summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* sftp: Fix memory leak on realloc failureTobias Klauser2015-01-141-6/+9
| | | | | | | | | | If realloc of sftp->ext->name or sftp->ext->data fails, the memory previously allocated for the respective member is leaked. Fix this by storing the return value of realloc() in a temporary variable which only gets assigned to the respective sftp->ext member on success. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* connect: Fix mingw build.Andreas Schneider2015-01-061-0/+4
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* connect: Check that errno is 0 to fix Windows build.Andreas Schneider2014-12-251-1/+2
| | | | | | Thanks to Viktor Butskih. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* options: Fix setting the port.Andreas Schneider2014-12-255-9/+12
| | | | | | Make sure we correctly read the port from the config file. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* CVE-2014-8132: Fixup error path in ssh_packet_kexinit()Jon Simons2014-12-171-1/+6
| | | | | | | | | Before this change, dangling pointers can be unintentionally left in the respective next_crypto kex methods slots. Ensure to set all slots to NULL in the error-out path. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* libcrypto: Fix Windows build with ssh_reseed().Andreas Schneider2014-12-171-0/+5
| | | | | | | gettimeofday() is not available on Windows and we need it only in case of forking. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* config: Also tokenize on equal sign.William Orr2014-12-171-1/+1
| | | | | | | | The ssh config specifies it as a valid separator. BUG: https://red.libssh.org/issues/166 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki_gcrypt: fix DSA signature extractionJon Simons2014-12-091-3/+29
| | | | | | | | | | | | | | | | | Fix DSA signature extraction for the LIBGCRYPT build. Here, the same fix that was applied to the LIBCRYPTO build for https://red.libssh.org/issues/144 is now adapted for pki_gcrypt. Additionally, ensure to set the resulting output sig_blob buffer before returning. Before this fix, one can observe the failure with the pkd test on a LIBGCRYPT build as so: # ./pkd_hello -i 1 -t torture_pkd_openssh_dsa_dsa_default After, runs of 10000 back-to-back iterations of the same test are passing. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki_gcrypt: fix warnings for SSH_KEYTYPE_ED25519Jon Simons2014-12-091-0/+9
| | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* bignum: no-op make_string_bn_inplace for LIBGCRYPTJon Simons2014-12-091-1/+3
| | | | | | | | Disable the 'make_string_bn_inplace' helper function for the LIBGCRYPT build, rather than using '#error' to fail the build completely. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Set the correct error in ssh_options_set().Hani Benhabiles2014-12-051-2/+2
| | | | | Signed-off-by: Hani Benhabiles <hani@linux.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* session: add getter for kexalgoJon Simons2014-12-051-0/+29
| | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki_crypto.c: plug ecdsa_sig->[r,s] bignum leaksJon Simons2014-12-052-2/+11
| | | | | | | | | | | Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields. Fix a bug where the initial 'r' and 's' bignums were being overwritten with newly-allocated bignums, resulting in a memory leak. BUG: https://red.libssh.org/issues/175 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* connect: Do not fail if the connect is in progress.Andreas Schneider2014-10-151-1/+1
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* gssapi: ssh_gssapi_set_creds() is a client side functionStef Walter2014-10-121-2/+4
| | | | | | | It should not be guarded by the WITH_SERVER #ifdef Signed-off-by: Stef Walter <stefw@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Check return code of connect(2).William Orr2014-10-121-1/+9
| | | | | Signed-off-by: William Orr <will@worrbase.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki_gcrypt: Initialize 'type_c' in 'pki_do_sign_sessionid'Artyom V. Poptsov2014-10-021-0/+1
| | | | | | | | | | | Add missing initialization of 'type_c' field of a SSH signature in 'pki_do_sign_sessionid' procedure. If libssh is compiled with GCrypt, 'dh_handshake_server' fails with "Could not sign the session id" error. The change fixes that. Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* server: fix auth_interactive_request replyJon Simons2014-10-021-1/+1
| | | | | | | | Fix a missing 'buffer_pack' formatter in 'ssh_message_auth_interactive_request'. With this fix the 'examples/samplesshd-kbdint' program is working again for me. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* ed25519: fix leak in pki_ed25519_signJon Simons2014-10-021-2/+2
| | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki: check ssh_buffer_pack return in ssh_pki_do_signJon Simons2014-10-021-5/+10
| | | | | | | Check the 'ssh_buffer_pack' return in ssh_pki_do_sign for the ED25519 case. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki: fail when pubkey buffer length is not ED25519_PK_LENJon Simons2014-10-021-1/+5
| | | | | | | | | Fail fast in 'pki_import_pubkey_buffer' for the ED25519 case if a buffer sized ED25519_PK_LEN can not be retrieved. Before, the 'memcpy' could have read beyond the bounds of 'ssh_string_data(pubkey)'. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* crypto: check malloc return in ssh_mac_ctx_initJon Simons2014-10-022-2/+10
| | | | | Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* wrapper: fix z_stream leakJon Simons2014-10-021-0/+3
| | | | | | | | Ensure to free the z_stream structures as allocated from the gzip.c initcompress, initdecompress functions. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* string: Correctly burn the string buffer.Andreas Schneider2014-09-151-4/+5
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* ed25519: Generate, sign and verify keys.Aris2014-09-074-2/+441
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* crypto: Add ed25519 implementation from OpenSSH.Aris Adamantiadis2014-09-076-0/+2240
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* base64: Use a secure buffer.Aris Adamantiadis2014-09-071-0/+5
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* buffer: Add a secure buffer mechanism to avoid memory spillsAris Adamantiadis2014-09-071-9/+40
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* buffer: Implement "t" for text in ssh_buffer_pack().Aris Adamantiadis2014-09-071-1/+8
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* dh: Fix packing a pointer into the buffer.Andreas Schneider2014-08-251-2/+2
| | | | | | Thanks to Giovanni Panozzo <giovanni@panozzo.it>. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* ec: Fix build on CentOS.Andreas Schneider2014-08-182-0/+2
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* auth: Fix a memory leak in agent publickey auth.Andreas Schneider2014-08-151-1/+2
| | | | | | | CID: 1230358 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* packet: Check return value of ssh_buffer_unpack().Andreas Schneider2014-08-151-7/+16
| | | | | | | CID: 1230357 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* messages: Check return value of ssh_buffer_unpack().Andreas Schneider2014-08-151-1/+6
| | | | | | | CID: 1230356 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* buffer: Make sure rc is initialized.Andreas Schneider2014-08-151-2/+2
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* libgcrypt: Fix initializer name.Andreas Schneider2014-08-151-22/+22
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* bignum: Add missing include.Andreas Schneider2014-08-151-0/+2
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* messages: Fix two ssh_buffer_unpack().Andreas Schneider2014-08-071-10/+11
| | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
* Fix sftp endianess bugsAris Adamantiadis2014-08-061-29/+32
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* bignums: detach bignum-related functions from dh.c.Aris Adamantiadis2014-08-065-72/+98
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* crypto: fix secure burning, structure members namingAris Adamantiadis2014-08-061-5/+4
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffer: add a hidden canary to detect format errorsAris Adamantiadis2014-08-061-3/+16
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffers: adapt sftpserver.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-73/+41
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffers: adapt sftp.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-374/+226
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffers: adapt session.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-37/+15
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffers: adapt server.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-178/+108
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* buffers: adapt pcap.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-96/+53
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffers: adapt ecdh.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-23/+9
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffers: adapt packet.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-13/+12
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
* buffers: adapt messages.c to ssh_buffer_(un)pack()Aris Adamantiadis2014-08-061-425/+161
| | | | Reviewed-by: Andreas Schneider <asn@samba.org>
generated by cgit (git 2.34.1) at 2024-09-27 05:27:58 +0000