_FLAGS 
Accidentally removed in 1689b83d0f.

Reported in #185 by Peter Kästle

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
(cherry picked from commit 3058549bf7)
 2023-04-17 13:46:41 +02:00
khalid
ec5bd83e50 Remove zlib from the default compression methods and fips methods 
Signed-off-by: Khalid Mamdouh <khalidmamdou7@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit f9147a3cf4)
 2023-04-17 13:46:41 +02:00
khalid
e818700734 Disabled preauth compression (zlib) by default 
Removed it from the wanted methods list in the ssh_options_set function. Now users have to set the compression value to 'zlib' explicitly to enable it.
Updated unit tests to reflect removing zlib compression algo from the defaults compression algorithms.

Signed-off-by: Khalid Mamdouh <khalidmamdou7@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit cb19677d2e)
 2023-04-17 13:46:41 +02:00
Norbert Pocs
e426664623 doc: Fix doxygen errors when QUIET=yes EXTRACT_ALL=yes 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 7b12876f04)
 2023-03-20 13:41:04 +01:00
Ahsen Kamal
03f8fcae84 fix null dereference of error 
The Coverity scan CID 1506418 found the null pointer dereferencing

Signed-off-by: Ahsen Kamal <itsahsenkamal@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 6d3e7e1c44)
 2023-03-20 13:41:04 +01:00
Andreas Schneider
ea639b0258 poll: Rename lock to lock_cnt and make it unsigned 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 2ed0525f40)
 2023-03-20 13:41:04 +01:00
Jakub Jelen
bb5bdac321 poll: Change the lock to block only POLLIN events 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 30b5a2e33b)
 2023-03-20 13:41:04 +01:00
Jakub Jelen
554fe06aeb socket: Reformat 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e15f493d4a)
 2023-03-20 13:41:04 +01:00
Jakub Jelen
298155da71 Reformat ssh_packet_socket_callback 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 19c4de7350)
 2023-03-20 13:41:04 +01:00
Jakub Jelen
44ceeb4d53 Reformat ssh_connector_fd_out_cb 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 832b94a660)
 2023-03-20 13:41:04 +01:00
Jakub Jelen
0c725d7602 config: Fix indentation 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5506aadf05)
 2023-03-20 13:41:04 +01:00
Jakub Jelen
2461027f72 bignum: Avoid bogus newline in the log 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 258560da16)
 2023-03-20 13:41:04 +01:00
Ahsen Kamal
967082c207 free memory of peer_discon_msg 
Signed-off-by: Ahsen Kamal <itsahsenkamal@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit e364b1e793)
 2023-03-20 13:41:04 +01:00
Ahsen Kamal
662fe00c15 assign peer_discon_msg 
Signed-off-by: Ahsen Kamal <itsahsenkamal@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 4a7a7e3186)
 2023-03-20 13:41:04 +01:00
Ahsen Kamal
0d86688da2 rename discon_msg to peer_discon_msg 
Signed-off-by: Ahsen Kamal <itsahsenkamal@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit e2b89dec9d)
 2023-03-20 13:41:04 +01:00
Norbert Pocs
1bf87909e7 src/options.c: Add documentation for default LogLevel 
Libssh defaults to QUIET or SSH_LOG_NONE regarding of loglevel. Have it
documented to not confuse the users.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 486df37a84)
 2023-02-02 10:45:16 +01:00
Norbert Pocs
096416d306 server: Add documentation to some functions 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 9931f158e0)
 2023-02-02 10:45:01 +01:00
Norbert Pocs
019040f693 documentation: Fix Missing param doxygen warnings 
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit b7c1f792cc)
 2023-02-02 10:44:56 +01:00
Jakub Jelen
b2ca8b07ec Clean up usage of HAVE_ECC and HAVE_ECDH 
they might be turned off and on independenty and each of them affects different
part of libssh, authentication and key exchange respectively. But only HAVE_ECC
is defined by the cmake.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
(cherry picked from commit 492f5d82b8)
 2023-02-02 10:42:58 +01:00
Jakub Jelen
1bc9b20b1a pki: Initialize pointers and avoid double-free with OSSL 3.0 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
(cherry picked from commit dac62e7439)
 2023-02-02 10:42:53 +01:00