mirror of
https://git.libssh.org/projects/libssh.git
synced 2026-02-04 12:20:42 +09:00
Compare commits
9 Commits
0ef79018b3
...
3526e02dee
| Author | SHA1 | Date | |
|---|---|---|---|
|
3526e02dee | ||
|
|
ecea5b6052 | ||
|
|
1833ce86f9 | ||
|
|
3938e5e850 | ||
|
|
dd80a56029 | ||
|
|
9d6df9d0fa | ||
|
|
ee180c660e | ||
|
|
541cd39f14 | ||
|
|
64f72ed55f |
@@ -139,6 +139,7 @@ check_function_exists(strncpy HAVE_STRNCPY)
|
||||
check_function_exists(strndup HAVE_STRNDUP)
|
||||
check_function_exists(strtoull HAVE_STRTOULL)
|
||||
check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO)
|
||||
check_function_exists(memset_explicit HAVE_MEMSET_EXPLICIT)
|
||||
check_function_exists(memset_s HAVE_MEMSET_S)
|
||||
|
||||
if (HAVE_GLOB_H)
|
||||
|
||||
@@ -179,6 +179,9 @@
|
||||
/* Define to 1 if you have the `explicit_bzero' function. */
|
||||
#cmakedefine HAVE_EXPLICIT_BZERO 1
|
||||
|
||||
/* Define to 1 if you have the `memset_explicit' function. */
|
||||
#cmakedefine HAVE_MEMSET_EXPLICIT 1
|
||||
|
||||
/* Define to 1 if you have the `memset_s' function. */
|
||||
#cmakedefine HAVE_MEMSET_S 1
|
||||
|
||||
|
||||
@@ -86,22 +86,24 @@ static void add_cmd(char *cmd)
|
||||
|
||||
static void usage(void)
|
||||
{
|
||||
fprintf(stderr,
|
||||
"Usage : ssh [options] [login@]hostname\n"
|
||||
"sample client - libssh-%s\n"
|
||||
"Options :\n"
|
||||
" -l user : log in as user\n"
|
||||
" -p port : connect to port\n"
|
||||
" -r : use RSA to verify host public key\n"
|
||||
" -F file : parse configuration file instead of default one\n"
|
||||
fprintf(
|
||||
stderr,
|
||||
"Usage : ssh [options] [login@]hostname\n"
|
||||
"sample client - libssh-%s\n"
|
||||
"Options :\n"
|
||||
" -l user : log in as user\n"
|
||||
" -p port : connect to port\n"
|
||||
" -o option : set configuration option (e.g., -o Compression=yes)\n"
|
||||
" -r : use RSA to verify host public key\n"
|
||||
" -F file : parse configuration file instead of default one\n"
|
||||
#ifdef WITH_PCAP
|
||||
" -P file : create a pcap debugging file\n"
|
||||
" -P file : create a pcap debugging file\n"
|
||||
#endif
|
||||
#ifndef _WIN32
|
||||
" -T proxycommand : command to execute as a socket proxy\n"
|
||||
" -T proxycommand : command to execute as a socket proxy\n"
|
||||
#endif
|
||||
"\n",
|
||||
ssh_version(0));
|
||||
"\n",
|
||||
ssh_version(0));
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
||||
@@ -24,6 +24,7 @@
|
||||
#ifndef LIBSSH_CONFIG_H_
|
||||
#define LIBSSH_CONFIG_H_
|
||||
|
||||
#include "libssh/libssh.h"
|
||||
|
||||
enum ssh_config_opcode_e {
|
||||
/* Unknown opcode */
|
||||
@@ -70,4 +71,7 @@ enum ssh_config_opcode_e {
|
||||
|
||||
SOC_MAX /* Keep this one last in the list */
|
||||
};
|
||||
enum ssh_config_opcode_e ssh_config_get_opcode(char *keyword);
|
||||
int ssh_config_parse_line_cli(ssh_session session, const char *line);
|
||||
|
||||
#endif /* LIBSSH_CONFIG_H_ */
|
||||
|
||||
@@ -365,9 +365,29 @@ int ssh_connector_remove_event(ssh_connector connector);
|
||||
/** Get the size of an array */
|
||||
#define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
|
||||
|
||||
#ifndef HAVE_EXPLICIT_BZERO
|
||||
void explicit_bzero(void *s, size_t n);
|
||||
#endif /* !HAVE_EXPLICIT_BZERO */
|
||||
/** Securely zero memory in a way that won't be optimized away */
|
||||
#if defined(HAVE_MEMSET_EXPLICIT)
|
||||
#define ssh_burn(ptr, len) memset_explicit((ptr), '\0', (len))
|
||||
#elif defined(HAVE_EXPLICIT_BZERO)
|
||||
#define ssh_burn(ptr, len) explicit_bzero((ptr), (len))
|
||||
#elif defined(HAVE_MEMSET_S)
|
||||
#define ssh_burn(ptr, len) memset_s((ptr), (len), '\0', (len))
|
||||
#elif defined(HAVE_SECURE_ZERO_MEMORY)
|
||||
#define ssh_burn(ptr, len) SecureZeroMemory((ptr), (len))
|
||||
#else
|
||||
#if defined(HAVE_GCC_VOLATILE_MEMORY_PROTECTION)
|
||||
#define ssh_burn(ptr, len) \
|
||||
do { \
|
||||
memset((ptr), '\0', (len)); \
|
||||
__asm__ volatile("" : : "g"(ptr) : "memory"); \
|
||||
} while (0)
|
||||
#else
|
||||
#define ssh_burn(ptr, len) \
|
||||
do { \
|
||||
memset((ptr), '\0', (len)); \
|
||||
} while (0)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
void burn_free(void *ptr, size_t len);
|
||||
|
||||
|
||||
12
src/auth.c
12
src/auth.c
@@ -1845,7 +1845,7 @@ void ssh_kbdint_free(ssh_kbdint kbd)
|
||||
if (kbd->prompts) {
|
||||
for (i = 0; i < n; i++) {
|
||||
if (kbd->prompts[i] != NULL) {
|
||||
explicit_bzero(kbd->prompts[i], strlen(kbd->prompts[i]));
|
||||
ssh_burn(kbd->prompts[i], strlen(kbd->prompts[i]));
|
||||
}
|
||||
SAFE_FREE(kbd->prompts[i]);
|
||||
}
|
||||
@@ -1856,7 +1856,7 @@ void ssh_kbdint_free(ssh_kbdint kbd)
|
||||
if (kbd->answers) {
|
||||
for (i = 0; i < n; i++) {
|
||||
if (kbd->answers[i] != NULL) {
|
||||
explicit_bzero(kbd->answers[i], strlen(kbd->answers[i]));
|
||||
ssh_burn(kbd->answers[i], strlen(kbd->answers[i]));
|
||||
}
|
||||
SAFE_FREE(kbd->answers[i]);
|
||||
}
|
||||
@@ -1881,7 +1881,7 @@ void ssh_kbdint_clean(ssh_kbdint kbd)
|
||||
n = kbd->nprompts;
|
||||
if (kbd->prompts) {
|
||||
for (i = 0; i < n; i++) {
|
||||
explicit_bzero(kbd->prompts[i], strlen(kbd->prompts[i]));
|
||||
ssh_burn(kbd->prompts[i], strlen(kbd->prompts[i]));
|
||||
SAFE_FREE(kbd->prompts[i]);
|
||||
}
|
||||
SAFE_FREE(kbd->prompts);
|
||||
@@ -1891,7 +1891,7 @@ void ssh_kbdint_clean(ssh_kbdint kbd)
|
||||
|
||||
if (kbd->answers) {
|
||||
for (i = 0; i < n; i++) {
|
||||
explicit_bzero(kbd->answers[i], strlen(kbd->answers[i]));
|
||||
ssh_burn(kbd->answers[i], strlen(kbd->answers[i]));
|
||||
SAFE_FREE(kbd->answers[i]);
|
||||
}
|
||||
SAFE_FREE(kbd->answers);
|
||||
@@ -2372,8 +2372,8 @@ ssh_userauth_kbdint_setanswer(ssh_session session, unsigned int i,
|
||||
}
|
||||
|
||||
if (session->kbdint->answers[i]) {
|
||||
explicit_bzero(session->kbdint->answers[i],
|
||||
strlen(session->kbdint->answers[i]));
|
||||
ssh_burn(session->kbdint->answers[i],
|
||||
strlen(session->kbdint->answers[i]));
|
||||
SAFE_FREE(session->kbdint->answers[i]);
|
||||
}
|
||||
|
||||
|
||||
22
src/buffer.c
22
src/buffer.c
@@ -156,10 +156,10 @@ void ssh_buffer_free(struct ssh_buffer_struct *buffer)
|
||||
|
||||
if (buffer->secure && buffer->allocated > 0) {
|
||||
/* burn the data */
|
||||
explicit_bzero(buffer->data, buffer->allocated);
|
||||
ssh_burn(buffer->data, buffer->allocated);
|
||||
SAFE_FREE(buffer->data);
|
||||
|
||||
explicit_bzero(buffer, sizeof(struct ssh_buffer_struct));
|
||||
ssh_burn(buffer, sizeof(struct ssh_buffer_struct));
|
||||
} else {
|
||||
SAFE_FREE(buffer->data);
|
||||
}
|
||||
@@ -205,7 +205,7 @@ static int realloc_buffer(struct ssh_buffer_struct *buffer, uint32_t needed)
|
||||
return -1;
|
||||
}
|
||||
memcpy(new, buffer->data, buffer->used);
|
||||
explicit_bzero(buffer->data, buffer->used);
|
||||
ssh_burn(buffer->data, buffer->used);
|
||||
SAFE_FREE(buffer->data);
|
||||
} else {
|
||||
new = realloc(buffer->data, needed);
|
||||
@@ -241,7 +241,7 @@ static void buffer_shift(ssh_buffer buffer)
|
||||
|
||||
if (buffer->secure) {
|
||||
void *ptr = buffer->data + buffer->used;
|
||||
explicit_bzero(ptr, burn_pos);
|
||||
ssh_burn(ptr, burn_pos);
|
||||
}
|
||||
|
||||
buffer_verify(buffer);
|
||||
@@ -266,7 +266,7 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
|
||||
buffer_verify(buffer);
|
||||
|
||||
if (buffer->secure && buffer->allocated > 0) {
|
||||
explicit_bzero(buffer->data, buffer->allocated);
|
||||
ssh_burn(buffer->data, buffer->allocated);
|
||||
}
|
||||
buffer->used = 0;
|
||||
buffer->pos = 0;
|
||||
@@ -1352,28 +1352,28 @@ cleanup:
|
||||
case 'b':
|
||||
o.byte = va_arg(ap_copy, uint8_t *);
|
||||
if (buffer->secure) {
|
||||
explicit_bzero(o.byte, sizeof(uint8_t));
|
||||
ssh_burn(o.byte, sizeof(uint8_t));
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case 'w':
|
||||
o.word = va_arg(ap_copy, uint16_t *);
|
||||
if (buffer->secure) {
|
||||
explicit_bzero(o.word, sizeof(uint16_t));
|
||||
ssh_burn(o.word, sizeof(uint16_t));
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case 'd':
|
||||
o.dword = va_arg(ap_copy, uint32_t *);
|
||||
if (buffer->secure) {
|
||||
explicit_bzero(o.dword, sizeof(uint32_t));
|
||||
ssh_burn(o.dword, sizeof(uint32_t));
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case 'q':
