summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* SSH_AUTH_PARTIAL is now correctly passed to the caller of ↵Tilo Eckert2015-06-291-8/+7
| | | | | | | | | | ssh_userauth_publickey_auto(). Implicitly fixed unsafe return code handling that could result in use-after-free. Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 0423057424ce5af157e56defb129ad0607953985)
* available auth_methods must be reset on partial authenticationTilo Eckert2015-06-291-1/+1
| | | | | | Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit cc25d747d45f139729f1728cc5dcbd1666709a4f)
* channels: Fix exit-signal data unpackingPeter Volpe2015-06-291-1/+1
| | | | | | Signed-off-by: Peter Volpe <pvolpe@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 763735106564a3bff1ba9a3fece0dca58eec403f)
* agent: Add ssh_set_agent_socketPeter Volpe2015-06-291-3/+20
| | | | | | | | | Allow callers to specify their own socket for an ssh agent. Signed-off-by: Peter Volpe <pvolpe@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 7aeba71a92d5a2dcb606e94f95516b975242586c)
* Don't allocate a new identity list in the new session's options.Seb Boving2015-06-241-6/+0
| | | | | | | | | The previous list is not freed. Since the new session just got created, an identity list is already allocated and empty. Signed-off-by: Sebastien Boving <seb@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit e020dd8d5917c3c957b73211cecc618d9f0207cb)
* cmake: Do not use CMAKE_(SOURCE|BINARY)_DIRDouglas Heriot2015-06-241-2/+2
| | | | (cherry picked from commit a65af1b3b8a4ea50fd687b6583eac93e38cf4f3b)
* pki: Fix allocation of ed25519 public keysTiamo Laitakari2015-06-241-2/+2
| | | | | | Signed-off-by: Tiamo Laitakari <tiamo.laitakari@cs.helsinki.fi> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 5478de1a64251c3f7e19260e599045061136f2e9)
* misc: Correctly guard the sys/time.h includeAndreas Schneider2015-06-242-3/+8
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit ef751a26d0cb746966aaee64cfb5d1a87efba535)
* kex: Add comments to #if clausesAndreas Schneider2015-06-241-6/+10
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 1d69e073af6a460eb00cc68869cde9caf7031856)
* channels: fix exit-status not correctly setAris Adamantiadis2015-06-031-5/+3
|
* Comment that ssh_forward_cancel() is deprecated.Mike DePaulo2015-05-291-0/+1
| | | | Signed-off-by: Aris Adamantiadis <aris@badcode.be>
* Reintroduce ssh_forward_listen() (Fixes: #194)Mike DePaulo2015-05-291-0/+5
| | | | Signed-off-by: Aris Adamantiadis <aris@badcode.be>
* kex: also compare host keys for 'first_kex_packet_follows'Jon Simons2015-05-051-21/+23
| | | | | | | | | | | | Also consider the host key type at hand when computing whether a 'first_kex_packet_follows' packet matches the current server settings. Without this change libssh may incorrectly believe that guessed settings which match by kex algorithm alone fully match: the host key types must also match. Observed when testing with dropbear clients. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* server: return SSH_OK for ignored SSH_MSG_KEXDH_INIT caseJon Simons2015-05-051-0/+1
| | | | | | | | | | | Return SSH_OK for the case that an incoming SSH_MSG_KEXDH_INIT should be ignored. That is, for the case that the initial 'first_kex_packet_follows' guess is incorrect. Before this change sessions served with libssh can be observed to error out unexpectedly early when testing with dropbear clients that send an incompatible guess. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Add --enable-stdcall-fixup for MinGW buildsAndreas Schneider2015-05-051-0/+4
| | | | | | This fixes warnings for getaddrinfo() and freeaddrinfo(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* sftp: Fix size checkAndreas Schneider2015-05-051-5/+7
| | | | | | CID: #1296588 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* external: Fix resetting the stateAndreas Schneider2015-05-041-1/+1
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* external: Make sure we burn buffers in bcryptAndreas Schneider2015-05-041-5/+4
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* external: Fix a possible buffer overrun in bcrypt_pbkdfAndreas Schneider2015-05-041-3/+9
| | | | | | | | | CID: #1250106 This fixes a 1 byte output overflow for large key length (not reachable in libssh). Pulled from OpenBSD BCrypt PBKDF implementation. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* sftp: Add bound check for sizeAndreas Schneider2015-05-041-1/+2
| | | | | | CID: #1238630 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* buffer: Cleanup vaargs in ssh_buffer_unpack_va()Andreas Schneider2015-05-041-0/+1
