shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 12:20:42 +09:00
Code Issues Packages Projects Releases Wiki Activity
5,635 Commits 12 Branches 62 Tags
fc1a8bb4555624f85ba1370721ad2086a4feff8c
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Jakub Jelen fc1a8bb455 CVE-2023-1667:kex: Correctly handle last fields of KEXINIT also in the client side 
Previously, the last two fields of KEXINIT were considered as always zero for
the key exchange. This was true for the sending side, but might have not been
true for the received KEXINIT from the peer.

This moves the construction of these two fields closer to their reading or
writing, instead of hardcoding them on the last possible moment before they go
as input to the hashing function.

This also allows accepting the first_kex_packet_follows on the client side, even
though there is no kex algorithm now that would allow this.

It also avoid memory leaks in case the server_set_kex() or ssh_set_client_kex()
gets called multiple times, ensuring the algorithms will not change under our
hands.

It also makes use of a new flag to track if we sent KEXINIT.

Previously, this was tracked only implicitly by the content of the
session->next_crypto->{server,client}_kex (local kex). If it was not set, we
considered it was not send. But given that we need to check the local kex even
before sending it when we receive first_kex_packet_follows flag in the KEXINIT,
this can no longer be used.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-05-04 11:52:18 +02:00
cmake
cmake: Check for Argp also on Linux to fix alpine build
2023-02-02 10:41:53 +01:00
doc
doc: Fix doxygen errors when QUIET=yes EXTRACT_ALL=yes
2023-03-20 13:41:04 +01:00
examples
cmake: Check for Argp also on Linux to fix alpine build
2023-02-02 10:41:53 +01:00
include
CVE-2023-1667:kex: Correctly handle last fields of KEXINIT also in the client side
2023-05-04 11:52:18 +02:00
src
CVE-2023-1667:kex: Correctly handle last fields of KEXINIT also in the client side
2023-05-04 11:52:18 +02:00
tests
fuzz: Avoid the server fuzzer to proceed to the authentication and further
2023-04-28 11:35:49 +02:00
.arcconfig
arcconfig: Add missing comma
2017-08-21 09:12:36 +02:00
.editorconfig
Fix editorconfig
2022-05-23 10:14:18 +02:00
.gitignore
cpack: Do not package .cache directory used by clangd
2021-08-26 14:58:38 +02:00
.gitlab-ci.yml
ci: Add CentOS 8 as there are no other OpenSSL 1.1.1 platforms
2023-04-17 13:46:41 +02:00
AUTHORS
src: Update my mail address.
2014-01-07 16:08:23 +01:00
BSD
added a file from openssh needed for known host parsing
2008-11-02 23:46:55 +00:00
CHANGELOG
Fix various spelling issues reported by codespell
2022-11-18 16:18:44 +01:00
CMakeLists.txt
cmake: Check for Argp also on Linux to fix alpine build
2023-02-02 10:41:53 +01:00
CompilerChecks.cmake
Fix various spelling issues reported by codespell
2022-11-18 16:18:44 +01:00
config.h.cmake
Fix various spelling issues reported by codespell
2022-11-18 16:18:44 +01:00
ConfigureChecks.cmake
Fix various spelling issues reported by codespell
2022-11-18 16:18:44 +01:00
CONTRIBUTING.md
Fix various spelling issues reported by codespell
2022-11-18 16:18:44 +01:00
COPYING
COPYING: Reformat the last paragraph
2018-11-17 20:11:51 +01:00
CPackConfig.cmake
cpack: Do not package .cache directory used by clangd
2021-08-26 14:58:38 +02:00
CTestConfig.cmake
cmake: Drop reports via https only.
2015-02-20 15:47:22 +01:00
DefineOptions.cmake
cmake: Document the consequences of enabling benchmarks
2023-02-02 10:41:48 +01:00
INSTALL
Fix various spelling issues reported by codespell
2022-11-18 16:18:44 +01:00
libssh.pc.cmake
cmake: Fix pkgconfig path relocation in mingw
2022-11-18 16:16:47 +01:00
README
README: Mention CONTRIBUTING not SubmittingPatches
2020-09-29 13:05:34 +02:00
README.mbedtls
pki: Add mbedTLS ECDSA key comparison support
2018-03-07 15:44:05 +01:00
README.md
README: Mention CONTRIBUTING not SubmittingPatches
2020-09-29 13:05:34 +02:00

README.md

pipeline status Fuzzing Status

  _   _   _                          _
 (_) (_) (_)                        (_)
 (_)  _  (_) _         _  _   _  _  (_) _
 (_) (_) (_)(_) _     (_)(_) (_)(_) (_)(_) _
 (_) (_) (_)   (_)  _ (_)  _ (_)    (_)   (_)
 (_) (_) (_)(_)(_) (_)(_) (_)(_)    (_)   (_).org

 The SSH library

Why?

Why not ? :) I've began to work on my own implementation of the ssh protocol because i didn't like the currently public ones. Not any allowed you to import and use the functions as a powerful library, and so i worked on a library-based SSH implementation which was non-existing in the free and open source software world.

How/Who?

If you downloaded this file, you must know what it is : a library for accessing ssh client services through C libraries calls in a simple manner. Everybody can use this software under the terms of the LGPL - see the COPYING file

If you ask yourself how to compile libssh, please read INSTALL before anything.

Where ?

https://www.libssh.org

Contributing

Please read the file 'CONTRIBUTING.md' next to this README file. It explains our copyright policy and how you should send patches for upstream inclusion.

Have fun and happy libssh hacking!

The libssh Team

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 15 MiB
Languages
C 95.3%
CMake 4.1%
C++ 0.4%
Shell 0.2%