|
||||
o.qword = va_arg(ap_copy, uint64_t *);
|
||||
if (buffer->secure) {
|
||||
explicit_bzero(o.qword, sizeof(uint64_t));
|
||||
ssh_burn(o.qword, sizeof(uint64_t));
|
||||
break;
|
||||
}
|
||||
break;
|
||||
@@ -1391,7 +1391,7 @@ cleanup:
|
||||
case 's':
|
||||
o.cstring = va_arg(ap_copy, char **);
|
||||
if (buffer->secure) {
|
||||
explicit_bzero(*o.cstring, strlen(*o.cstring));
|
||||
ssh_burn(*o.cstring, strlen(*o.cstring));
|
||||
}
|
||||
SAFE_FREE(*o.cstring);
|
||||
break;
|
||||
@@ -1399,7 +1399,7 @@ cleanup:
|
||||
len = va_arg(ap_copy, size_t);
|
||||
o.data = va_arg(ap_copy, void **);
|
||||
if (buffer->secure) {
|
||||
explicit_bzero(*o.data, len);
|
||||
ssh_burn(*o.data, len);
|
||||
}
|
||||
SAFE_FREE(*o.data);
|
||||
break;
|
||||
|
||||
546
src/config.c
546
src/config.c
@@ -60,101 +60,102 @@
|
||||
struct ssh_config_keyword_table_s {
|
||||
const char *name;
|
||||
enum ssh_config_opcode_e opcode;
|
||||
bool cli_supported;
|
||||
};
|
||||
|
||||
static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
|
||||
{ "host", SOC_HOST },
|
||||
{ "match", SOC_MATCH },
|
||||
{ "hostname", SOC_HOSTNAME },
|
||||
{ "port", SOC_PORT },
|
||||
{ "user", SOC_USERNAME },
|
||||
{ "identityfile", SOC_IDENTITY },
|
||||
{ "ciphers", SOC_CIPHERS },
|
||||
{ "macs", SOC_MACS },
|
||||
{ "compression", SOC_COMPRESSION },
|
||||
{ "connecttimeout", SOC_TIMEOUT },
|
||||
{ "stricthostkeychecking", SOC_STRICTHOSTKEYCHECK },
|
||||
{ "userknownhostsfile", SOC_KNOWNHOSTS },
|
||||
{ "proxycommand", SOC_PROXYCOMMAND },
|
||||
{ "gssapiserveridentity", SOC_GSSAPISERVERIDENTITY },
|
||||
{ "gssapiclientidentity", SOC_GSSAPICLIENTIDENTITY },
|
||||
{ "gssapidelegatecredentials", SOC_GSSAPIDELEGATECREDENTIALS },
|
||||
{ "include", SOC_INCLUDE },
|
||||
{ "bindaddress", SOC_BINDADDRESS},
|
||||
{ "globalknownhostsfile", SOC_GLOBALKNOWNHOSTSFILE},
|
||||
{ "loglevel", SOC_LOGLEVEL},
|
||||
{ "hostkeyalgorithms", SOC_HOSTKEYALGORITHMS},
|
||||
{ "kexalgorithms", SOC_KEXALGORITHMS},
|
||||
{ "gssapiauthentication", SOC_GSSAPIAUTHENTICATION},
|
||||
{ "kbdinteractiveauthentication", SOC_KBDINTERACTIVEAUTHENTICATION},
|
||||
{ "passwordauthentication", SOC_PASSWORDAUTHENTICATION},
|
||||
{ "pubkeyauthentication", SOC_PUBKEYAUTHENTICATION},
|
||||
{ "addkeystoagent", SOC_UNSUPPORTED},
|
||||
{ "addressfamily", SOC_UNSUPPORTED},
|
||||
{ "batchmode", SOC_UNSUPPORTED},
|
||||
{ "canonicaldomains", SOC_UNSUPPORTED},
|
||||
{ "canonicalizefallbacklocal", SOC_UNSUPPORTED},
|
||||
{ "canonicalizehostname", SOC_UNSUPPORTED},
|
||||
{ "canonicalizemaxdots", SOC_UNSUPPORTED},
|
||||
{ "canonicalizepermittedcnames", SOC_UNSUPPORTED},
|
||||
{ "certificatefile", SOC_CERTIFICATE},
|
||||
{ "kbdinteractiveauthentication", SOC_UNSUPPORTED},
|
||||
{ "checkhostip", SOC_UNSUPPORTED},
|
||||
{ "connectionattempts", SOC_UNSUPPORTED},
|
||||
{ "enablesshkeysign", SOC_UNSUPPORTED},
|
||||
{ "fingerprinthash", SOC_UNSUPPORTED},
|
||||
{ "forwardagent", SOC_UNSUPPORTED},
|
||||
{ "hashknownhosts", SOC_UNSUPPORTED},
|
||||
{ "hostbasedauthentication", SOC_UNSUPPORTED},
|
||||
{ "hostbasedacceptedalgorithms", SOC_UNSUPPORTED},
|
||||
{ "hostkeyalias", SOC_UNSUPPORTED},
|
||||
{ "identitiesonly", SOC_IDENTITIESONLY},
|
||||
{ "identityagent", SOC_IDENTITYAGENT},
|
||||
{ "ipqos", SOC_UNSUPPORTED},
|
||||
{ "kbdinteractivedevices", SOC_UNSUPPORTED},
|
||||
{ "nohostauthenticationforlocalhost", SOC_UNSUPPORTED},
|
||||
{ "numberofpasswordprompts", SOC_UNSUPPORTED},
|
||||
{ "pkcs11provider", SOC_UNSUPPORTED},
|
||||
{ "preferredauthentications", SOC_UNSUPPORTED},
|
||||
{ "proxyjump", SOC_PROXYJUMP},
|
||||
{ "proxyusefdpass", SOC_UNSUPPORTED},
|
||||
{ "pubkeyacceptedalgorithms", SOC_PUBKEYACCEPTEDKEYTYPES},
|
||||
{ "rekeylimit", SOC_REKEYLIMIT},
|
||||
{ "remotecommand", SOC_UNSUPPORTED},
|
||||
{ "revokedhostkeys", SOC_UNSUPPORTED},
|
||||
{ "serveralivecountmax", SOC_UNSUPPORTED},
|
||||
{ "serveraliveinterval", SOC_UNSUPPORTED},
|
||||
{ "streamlocalbindmask", SOC_UNSUPPORTED},
|
||||
{ "streamlocalbindunlink", SOC_UNSUPPORTED},
|
||||
{ "syslogfacility", SOC_UNSUPPORTED},
|
||||
{ "tcpkeepalive", SOC_UNSUPPORTED},
|
||||
{ "updatehostkeys", SOC_UNSUPPORTED},
|
||||
{ "verifyhostkeydns", SOC_UNSUPPORTED},
|
||||
{ "visualhostkey", SOC_UNSUPPORTED},
|
||||
{ "clearallforwardings", SOC_NA},
|
||||
{ "controlmaster", SOC_NA},
|
||||
{ "controlpersist", SOC_NA},
|
||||
{ "controlpath", SOC_NA},
|
||||
{ "dynamicforward", SOC_NA},
|
||||
{ "escapechar", SOC_NA},
|
||||
{ "exitonforwardfailure", SOC_NA},
|
||||
{ "forwardx11", SOC_NA},
|
||||
{ "forwardx11timeout", SOC_NA},
|
||||
{ "forwardx11trusted", SOC_NA},
|
||||
{ "gatewayports", SOC_NA},
|
||||
{ "ignoreunknown", SOC_NA},
|
||||
{ "localcommand", SOC_NA},
|
||||
{ "localforward", SOC_NA},
|
||||
{ "permitlocalcommand", SOC_NA},
|
||||
{ "remoteforward", SOC_NA},
|
||||
{ "requesttty", SOC_NA},
|
||||
{ "sendenv", SOC_NA},
|
||||
{ "tunnel", SOC_NA},
|
||||
{ "tunneldevice", SOC_NA},
|
||||
{ "xauthlocation", SOC_NA},
|
||||
{ "pubkeyacceptedkeytypes", SOC_PUBKEYACCEPTEDKEYTYPES},
|
||||
{ "requiredrsasize", SOC_REQUIRED_RSA_SIZE},
|
||||
{ NULL, SOC_UNKNOWN }
|
||||
{"host", SOC_HOST, true},
|
||||
{"match", SOC_MATCH, false},
|
||||
{"hostname", SOC_HOSTNAME, true},
|
||||
{"port", SOC_PORT, true},
|
||||
{"user", SOC_USERNAME, true},
|
||||
{"identityfile", SOC_IDENTITY, true},
|
||||
{"ciphers", SOC_CIPHERS, true},
|
||||
{"macs", SOC_MACS, true},
|
||||
{"compression", SOC_COMPRESSION, true},
|
||||
{"connecttimeout", SOC_TIMEOUT, true},
|
||||
{"stricthostkeychecking", SOC_STRICTHOSTKEYCHECK, true},
|
||||
{"userknownhostsfile", SOC_KNOWNHOSTS, true},
|
||||
{"proxycommand", SOC_PROXYCOMMAND, true},
|
||||
{"gssapiserveridentity", SOC_GSSAPISERVERIDENTITY, false},
|
||||
{"gssapiclientidentity", SOC_GSSAPICLIENTIDENTITY, false},
|
||||
{"gssapidelegatecredentials", SOC_GSSAPIDELEGATECREDENTIALS, true},
|
||||
{"include", SOC_INCLUDE, true},
|
||||
{"bindaddress", SOC_BINDADDRESS, true},
|
||||
{"globalknownhostsfile", SOC_GLOBALKNOWNHOSTSFILE, true},
|
||||
{"loglevel", SOC_LOGLEVEL, true},
|
||||
{"hostkeyalgorithms", SOC_HOSTKEYALGORITHMS, true},
|
||||
{"kexalgorithms", SOC_KEXALGORITHMS, true},
|
||||
{"gssapiauthentication", SOC_GSSAPIAUTHENTICATION, true},
|
||||
{"kbdinteractiveauthentication", SOC_KBDINTERACTIVEAUTHENTICATION, true},
|
||||
{"passwordauthentication", SOC_PASSWORDAUTHENTICATION, true},
|
||||
{"pubkeyauthentication", SOC_PUBKEYAUTHENTICATION, true},
|
||||
{"addkeystoagent", SOC_UNSUPPORTED, true},
|
||||
{"addressfamily", SOC_UNSUPPORTED, true},
|
||||
{"batchmode", SOC_UNSUPPORTED, true},
|
||||
{"canonicaldomains", SOC_UNSUPPORTED, true},
|
||||
{"canonicalizefallbacklocal", SOC_UNSUPPORTED, true},
|
||||
{"canonicalizehostname", SOC_UNSUPPORTED, true},
|
||||
{"canonicalizemaxdots", SOC_UNSUPPORTED, true},
|
||||
{"canonicalizepermittedcnames", SOC_UNSUPPORTED, true},
|
||||
{"certificatefile", SOC_CERTIFICATE, true},
|
||||
{"kbdinteractiveauthentication", SOC_UNSUPPORTED, true},
|
||||
{"checkhostip", SOC_UNSUPPORTED, true},
|
||||
{"connectionattempts", SOC_UNSUPPORTED, true},
|
||||
{"enablesshkeysign", SOC_UNSUPPORTED, true},
|
||||
{"fingerprinthash", SOC_UNSUPPORTED, true},
|
||||
{"forwardagent", SOC_UNSUPPORTED, true},
|
||||
{"hashknownhosts", SOC_UNSUPPORTED, true},
|
||||
{"hostbasedauthentication", SOC_UNSUPPORTED, true},
|
||||
{"hostbasedacceptedalgorithms", SOC_UNSUPPORTED, true},
|
||||
{"hostkeyalias", SOC_UNSUPPORTED, true},
|
||||
{"identitiesonly", SOC_IDENTITIESONLY, true},
|
||||
{"identityagent", SOC_IDENTITYAGENT, true},
|
||||
{"ipqos", SOC_UNSUPPORTED, true},
|
||||
{"kbdinteractivedevices", SOC_UNSUPPORTED, true},
|
||||
{"nohostauthenticationforlocalhost", SOC_UNSUPPORTED, true},
|
||||
{"numberofpasswordprompts", SOC_UNSUPPORTED, true},
|
||||
{"pkcs11provider", SOC_UNSUPPORTED, true},
|
||||
{"preferredauthentications", SOC_UNSUPPORTED, true},
|
||||
{"proxyjump", SOC_PROXYJUMP, true},
|
||||
{"proxyusefdpass", SOC_UNSUPPORTED, true},
|
||||
{"pubkeyacceptedalgorithms", SOC_PUBKEYACCEPTEDKEYTYPES, true},
|
||||
{"rekeylimit", SOC_REKEYLIMIT, true},
|
||||