| | | | | | CID: #1267977 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* string: Improve ssh_string_len() to avoid tainted variablesAndreas Schneider2015-05-041-4/+11
| | | | | | CID: #1278978 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* pki_container: Fix a memory leakAndreas Schneider2015-05-041-2/+9
| | | | | | CID: #1267980 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* pki_container: Add check for return valueAndreas Schneider2015-05-041-1/+4
| | | | | | CID: #1267982 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* buffers: Fix a possible null pointer dereferenceAris Adamantiadis2015-04-231-0/+8
| | | | | | | | | This is an addition to CVE-2015-3146 to fix the null pointer dereference. The patch is not required to fix the CVE but prevents issues in future. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* CVE-2015-3146: Fix state validation in packet handlersAris Adamantiadis2015-04-232-9/+15
| | | | | | | | | | The state validation in the packet handlers for SSH_MSG_NEWKEYS and SSH_MSG_KEXDH_REPLY had a bug which did not raise an error. The issue has been found and reported by Mariusz Ziule. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Fix leak of sftp->ext when sftp_new() failsKevin Fan2015-04-141-0/+2
| | | | | Signed-off-by: Kevin Fan <kevinfan@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* socket: Cleanup ssh_socket_close() code.Andreas Schneider2015-04-101-5/+6
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* bind: Correctly close sockets and invalidate them.Andreas Schneider2015-04-101-13/+5
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Require cmake version 2.8.0Andreas Schneider2015-04-101-5/+4
|
* cmake: Check for sys/param.h header fileAndreas Schneider2015-04-101-0/+2
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Check for arpa/inet.h header fileAndreas Schneider2015-04-101-0/+2
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* external: Use standard int typesAndreas Schneider2015-04-102-67/+69
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* messages: Don't leak memory after callback executionAndreas Schneider2015-04-021-0/+19
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* poll: Fix compilation with struct ssh_timestampAndreas Schneider2015-04-021-1/+1
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* include: We should use __func__ which is C99Andreas Schneider2015-04-021-1/+1
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* Locally restart ssh_poll() upon EINTR.Seb Boving2015-02-231-1/+7
| | | | | | | BUG: https://red.libssh.org/issues/186 Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be> Signed-off-by: Sebastien Boving <seb@google.com>
* Sending EOF on Socket that received a Broken Pipe makes call to poll to hangxjoaalm2015-02-231-9/+18
| | | | | Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be> Signed-off-by: Joao Pedro Almeida Pereira <joao.almeida@blue-tc.com>
* buffer: buffer_pack & unpack on non-gnu compilersAris Adamantiadis2015-02-081-6/+14
|
* buffer: fix use-before-nullcheck (coverity #1267979)Aris Adamantiadis2015-02-031-2/+0
| | | | | Additionally, the function call was already existing after the NULL check
* Revert "pki_gcrypt: fix warnings for SSH_KEYTYPE_ED25519"Aris Adamantiadis2015-02-031-9/+0
| | | | | This reverts commit 10f71c67690cf3c0e1b6a733c3641407df2224e2. Commit was redundant with ed25519 branch
* base64: Use secure buffersAris Adamantiadis2015-02-021-0/+2
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* buffer: Abort if the canary is not intact in ssh_buffer_unpack()Andreas Schneider2015-02-021-2/+2
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* buffer: buffer: Improve argument checking of in ssh_buffer_pack()Andreas Schneider2015-02-021-5/+28
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* buffer: Abort if the canary is not intact in ssh_buffer_unpack()Andreas Schneider2015-02-021-4/+4
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* buffer: Improve argument checking in ssh_buffer_pack()Andreas Schneider2015-02-021-5/+26
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* Move all 3rd-party C files to src/external/Aris Adamantiadis2015-02-027-97/+96
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* ed25519: Add support for OpenSSH encrypted container exportAris Adamantiadis2015-02-021-6/+153
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* ed25519: ADd OpenSSH encrypted container importAris Adamantiadis2015-02-022-8/+168
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* external: Add OpenSSH bcrypt and blowfish implementationAris Adamantiadis2015-02-023-0/+868
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
generated by cgit (git 2.34.1) at 2025-08-29 22:21:29 +0000