shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-05 21:00:33 +09:00
Code Issues Packages Projects Releases Wiki Activity
4,170 Commits 12 Branches 62 Tags
fcfba0d8aa15a0142e57513f271eb7fa4bbabc9a
Commit Graph

4170 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anderson Toshiyuki Sasaki
fcfba0d8aa CVE-2018-10933: Introduce SSH_AUTH_STATE_PASSWORD_AUTH_SENT 
The introduced auth state allows to identify when authentication using
password was tried.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-16 09:19:40 +02:00
Anderson Toshiyuki Sasaki
b166ac4749 CVE-2018-10933: Introduced new auth states 
Introduced the states SSH_AUTH_STATE_PUBKEY_OFFER_SENT and
SSH_AUTH_STATE_PUBKEY_AUTH_SENT to know when SSH2_MSG_USERAUTH_PK_OK and
SSH2_MSG_USERAUTH_SUCCESS should be expected.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-16 09:19:40 +02:00
Tilo Eckert
160a416ef6 chacha: remove re-declared type 
re-declaring typedefs are not supported by some compilers

Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
(cherry picked from commit d13517e922)
 2018-10-13 22:09:18 +02:00
Tilo Eckert
59071bc4c5 knownhosts: Fix invalid read of known_hosts token 
Fixes invalid read introduced by commit 21962d.
Accessing tokens[4] for a known_hosts line of
three tokens led to randomly rejected host keys.

This commit completely removes the check because
the optional comments field may contain whitespace.

Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
(cherry picked from commit 45058285fc)
 2018-10-13 22:09:16 +02:00
Andreas Schneider
2ae63251d3 init: Only add DllMain if we create a shared library 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f747e46f33)
 2018-10-09 11:40:54 +02:00
Andreas Schneider
eefae820b5 cmake: Always build position independent code 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-02 15:26:52 +02:00
Anderson Toshiyuki Sasaki
0792fb37b0 messages: Fixed possible memory leak in ssh_message_queue 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit cc513c4c9a)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
e23c28a82b examples: Add null checks in libssh_scp.c 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 31202822a7)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
7291b50420 examples: Fix libssh_scp.c code style 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 6118628424)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
c1d61617fb examples: Fix possible memory leak in libssh_scp.c 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 00e5ef1b3c)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
488fb47c32 tests: Add frees to avoid memory leak errors 
The added frees are unnecessary, but the static analyser does not know.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 6eef4b4a3c)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
721132696c tests: Replace ssh_buffer_free() with SSH_BUFFER_FREE() 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 79e907402e)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
ee034e0484 tests: Replace ssh_string_free() with SSH_STRING_FREE() 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ca7da823c3)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
d56c8fdfc6 tests: Replace ssh_key_free() with SSH_KEY_FREE() 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 2eaa23a20e)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
4269b62153 tests: Use SSH_STRING_FREE_CHAR 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 143b5e2e50)
 2018-09-27 15:39:20 +02:00
Anderson Toshiyuki Sasaki
c6c63030c5 include: Add SSH_KEY_FREE 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 11d480134c)
 2018-09-27 15:39:20 +02:00
Alberto Aguirre
afa5dbb8b1 sftpserver: allocate packet on sftp_server_new 
Ensure sftp_server_new allocates the packet and payload as
sftp_packet_read now expects the packet and payload to be
pre-allocated.

Similarly, ensure sftp_get_client_message does not free the packet.

Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 14f5624ff5)
 2018-09-25 16:42:08 +02:00
David Wedderwille
bd7e8295e2 connector: Add checks if file descriptor is a socket 
Fixes T104

Signed-off-by: David Wedderwille <davidwe@posteo.de>
(cherry picked from commit 9adc2d36eb)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
933d9c6b07 socket: Pass MSG_NOSIGNAL to send() 
This avoid that we get a SIGPIPE.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1e5e09563a)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
0f0eb05e03 socket: Return ssize_t for ssh_socket_unbuffered_write() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 35bf5334b8)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
171a950a80 socket: Reformat ssh_socket_write() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a7604c7d6e)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
b1b1da0f97 socket: Reformat ssh_socket_unbuffered_write() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c5cadaa982)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
7453038d74 socket: Return ssize_t for ssh_socket_unbuffered_read() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit caf50270c6)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
29ef92a95e socket: Reformat ssh_socket_pollcallback() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit b7a29c7ffd)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
6650685758 socket: Reformat ssh_socket_unbuffered_read() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 491a42d046)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
bdca6b7efa connect: Fix build warning on Windows 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 642a1b1aa4)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
97b2a61d74 config: Fix building without globbing support 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f709c3ac58)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
781ce47dea include: Do not declare ssh_channel_new() twice 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ae2b9a3bde)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
277ee932d6 cmake: Add -Wattributs for configure checks 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1d7520b68a)
 2018-09-25 16:41:31 +02:00
Andreas Schneider
c91f530610 Bump version to 0.8.3 libssh-0.8.3 2018-09-21 09:56:06 +02:00
Andreas Schneider
69740ea841 cmake: Bump library version 
(cherry picked from commit 9c37c8c5a5)
 2018-09-20 17:23:42 +02:00
Chris Townsend
1bb7895cd9 sftpserver: Support some openssh extensions 
Add support for "hardlink@openssh.com" and
"posix-rename@openssh.com" extensions.