{"remotecommand", SOC_UNSUPPORTED, true},
|
||||
{"revokedhostkeys", SOC_UNSUPPORTED, true},
|
||||
{"serveralivecountmax", SOC_UNSUPPORTED, true},
|
||||
{"serveraliveinterval", SOC_UNSUPPORTED, true},
|
||||
{"streamlocalbindmask", SOC_UNSUPPORTED, true},
|
||||
{"streamlocalbindunlink", SOC_UNSUPPORTED, true},
|
||||
{"syslogfacility", SOC_UNSUPPORTED, true},
|
||||
{"tcpkeepalive", SOC_UNSUPPORTED, true},
|
||||
{"updatehostkeys", SOC_UNSUPPORTED, true},
|
||||
{"verifyhostkeydns", SOC_UNSUPPORTED, true},
|
||||
{"visualhostkey", SOC_UNSUPPORTED, true},
|
||||
{"clearallforwardings", SOC_NA, true},
|
||||
{"controlmaster", SOC_NA, true},
|
||||
{"controlpersist", SOC_NA, true},
|
||||
{"controlpath", SOC_NA, true},
|
||||
{"dynamicforward", SOC_NA, true},
|
||||
{"escapechar", SOC_NA, true},
|
||||
{"exitonforwardfailure", SOC_NA, true},
|
||||
{"forwardx11", SOC_NA, true},
|
||||
{"forwardx11timeout", SOC_NA, true},
|
||||
{"forwardx11trusted", SOC_NA, true},
|
||||
{"gatewayports", SOC_NA, true},
|
||||
{"ignoreunknown", SOC_NA, true},
|
||||
{"localcommand", SOC_NA, true},
|
||||
{"localforward", SOC_NA, true},
|
||||
{"permitlocalcommand", SOC_NA, true},
|
||||
{"remoteforward", SOC_NA, true},
|
||||
{"requesttty", SOC_NA, true},
|
||||
{"sendenv", SOC_NA, true},
|
||||
{"tunnel", SOC_NA, true},
|
||||
{"tunneldevice", SOC_NA, true},
|
||||
{"xauthlocation", SOC_NA, true},
|
||||
{"pubkeyacceptedkeytypes", SOC_PUBKEYACCEPTEDKEYTYPES, true},
|
||||
{"requiredrsasize", SOC_REQUIRED_RSA_SIZE, true},
|
||||
{NULL, SOC_UNKNOWN, false},
|
||||
};
|
||||
|
||||
enum ssh_config_match_e {
|
||||
@@ -189,19 +190,48 @@ static struct ssh_config_match_keyword_table_s
|
||||
{NULL, MATCH_UNKNOWN},
|
||||
};
|
||||
|
||||
static int ssh_config_parse_line(ssh_session session, const char *line,
|
||||
unsigned int count, int *parsing, unsigned int depth, bool global);
|
||||
int ssh_config_parse_line(ssh_session session,
|
||||
const char *line,
|
||||
unsigned int count,
|
||||
int *parsing,
|
||||
unsigned int depth,
|
||||
bool global);
|
||||
|
||||
static enum ssh_config_opcode_e ssh_config_get_opcode(char *keyword) {
|
||||
int i;
|
||||
static int ssh_config_parse_line_internal(ssh_session session,
|
||||
const char *line,
|
||||
unsigned int count,
|
||||
int *parsing,
|
||||
unsigned int depth,
|
||||
bool global,
|
||||
bool is_cli,
|
||||
bool fail_on_unknown);
|
||||
|
||||
for (i = 0; ssh_config_keyword_table[i].name != NULL; i++) {
|
||||
if (strcasecmp(keyword, ssh_config_keyword_table[i].name) == 0) {
|
||||
return ssh_config_keyword_table[i].opcode;
|
||||
int ssh_config_parse_line_cli(ssh_session session, const char *line);
|
||||
|
||||
enum ssh_config_opcode_e ssh_config_get_opcode(char *keyword)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; ssh_config_keyword_table[i].name != NULL; i++) {
|
||||
if (strcasecmp(keyword, ssh_config_keyword_table[i].name) == 0) {
|
||||
return ssh_config_keyword_table[i].opcode;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return SOC_UNKNOWN;
|
||||
return SOC_UNKNOWN;
|
||||
}
|
||||
|
||||
static bool ssh_config_is_cli_supported(enum ssh_config_opcode_e opcode)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; ssh_config_keyword_table[i].name != NULL; i++) {
|
||||
if (opcode == ssh_config_keyword_table[i].opcode) {
|
||||
return ssh_config_keyword_table[i].cli_supported;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
#define LIBSSH_CONF_MAX_DEPTH 16
|
||||
@@ -735,13 +765,78 @@ ssh_match_localnetwork(const char *addrlist, bool negate)
|
||||
}
|
||||
#endif /* HAVE_IFADDRS_H */
|
||||
|
||||
static int
|
||||
ssh_config_parse_line(ssh_session session,
|
||||
const char *line,
|
||||
unsigned int count,
|
||||
int *parsing,
|
||||
unsigned int depth,
|
||||
bool global)
|
||||
static enum ssh_options_e
|
||||
ssh_config_get_auth_option(enum ssh_config_opcode_e opcode)
|
||||
{
|
||||
struct auth_option_map {
|
||||
enum ssh_config_opcode_e opcode;
|
||||
const char *name;
|
||||
enum ssh_options_e option;
|
||||
};
|
||||
|
||||
static struct auth_option_map auth_options[] = {
|
||||
{
|
||||
SOC_GSSAPIAUTHENTICATION,
|
||||
"GSSAPIAuthentication",
|
||||
SSH_OPTIONS_GSSAPI_AUTH,
|
||||
},
|
||||
{
|
||||
SOC_KBDINTERACTIVEAUTHENTICATION,
|
||||
"KbdInteractiveAuthentication",
|
||||
SSH_OPTIONS_KBDINT_AUTH,
|
||||
},
|
||||
{
|
||||
SOC_PASSWORDAUTHENTICATION,
|
||||
"PasswordAuthentication",
|
||||
SSH_OPTIONS_PASSWORD_AUTH,
|
||||
},
|
||||
{
|
||||
SOC_PUBKEYAUTHENTICATION,
|
||||
"PubkeyAuthentication",
|
||||
SSH_OPTIONS_PUBKEY_AUTH,
|
||||
},
|
||||
{0, NULL, 0},
|
||||
};
|
||||
|
||||
for (struct auth_option_map *map = auth_options; map->name != NULL; map++) {
|
||||
if (map->opcode == opcode) {
|
||||
return map->option;
|
||||
}
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
#define CHECK_COND_OR_FAIL(cond, error_message) \
|
||||
do { \
|
||||
if ((cond)) { \
|
||||
SSH_LOG(SSH_LOG_DEBUG, \
|
||||
"line %d: %s: %s", \
|
||||
count, \
|
||||
error_message, \
|
||||
keyword); \
|
||||
if (fail_on_unknown) { \
|
||||
ssh_set_error(session, \
|
||||
SSH_FATAL, \
|
||||
is_cli ? "%s '%s' value on CLI" \
|
||||
: "%s '%s' value at line %d", \
|
||||
error_message, \
|
||||
keyword, \
|
||||
is_cli ? 0 : count); \
|
||||
SAFE_FREE(x); \
|
||||
return SSH_ERROR; \
|
||||
} \
|
||||
break; \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
static int ssh_config_parse_line_internal(ssh_session session,
|
||||
const char *line,
|
||||
unsigned int count,
|
||||
int *parsing,
|
||||
unsigned int depth,
|
||||
bool global,
|
||||
bool is_cli,
|
||||
bool fail_on_unknown)
|
||||
{
|
||||
enum ssh_config_opcode_e opcode;
|
||||
const char *p = NULL, *p2 = NULL;
|
||||
@@ -756,6 +851,9 @@ ssh_config_parse_line(ssh_session session,
|
||||
|
||||
/* Ignore empty lines */
|
||||
if (line == NULL || *line == '\0') {
|
||||
if (is_cli) {
|
||||
return SSH_ERROR;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -781,6 +879,16 @@ ssh_config_parse_line(ssh_session session,
|
||||
}
|
||||
|
||||
opcode = ssh_config_get_opcode(keyword);
|
||||
if (is_cli && !ssh_config_is_cli_supported(opcode)) {
|
||||
ssh_set_error(
|
||||
session,
|
||||
SSH_FATAL,
|
||||
"Option '%s' is not supported in command-line configuration",
|
||||
keyword);
|
||||
SAFE_FREE(x);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
if (*parsing == 1 &&
|
||||
opcode != SOC_HOST &&
|
||||
opcode != SOC_MATCH &&
|
||||
@@ -1051,82 +1159,93 @@ ssh_config_parse_line(ssh_session session,
|
||||
}
|
||||
case SOC_HOSTNAME:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
char *z = ssh_path_expand_escape(session, p);
|
||||
if (z == NULL) {
|
||||
z = strdup(p);
|
||||
}
|
||||
ssh_options_set(session, SSH_OPTIONS_HOST, z);
|
||||
free(z);
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
char *z = ssh_path_expand_escape(session, p);
|
||||
if (z == NULL) {
|
||||
z = strdup(p);
|
||||
}
|
||||
ssh_options_set(session, SSH_OPTIONS_HOST, z);
|
||||
free(z);
|
||||
}
|
||||
break;
|
||||
case SOC_PORT:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_PORT_STR, p);
|
||||
}
|
||||
break;
|
||||
case SOC_USERNAME:
|
||||
if (session->opts.username == NULL) {
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_USER, p);
|
||||
}
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_USER, p);
|
||||
}
|
||||
}
|
||||
break;
|
||||
case SOC_IDENTITY:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_ADD_IDENTITY, p);
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_ADD_IDENTITY, p);
|
||||
}
|
||||
break;
|
||||
case SOC_CIPHERS:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, p);
|
||||
ssh_options_set(session, SSH_OPTIONS_CIPHERS_S_C, p);
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, p);
|
||||
ssh_options_set(session, SSH_OPTIONS_CIPHERS_S_C, p);
|
||||
}
|
||||
break;
|
||||
case SOC_MACS:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_HMAC_C_S, p);
|
||||
ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, p);
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_HMAC_C_S, p);
|
||||
ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, p);
|
||||
}
|
||||
break;
|
||||
case SOC_COMPRESSION:
|
||||
