summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Comment that ssh_forward_cancel() is deprecated.Mike DePaulo2015-05-291-0/+1
| | | | Signed-off-by: Aris Adamantiadis <aris@badcode.be>
* Reintroduce ssh_forward_listen() (Fixes: #194)Mike DePaulo2015-05-291-0/+5
| | | | Signed-off-by: Aris Adamantiadis <aris@badcode.be>
* kex: also compare host keys for 'first_kex_packet_follows'Jon Simons2015-05-051-21/+23
| | | | | | | | | | | | Also consider the host key type at hand when computing whether a 'first_kex_packet_follows' packet matches the current server settings. Without this change libssh may incorrectly believe that guessed settings which match by kex algorithm alone fully match: the host key types must also match. Observed when testing with dropbear clients. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* server: return SSH_OK for ignored SSH_MSG_KEXDH_INIT caseJon Simons2015-05-051-0/+1
| | | | | | | | | | | Return SSH_OK for the case that an incoming SSH_MSG_KEXDH_INIT should be ignored. That is, for the case that the initial 'first_kex_packet_follows' guess is incorrect. Before this change sessions served with libssh can be observed to error out unexpectedly early when testing with dropbear clients that send an incompatible guess. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Add --enable-stdcall-fixup for MinGW buildsAndreas Schneider2015-05-051-0/+4
| | | | | | This fixes warnings for getaddrinfo() and freeaddrinfo(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* sftp: Fix size checkAndreas Schneider2015-05-051-5/+7
| | | | | | CID: #1296588 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* external: Fix resetting the stateAndreas Schneider2015-05-041-1/+1
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* external: Make sure we burn buffers in bcryptAndreas Schneider2015-05-041-5/+4
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* external: Fix a possible buffer overrun in bcrypt_pbkdfAndreas Schneider2015-05-041-3/+9
| | | | | | | | | CID: #1250106 This fixes a 1 byte output overflow for large key length (not reachable in libssh). Pulled from OpenBSD BCrypt PBKDF implementation. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* sftp: Add bound check for sizeAndreas Schneider2015-05-041-1/+2
| | | | | | CID: #1238630 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* buffer: Cleanup vaargs in ssh_buffer_unpack_va()Andreas Schneider2015-05-041-0/+1
| | | | | | CID: #1267977 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* string: Improve ssh_string_len() to avoid tainted variablesAndreas Schneider2015-05-041-4/+11
| | | | | | CID: #1278978 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* pki_container: Fix a memory leakAndreas Schneider2015-05-041-2/+9
| | | | | | CID: #1267980 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* pki_container: Add check for return valueAndreas Schneider2015-05-041-1/+4
| | | | | | CID: #1267982 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* buffers: Fix a possible null pointer dereferenceAris Adamantiadis2015-04-231-0/+8
| | | | | | | | | This is an addition to CVE-2015-3146 to fix the null pointer dereference. The patch is not required to fix the CVE but prevents issues in future. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* CVE-2015-3146: Fix state validation in packet handlersAris Adamantiadis2015-04-232-9/+15
| | | | | | | | | | The state validation in the packet handlers for SSH_MSG_NEWKEYS and SSH_MSG_KEXDH_REPLY had a bug which did not raise an error. The issue has been found and reported by Mariusz Ziule. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Fix leak of sftp->ext when sftp_new() failsKevin Fan2015-04-141-0/+2
| | | | | Signed-off-by: Kevin Fan <kevinfan@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* socket: Cleanup ssh_socket_close() code.Andreas Schneider2015-04-101-5/+6
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* bind: Correctly close sockets and invalidate them.Andreas Schneider2015-04-101-13/+5
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Require cmake version 2.8.0Andreas Schneider2015-04-101-5/+4
|
* cmake: Check for sys/param.h header fileAndreas Schneider2015-04-101-0/+2
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Check for arpa/inet.h header fileAndreas Schneider2015-04-101-0/+2
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* external: Use standard int typesAndreas Schneider2015-04-102-67/+69
