summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Revert f2c2687ca6c6c7e25c9a547227027ab28eb4fc16Aris Adamantiadis2014-02-051-1/+1
| | | | | Fix bug #142 The mode does need to be an octal numeric string. Mode 0600 now gets sent on the wire as 0384, triggering a "scp: protocol error: bad mode" response, and an "scp status code 1d not valid" message from libssh.
* knownhosts: resolve leaks found by coverityAris Adamantiadis2014-02-052-9/+8
|
* knownhosts: detect variations of ecdsaAris Adamantiadis2014-02-042-32/+80
|
* server: use custom server bannersAudrius Butkevicius2014-02-041-2/+2
| | | | | | Value of session->serverbanner never gets used Signed-off-by: Audrius Butkevicius <audrius.butkevicius@gmail.com>
* threads: Be less strict when deciding whether to build libssh_threads.Raphael Kubo da Costa2014-02-031-2/+2
| | | | | | | | | | | | | | | | | As mentioned in the previous commit, there are cases where CMAKE_HAVE_THREADS_LIBRARY is not set and pthreads _is_ being used: one can pass -DTHREADS_HAVE_PTHREAD_ARG=1 to CMake directly so that it just passes -pthread to the compiler/linker and does not set CMAKE_HAVE_THREADS_LIBRARY. Since we are only interested in knowing whether any threading library has been found, we should use CMAKE_THREAD_LIBS_INIT instead (Threads_FOUND would also work). Note that, at the moment, there is only a pthreads backend available in threads/, so if it is not found configuration will fail because CMake will try to create a library from an empty set of source files. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* socket: fix read of non-connected socketJon Simons2014-02-021-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure to check whether the socket at hand is indeed still connected throughout POLLIN processing in ssh_socket_pollcallback. Before this change, the POLLIN block in ssh_socket_pollcallback is predicated against the condition (s->state == SSH_SOCKET_CONNECTED). Once entered, data from the socket is consumed through the data callback in this loop: do { r = s->callbacks->data(buffer_get_rest(s->in_buffer), buffer_get_rest_len(s->in_buffer), s->callbacks->userdata); buffer_pass_bytes(s->in_buffer,r); } while (r > 0); However, it is possible for the socket data callback to change the state of the socket (closing it, for example). Fix the loop to only continue so long as the socket remains connected: this also entails setting the ssh_socket state to SSH_SOCKET_CLOSED upon close. The bug can be observed before the change by sending a bogus banner to the server: 'echo -e "A\r\nB\r\n" | nc localhost 22'. Each of 'A' and 'B' will be processed by 'callback_receive_banner', even though the client socket is closed after rejection of 'A'. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* doc: correct ssh_channel_read_timeout unitsJon Simons2014-02-021-6/+6
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* src: Fix argument order in ssh_channel_pty_window_change_callbackAudrius Butkevicius2014-02-021-2/+2
| | | | | | | So that it would match ssh_channel_pty_request_callback as well as the documentation Signed-off-by: Audrius Butkevicius <audrius.butkevicius@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* src: Define MAX_BUF_SIZE globally and use it.Joseph Southwell2014-02-024-5/+4
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* client: Fix EOF session error reporting.Joseph Southwell2014-02-022-3/+9
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Make function ssh_channel_accept() nonblocking if timeout is 0.Oleksandr Shneyder2014-02-021-1/+5
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Kex: fix coverity warning + edge caseAris Adamantiadis2014-02-021-4/+8
|
* server: allow custom server banners (bug #83)Aris Adamantiadis2014-02-012-2/+11
|
* Knownhosts: implement hostkey with knownhosts heuristicAris Adamantiadis2014-02-011-1/+24
|
* known_hosts: add ssh_knownhosts_algorithms()Aris Adamantiadis2014-02-011-0/+77
| | | | | Goal of that function is to test the preferred key exchange methods based on what's available in the known_hosts file
* pki_crypto: Fix memory leak with EC_KEY_set_public_key().Andreas Schneider2014-01-281-1/+3
| | | | BUG: https://red.libssh.org/issues/146
* doc: Document the unit for ssh_select() timeout.Andreas Schneider2014-01-231-1/+1
| | | | BUG: https://red.libssh.org/issues/143
* dh: Fix NULL check for p_group14.Rod Vagg2014-01-231-1/+1
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki_crypto: fix DSA signature extractionJon Simons2014-01-231-26/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | Fix the DSA portion of 'pki_signature_to_blob': before this change, it is possible to sometimes observe DSA signature validation failure when testing with OpenSSH clients. The problem ended up being the following snippet which did not account for the case when 'ssh_string_len(x)' may be less than 20: r = make_bignum_string(sig->dsa_sig->r); ... memcpy(buffer, ((char *) ssh_string_data(r)) + ssh_string_len(r) - 20, 20); Above consider the case that ssh_string_len(r) is 19; in that case the memcpy unintentionally starts in the wrong place. The same situation can happen for value 's' in this code. To fix, adjust the offsets used for the input and output pointers, taking into account that the lengths of 'r' and 's' can be less than 20. With the fix I am no longer able to reproduce the original failure mode. BUG: https://red.libssh.org/issues/144 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki: Use ssh_buffer_add_data() in pki_gcrypt..Andreas Schneider2014-01-221-3/+3
|
* doc: Fix description of error parameter for ssh_get_error*Alan Dunn2014-01-221-2/+2