i = ssh_config_get_yesno(&s, -1);
|
||||
if (i >= 0 && *parsing) {
|
||||
if (i) {
|
||||
ssh_options_set(session, SSH_OPTIONS_COMPRESSION, "yes");
|
||||
} else {
|
||||
ssh_options_set(session, SSH_OPTIONS_COMPRESSION, "no");
|
||||
}
|
||||
CHECK_COND_OR_FAIL(i < 0, "Invalid argument");
|
||||
if (*parsing) {
|
||||
if (i) {
|
||||
ssh_options_set(session, SSH_OPTIONS_COMPRESSION, "yes");
|
||||
} else {
|
||||
ssh_options_set(session, SSH_OPTIONS_COMPRESSION, "no");
|
||||
}
|
||||
}
|
||||
break;
|
||||
case SOC_TIMEOUT:
|
||||
l = ssh_config_get_long(&s, -1);
|
||||
if (l >= 0 && *parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &l);
|
||||
CHECK_COND_OR_FAIL(l < 0, "Invalid argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &l);
|
||||
}
|
||||
break;
|
||||
case SOC_STRICTHOSTKEYCHECK:
|
||||
i = ssh_config_get_yesno(&s, -1);
|
||||
if (i >= 0 && *parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_STRICTHOSTKEYCHECK, &i);
|
||||
CHECK_COND_OR_FAIL(i < 0, "Invalid argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_STRICTHOSTKEYCHECK, &i);
|
||||
}
|
||||
break;
|
||||
case SOC_KNOWNHOSTS:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, p);
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, p);
|
||||
}
|
||||
break;
|
||||
case SOC_PROXYCOMMAND:
|
||||
p = ssh_config_get_cmd(&s);
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
/* We share the seen value with the ProxyJump */
|
||||
if (p && *parsing && !seen[SOC_PROXYJUMP]) {
|
||||
ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, p);
|
||||
if (*parsing && !seen[SOC_PROXYJUMP]) {
|
||||
ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, p);
|
||||
}
|
||||
break;
|
||||
case SOC_PROXYJUMP:
|
||||
@@ -1146,37 +1265,43 @@ ssh_config_parse_line(ssh_session session,
|
||||
break;
|
||||
case SOC_GSSAPISERVERIDENTITY:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_GSSAPI_SERVER_IDENTITY, p);
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_GSSAPI_SERVER_IDENTITY, p);
|
||||
}
|
||||
break;
|
||||
case SOC_GSSAPICLIENTIDENTITY:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY, p);
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY, p);
|
||||
}
|
||||
break;
|
||||
case SOC_GSSAPIDELEGATECREDENTIALS:
|
||||
i = ssh_config_get_yesno(&s, -1);
|
||||
if (i >=0 && *parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, &i);
|
||||
CHECK_COND_OR_FAIL(i < 0, "Invalid argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, &i);
|
||||
}
|
||||
break;
|
||||
case SOC_BINDADDRESS:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_BINDADDR, p);
|
||||
}
|
||||
break;
|
||||
case SOC_GLOBALKNOWNHOSTSFILE:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_GLOBAL_KNOWNHOSTS, p);
|
||||
}
|
||||
break;
|
||||
case SOC_LOGLEVEL:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
int value = -1;
|
||||
|
||||
if (strcasecmp(p, "quiet") == 0) {
|
||||
@@ -1194,6 +1319,7 @@ ssh_config_parse_line(ssh_session session,
|
||||
strcasecmp(p, "DEBUG3") == 0) {
|
||||
value = SSH_LOG_TRACE;
|
||||
}
|
||||
CHECK_COND_OR_FAIL(value == -1, "Invalid value");
|
||||
if (value != -1) {
|
||||
ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &value);
|
||||
}
|
||||
@@ -1201,19 +1327,22 @@ ssh_config_parse_line(ssh_session session,
|
||||
break;
|
||||
case SOC_HOSTKEYALGORITHMS:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, p);
|
||||
}
|
||||
break;
|
||||
case SOC_PUBKEYACCEPTEDKEYTYPES:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, p);
|
||||
}
|
||||
break;
|
||||
case SOC_KEXALGORITHMS:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, p);
|
||||
}
|
||||
break;
|
||||
@@ -1221,6 +1350,7 @@ ssh_config_parse_line(ssh_session session,
|
||||
/* Parse the data limit */
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p == NULL) {
|
||||
CHECK_COND_OR_FAIL(1, "Missing data limit");
|
||||
break;
|
||||
} else if (strcmp(p, "default") == 0) {
|
||||
/* Default rekey limits enforced automatically */
|
||||
@@ -1229,8 +1359,7 @@ ssh_config_parse_line(ssh_session session,
|
||||
char *endp = NULL;
|
||||
ll = strtoll(p, &endp, 10);
|
||||
if (p == endp || ll < 0) {
|
||||
/* No number or negative */
|
||||
SSH_LOG(SSH_LOG_TRACE, "Invalid argument to rekey limit");
|
||||
CHECK_COND_OR_FAIL(1, "Invalid data limit");
|
||||
break;
|
||||
}
|
||||
switch (*endp) {
|
||||
@@ -1268,19 +1397,19 @@ ssh_config_parse_line(ssh_session session,
|
||||
break;
|
||||
}
|
||||
if (*endp != ' ' && *endp != '\0') {
|
||||
SSH_LOG(SSH_LOG_TRACE,
|
||||
"Invalid trailing characters after the rekey limit: %s",
|
||||
endp);
|
||||
CHECK_COND_OR_FAIL(1, "Invalid trailing characters");
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (ll > -1 && *parsing) {
|
||||
CHECK_COND_OR_FAIL(ll < 0, "Invalid data limit");
|
||||
if (*parsing) {
|
||||
uint64_t v = (uint64_t)ll;
|
||||
ssh_options_set(session, SSH_OPTIONS_REKEY_DATA, &v);
|
||||
}
|
||||
/* Parse the time limit */
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p == NULL) {
|
||||
CHECK_COND_OR_FAIL(1, "Missing time limit");
|
||||
break;
|
||||
} else if (strcmp(p, "none") == 0) {
|
||||
ll = 0;
|
||||
@@ -1289,7 +1418,7 @@ ssh_config_parse_line(ssh_session session,
|
||||
ll = strtoll(p, &endp, 10);
|
||||
if (p == endp || ll < 0) {
|
||||
/* No number or negative */
|
||||
SSH_LOG(SSH_LOG_TRACE, "Invalid argument to rekey limit");
|
||||
CHECK_COND_OR_FAIL(1, "Invalid time limit");
|
||||
break;
|
||||
}
|
||||
switch (*endp) {
|
||||
@@ -1342,11 +1471,11 @@ ssh_config_parse_line(ssh_session session,
|
||||
break;
|
||||
}
|
||||
if (*endp != '\0') {
|
||||
SSH_LOG(SSH_LOG_TRACE, "Invalid trailing characters after the"
|
||||
" rekey limit: %s", endp);
|
||||
CHECK_COND_OR_FAIL(1, "Invalid trailing characters");
|
||||
break;
|
||||
}
|
||||
}
|
||||
CHECK_COND_OR_FAIL(ll < 0, "Invalid time limit");
|
||||
if (ll > -1 && *parsing) {
|
||||
uint32_t v = (uint32_t)ll;
|
||||
ssh_options_set(session, SSH_OPTIONS_REKEY_TIME, &v);
|
||||
@@ -1355,56 +1484,44 @@ ssh_config_parse_line(ssh_session session,
|
||||
case SOC_GSSAPIAUTHENTICATION:
|
||||
case SOC_KBDINTERACTIVEAUTHENTICATION:
|
||||
case SOC_PASSWORDAUTHENTICATION:
|
||||
case SOC_PUBKEYAUTHENTICATION:
|
||||
case SOC_PUBKEYAUTHENTICATION: {
|
||||
enum ssh_options_e option = ssh_config_get_auth_option(opcode);
|
||||
i = ssh_config_get_yesno(&s, 0);
|
||||
if (i>=0 && *parsing) {
|
||||
switch(opcode){
|
||||
case SOC_GSSAPIAUTHENTICATION:
|
||||
ssh_options_set(session, SSH_OPTIONS_GSSAPI_AUTH, &i);
|
||||
break;
|
||||
case SOC_KBDINTERACTIVEAUTHENTICATION:
|
||||
ssh_options_set(session, SSH_OPTIONS_KBDINT_AUTH, &i);
|
||||
break;
|
||||
case SOC_PASSWORDAUTHENTICATION:
|
||||
ssh_options_set(session, SSH_OPTIONS_PASSWORD_AUTH, &i);
|
||||
break;
|
||||
case SOC_PUBKEYAUTHENTICATION:
|
||||
ssh_options_set(session, SSH_OPTIONS_PUBKEY_AUTH, &i);
|
||||
break;
|
||||
/* make gcc happy */
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
CHECK_COND_OR_FAIL(i < 0, "Authentication option");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, option, &i);
|
||||
}
|
||||
break;
|
||||
}
|
||||
case SOC_NA:
|
||||
SSH_LOG(SSH_LOG_TRACE, "Unapplicable option: %s, line: %d",
|
||||
keyword, count);
|
||||
break;
|
||||
CHECK_COND_OR_FAIL(1, "Unapplicable option");
|
||||
break;
|
||||
case SOC_UNSUPPORTED:
|
||||
SSH_LOG(SSH_LOG_RARE, "Unsupported option: %s, line: %d",
|
||||
keyword, count);
|
||||
break;
|
||||
CHECK_COND_OR_FAIL(1, "Unsupported option");
|
||||
break;
|
||||
case SOC_UNKNOWN:
|
||||
SSH_LOG(SSH_LOG_TRACE, "Unknown option: %s, line: %d",
|
||||
keyword, count);
|
||||
break;
|
||||
CHECK_COND_OR_FAIL(1, "Unknown option");
|
||||
break;
|
||||
case SOC_IDENTITYAGENT:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_IDENTITY_AGENT, p);
|
||||
}
|
||||
break;
|
||||
case SOC_IDENTITIESONLY:
|
||||
i = ssh_config_get_yesno(&s, -1);
|
||||
if (i >= 0 && *parsing) {
|
||||
bool b = i;
|
||||
ssh_options_set(session, SSH_OPTIONS_IDENTITIES_ONLY, &b);
|
||||
CHECK_COND_OR_FAIL(i < 0, "Invalid argument");
|
||||
if (*parsing) {
|
||||
bool b = i;
|
||||
ssh_options_set(session, SSH_OPTIONS_IDENTITIES_ONLY, &b);
|
||||
}
|
||||
break;