Signed-off-by: Chris Townsend <christopher.townsend@canonical.com>
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 6c56c1e0d7)
 2018-09-20 17:23:41 +02:00
Andreas Schneider
a028b88aed pki: Use strndup in ssh_pki_export_privkey_base64() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e4711c469f)
 2018-09-20 17:23:41 +02:00
Andreas Schneider
8a25f6bb07 tests: Add a test for ssh_pki_export_privkey_base64() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 8410f43d8b)
 2018-09-20 17:23:41 +02:00
DavidWed
2db453db16 pki: Add ssh_pki_export_privkey_base64() 
Fixes T53

Signed-off-by: DavidWedderwille <davidwe@posteo.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit d0ce2d1ecd)
 2018-09-20 17:23:41 +02:00
Andreas Schneider
03134c2932 tests: Add test for ssh_get_fingerprint_hash() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5a198732a5)
 2018-09-20 17:23:41 +02:00
Andreas Schneider
95d0c143b3 dh: Use ssh_get_fingerprint_hash() in ssh_print_hash() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 92aa2cf496)
 2018-09-20 17:23:41 +02:00
Andreas Schneider
3dcdafa6d7 dh: Add ssh_get_fingerprint_hash() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit bbed139eca)
 2018-09-20 17:23:41 +02:00
Anderson Toshiyuki Sasaki
75c446c529 dh: Removed duplicated code 
The code for calculating SHA 512 in ssh_make_sessionid() had been
duplicated; the cases were unified.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 0eab270754)
 2018-09-20 16:35:05 +02:00
Anderson Toshiyuki Sasaki
4a9c32fc81 dh: Add diffie-hellman-group18-sha512 support 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
(cherry picked from commit 71594f9d6c)
 2018-09-20 16:35:05 +02:00
Andreas Schneider
1634c5a91a buffer: Don't call va_end() twice 
This is handled in the cleanup.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 2ae2baf9ca)
 2018-09-20 16:35:04 +02:00
Andreas Schneider
dfa7593c27 examples: Reformat authenticaton.c 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 4c47719d98)
 2018-09-20 16:35:04 +02:00
Andreas Schneider
034af66338 sftp: Include stdint.h 
Thanks to Apex Liu

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a30d542207)
 2018-09-19 12:42:51 +02:00
Anderson Toshiyuki Sasaki
55c7b93a0a dh: Add diffie-hellman-group16-sha512 support 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit d9d3b65df2)
 2018-09-19 12:42:50 +02:00
Harald Sitter
4818cf5606 sftp: fix buffer_unpack argument to be char** rather than char* 
Summary:
buffer variable 's' gets unpacked as char**, the previous code was passing
a char* causing segfaults on all readlink calls inside the unpacking code

Test Plan:
- without patchy examples/samplesftp segfaults in readlink
- with patchy it doesn't

Reviewers: asn

Differential Revision: https://bugs.libssh.org/D14

Signed-off-by: Harald Sitter <sitter@kde.org>
(cherry picked from commit 97cb302c0e)
 2018-09-19 11:56:10 +02:00
Andreas Schneider
316a3a42a4 buffer: Do cleanup if ssh_buffer_unpack() fails in the first loop 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 90373d8394)
 2018-09-19 11:56:10 +02:00
Andreas Schneider
546d9da185 buffer: Fix invalid memory access in ssh_buffer_unpack() 
Found by oss-fuzz.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 07f7fa7806)
 2018-09-19 11:56:09 +02:00
Andreas Schneider
3b7d997b54 tests: Add OK: and a new line to ssh_ping 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5123f7955b)
 2018-09-19 11:56:09 +02:00
Jakub Jelen
129744692c tests: Wait for the server to start 
The previous timeout of 500 ms was not enough on slower machines or
while running the tests under valgrind. On much faster machines the
sleep() was bringing unnecessary overhead.

This method opens simple connection to the server verifying it is ready
to accept the connection from the test for 5 seconds. It the server
does not start until then, it fails the tests during initialization,
rather than leaving the cases to run against missing server.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit c15ad753a7)
 2018-09-18 18:09:15 +02:00
Anderson Toshiyuki Sasaki
83f6ce0928 tests: Add null checks in torture_threads_pki_rsa.c 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 63aa274f4b)
 2018-09-18 13:30:29 +02:00