mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 20:30:38 +09:00

Go to file

Jon Simons c0f3a96089 server: fix queued USERAUTH_SUCCESS rekey bug

Fix a bug with server-side rekeying where the session state at hand
has been toggled to SSH_SESSION_STATE_AUTHENTICATED before performing
the packet send of the SSH2_MSG_USERAUTH_SUCCESS message.

Before this change, what can happen is that during the packet send,
the SSH2_MSG_USERAUTH_SUCCESS message can end up being queued due
to a small rekey data limit value.  libssh server will then proceed
to attempt to send KEX-related rekeying messages to the client before
the client has received USERAUTH_SUCCESS.  OpenSSH clients do not
expect to undergo rekeying before having been authenticated, and so
will exit with error when this happens.

The behavior before and after can be observed with the pkd test making
use of its new --rekey flag:

    ./pkd_hello -t torture_pkd_openssh_rsa_rsa_default -i1 --rekey=16 -v -v -v

A new CMake test entry is added for the above variation and can be run
with:

    ARGS="-R pkd_hello_rekey" make test

Before the fix, the test will fail; after, the test succeeds while
performing rekeying once every 16 bytes.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

2019-04-29 14:00:39 +02:00

cmake

cmake: Add support for MemorySanitizer

2019-01-25 16:07:50 +01:00

doc

sftp_get_error returns int, not char *.

2019-03-25 18:51:15 +01:00

examples

examples: Fix unused parameter warnings in sshd_direct-tcpip

2019-02-21 10:51:07 +01:00

include

dh-gex: Verify received primes in FIPS mode to match one of the known groups

2019-04-29 13:18:09 +02:00

obj

cmake: Introduce symbol versioning

2018-08-08 20:58:23 +02:00

src

server: fix queued USERAUTH_SUCCESS rekey bug

2019-04-29 14:00:39 +02:00

tests

server: fix queued USERAUTH_SUCCESS rekey bug

2019-04-29 14:00:39 +02:00

.arcconfig

arcconfig: Add missing comma

2017-08-21 09:12:36 +02:00

.gitignore

Ignore all build and obj* directories

2015-10-28 09:28:33 +01:00

.gitlab-ci.yml

Allow building without Group Exchange support

2019-02-07 10:30:05 +01:00

AUTHORS

src: Update my mail address.

2014-01-07 16:08:23 +01:00

BSD

added a file from openssh needed for known host parsing

2008-11-02 23:46:55 +00:00

ChangeLog

Update ChangeLog

2019-01-11 15:56:02 +01:00

CMakeLists.txt

cmake,options: Allow to set global bind config file

2019-04-01 08:38:17 +02:00

CompilerChecks.cmake

cmake: Add -Wmissing-field-initializers compile flag

2019-01-22 13:12:25 +01:00

config.h.cmake

cmake,options: Allow to set global bind config file

2019-04-01 08:38:17 +02:00

ConfigureChecks.cmake

Use a common KDF function

2019-03-07 12:03:32 +01:00

COPYING

COPYING: Reformat the last paragraph

2018-11-17 20:11:51 +01:00

CPackConfig.cmake

cpack: Fix ignore files

2018-08-10 14:18:18 +02:00

CTestConfig.cmake

cmake: Drop reports via https only.

2015-02-20 15:47:22 +01:00

DefineOptions.cmake

cmake,options: Allow to set global bind config file

2019-04-01 08:38:17 +02:00

INSTALL

Update INSTALL file

2019-02-07 10:30:05 +01:00

libssh-config.cmake.in

cmake: Refresh the CMake Config files

2018-11-06 13:53:43 +01:00

libssh.pc.cmake

cmake: Fix pkg-config file

2018-08-13 13:44:58 +02:00

README

Update the README

2016-05-02 11:55:39 +02:00

README.CodingStyle

README.Coding: Add section about pointers

2017-09-11 17:14:21 +02:00

README.mbedtls

pki: Add mbedTLS ECDSA key comparison support

2018-03-07 15:44:05 +01:00

README.md

README: Added markdown readmine with gitlab CI badge

2018-04-18 10:51:43 +02:00

SubmittingPatches

Update SubmittingPatches

2017-02-27 11:49:10 +01:00

README.md

  _   _   _                          _
 (_) (_) (_)                        (_)
 (_)  _  (_) _         _  _   _  _  (_) _
 (_) (_) (_)(_) _     (_)(_) (_)(_) (_)(_) _
 (_) (_) (_)   (_)  _ (_)  _ (_)    (_)   (_)
 (_) (_) (_)(_)(_) (_)(_) (_)(_)    (_)   (_).org

 The SSH library

Why?

Why not ? :) I've began to work on my own implementation of the ssh protocol because i didn't like the currently public ones. Not any allowed you to import and use the functions as a powerful library, and so i worked on a library-based SSH implementation which was non-existing in the free and open source software world.

How/Who?

If you downloaded this file, you must know what it is : a library for accessing ssh client services through C libraries calls in a simple manner. Everybody can use this software under the terms of the LGPL - see the COPYING file

If you ask yourself how to compile libssh, please read INSTALL before anything.

Where ?

https://www.libssh.org

Contributing

Please read the file 'SubmittingPatches' next to this README file. It explains our copyright policy and how you should send patches for upstream inclusion.

Have fun and happy libssh hacking!

The libssh Team