|
||||
case SOC_CONTROLMASTER:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
CHECK_COND_OR_FAIL(p == NULL, "ControlMaster");
|
||||
if (*parsing) {
|
||||
int value = -1;
|
||||
|
||||
if (strcasecmp(p, "auto") == 0) {
|
||||
@@ -1419,6 +1536,7 @@ ssh_config_parse_line(ssh_session session,
|
||||
value = SSH_CONTROL_MASTER_ASK;
|
||||
}
|
||||
|
||||
CHECK_COND_OR_FAIL(value == -1, "Invalid argument");
|
||||
if (value != -1) {
|
||||
ssh_options_set(session, SSH_OPTIONS_CONTROL_MASTER, &value);
|
||||
}
|
||||
@@ -1436,13 +1554,15 @@ ssh_config_parse_line(ssh_session session,
|
||||
break;
|
||||
case SOC_CERTIFICATE:
|
||||
p = ssh_config_get_str_tok(&s, NULL);
|
||||
if (p && *parsing) {
|
||||
CHECK_COND_OR_FAIL(p == NULL, "Missing argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_CERTIFICATE, p);
|
||||
}
|
||||
break;
|
||||
case SOC_REQUIRED_RSA_SIZE:
|
||||
l = ssh_config_get_long(&s, -1);
|
||||
if (l >= 0 && *parsing) {
|
||||
CHECK_COND_OR_FAIL(l < 0, "Invalid argument");
|
||||
if (*parsing) {
|
||||
ssh_options_set(session, SSH_OPTIONS_RSA_MIN_SIZE, &l);
|
||||
}
|
||||
break;
|
||||
@@ -1458,6 +1578,38 @@ ssh_config_parse_line(ssh_session session,
|
||||
return 0;
|
||||
}
|
||||
|
||||
#undef SSH_PARSE_OR_FAIL
|
||||
|
||||
int ssh_config_parse_line(ssh_session session,
|
||||
const char *line,
|
||||
unsigned int count,
|
||||
int *parsing,
|
||||
unsigned int depth,
|
||||
bool global)
|
||||
{
|
||||
return ssh_config_parse_line_internal(session,
|
||||
line,
|
||||
count,
|
||||
parsing,
|
||||
depth,
|
||||
global,
|
||||
false,
|
||||
false);
|
||||
}
|
||||
|
||||
int ssh_config_parse_line_cli(ssh_session session, const char *line)
|
||||
{
|
||||
int parsing = 1;
|
||||
return ssh_config_parse_line_internal(session,
|
||||
line,
|
||||
0,
|
||||
&parsing,
|
||||
0,
|
||||
false,
|
||||
true,
|
||||
true);
|
||||
}
|
||||
|
||||
/* @brief Parse configuration from a file pointer
|
||||
*
|
||||
* @params[in] session The ssh session
|
||||
|
||||
14
src/external/bcrypt_pbkdf.c
vendored
14
src/external/bcrypt_pbkdf.c
vendored
@@ -97,8 +97,8 @@ bcrypt_hash(ssh_blf_ctx *state, uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *o
|
||||
}
|
||||
|
||||
/* zap */
|
||||
explicit_bzero(ciphertext, sizeof(ciphertext));
|
||||
explicit_bzero(cdata, sizeof(cdata));
|
||||
ssh_burn(ciphertext, sizeof(ciphertext));
|
||||
ssh_burn(cdata, sizeof(cdata));
|
||||
}
|
||||
|
||||
int
|
||||
@@ -180,12 +180,12 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
|
||||
}
|
||||
|
||||
/* zap */
|
||||
explicit_bzero(out, sizeof(out));
|
||||
explicit_bzero(state, sizeof(*state));
|
||||
ssh_burn(out, sizeof(out));
|
||||
ssh_burn(state, sizeof(*state));
|
||||
|
||||
free(state);
|
||||
free(countsalt);
|
||||
free(state);
|
||||
free(countsalt);
|
||||
|
||||
return 0;
|
||||
return 0;
|
||||
}
|
||||
#endif /* HAVE_BCRYPT_PBKDF */
|
||||
|
||||
@@ -88,7 +88,7 @@ static int ssh_gets(const char *prompt, char *buf, size_t len, int verify)
|
||||
fprintf(stdout, "\nVerifying, please re-enter. %s", prompt);
|
||||
fflush(stdout);
|
||||
if (!fgets(key_string, (int)len, stdin)) {
|
||||
explicit_bzero(key_string, len);
|
||||
ssh_burn(key_string, len);
|
||||
SAFE_FREE(key_string);
|
||||
clearerr(stdin);
|
||||
continue;
|
||||
@@ -99,17 +99,17 @@ static int ssh_gets(const char *prompt, char *buf, size_t len, int verify)
|
||||
fprintf(stdout, "\n");
|
||||
if (strcmp(buf, key_string)) {
|
||||
printf("\n\07\07Mismatch - try again\n");
|
||||
explicit_bzero(key_string, len);
|
||||
ssh_burn(key_string, len);
|
||||
SAFE_FREE(key_string);
|
||||
fflush(stdout);
|
||||
continue;
|
||||
}
|
||||
explicit_bzero(key_string, len);
|
||||
ssh_burn(key_string, len);
|
||||
SAFE_FREE(key_string);
|
||||
}
|
||||
ok = 1;
|
||||
}
|
||||
explicit_bzero(tmp, len);
|
||||
ssh_burn(tmp, len);
|
||||
free(tmp);
|
||||
|
||||
return ok;
|
||||
@@ -152,7 +152,7 @@ int ssh_getpass(const char *prompt,
|
||||
SetConsoleMode(h, mode);
|
||||
|
||||
if (!ok) {
|
||||
explicit_bzero(buf, len);
|
||||
ssh_burn(buf, len);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -257,8 +257,8 @@ int ssh_getpass(const char *prompt,
|
||||
}
|
||||
|
||||
/* disable nonblocking I/O */
|
||||
if (fd & O_NDELAY) {
|
||||
ok = fcntl(0, F_SETFL, fd & ~O_NDELAY);
|
||||
if (fd & O_NONBLOCK) {
|
||||
ok = fcntl(0, F_SETFL, fd & ~O_NONBLOCK);
|
||||
if (ok < 0) {
|
||||
perror("fcntl");
|
||||
return -1;
|
||||
@@ -273,7 +273,7 @@ int ssh_getpass(const char *prompt,
|
||||
}
|
||||
|
||||
/* close fd */
|
||||
if (fd & O_NDELAY) {
|
||||
if (fd & O_NONBLOCK) {
|
||||
ok = fcntl(0, F_SETFL, fd);
|
||||
if (ok < 0) {
|
||||
perror("fcntl");
|
||||
@@ -282,7 +282,7 @@ int ssh_getpass(const char *prompt,
|
||||
}
|
||||
|
||||
if (!ok) {
|
||||
explicit_bzero(buf, len);
|
||||
ssh_burn(buf, len);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
@@ -487,7 +487,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_hybrid_mlkem_reply)
|
||||
session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
|
||||
|
||||
cleanup:
|
||||
explicit_bzero(mlkem_shared_secret, sizeof(mlkem_shared_secret));
|
||||
ssh_burn(mlkem_shared_secret, sizeof(mlkem_shared_secret));
|
||||
ssh_string_burn(ecdh_shared_secret);
|
||||
ssh_string_free(ecdh_shared_secret);
|
||||
ssh_string_free(pubkey_blob);
|
||||
@@ -851,7 +851,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_hybrid_mlkem_init)
|
||||
session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
|
||||
|
||||
cleanup:
|
||||
explicit_bzero(mlkem_shared_secret, sizeof(mlkem_shared_secret));
|
||||
ssh_burn(mlkem_shared_secret, sizeof(mlkem_shared_secret));
|
||||
ssh_string_burn(ecdh_shared_secret);
|
||||
ssh_string_free(ecdh_shared_secret);
|
||||
ssh_string_free(pubkey_blob);
|
||||
|
||||
@@ -376,25 +376,23 @@ struct ssh_list *ssh_known_hosts_get_algorithms(ssh_session session)
|
||||
}
|
||||
}
|
||||
|
||||
host_port = ssh_session_get_host_port(session);
|
||||
if (host_port == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
list = ssh_list_new();
|
||||
if (list == NULL) {
|
||||
ssh_set_error_oom(session);
|
||||
SAFE_FREE(host_port);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
host_port = ssh_session_get_host_port(session);
|
||||
if (host_port == NULL) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
rc = ssh_known_hosts_read_entries(host_port,
|
||||
session->opts.knownhosts,
|
||||
&entry_list);
|
||||
if (rc != 0) {
|
||||
ssh_list_free(entry_list);
|
||||
ssh_list_free(list);
|
||||
return NULL;
|
||||
SAFE_FREE(host_port);
|
||||
goto error;
|
||||
}
|
||||
|
||||
rc = ssh_known_hosts_read_entries(host_port,
|
||||
@@ -402,21 +400,16 @@ struct ssh_list *ssh_known_hosts_get_algorithms(ssh_session session)
|
||||
&entry_list);
|
||||
SAFE_FREE(host_port);
|
||||
if (rc != 0) {
|
||||
ssh_list_free(entry_list);
|
||||
ssh_list_free(list);
|
||||
return NULL;
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (entry_list == NULL) {
|
||||
ssh_list_free(list);
|
||||
return NULL;
|
||||
goto error;
|
||||
}
|
||||
|
||||
count = ssh_list_count(entry_list);
|
||||
if (count == 0) {
|
||||
ssh_list_free(list);
|
||||
ssh_list_free(entry_list);
|
||||
return NULL;
|
||||
goto error;
|
||||
}
|
||||
|
||||
for (it = ssh_list_get_iterator(entry_list);
|
||||
@@ -460,6 +453,7 @@ struct ssh_list *ssh_known_hosts_get_algorithms(ssh_session session)
|
||||
|
||||
return list;
|
||||
error:
|
||||
ssh_list_free(entry_list);
|
||||
ssh_list_free(list);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -848,7 +848,7 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher,
|
||||
return SSH_ERROR;
|
||||
}
|
||||
#else
|
||||
mac = EVP_MAC_fetch(NULL, "poly1305", NULL);
|
||||
mac = EVP_MAC_fetch(NULL, SN_poly1305, NULL);
|
||||
if (mac == NULL) {
|
||||
SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_fetch failed");
|
||||
goto out;
|
||||
@@ -970,7 +970,7 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
|
||||
|
||||
ret = SSH_OK;
|
||||
out:
|
||||
explicit_bzero(poly_key, sizeof(poly_key));
|
||||
ssh_burn(poly_key, sizeof(poly_key));
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -1581,7 +1581,7 @@ evp_dup_pkey(const char *name, const ssh_key key, int demote, ssh_key new_key)
