summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* BUG 94: Fix big endian issue.Andreas Schneider2012-12-031-3/+5
|
* test: Try to fetch wrong values in buffer.Aris Adamantiadis2012-11-271-0/+33
| | | | Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* priv: Add BURN_BUFFER macro and make sure it isn't optimzed out.Andreas Schneider2012-11-231-2/+5
|
* pki: Add a size limit for pubkey files.Andreas Schneider2012-11-212-1/+3
|
* CVE-2012-4559: Make sure we don't free name and longname twice on error.Andreas Schneider2012-11-141-10/+16
|
* CVE-2012-4559: Ensure that we don't free req twice.Andreas Schneider2012-11-141-1/+1
|
* CVE-2012-4560: Fix a write one past the end of 'buf'.Andreas Schneider2012-11-141-2/+3
|
* CVE-2012-4560: Fix a write one past the end of the 'u' buffer.Andreas Schneider2012-11-141-1/+1
|
* CVE-2012-4562: Fix a possible infinite loop in buffer_reinit().Andreas Schneider2012-11-141-4/+9
| | | | | If needed is bigger than the highest power of two or a which fits in an integer we will loop forever.
* CVE-2012-4562: Fix multiple integer overflows in buffer-related functions.Xi Wang2012-11-141-5/+21
|
* CVE-2012-4562: Fix possible integer overflows.Xi Wang2012-11-141-2/+14
|
* CVE-2012-4562: Fix possible integer overflow in ssh_get_hexa().Xi Wang2012-11-141-0/+5
| | | | No exploit known, but it is better to check the string length.
* pki: Fix integer overflow in ssh_pki_import_privkey_file().Xi Wang2012-10-221-0/+5
| | | | | If the file size is ULONG_MAX, the call to malloc() may allocate a small buffer, leading to a memory corruption.
* channels: Fix integer overflow in generate_cookie().Xi Wang2012-10-221-1/+1
| | | | | | Since the type of rnd[i] is signed char, (rnd[i] >> 4), which is considered as arithmetic shift by gcc, could be negative, leading to out-of-bounds read.
* channels1: Add missing request_state and set it to accepted.Andreas Schneider2012-10-221-0/+1
| | | | This fixes bug #88.
* auth1: Reset error state to no error.Andreas Schneider2012-10-221-0/+1
| | | | This fixes bug #89.
* session: Fix a possible use after free in ssh_free().Andreas Schneider2012-10-221-33/+54
| | | | | | | We need to cleanup the channels first cause we call ssh_channel_close() on the channels which still require a working socket and poll context. Thanks to sh4rm4!
* cmake: Set GNU compiler flags also for clang.Andreas Schneider2012-10-221-2/+3
|
* cmake: Add message if we build with static library.Andreas Schneider2012-10-151-0/+1
|
* doc: Update copyright policy.Andreas Schneider2012-10-142-28/+198
|
* options: Fix documentation of ssh_options_get_port().Andreas Schneider2012-10-141-1/+1
|
* doc: Update doxygen config.Andreas Schneider2012-10-141-134/+423
|
* doc: Use the correct channel functions.Andreas Schneider2012-10-141-5/+5
|
* cmake: Add better check to detect -fvisibility=hidden.Andreas Schneider2012-10-141-1/+6
|
* kex: Use getter functions to access kex arrays.Andreas Schneider2012-10-124-10/+25
| | | | This should fix the build on OpenIndiana.
* cmake: Fix building with gcrypt support.Andreas Schneider2012-10-121-6/+9
|
* tests: Add a valgrind suppression for getaddrino leak.Andreas Schneider2012-10-121-0/+10
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=859717
* tests: Add a valgrind suppression for OPENSSL_cleanse().Andreas Schneider2012-10-121-0/+5
|
* scp: Make sure buffer is initialzed.Andreas Schneider2012-10-121-1/+1
| | | | Found by Coverity.
* pki: Make sure the key_buf is null terminated.Andreas Schneider2012-10-121-0/+1
| | | | Found by Coverity.
* misc: Use a fixed buffer for getenv().Andreas Schneider2012-10-121-2/+8
|
* poll: Fix sizeof in ssh_poll_ctx_resize().Andreas Schneider2012-10-121-2/+2
| | | | | | | sizeof(ssh_poll_handle *) is to be equal to sizeof(ssh_poll_handle), but this is not a portable assumption. Found by Coverity.
* legacy: Use snprintf instead of sprintf.Andreas Schneider2012-10-121-2/+3
| | | | Found by Coverity.
* dh: Don't use strcat for ssh_get_hexa().Andreas Schneider2012-10-121-9/+8
| | | | | | This is just hardening the code. Found by Coverity.
* server: Use strncat instead of strcat.Andreas Schneider2012-10-121-4/+12
| | | | | | This is just hardening the code. Found by Coverity.
* misc: Use strncpy instead of strcat.Andreas Schneider2012-10-121-1/+1
| | | | | | This is just hardening the code. Found by Coverity.
* pki: Fix a possible null pointer dereference.Andreas Schneider2012-10-121-3/+3
| | | | Found by Coverity.
* messages: Fix memory leaks in user request callback.Andreas Schneider2012-10-121-54/+41
|
* connect: Don't leak the addressinfo on error.Andreas Schneider2012-10-121-0/+1
|
* connect: Don't leak the file descriptor on error.Andreas Schneider2012-10-121-0/+1
| | | | Found by Coverity.
* session: Don't leak memory in ssh_send_debug().Andreas Schneider2012-10-121-4/+4
| | | | Found by Coverity.
* channels: Don't leak memory in channel_rcv_request callback.Andreas Schneider2012-10-121-0/+1
| | | | Found by Coverity.
* auth: Don't leak memory on error in info request callback.Andreas Schneider2012-10-121-3/+5
| | | | Found by Coverity.
* dh: Don't leak 'f' on error.Andreas Schneider2012-10-121-5/+6
| | | | Found by Coverity.
* legacy: Don't leak the key struct on error.Andreas Schneider2012-10-121-0/+1
| | | | Found by Coverity.
* server: Don't leak memory on calling ssh_string_from_char().Andreas Schneider2012-10-121-8/+32
| | | | | | Also check the return values. Found by Coverity.
* pki: Don't leak the signature on error paths.Andreas Schneider2012-10-121-0/+2
| | | | Found by Coverity.
* sftp: Don't leak owner and group in sftp_parse_attr_4.Andreas Schneider2012-10-121-6/+15
|
* known_hosts: Don't leak memory in ssh_write_knownhost error paths.Andreas Schneider2012-10-121-0/+8
| | | | Found by Coverity.
* agent: Fix some memory leaks in error paths.Andreas Schneider2012-10-121-0/+4
| | | | Found by Coverity.
generated by cgit (git 2.34.1) at 2025-09-24 02:19:38 +0000