summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* crypto: fix potential memory leak in ECDHHEADmasterAris Adamantiadis2015-09-211-0/+4
|
* kex: Fix zlib compressionAndreas Schneider2015-09-161-0/+1
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* kex: Prefer sha2 over sha1Andreas Schneider2015-09-151-5/+4
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* pki: Fix a memory leak on error in ssh_pki_copy_cert_to_privkey()Andreas Schneider2015-09-091-0/+1
| | | | | | CID 1323516 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* pki: Fix a memory leak in pki_import_cert_buffer()Andreas Schneider2015-09-091-0/+1
| | | | CID #1323517
* pki: Add certificate loading functionsAxel Eppe2015-09-071-2/+110
| | | | | | | | | | | | | - ssh_pki_import_cert_base64() - ssh_pki_import_cert_file() - ssh_pki_import_cert_blob() Those functions are currently simple wrappers around their pubkey counterpart. - ssh_pki_copy_cert_to_privkey() This function copies the cert-specific data to a private key. Signed-off-by: Axel Eppe <aeppe@google.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* pki: Add Add new pki_import_cert_buffer functionAxel Eppe2015-09-071-0/+51
| | | | | Signed-off-by: Axel Eppe <aeppe@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki: Add rsa, dss certificate key type definitionsAxel Eppe2015-09-073-0/+24
| | | | | | | | - Add rsa/dsa (ssh-{rsa,dss}-cert-v01@openssh.com) as key types. - Add a cert_type member in the ssh_key struct. Signed-off-by: Axel Eppe <aeppe@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* pki: Use the standard logging functionAndreas Schneider2015-09-075-97/+109
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Handle libssh threas library correctlyAndreas Schneider2015-09-072-2/+8
| | | | | | This should fix the build on Windows and would not install pkg files. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* bignum: Fix OpenSSL crash in SAFE_FREEMichael Wilder2015-09-071-0/+4
| | | | | Signed-off-by: Michael Wilder <wilder.michael@cimcor.com> Reviewed-by: Andreas Schneider <asn@samba.org>
* crypto: Add OpenSSL EVP functions for FIPS compatibilityMichael Wilder2015-09-071-143/+409
| | | | Signed-off-by: Michael Wilder <wilder.michael@cimcor.com>
* server: Fix return code check of ssh_buffer_pack()Andreas Schneider2015-08-181-1/+1
| | | | | | Thanks to Andreas Gutschick <andreas.gutschick@mitel.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* pki: Fix return values of ssh_key_is_(public|private)Andreas Schneider2015-08-101-2/+2
| | | | | | Thanks to Kevin Haake <khaake@red-cocoa.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* sftp: Fix incorrect handling of received length fieldsTilo Eckert2015-08-011-7/+13
| | | | Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
* auth: Fix return status for ssh_userauth_agent()Peter Volpe2015-07-301-0/+5
| | | | | | | | | | BUG: https://red.libssh.org/issues/201 Return SSH_AUTH_DENIED instead of SSH_AUTH_ERROR when the provided agent offers no public keys. Signed-off-by: Peter Volpe <pvolpe@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* define our own platform-independent S_IF macrosTilo Eckert2015-07-301-24/+16
| | | | | Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* fix file mode checks in sftp_open()Tilo Eckert2015-07-301-8/+7
| | | | | Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* fix permissionsAris Adamantiadis2015-07-081-0/+0
|
* client: handle agent forward open requests with callbacksFabiano Fidêncio2015-07-072-0/+39
| | | | | Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Aris Adamantiadis <aris@badcode.be>
* cmake: Fix zlib include directoryAndreas Schneider2015-07-031-1/+1
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* SSH_AUTH_PARTIAL is now correctly passed to the caller of ↵Tilo Eckert2015-06-291-8/+7
| | | | | | | | | ssh_userauth_publickey_auto(). Implicitly fixed unsafe return code handling that could result in use-after-free. Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* available auth_methods must be reset on partial authenticationTilo Eckert2015-06-291-1/+1
| | | | | Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* channels: Fix exit-signal data unpackingPeter Volpe2015-06-291-1/+1
| | | | | Signed-off-by: Peter Volpe <pvolpe@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* agent: Add ssh_set_agent_socketPeter Volpe2015-06-291-3/+20
| | | | | | | | Allow callers to specify their own socket for an ssh agent. Signed-off-by: Peter Volpe <pvolpe@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Don't allocate a new identity list in the new session's options.Seb Boving2015-06-241-6/+0