|
||||
|
||||
int evp_dup_rsa_pkey(const ssh_key key, ssh_key new_key, int demote)
|
||||
{
|
||||
return evp_dup_pkey("RSA", key, demote, new_key);
|
||||
return evp_dup_pkey(SN_rsa, key, demote, new_key);
|
||||
}
|
||||
|
||||
int evp_dup_ecdsa_pkey(const ssh_key key, ssh_key new_key, int demote)
|
||||
@@ -1591,7 +1591,7 @@ int evp_dup_ecdsa_pkey(const ssh_key key, ssh_key new_key, int demote)
|
||||
|
||||
int evp_dup_ed25519_pkey(const ssh_key key, ssh_key new_key, int demote)
|
||||
{
|
||||
return evp_dup_pkey("ED25519", key, demote, new_key);
|
||||
return evp_dup_pkey(SN_ED25519, key, demote, new_key);
|
||||
}
|
||||
|
||||
#endif /* OPENSSL_VERSION_NUMBER */
|
||||
@@ -1633,15 +1633,14 @@ pki_key_make_ecpoint_string(const EC_GROUP *g, const EC_POINT *p)
|
||||
|
||||
int pki_key_ecgroup_name_to_nid(const char *group)
|
||||
{
|
||||
if (strcmp(group, NISTP256) == 0 ||
|
||||
strcmp(group, "secp256r1") == 0 ||
|
||||
strcmp(group, "prime256v1") == 0) {
|
||||
if (strcmp(group, NISTP256) == 0 || strcmp(group, "secp256r1") == 0 ||
|
||||
strcmp(group, SN_X9_62_prime256v1) == 0) {
|
||||
return NID_X9_62_prime256v1;
|
||||
} else if (strcmp(group, NISTP384) == 0 ||
|
||||
strcmp(group, "secp384r1") == 0) {
|
||||
strcmp(group, SN_secp384r1) == 0) {
|
||||
return NID_secp384r1;
|
||||
} else if (strcmp(group, NISTP521) == 0 ||
|
||||
strcmp(group, "secp521r1") == 0) {
|
||||
strcmp(group, SN_secp521r1) == 0) {
|
||||
return NID_secp521r1;
|
||||
}
|
||||
return -1;
|
||||
|
||||
@@ -602,7 +602,7 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
|
||||
}
|
||||
|
||||
out:
|
||||
explicit_bzero(poly_key, sizeof(poly_key));
|
||||
ssh_burn(poly_key, sizeof(poly_key));
|
||||
}
|
||||
|
||||
static int chacha20_poly1305_aead_decrypt_length(
|
||||
@@ -714,7 +714,7 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
|
||||
ret = SSH_OK;
|
||||
|
||||
out:
|
||||
explicit_bzero(poly_key, sizeof(poly_key));
|
||||
ssh_burn(poly_key, sizeof(poly_key));
|
||||
return ret;
|
||||
}
|
||||
#endif /* HAVE_GCRYPT_CHACHA_POLY */
|
||||
|
||||
@@ -711,7 +711,7 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
|
||||
|
||||
ret = SSH_OK;
|
||||
out:
|
||||
explicit_bzero(poly_key, sizeof(poly_key));
|
||||
ssh_burn(poly_key, sizeof(poly_key));
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -670,9 +670,9 @@ void ssh_message_free(ssh_message msg){
|
||||
SAFE_FREE(msg->auth_request.username);
|
||||
SAFE_FREE(msg->auth_request.sigtype);
|
||||
if (msg->auth_request.password) {
|
||||
explicit_bzero(msg->auth_request.password,
|
||||
strlen(msg->auth_request.password));
|
||||
SAFE_FREE(msg->auth_request.password);
|
||||
ssh_burn(msg->auth_request.password,
|
||||
strlen(msg->auth_request.password));
|
||||
SAFE_FREE(msg->auth_request.password);
|
||||
}
|
||||
ssh_key_free(msg->auth_request.pubkey);
|
||||
ssh_key_free(msg->auth_request.server_pubkey);
|
||||
@@ -1236,9 +1236,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
|
||||
uint32_t n;
|
||||
|
||||
for (n = 0; n < session->kbdint->nanswers; n++) {
|
||||
explicit_bzero(session->kbdint->answers[n],
|
||||
strlen(session->kbdint->answers[n]));
|
||||
SAFE_FREE(session->kbdint->answers[n]);
|
||||
ssh_burn(session->kbdint->answers[n],
|
||||
strlen(session->kbdint->answers[n]));
|
||||
SAFE_FREE(session->kbdint->answers[n]);
|
||||
}
|
||||
SAFE_FREE(session->kbdint->answers);
|
||||
session->kbdint->nanswers = 0;
|
||||
|
||||
19
src/misc.c
19
src/misc.c
@@ -1608,23 +1608,6 @@ int ssh_timeout_update(struct ssh_timestamp *ts, int timeout)
|
||||
return ret >= 0 ? ret: 0;
|
||||
}
|
||||
|
||||
#if !defined(HAVE_EXPLICIT_BZERO)
|
||||
void explicit_bzero(void *s, size_t n)
|
||||
{
|
||||
#if defined(HAVE_MEMSET_S)
|
||||
memset_s(s, n, '\0', n);
|
||||
#elif defined(HAVE_SECURE_ZERO_MEMORY)
|
||||
SecureZeroMemory(s, n);
|
||||
#else
|
||||
memset(s, '\0', n);
|
||||
#if defined(HAVE_GCC_VOLATILE_MEMORY_PROTECTION)
|
||||
/* See http://llvm.org/bugs/show_bug.cgi?id=15495 */
|
||||
__asm__ volatile("" : : "g"(s) : "memory");
|
||||
#endif /* HAVE_GCC_VOLATILE_MEMORY_PROTECTION */
|
||||
#endif
|
||||
}
|
||||
#endif /* !HAVE_EXPLICIT_BZERO */
|
||||
|
||||
/**
|
||||
* @brief Securely free memory by overwriting it before deallocation
|
||||
*
|
||||
@@ -1642,7 +1625,7 @@ void burn_free(void *ptr, size_t len)
|
||||
return;
|
||||
}
|
||||
|
||||
explicit_bzero(ptr, len);
|
||||
ssh_burn(ptr, len);
|
||||
free(ptr);
|
||||
}
|
||||
|
||||
|
||||
@@ -31,6 +31,7 @@
|
||||
#else
|
||||
#include <winsock2.h>
|
||||
#endif
|
||||
#include "libssh/config.h"
|
||||
#include "libssh/config_parser.h"
|
||||
#include "libssh/misc.h"
|
||||
#include "libssh/options.h"
|
||||
@@ -1698,6 +1699,7 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
|
||||
int compress = 0;
|
||||
int cont = 1;
|
||||
size_t current = 0;
|
||||
int opt_rc = 0;
|
||||
int saveoptind = optind; /* need to save 'em */
|
||||
int saveopterr = opterr;
|
||||
int opt;
|
||||
@@ -1708,7 +1710,7 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
|
||||
}
|
||||
|
||||
opterr = 0; /* shut up getopt */
|
||||
while((opt = getopt(argc, argv, "c:i:Cl:p:vb:r12")) != -1) {
|
||||
while ((opt = getopt(argc, argv, "c:i:o:Cl:p:vb:r12")) != -1) {
|
||||
switch(opt) {
|
||||
case 'l':
|
||||
user = optarg;
|
||||
@@ -1718,6 +1720,7 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
|
||||
break;
|
||||
case 'v':
|
||||
debuglevel++;
|
||||
ssh_set_log_level(debuglevel);
|
||||
break;
|
||||
case 'r':
|
||||
break;
|
||||
@@ -1730,6 +1733,9 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
|
||||
case 'C':
|
||||
compress++;
|
||||
break;
|
||||
case 'o':
|
||||
opt_rc = ssh_config_parse_line_cli(session, optarg);
|
||||
break;
|
||||
case '2':
|
||||
break;
|
||||
case '1':
|
||||
@@ -1761,6 +1767,9 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
|
||||
}
|
||||
}
|
||||
} /* switch */
|
||||
if (opt_rc == SSH_ERROR) {
|
||||
break;
|
||||
}
|
||||
} /* while */
|
||||
opterr = saveopterr;
|
||||
tmp = realloc(save, (current + (argc - optind)) * sizeof(char*));
|
||||
@@ -1783,10 +1792,13 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
|
||||
optind++;
|
||||
}
|
||||
|
||||
ssh_set_log_level(debuglevel);
|
||||
|
||||
optind = saveoptind;
|
||||
|
||||
if (opt_rc == SSH_ERROR) {
|
||||
SAFE_FREE(save);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
if(!cont) {
|
||||
SAFE_FREE(save);
|
||||
return -1;
|
||||
|
||||
@@ -235,7 +235,7 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, size_t len)
|
||||
#endif
|
||||
}
|
||||
}
|
||||
explicit_bzero(out, len);
|
||||
ssh_burn(out, len);
|
||||
SAFE_FREE(out);
|
||||
|
||||
return crypto->hmacbuf;
|
||||
|
||||
@@ -227,7 +227,7 @@ void ssh_key_clean (ssh_key key)
|
||||
|
||||
#ifndef HAVE_LIBCRYPTO
|
||||
if (key->ed25519_privkey != NULL) {
|
||||
explicit_bzero(key->ed25519_privkey, sizeof(ed25519_privkey));
|
||||
ssh_burn(key->ed25519_privkey, sizeof(ed25519_privkey));
|
||||
SAFE_FREE(key->ed25519_privkey);
|
||||
}
|
||||
SAFE_FREE(key->ed25519_pubkey);
|
||||
@@ -3082,8 +3082,8 @@ int pki_sk_signature_buffer_prepare(const ssh_key key,
|
||||
|
||||
out:
|
||||
SSH_BUFFER_FREE(sk_buffer);
|
||||
explicit_bzero(application_hash, SHA256_DIGEST_LEN);
|
||||
explicit_bzero(input_hash, SHA256_DIGEST_LEN);
|
||||
ssh_burn(application_hash, SHA256_DIGEST_LEN);
|
||||
ssh_burn(input_hash, SHA256_DIGEST_LEN);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -208,7 +208,7 @@ static int pki_private_key_decrypt(ssh_string blob,
|
||||
if (rc < 0){
|
||||
return SSH_ERROR;
|
||||
}
|
||||
explicit_bzero(passphrase_buffer, sizeof(passphrase_buffer));
|
||||
ssh_burn(passphrase_buffer, sizeof(passphrase_buffer));
|
||||
|
||||
cipher.set_decrypt_key(&cipher,
|
||||
key_material,
|
||||
@@ -487,7 +487,7 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer,
|
||||
ssh_buffer_get(privkey_buffer),
|
||||
ssh_buffer_get_len(privkey_buffer));
|
||||
ssh_cipher_clear(&cipher);
|
||||
explicit_bzero(passphrase_buffer, sizeof(passphrase_buffer));
|
||||
ssh_burn(passphrase_buffer, sizeof(passphrase_buffer));
|
||||
|
||||