| | | | | | | | | ssh_get_error can actually work on anything with an ssh_common_struct as its first member. It is already used in examples in the distribution with ssh_sessions and ssh_binds. Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki_crypto: pad RSA signature blobsJon Simons2014-01-211-24/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Pad RSA signature blobs to the expected RSA signature length when processing via 'pki_signature_to_blob'. Some clients, notably PuTTY, may send unpadded RSA signatures during the public key exchange: before this change, one can sometimes observe failure in signature validation when using PuTTY's 'plink' client, along these lines: ssh_packet_process: ssh_packet_process: Dispatching handler for packet type 50 ssh_packet_userauth_request: ssh_packet_userauth_request: Auth request for service ssh-connection, method publickey for user 'foo' ssh_pki_signature_verify_blob: ssh_pki_signature_verify_blob: Going to verify a ssh-rsa type signature pki_signature_verify: pki_signature_verify: RSA error: error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length ssh_packet_userauth_request: ssh_packet_userauth_request: Received an invalid signature from peer For cross-reference this issue once also existed between PuTTY and OpenSSH: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rsa-verify-failed.html http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-rsa.c?rev=1.19;content-type=text%2Fx-cvsweb-markup With the fix I am unable to reproduce the above failure mode when testing with 'plink'. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Import keys during ssh_bind_accept_fdAlan Dunn2014-01-211-1/+11
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Separate out key import functionality from ssh_bind_listenAlan Dunn2014-01-211-12/+23
| | | | | Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* src: Rename buffer_add_data() to ssh_buffer_add_data().Andreas Schneider2014-01-1918-83/+108
|
* src: Rename buffer_init to ssh_buffer_init().Andreas Schneider2014-01-1916-47/+52
|
* doc: Fix channel documentation.Andreas Schneider2014-01-171-31/+49
|
* pki: Do not use deprecated string functions.Andreas Schneider2014-01-171-1/+1
|
* src: Do not use deprecated functions.Andreas Schneider2014-01-166-15/+15
|
* bind: fix possible double-frees in ssh_bind_freeJon Simons2014-01-161-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure to explicitly set key pointers to NULL following the use of 'ssh_key_free' throughout bind.c. Before this change, a double free can happen via 'ssh_bind_free' as in this example callpath: // create an ssh_bind ssh_bind b = ssh_bind_new(); // provide a path to a wrong key-type ssh_bind_options_set(b, SSH_BIND_OPTIONS_DSAKEY, path_to_rsa_key); // initialize set key-type ssh_bind_listen(b); -> error path "The DSA host key has the wrong type: %d", ssh_key_free(sshbind->dsa) -> ssh_key_clean(key) // OK -> SAFE_FREE(key) // OK, but, sshbind->dsa is *not* set to NULL // ssh_bind_listen failed, so clean up ssh_bind ssh_bind_free(b); -> ssh_key_free(sshbind->dsa) // double-free here To fix, set pointers to NULL that have been free'd with 'ssh_key_free'. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* channel: Fix the name scheme of the forward functions.Andreas Schneider2014-01-162-15/+17
|
* channel: Add ssh_channel_accept_forward().Oleksandr Shneyder2014-01-161-3/+23
| | | | | | | | This works same way as ssh_forward_accept() but can return a destination port of the channel (useful if SSH connection forwarding several TCP/IP ports). Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* threads: support libgcrypt 1.6 hackAris Adamantiadis2014-01-081-2/+23
| | | | | | | Not 100% satisfied of this patch, but the way libgcrypt handles threading in 1.6 is not compatible with custom handlers. The new code basicaly uses pthreads in every case. This will probably not work on windows.
* src: Update my mail address.Andreas Schneider2014-01-0711-11/+11
|
* update copyright informationAris Adamantiadis2014-01-0720-26/+26
|
* pki: fix gcrypt signature processAris Adamantiadis2014-01-071-1/+1
|
* session: Fix a possible memory leak.Andreas Schneider2014-01-051-0/+1
|
* poll: fix poll_handles ownershipsAris Adamantiadis2014-01-051-5/+27
|
* socket: don't attempt reading a non-connected socketAris Adamantiadis2014-01-051-1/+1
|
* poll: Correctly free ssh_event_fd_wrapper.Andreas Schneider2013-12-221-3/+9
| | | | This is allocated by ssh_event_add_fd.
* config: Support expansion in the Host variable too.Andreas Schneider2013-12-211-9/+18
| | | | BUG: https://red.libssh.org/issues/127
* channel: fix setting of channel->flagsJon Simons2013-12-111-3/+3
| | | | | | | | Fix the setting of 'channel->flags' to use '|='. Before this change, one bug symptom can be that channels are never fully free'd via ssh_channel_free, resulting in memory leaks. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* client: use ssh_channel_do_free in ssh_disconnectJon Simons2013-12-111-1/+1
| | | | | | | | | | Ensure to use 'ssh_channel_do_free' in 'ssh_disconnect', when removing and free'ing up a session's channels. This matches the behavior in 'ssh_free', and is necessary to fully free any channel which may not have been closed completely (see usage of flags SSH_CHANNEL_FLAG_CLOSED_REMOTE, SSH_CHANNEL_FLAG_FREED_LOCAL). Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* bind: Correctly free all memory in ssh_bind_free().Andreas Schneider2013-12-091-3/+7
| | | | Thanks to Jacob Baines.
* session: Add ssh_get_clientbanner().Jon Simons2013-12-071-0/+15
|
* channels: Add a ssh_channel_read_timeout function.Andreas Schneider2013-12-041-3/+43
|
* pki: Fix a memory leak.Andreas Schneider2013-11-281-0/+1
| | | | CID #1132819
* pki: Add ssh_pki_import_privkey_file().Andreas Schneider2013-11-271-0/+58
|
* pki_crypto: Add pki_private_key_to_pem().Andreas Schneider2013-11-271-0/+118
|
* pki_gcrypt: Add pki_private_key_to_pem() stub.Andreas Schneider2013-11-271-0/+13
|
generated by cgit (git 2.34.1) at 2025-08-30 02:21:26 +0000