shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 12:20:42 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
0a9268a60f2d3748ca69bde5651f20e72761058c
libssh/src
History
Andreas Schneider 0a9268a60f CVE-2020-16135: Add missing NULL check for ssh_buffer_new() 
Add a missing NULL check for the pointer returned by ssh_buffer_new() in
sftpserver.c.

Thanks to Ramin Farajpour Cami for spotting this.

Fixes T232

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 533d881b0f)
2020-08-13 12:23:51 +02:00
..
ABI
Bump version to 0.8.9
2020-04-09 09:35:55 +02:00
external
chacha: remove re-declared type
2018-10-13 22:09:18 +02:00
threads
libcrypto: Fix access violation in ssh_init()
2018-11-30 18:57:39 +01:00
agent.c
socket: Undouble socket fds
2018-10-26 09:03:40 +02:00
auth.c
CVE-2018-10933: Introduce SSH_AUTH_STATE_AUTH_NONE_SENT
2018-10-16 09:19:40 +02:00
base64.c
Remove vim modelines from all files
2018-06-28 08:41:08 +02:00
bignum.c
add mbedtls crypto support
2017-12-28 11:17:39 +01:00
bind.c
socket: Undouble socket fds
2018-10-26 09:03:40 +02:00
buffer.c
buffer: Don't call va_end() twice
2018-09-20 16:35:04 +02:00
callbacks.c
callbacks: Implement list of callbacks for channels
2016-05-02 16:56:54 +02:00
chachapoly.c
chachapoly: Use a function instead of an extern variable
2018-06-30 14:37:04 +02:00
channels.c
channels: Don't call ssh_channel_close() twice
2018-12-13 21:30:35 +01:00
client.c
client: Reformat comment
2018-11-02 11:42:52 +01:00
CMakeLists.txt
cmake: Fix FindABIMap targets
2018-08-27 16:46:59 +02:00
config.c
config: Avoid buffer overflow
2019-02-22 11:42:26 +01:00
connect.c
connect: Fix size type for i an j in ssh_select()
2019-02-22 11:42:26 +01:00
connector.c
connector: Don't NULL connector (in|out) channels on event remove
2019-02-22 11:42:26 +01:00
curve25519.c
crytpo: Make sure we check return of ssh_get_random() correctly
2018-07-05 12:12:14 +02:00
dh.c
dh: Make sure we do not access uninitialized memory
2019-01-09 17:22:45 +01:00
ecdh_crypto.c
ecdh: fix SSH_MSG_KEXDH_REPLY for libcrypto
2018-06-27 21:25:24 +02:00
ecdh_gcrypt.c
gcrypt: Bugfix for very slow ecdh
2018-11-21 16:55:19 +01:00
ecdh_mbedcrypto.c
mbedtls: Use getter for ssh_mbedtls_ctr_drbg
2018-08-20 18:43:04 +02:00
ecdh.c
crypto: Change the type of server_pubkey to ssh_key
2018-03-21 20:40:02 +01:00
error.c
error: Add ssh_reset_error() function
2018-08-27 12:25:09 +02:00
gcrypt_missing.c
bignum: Make bignum_free safer
2018-07-05 14:35:13 +02:00
getpass.c
getpass: Use explicit_bzero()
2018-09-04 20:00:04 +02:00
gssapi.c
gssapi: Set correct state after sending GSSAPI_RESPONSE (select mechanism OID)
2018-10-26 09:03:58 +02:00
gzip.c
gzip: Use calloc in initcompress() and initdecompress()
2018-09-04 20:00:04 +02:00
init.c
init: Only add DllMain if we create a shared library
2018-10-09 11:40:54 +02:00
kex.c
kex: honor client preference for rsa-sha2-{256,512} host key algorithms
2019-02-07 14:22:30 +01:00
known_hosts.c
knownhosts: Fix invalid read of known_hosts token
2018-10-13 22:09:16 +02:00
knownhosts.c
knownhosts: Take StrictHostKeyChecking option into account
2018-11-08 20:12:47 +01:00
legacy.c
Rest in Peace SSHv1
2018-06-29 14:41:14 +02:00
libcrypto-compat.c
crypto: Fix compilation for OpenSSL without deprecated APIs
2018-11-08 09:32:42 +01:00
libcrypto-compat.h
crypto: Fix compilation for OpenSSL without deprecated APIs
2018-11-08 09:32:42 +01:00
libcrypto.c
CVE-2020-1730: Fix a possible segfault when zeroing AES-CTR key
2020-04-09 09:35:40 +02:00
libgcrypt.c
Remove SHA384 HMAC
2019-02-22 18:21:25 +01:00
libmbedcrypto.c
Remove SHA384 HMAC
2019-02-22 18:21:25 +01:00
libssh.map
cmake: Bump library version
2018-09-20 17:23:42 +02:00
log.c
log: Make sure the buffer for date is big enough
2018-08-20 18:43:06 +02:00
match.c
config: Parse Match keyword
2018-09-05 12:39:02 +02:00
mbedcrypto_missing.c
mbedtls: Use getter for ssh_mbedtls_ctr_drbg
2018-08-20 18:43:04 +02:00
messages.c
pki: Separate signature extraction and verification
2018-11-30 18:57:38 +01:00
misc.c
CVE-2019-14889: misc: Add function to quote file names
2019-12-09 17:34:20 +01:00
options.c
options: Removed outdated param annotations of ssh_options_set()
2019-02-22 11:42:26 +01:00
packet_cb.c
packet_cb: Properly verify the signature type
2018-11-30 18:57:38 +01:00
packet_crypt.c
Use constant time comparison function for HMAC comparison
2019-02-22 18:21:25 +01:00
packet.c
packet: Allow SSH2_MSG_EXT_INFO when authenticated
2018-12-10 17:50:27 +01:00
pcap.c
socket: Undouble socket fds
2018-10-26 09:03:40 +02:00
pki_container_openssh.c
pki_container_openssh: Add padding to be compatible with OpenSSH
2019-02-07 13:53:03 +01:00
pki_crypto.c
pki_crypto: plug pki_signature_from_blob leaks
2019-02-07 14:22:26 +01:00
pki_ed25519.c
pki: Allow reading keys in new OpenSSH format
2018-09-18 10:17:31 +02:00
pki_gcrypt.c
pki_gcrypt: Include missing stdbool.h
2019-02-22 11:42:26 +01:00
pki_mbedcrypto.c
pki: NULL check pki_signature_from_rsa_blob result
2019-02-07 14:22:23 +01:00
pki.c
pki: Return default RSA key type for DIGEST_AUTO
2018-11-30 18:57:39 +01:00
poll.c
socket: Undouble socket fds
2018-10-26 09:03:40 +02:00
scp.c
CVE-2019-14889: scp: Quote location to be used on shell
2019-12-09 17:34:30 +01:00
server.c
connector: Fallback on the socket output callback
2019-02-22 11:42:26 +01:00
session.c
socket: Undouble socket fds
2018-10-26 09:03:40 +02:00
sftp.c
sftp: Do not overwrite errors set by channel functions
2018-11-30 18:57:39 +01:00
sftpserver.c
CVE-2020-16135: Add missing NULL check for ssh_buffer_new()
2020-08-13 12:23:51 +02:00
socket.c
socket: Add missing braces
2018-11-21 12:27:01 +01:00
string.c
string: Don't allow to allocate strings bigger than 256M
2018-09-04 12:29:41 +02:00
threads.c
threads: Automatically call ssh_init on load
2018-08-03 16:43:03 +02:00
wrapper.c
Remove SHA384 HMAC
2019-02-22 18:21:25 +01:00