return SSH_OK;
|
||||
}
|
||||
@@ -653,7 +653,7 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
|
||||
"\n",
|
||||
OPENSSH_HEADER_END,
|
||||
"\n");
|
||||
explicit_bzero(b64, strlen((char *)b64));
|
||||
ssh_burn(b64, strlen((char *)b64));
|
||||
SAFE_FREE(b64);
|
||||
|
||||
if (rc != SSH_OK){
|
||||
@@ -677,7 +677,7 @@ error:
|
||||
ssh_string_free(blob);
|
||||
if (privkey_buffer != NULL) {
|
||||
void *bufptr = ssh_buffer_get(privkey_buffer);
|
||||
explicit_bzero(bufptr, ssh_buffer_get_len(privkey_buffer));
|
||||
ssh_burn(bufptr, ssh_buffer_get_len(privkey_buffer));
|
||||
SSH_BUFFER_FREE(privkey_buffer);
|
||||
}
|
||||
SAFE_FREE(pubkey_s);
|
||||
|
||||
@@ -1806,7 +1806,7 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
|
||||
if (rc == SSH_ERROR) {
|
||||
goto fail;
|
||||
}
|
||||
explicit_bzero(ed25519_privkey, ED25519_KEY_LEN);
|
||||
ssh_burn(ed25519_privkey, ED25519_KEY_LEN);
|
||||
SAFE_FREE(ed25519_privkey);
|
||||
} else if (type == SSH_KEY_PRIVATE &&
|
||||
key->type == SSH_KEYTYPE_SK_ED25519) {
|
||||
@@ -2038,7 +2038,7 @@ fail:
|
||||
#endif /* OPENSSL_VERSION_NUMBER */
|
||||
free(ed25519_pubkey);
|
||||
if (ed25519_privkey) {
|
||||
explicit_bzero(ed25519_privkey, ED25519_KEY_LEN);
|
||||
ssh_burn(ed25519_privkey, ED25519_KEY_LEN);
|
||||
free(ed25519_privkey);
|
||||
}
|
||||
|
||||
@@ -2231,7 +2231,7 @@ static int pki_signature_from_rsa_blob(const ssh_key pubkey,
|
||||
}
|
||||
|
||||
/* front-pad the buffer with zeroes */
|
||||
explicit_bzero(blob_padded_data, pad_len);
|
||||
ssh_burn(blob_padded_data, pad_len);
|
||||
/* fill the rest with the actual signature blob */
|
||||
memcpy(blob_padded_data + pad_len, blob_orig, len);
|
||||
|
||||
@@ -2360,17 +2360,17 @@ static int pki_signature_from_ecdsa_blob(UNUSED_PARAM(const ssh_key pubkey),
|
||||
|
||||
sig->raw_sig = ssh_string_new(raw_sig_len);
|
||||
if (sig->raw_sig == NULL) {
|
||||
explicit_bzero(raw_sig_data, raw_sig_len);
|
||||
ssh_burn(raw_sig_data, raw_sig_len);
|
||||
goto error;
|
||||
}
|
||||
|
||||
rc = ssh_string_fill(sig->raw_sig, raw_sig_data, raw_sig_len);
|
||||
if (rc < 0) {
|
||||
explicit_bzero(raw_sig_data, raw_sig_len);
|
||||
ssh_burn(raw_sig_data, raw_sig_len);
|
||||
goto error;
|
||||
}
|
||||
|
||||
explicit_bzero(raw_sig_data, raw_sig_len);
|
||||
ssh_burn(raw_sig_data, raw_sig_len);
|
||||
SAFE_FREE(raw_sig_data);
|
||||
ECDSA_SIG_free(ecdsa_sig);
|
||||
return SSH_OK;
|
||||
@@ -2649,7 +2649,7 @@ out:
|
||||
EVP_MD_CTX_free(ctx);
|
||||
}
|
||||
if (raw_sig_data != NULL) {
|
||||
explicit_bzero(raw_sig_data, raw_sig_len);
|
||||
ssh_burn(raw_sig_data, raw_sig_len);
|
||||
}
|
||||
SAFE_FREE(raw_sig_data);
|
||||
EVP_PKEY_free(pkey);
|
||||
|
||||
@@ -331,8 +331,8 @@ int pki_ed25519_verify(const ssh_key pubkey,
|
||||
hlen + ED25519_SIG_LEN,
|
||||
*pubkey->ed25519_pubkey);
|
||||
|
||||
explicit_bzero(buffer, hlen + ED25519_SIG_LEN);
|
||||
explicit_bzero(buffer2, hlen);
|
||||
ssh_burn(buffer, hlen + ED25519_SIG_LEN);
|
||||
ssh_burn(buffer2, hlen);
|
||||
SAFE_FREE(buffer);
|
||||
SAFE_FREE(buffer2);
|
||||
if (rc == 0) {
|
||||
|
||||
@@ -1297,7 +1297,7 @@ static ssh_signature pki_signature_from_rsa_blob(const ssh_key pubkey, const
|
||||
blob_padded_data = (char *) ssh_string_data(sig_blob_padded);
|
||||
blob_orig = (char *) ssh_string_data(sig_blob);
|
||||
|
||||
explicit_bzero(blob_padded_data, pad_len);
|
||||
ssh_burn(blob_padded_data, pad_len);
|
||||
memcpy(blob_padded_data + pad_len, blob_orig, len);
|
||||
|
||||
sig->rsa_sig = sig_blob_padded;
|
||||
@@ -1486,7 +1486,7 @@ static ssh_string rsa_do_sign_hash(const unsigned char *digest,
|
||||
}
|
||||
|
||||
ok = ssh_string_fill(sig_blob, sig, slen);
|
||||
explicit_bzero(sig, slen);
|
||||
ssh_burn(sig, slen);
|
||||
SAFE_FREE(sig);
|
||||
if (ok < 0) {
|
||||
SSH_STRING_FREE(sig_blob);
|
||||
|
||||
14
src/pki_sk.c
14
src/pki_sk.c
@@ -350,7 +350,7 @@ int pki_sk_enroll_key(ssh_pki_ctx context,
|
||||
pin_to_use = pin_buf;
|
||||
} else {
|
||||
SSH_LOG(SSH_LOG_WARN, "Failed to fetch PIN from callback");
|
||||
explicit_bzero(pin_buf, sizeof(pin_buf));
|
||||
ssh_burn(pin_buf, sizeof(pin_buf));
|
||||
goto out;
|
||||
}
|
||||
} else {
|
||||
@@ -365,7 +365,7 @@ int pki_sk_enroll_key(ssh_pki_ctx context,
|
||||
pin_to_use,
|
||||
context->sk_callbacks_options,
|
||||
&enroll_response);
|
||||
explicit_bzero(pin_buf, sizeof(pin_buf));
|
||||
ssh_burn(pin_buf, sizeof(pin_buf));
|
||||
if (rc != SSH_OK) {
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Security key enroll callback failed: %s (%d)",
|
||||
@@ -407,7 +407,7 @@ int pki_sk_enroll_key(ssh_pki_ctx context,
|
||||
|
||||
out:
|
||||
if (challenge == random_challenge) {
|
||||
explicit_bzero(random_challenge, sizeof(random_challenge));
|
||||
ssh_burn(random_challenge, sizeof(random_challenge));
|
||||
}
|
||||
|
||||
SK_ENROLL_RESPONSE_FREE(enroll_response);
|
||||
@@ -697,7 +697,7 @@ ssh_signature pki_sk_do_sign(ssh_pki_ctx context,
|
||||
pin_to_use = pin_buf;
|
||||
} else {
|
||||
SSH_LOG(SSH_LOG_WARN, "Failed to fetch PIN from callback");
|
||||
explicit_bzero(pin_buf, sizeof(pin_buf));
|
||||
ssh_burn(pin_buf, sizeof(pin_buf));
|
||||
goto error;
|
||||
}
|
||||
} else {
|
||||
@@ -714,7 +714,7 @@ ssh_signature pki_sk_do_sign(ssh_pki_ctx context,
|
||||
pin_to_use,
|
||||
context->sk_callbacks_options,
|
||||
&sign_response);
|
||||
explicit_bzero(pin_buf, sizeof(pin_buf));
|
||||
ssh_burn(pin_buf, sizeof(pin_buf));
|
||||
if (rc != SSH_OK) {
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Security key sign callback failed: %s (%d)",
|
||||
@@ -833,7 +833,7 @@ int ssh_sk_resident_keys_load(const struct ssh_pki_ctx_struct *pki_context,
|
||||
pin_to_use = pin_buf;
|
||||
} else {
|
||||
SSH_LOG(SSH_LOG_WARN, "Failed to fetch PIN from callback");
|
||||
explicit_bzero(pin_buf, sizeof(pin_buf));
|
||||
ssh_burn(pin_buf, sizeof(pin_buf));
|
||||
goto out;
|
||||
}
|
||||
} else {
|
||||
@@ -844,7 +844,7 @@ int ssh_sk_resident_keys_load(const struct ssh_pki_ctx_struct *pki_context,
|
||||
ctx_to_use->sk_callbacks_options,
|
||||
&raw_resident_keys,
|
||||
&raw_keys_count);
|
||||
explicit_bzero(pin_buf, sizeof(pin_buf));
|
||||
ssh_burn(pin_buf, sizeof(pin_buf));
|
||||
if (rc != SSH_OK) {
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Security key load_resident_keys callback failed: %s (%d)",
|
||||
|
||||
@@ -497,6 +497,11 @@ static size_t callback_receive_banner(const void *data, size_t len, void *user)
|
||||
buffer[i] = '\0';
|
||||
|
||||
str = strdup(buffer);
|
||||
if (str == NULL) {
|
||||
session->session_state = SSH_SESSION_STATE_ERROR;
|
||||
ssh_set_error_oom(session);
|
||||
return 0;
|
||||
}
|
||||
/* number of bytes read */
|
||||
processed = i + 1;
|
||||
session->clientbanner = str;
|
||||
|
||||
@@ -417,7 +417,7 @@ void ssh_free(ssh_session session)
|
||||
_ssh_remove_legacy_log_cb();
|
||||
|
||||
/* burn connection, it could contain sensitive data */
|
||||
explicit_bzero(session, sizeof(struct ssh_session_struct));
|
||||
ssh_burn(session, sizeof(struct ssh_session_struct));
|
||||
SAFE_FREE(session);
|
||||
}
|
||||
|
||||
|
||||
@@ -62,7 +62,7 @@ void sk_enroll_response_burn(struct sk_enroll_response *enroll_response)
|
||||
enroll_response->attestation_cert_len);
|
||||
BURN_FREE(enroll_response->authdata, enroll_response->authdata_len);
|
||||
|
||||
explicit_bzero(enroll_response, sizeof(*enroll_response));
|
||||
ssh_burn(enroll_response, sizeof(*enroll_response));
|
||||
}
|
||||
|
||||
void sk_enroll_response_free(struct sk_enroll_response *enroll_response)
|
||||
|
||||
@@ -153,7 +153,7 @@ static int ssh_sntrup761x25519_build_k(ssh_session session)
|
||||
|
||||
rc = ssh_curve25519_create_k(session, k);
|
||||
if (rc != SSH_OK) {
|
||||
return SSH_ERROR;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
#ifdef DEBUG_CRYPTO
|
||||
@@ -176,7 +176,8 @@ static int ssh_sntrup761x25519_build_k(ssh_session session)
|
||||
SSH_LOG(SSH_LOG_TRACE,
|
||||
"Failed to encapsulate sntrup761 shared secret: %s",
|
||||
gpg_strerror(err));
|
||||
return SSH_ERROR;
|
||||
rc = SSH_ERROR;
|
||||
goto cleanup;
|
||||
}
|
||||
} else {
|
||||
gcry_error_t err;
|
||||