| | | | | | | | The previous list is not freed. Since the new session just got created, an identity list is already allocated and empty. Signed-off-by: Sebastien Boving <seb@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Do not use CMAKE_(SOURCE|BINARY)_DIRDouglas Heriot2015-06-241-2/+2
|
* pki: Fix allocation of ed25519 public keysTiamo Laitakari2015-06-241-2/+2
| | | | | Signed-off-by: Tiamo Laitakari <tiamo.laitakari@cs.helsinki.fi> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* misc: Correctly guard the sys/time.h includeAndreas Schneider2015-06-242-3/+8
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* kex: Add comments to #if clausesAndreas Schneider2015-06-241-6/+10
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* channels: fix exit-status not correctly setAris Adamantiadis2015-06-031-5/+3
|
* Comment that ssh_forward_cancel() is deprecated.Mike DePaulo2015-05-291-0/+1
| | | | Signed-off-by: Aris Adamantiadis <aris@badcode.be>
* Reintroduce ssh_forward_listen() (Fixes: #194)Mike DePaulo2015-05-291-0/+5
| | | | Signed-off-by: Aris Adamantiadis <aris@badcode.be>
* kex: also compare host keys for 'first_kex_packet_follows'Jon Simons2015-05-051-21/+23
| | | | | | | | | | | | Also consider the host key type at hand when computing whether a 'first_kex_packet_follows' packet matches the current server settings. Without this change libssh may incorrectly believe that guessed settings which match by kex algorithm alone fully match: the host key types must also match. Observed when testing with dropbear clients. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* server: return SSH_OK for ignored SSH_MSG_KEXDH_INIT caseJon Simons2015-05-051-0/+1
| | | | | | | | | | | Return SSH_OK for the case that an incoming SSH_MSG_KEXDH_INIT should be ignored. That is, for the case that the initial 'first_kex_packet_follows' guess is incorrect. Before this change sessions served with libssh can be observed to error out unexpectedly early when testing with dropbear clients that send an incompatible guess. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* cmake: Add --enable-stdcall-fixup for MinGW buildsAndreas Schneider2015-05-051-0/+4
| | | | | | This fixes warnings for getaddrinfo() and freeaddrinfo(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* sftp: Fix size checkAndreas Schneider2015-05-051-5/+7
| | | | | | CID: #1296588 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* external: Fix resetting the stateAndreas Schneider2015-05-041-1/+1
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* external: Make sure we burn buffers in bcryptAndreas Schneider2015-05-041-5/+4
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* external: Fix a possible buffer overrun in bcrypt_pbkdfAndreas Schneider2015-05-041-3/+9
| | | | | | | | | CID: #1250106 This fixes a 1 byte output overflow for large key length (not reachable in libssh). Pulled from OpenBSD BCrypt PBKDF implementation. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* sftp: Add bound check for sizeAndreas Schneider2015-05-041-1/+2
| | | | | | CID: #1238630 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* buffer: Cleanup vaargs in ssh_buffer_unpack_va()Andreas Schneider2015-05-041-0/+1
| | | | | | CID: #1267977 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* string: Improve ssh_string_len() to avoid tainted variablesAndreas Schneider2015-05-041-4/+11
| | | | | | CID: #1278978 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* pki_container: Fix a memory leakAndreas Schneider2015-05-041-2/+9
| | | | | | CID: #1267980 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* pki_container: Add check for return valueAndreas Schneider2015-05-041-1/+4
| | | | | | CID: #1267982 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* buffers: Fix a possible null pointer dereferenceAris Adamantiadis2015-04-231-0/+8
| | | | | | | | | This is an addition to CVE-2015-3146 to fix the null pointer dereference. The patch is not required to fix the CVE but prevents issues in future. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* CVE-2015-3146: Fix state validation in packet handlersAris Adamantiadis2015-04-232-9/+15
| | | | | | | | | | The state validation in the packet handlers for SSH_MSG_NEWKEYS and SSH_MSG_KEXDH_REPLY had a bug which did not raise an error. The issue has been found and reported by Mariusz Ziule. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* Fix leak of sftp->ext when sftp_new() failsKevin Fan2015-04-141-0/+2
| | | | | Signed-off-by: Kevin Fan <kevinfan@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* socket: Cleanup ssh_socket_close() code.Andreas Schneider2015-04-101-5/+6
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
* bind: Correctly close sockets and invalidate them.Andreas Schneider2015-04-101-13/+5
| | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
generated by cgit (git 2.34.1) at 2024-05-06 20:40:36 +0000