summaryrefslogtreecommitdiffstats
path: root/src/bind.c
Commit message (Collapse)AuthorAgeFilesLines
* bind: Correctly close sockets and invalidate them.Andreas Schneider2015-04-101-13/+5
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* server: Add support for ed25519 keys in the server.Aris Adamantiadis2015-02-021-0/+11
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* style: be consistent when iterating over wanted_methodsLuka Perkov2014-03-271-1/+1
| | | | | Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* bind: only set bindfd after successful listenJon Simons2014-03-121-1/+2
| | | | | | | | In 'ssh_bind_listen', move setting of 'sshbind->bindfd' to only happen after the listen call: otherwise 'bindfd' can be set to a bogus descriptor for the case that listen fails. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* security: fix for vulnerability CVE-2014-0017Aris Adamantiadis2014-03-041-0/+2
| | | | | | | | | | When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue.
* server: allow custom server banners (bug #83)Aris Adamantiadis2014-02-011-1/+2
|
* Import keys during ssh_bind_accept_fdAlan Dunn2014-01-211-1/+11
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Separate out key import functionality from ssh_bind_listenAlan Dunn2014-01-211-12/+23
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* bind: fix possible double-frees in ssh_bind_freeJon Simons2014-01-161-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure to explicitly set key pointers to NULL following the use of 'ssh_key_free' throughout bind.c. Before this change, a double free can happen via 'ssh_bind_free' as in this example callpath: // create an ssh_bind ssh_bind b = ssh_bind_new(); // provide a path to a wrong key-type ssh_bind_options_set(b, SSH_BIND_OPTIONS_DSAKEY, path_to_rsa_key); // initialize set key-type ssh_bind_listen(b); -> error path "The DSA host key has the wrong type: %d", ssh_key_free(sshbind->dsa) -> ssh_key_clean(key) // OK -> SAFE_FREE(key) // OK, but, sshbind->dsa is *not* set to NULL // ssh_bind_listen failed, so clean up ssh_bind ssh_bind_free(b); -> ssh_key_free(sshbind->dsa) // double-free here To fix, set pointers to NULL that have been free'd with 'ssh_key_free'. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* bind: Correctly free all memory in ssh_bind_free().Andreas Schneider2013-12-091-3/+7
| | | | Thanks to Jacob Baines.
* bind: fix leak in ssh_bind_accept error pathJon Simons2013-10-241-2/+1
| | | | | Use 'ssh_socket_free' to cleanup if 'ssh_bind_accept_fd' fails, to be sure to free the ssh_socket in/out buffers.
* log: Implment new logging functions.Andreas Schneider2013-07-141-1/+1
|
* bind: ssh_pki functions also return SSH_EOF error codeAris Adamantiadis2013-07-131-3/+3
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* BUG 97: Remove obsolete hsterror().Andreas Schneider2012-12-031-12/+1
| | | | | | This function is pretty much obsolete on most platforms. The standard errno should be used. If it is not enough on Windows we should use WSAGetLastError() in future.
* bind: Fix build.Andreas Schneider2012-05-091-1/+2
|
* server: Add ecdsa hostkey support.Andreas Schneider2012-05-081-1/+1
|
* server: Add ecdsa hostkey support.Andreas Schneider2012-02-191-1/+34
|
* session: Use a struct for all options.Andreas Schneider2012-02-051-6/+6
|
* bind: Add more error messages.Andreas Schneider2011-11-091-1/+9
|
* bind: Fix ssh_bind_listen in normal case.Andreas Schneider2011-10-171-5/+6
|
* server: use app-provided bind socket when availableAris Adamantiadis2011-10-131-17/+19
|
* server: ssh_bind_accept_fdAris Adamantiadis2011-10-131-52/+70
| | | | | This function will not call accept() but use function parameter instead
* error: Use macros for error functions.Andreas Schneider2011-09-171-1/+1
|
* server: Use new pki infrastructure.Andreas Schneider2011-08-221-28/+4
|
* pki: Remove session from ssh_pki_import_privkey_* functions.Andreas Schneider2011-08-161-2/+10
|
* bind: Add checks around key functions.Andreas Schneider2011-08-151-6/+31
|
* bind: Read only once in ssh_bind_listen() (bug #11).Andreas Schneider2011-08-151-44/+50
|
* pki: Use a consistent name scheme.Andreas Schneider2011-08-091-2/+2
| | | | Rename ssh_key_import_private to ssh_pki_import_privkey_file.
* bind: Use ssh_key_import_private().Andreas Schneider2011-08-081-22/+37
|
* Fixes the ssh_log issue on ssh_bind handles.Aris Adamantiadis2011-07-191-3/+3
|
* doc: Improve the doc of ssh_bind_set_callbacks.Andreas Schneider2011-03-091-19/+0
|
* bind: Set errors on return.Bernhard R. Link2011-02-141-1/+8
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* bind: Added include file for close function on Windows.Andreas Schneider2011-01-021-0/+1
|
* server: Added missing include files for getaddrinfo on Windows.Andreas Schneider2010-12-291-1/+10
|
* server: Replace gethostbyname() with getaddrinfo().Andreas Schneider2010-12-271-43/+56
| | | | Fixes rlo#13.
* Moved includes from priv.h to bind.hAris Adamantiadis2010-10-271-0/+1
|
* Split ssh_bind functions in a new .c fileAris Adamantiadis2010-10-201-0/+372
generated by cgit (git 2.34.1) at 2025-08-29 04:56:50 +0000