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* messages: Don't leak memory after callback executionAndreas Schneider2015-04-021-0/+19
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* poll: Fix compilation with struct ssh_timestampAndreas Schneider2015-04-021-1/+1
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* include: We should use __func__ which is C99Andreas Schneider2015-04-021-1/+1
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* Locally restart ssh_poll() upon EINTR.Seb Boving2015-02-231-1/+7
| | | | | | | BUG: https://red.libssh.org/issues/186 Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be> Signed-off-by: Sebastien Boving <seb@google.com>
* Sending EOF on Socket that received a Broken Pipe makes call to poll to hangxjoaalm2015-02-231-9/+18
| | | | | Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be> Signed-off-by: Joao Pedro Almeida Pereira <joao.almeida@blue-tc.com>
* buffer: buffer_pack & unpack on non-gnu compilersAris Adamantiadis2015-02-081-6/+14
|
* buffer: fix use-before-nullcheck (coverity #1267979)Aris Adamantiadis2015-02-031-2/+0
| | | | | Additionally, the function call was already existing after the NULL check
* Revert "pki_gcrypt: fix warnings for SSH_KEYTYPE_ED25519"Aris Adamantiadis2015-02-031-9/+0
| | | | | This reverts commit 10f71c67690cf3c0e1b6a733c3641407df2224e2. Commit was redundant with ed25519 branch
* base64: Use secure buffersAris Adamantiadis2015-02-021-0/+2
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* buffer: Abort if the canary is not intact in ssh_buffer_unpack()Andreas Schneider2015-02-021-2/+2
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* buffer: buffer: Improve argument checking of in ssh_buffer_pack()Andreas Schneider2015-02-021-5/+28
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* buffer: Abort if the canary is not intact in ssh_buffer_unpack()Andreas Schneider2015-02-021-4/+4
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* buffer: Improve argument checking in ssh_buffer_pack()Andreas Schneider2015-02-021-5/+26
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* Move all 3rd-party C files to src/external/Aris Adamantiadis2015-02-027-97/+96
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* ed25519: Add support for OpenSSH encrypted container exportAris Adamantiadis2015-02-021-6/+153
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* ed25519: ADd OpenSSH encrypted container importAris Adamantiadis2015-02-022-8/+168
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* external: Add OpenSSH bcrypt and blowfish implementationAris Adamantiadis2015-02-023-0/+868
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* server: Add support for ed25519 keys in the server.Aris Adamantiadis2015-02-024-2/+29
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* kex: Add support for ed25519 on client connections.Aris Adamantiadis2015-02-021-4/+12
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* ed25519: Add support to export OpenSSH container keysAris Adamantiadis2015-02-022-10/+173
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* libgcrypt: Make the PEM parser ed25519 awareAris Adamantiadis2015-02-021-0/+54
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* libcrypto: Make the PEM parser ed25519 awareAris Adamantiadis2015-02-021-0/+6
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* ed25519: Add support o import OpenSSH container keysAris Adamantiadis2015-02-023-10/+278
| | | | | Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* kex: disable des-cbc-ssh1 by defaultAris Adamantiadis2015-01-261-4/+6
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* packet_cb: Add misssing include for ntohl().Andreas Schneider2015-01-211-0/+1
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* pki: Make sure sig is not used unintialized.Andreas Schneider2015-01-201-1/+1
| | | | | | BUG: https://red.libssh.org/issues/167 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* threads: Fix building with POSIX threads in MinGW.Andreas Schneider2015-01-201-1/+1
| | | | | | | | | | | | | | | BUG: https://red.libssh.org/issues/181 Originally written by Patrick von Reth <vonreth () kde ! org>. This patch is part of the larger patch: https://projects.kde.org/projects/kdesupport/emerge/repository/revisions/master/changes/portage/win32libs/libssh/0002-add-a-way-to-test-ssh-connections-on-windows.patch MinGW (in particular, the MinGW-w64 fork) can use either posix threads or win32 threads. This patch fixes the MinGW build when using posix threads. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>