@@ -193,7 +194,8 @@ static int ssh_sntrup761x25519_build_k(ssh_session session)
|
||||
SSH_LOG(SSH_LOG_TRACE,
|
||||
"Failed to decapsulate sntrup761 shared secret: %s",
|
||||
gpg_strerror(err));
|
||||
return SSH_ERROR;
|
||||
rc = SSH_ERROR;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
#else
|
||||
@@ -204,7 +206,8 @@ static int ssh_sntrup761x25519_build_k(ssh_session session)
|
||||
&rc,
|
||||
crypto_random);
|
||||
if (rc != 1) {
|
||||
return SSH_ERROR;
|
||||
rc = SSH_ERROR;
|
||||
goto cleanup;
|
||||
}
|
||||
} else {
|
||||
sntrup761_dec(ssk,
|
||||
@@ -224,7 +227,8 @@ static int ssh_sntrup761x25519_build_k(ssh_session session)
|
||||
|
||||
bignum_bin2bn(hss, sizeof hss, &session->next_crypto->shared_secret);
|
||||
if (session->next_crypto->shared_secret == NULL) {
|
||||
return SSH_ERROR;
|
||||
rc = SSH_ERROR;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
#ifdef DEBUG_CRYPTO
|
||||
@@ -232,6 +236,11 @@ static int ssh_sntrup761x25519_build_k(ssh_session session)
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
cleanup:
|
||||
ssh_burn(ssk, sizeof ssk);
|
||||
ssh_burn(hss, sizeof hss);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
/** @internal
|
||||
|
||||
@@ -344,7 +344,7 @@ void ssh_string_burn(struct ssh_string_struct *s)
|
||||
return;
|
||||
}
|
||||
|
||||
explicit_bzero(s->data, ssh_string_len(s));
|
||||
ssh_burn(s->data, ssh_string_len(s));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -48,7 +48,7 @@ void ssh_tokens_free(struct ssh_tokens_st *tokens)
|
||||
|
||||
if (tokens->tokens != NULL) {
|
||||
for (i = 0; tokens->tokens[i] != NULL; i++) {
|
||||
explicit_bzero(tokens->tokens[i], strlen(tokens->tokens[i]));
|
||||
ssh_burn(tokens->tokens[i], strlen(tokens->tokens[i]));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -199,11 +199,11 @@ void crypto_free(struct ssh_crypto_struct *crypto)
|
||||
#endif
|
||||
SAFE_FREE(crypto->dh_server_signature);
|
||||
if (crypto->session_id != NULL) {
|
||||
explicit_bzero(crypto->session_id, crypto->session_id_len);
|
||||
ssh_burn(crypto->session_id, crypto->session_id_len);
|
||||
SAFE_FREE(crypto->session_id);
|
||||
}
|
||||
if (crypto->secret_hash != NULL) {
|
||||
explicit_bzero(crypto->secret_hash, crypto->digest_len);
|
||||
ssh_burn(crypto->secret_hash, crypto->digest_len);
|
||||
SAFE_FREE(crypto->secret_hash);
|
||||
}
|
||||
compress_cleanup(crypto);
|
||||
@@ -212,11 +212,11 @@ void crypto_free(struct ssh_crypto_struct *crypto)
|
||||
SAFE_FREE(crypto->encryptMAC);
|
||||
SAFE_FREE(crypto->decryptMAC);
|
||||
if (crypto->encryptkey != NULL) {
|
||||
explicit_bzero(crypto->encryptkey, crypto->out_cipher->keysize / 8);
|
||||
ssh_burn(crypto->encryptkey, crypto->out_cipher->keysize / 8);
|
||||
SAFE_FREE(crypto->encryptkey);
|
||||
}
|
||||
if (crypto->decryptkey != NULL) {
|
||||
explicit_bzero(crypto->decryptkey, crypto->in_cipher->keysize / 8);
|
||||
ssh_burn(crypto->decryptkey, crypto->in_cipher->keysize / 8);
|
||||
SAFE_FREE(crypto->decryptkey);
|
||||
}
|
||||
|
||||
@@ -239,7 +239,7 @@ void crypto_free(struct ssh_crypto_struct *crypto)
|
||||
ssh_string_free(crypto->hybrid_shared_secret);
|
||||
#endif
|
||||
|
||||
explicit_bzero(crypto, sizeof(struct ssh_crypto_struct));
|
||||
ssh_burn(crypto, sizeof(struct ssh_crypto_struct));
|
||||
|
||||
SAFE_FREE(crypto);
|
||||
}
|
||||
|
||||
@@ -11,6 +11,7 @@
|
||||
#include "torture.h"
|
||||
#include "torture_key.h"
|
||||
#include <errno.h>
|
||||
#include <libssh/config.h>
|
||||
#include <libssh/misc.h>
|
||||
#include <libssh/options.h>
|
||||
#include <libssh/pki.h>
|
||||
@@ -1615,6 +1616,108 @@ static void torture_options_getopt(void **state)
|
||||
#endif /* _NSC_VER */
|
||||
}
|
||||
|
||||
static void torture_options_getopt_o_option(void **state)
|
||||
{
|
||||
#ifndef _MSC_VER
|
||||
ssh_session session = *state;
|
||||
int rc;
|
||||
enum ssh_config_opcode_e opcode =
|
||||
ssh_config_get_opcode((char *)"compression");
|
||||
const char *argv[6] = {EXECUTABLE_NAME, "-o", "Compression nah", NULL};
|
||||
int argc = 3;
|
||||
|
||||
// Test: -o with invalid value (e.g., "-o Compression nah")
|
||||
rc = ssh_options_getopt(session, &argc, (char **)argv);
|
||||
assert_ssh_return_code_equal(session, rc, SSH_ERROR);
|
||||
|
||||
session->opts.options_seen[opcode] = 0;
|
||||
|
||||
// Test: -o with valid value (e.g., "-o Compression yes")
|
||||
argv[1] = "-o";
|
||||
argv[2] = "compression yes";
|
||||
argv[3] = NULL;
|
||||
argc = 3;
|
||||
|
||||
rc = ssh_options_getopt(session, &argc, (char **)argv);
|
||||
assert_ssh_return_code(session, rc);
|
||||
assert_int_equal(session->opts.options_seen[opcode], 1);
|
||||
|
||||
#ifdef WITH_ZLIB
|
||||
assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
|
||||
"zlib@openssh.com,none");
|
||||
assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
|
||||
"zlib@openssh.com,none");
|
||||
#else
|
||||
assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S], "none");
|
||||
assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C], "none");
|
||||
#endif
|
||||
|
||||
// Test: -o with missing value (e.g., "-o =")
|
||||
argv[1] = "-o";
|
||||
argv[2] = "=";
|
||||
argv[3] = NULL;
|
||||
argc = 3;
|
||||
rc = ssh_options_getopt(session, &argc, (char **)argv);
|
||||
assert_ssh_return_code(session, rc);
|
||||
|
||||
// Test: -o with only option name, no value (e.g., "-o Compression")
|
||||
session->opts.options_seen[opcode] = 0;
|
||||
argv[1] = "-o";
|
||||
argv[2] = "Compression";
|
||||
argv[3] = NULL;
|
||||
argc = 3;
|
||||
rc = ssh_options_getopt(session, &argc, (char **)argv);
|
||||
assert_ssh_return_code_equal(session, rc, SSH_ERROR);
|
||||
|
||||
// Test: -o with empty string (e.g., "-o ")
|
||||
argv[1] = "-o";
|
||||
argv[2] = "";
|
||||
argv[3] = NULL;
|
||||
argc = 3;
|
||||
rc = ssh_options_getopt(session, &argc, (char **)argv);
|
||||
assert_ssh_return_code_equal(session, rc, SSH_ERROR);
|
||||
|
||||
// Test: -o with unsupported option on the cli
|
||||
argv[1] = "-o";
|
||||
argv[2] = "match *";
|
||||
argv[3] = NULL;
|
||||
argc = 3;
|
||||
|
||||
rc = ssh_options_getopt(session, &argc, (char **)argv);
|
||||
assert_ssh_return_code_equal(session, rc, SSH_ERROR);
|
||||
|
||||
// Test: multiple -o options together, one invalid
|
||||
session->opts.options_seen[opcode] = 0;
|
||||
argv[1] = "-o";
|
||||
argv[2] = "compression yes";
|
||||
argv[3] = "-o";
|
||||
argv[4] = "enablesshkeysign yes";
|
||||
argv[5] = NULL;
|
||||
argc = 5;
|
||||
|
||||
rc = ssh_options_getopt(session, &argc, (char **)argv);
|
||||
assert_ssh_return_code_equal(session, rc, SSH_ERROR);
|
||||
|
||||
// Test: multiple -o options together, all valid
|
||||
session->opts.options_seen[opcode] = 0;
|
||||
argv[1] = "-o";
|
||||
argv[2] = "compression no";
|
||||
argv[3] = "-o";
|
||||
argv[4] = "rekeylimit 1G 1h";
|
||||
argv[5] = NULL;
|
||||
argc = 5;
|
||||
|
||||
rc = ssh_options_getopt(session, &argc, (char **)argv);
|
||||
assert_ssh_return_code(session, rc);
|
||||
|
||||
opcode = ssh_config_get_opcode((char *)"compression");
|
||||
assert_int_equal(session->opts.options_seen[opcode], 1);
|
||||
|
||||
opcode = ssh_config_get_opcode((char *)"rekeylimit");
|
||||
assert_int_equal(session->opts.options_seen[opcode], 1);
|
||||
#endif /* _MSC_VER */
|
||||
}
|
||||
|
||||
static void torture_options_plus_sign(void **state)
|
||||
{
|
||||
ssh_session session = *state;
|
||||
@@ -3026,6 +3129,9 @@ torture_run_tests(void)
|
||||
cmocka_unit_test_setup_teardown(torture_options_getopt,
|
||||
setup,
|
||||
teardown),
|
||||
cmocka_unit_test_setup_teardown(torture_options_getopt_o_option,
|
||||
setup,
|
||||
teardown),
|
||||
cmocka_unit_test_setup_teardown(torture_options_plus_sign,
|
||||
setup,
|
||||
teardown),
|
||||
|
||||
@@ -129,7 +129,7 @@ torture_packet(const char *cipher, const char *mac_type,
|
||||
assert_int_equal(rc, encrypted_packet_len);
|
||||
|
||||
ssh_packet_set_callbacks(session, &cb);
|
||||
explicit_bzero(response, sizeof(response));
|
||||
ssh_burn(response, sizeof(response));
|
||||
rc = ssh_packet_socket_callback(buffer, encrypted_packet_len, session);
|
||||
assert_int_not_equal(rc, SSH_ERROR);
|
||||
if(payload_len > 0){
|
||||
|
||||
Reference in New Issue
Block a user