summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* security: fix for vulnerability CVE-2014-0017v0-5Aris Adamantiadis2014-03-043-1/+14
| | | | | | | | | | | | | When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue. Conflicts: src/bind.c
* socket: Call data handler as long as handler takes data.Johannes Krude2013-10-061-4/+6
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* BUG 103: Disable proxy command if set to 'none'.Andreas Schneider2013-07-261-4/+8
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* client: Fix possible NULL pointer dereference.Andreas Schneider2013-07-261-2/+2
|
* kex: Fix a double free.Andreas Schneider2013-07-261-0/+1
|
* Check for NULL pointers in channels.cmilo2013-07-261-5/+37
|
* BUG 103: Fix ProxyCommand parsing.Andreas Schneider2013-06-021-2/+21
|
* config: Rename ssh_config_get_str().Andreas Schneider2013-06-021-11/+11
|
* opts: Fix segfault in option parser.Andreas Schneider2013-06-021-3/+11
|
* poll: return error on poll() when pollset is emptyAris Adamantiadis2013-02-271-1/+1
| | | | (cherry picked from commit 222a0d78ca5c272ea109e847d62cf12674dd875f)
* server: Fix typo in dh_handshake_server().Laurent Bigonville2013-02-051-1/+1
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* CVE-2013-0176: Fix a remote DoS if the client doesn't send a matching kex.Andreas Schneider2013-01-141-2/+11
| | | | Thanks to Yong Chuan Koh, X-Force Research <kohyc@sg.ibm.com>
* options: Fix a free crash bug if we parse unknown options.Andreas Schneider2013-01-111-6/+8
| | | | Thanks to Yong Chuan Koh, X-Force Research <kohyc@sg.ibm.com>
* channels1: Fix severa possible null pointer dereferences.Andreas Schneider2013-01-101-6/+59
| | | | (cherry picked from commit b811b89f57ec167612948e688d75015f85b9c8f4)
* CVE-2012-4561: Fix possible free's on invalid pointers.Andreas Schneider2012-11-141-0/+5
|
* CVE-2012-4561: Fix error handling of try_publickey_from_file().Andreas Schneider2012-11-141-6/+6
|
* CVE-2012-4559: Make sure we don't free name and longname twice on error.Andreas Schneider2012-11-141-10/+16
|
* CVE-2012-4559: Ensure that we don't free req twice.Andreas Schneider2012-11-141-1/+1
|
* CVE-2012-4559: Ensure we don't free blob or request twice.Andreas Schneider2012-11-141-0/+2
|
* CVE-2012-4560: Fix a write one past the end of 'buf'.Andreas Schneider2012-11-141-2/+3
|
* CVE-2012-4560: Fix a write one past the end of the 'u' buffer.Andreas Schneider2012-11-141-1/+1
|
* CVE-2012-4562: Fix possible string related integer overflows.Xi Wang2012-11-141-7/+18
|
* CVE-2012-4562: Fix a possible infinite loop in buffer_reinit().Andreas Schneider2012-11-141-4/+9
| | | | | If needed is bigger than the highest power of two or a which fits in an integer we will loop forever.
* CVE-2012-4562: Fix multiple integer overflows in buffer-related functions.Xi Wang2012-11-141-5/+15
|
* CVE-2012-4562: Fix possible integer overflow in ssh_get_hexa().Xi Wang2012-11-141-0/+4
| | | | No exploit known, but it is better to check the string length.
* channels: Fix a possible infinite loop if the connection dropped.Andreas Schneider2012-10-221-1/+3
| | | | This fixes bug #85.
* channels1: Add missing request_state and set it to accepted.Andreas Schneider2012-10-221-0/+1
| | | | This fixes bug #88.
* auth1: Reset error state to no error.Andreas Schneider2012-10-221-0/+1
| | | | This fixes bug #89.
* session: Fix a possible use after free in ssh_free().Andreas Schneider2012-10-221-15/+19
| | | | | | | We need to cleanup the channels first cause we call ssh_channel_close() on the channels which still require a working socket and poll context. Thanks to sh4rm4!
* channel: Fix a possible null pointer dereference.Andreas Schneider2012-10-051-1/+6
| | | | (cherry picked from commit ceb8072b34a581eb72ed43f7f7ce78fd9b0ea708)
* channels: Fix a possible null pointer dereference.Andreas Schneider2012-10-051-1/+6
| | | | (cherry picked from commit 656fd60110b73b3fc56c8c407b12a68be7ca67ff)
* getpass: Fix a memory leak in ssh_gets() on error.Andreas Schneider2012-10-051-0/+1
| | | | (cherry picked from commit 6092596199e8ebfbbf6e6ba48b7ec6ca0d85fa13)
* sftp: Harden sftp_extension_supported() against null pointers.Andreas Schneider2012-10-051-2/+10
| | | | (cherry picked from commit 22f607649d7dc530df84b7b90781ce0b88153095)
* sftp: Fix a memory on error in sftp_opendir().Andreas Schneider2012-10-051-0/+1
| | | | (cherry picked from commit b5c4b090da254c1ad3689983b0cb999b09aa3394)
* misc: Don't leak memory on ssh_path_expand_escape() on error.Andreas Schneider2012-10-051-0/+4
| | | | (cherry picked from commit 61d032fc03e0055c859931f466bc75fbdf36385a)
* session: Fix a memory leak in ssh_new() on error.Andreas Schneider2012-10-051-0/+1
| | | | (cherry picked from commit 280ce3fe937c96899732814928c8ecfa9f9ae431)
* Fix regression in pre-connected socket setting.Werner Koch2012-09-212-8/+21
| | | | | | | | | | | * src/socket.c (ssh_socket_pollcallback): Factor some code out to ... (ssh_socket_set_connecting): New. * include/libssh/socket.h (ssh_socket_set_connecting): Add prototype. * src/client.c (ssh_connect): Use new function for a socket set by SSH_OPTIONS_FD. Signed-off-by: Werner Koch <wk@gnupg.org> Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* build: Fix missing struct in_addr warning.Andreas Schneider2012-07-1713-0/+13
| | | | (cherry picked from commit 782b2e37c6a4e0254e2b596b9182043c5ebabd75)
* sftp: Fix bug in sftp_mkdir not returning on error.Andreas Schneider2012-07-171-0/+1
| | | | | resolves: #84 (cherry picked from commit a92c97b2e17715c1b3cdd693d14af6c3311d8e44)
* connect: Fix a build warning.Andreas Schneider2012-07-171-1/+1
| | | | (cherry picked from commit 8b8d9dc83af81dfaec22bbb6710083e79f00c470)
* session: Cleanup timeout functions and fix packets termination.rofl0r2012-01-022-34/+41
| | | | | | | | It is possible that we get unrelated packets while waiting for termination, thus waiting indefinitely. As a workaround we have to check the user-supplied timeout. Also cleaned up ssh_blocking_flush, which was using the timeout in a bogus manner (resetting the timeout after each check).
* message: Fix compiler warning.Andreas Schneider2012-01-021-1/+1
| | | | (cherry picked from commit 2f861a858be9f2fe1f55a0fbfc47d732e3b3b31b)
* message: Handle all unknown global messages.rofl0r2012-01-011-1/+4
| | | | | Reply to unknown global messages as required by the RFC. Therefore keepalive@openssh.com style messages should get treated in a sane way.
* keyfiles: Fix build errors with callbacks.Andreas Schneider2011-09-171-5/+5
| | | | Introduced with the last commit.
* Fixes the ssh_log issue on ssh_bind handles.Aris Adamantiadis2011-09-1710-51/+78
| | | | | | | | (cherry picked from commit da954c2c5ee85bcbe2f5ad9f507a6306b0f5f8b9) Conflicts: src/keyfiles.c
* SSH1: handle exit-status message (channels would not close)Aris Adamantiadis2011-09-152-1/+14
|
* channels: don't send SSH2 packets on SSH1 !Aris Adamantiadis2011-09-151-0/+7
|
* SSH1: fix buildAris Adamantiadis2011-09-022-11/+14
| | | | | | | | | (cherry picked from commit 3eece8ac0b107a7df8d95325ef17ed19d6429e75) Conflicts: src/channels.c src/channels1.c
* channels: replaced bugged lists with ssh_listAris Adamantiadis2011-09-025-46/+58
| | | | | | | | | (cherry picked from commit 6d8bb956c5caa48c2aba6713f067224650c3c1e1) Conflicts: src/channels.c src/session.c
* poll: resolve use-after-free + inconsistent callbacks callAris Adamantiadis2011-09-021-18/+3
| | | | | | | This code was weird in the first place. I suspect my change will break something else (probably the appcode that needed it). ssh_poll_ctx_free is not a good place to send exception callbacks imho. (cherry picked from commit b5351f2809140921076ef54cc6092b543b5199d2)
generated by cgit (git 2.34.1) at 2025-08-29 00:19:23 +0000