aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2014-12-17Bump version to 0.6.4.libssh-0.6.4Andreas Schneider3-3/+17
2014-12-17CVE-2014-8132: Fixup error path in ssh_packet_kexinit()Jon Simons1-1/+6
Before this change, dangling pointers can be unintentionally left in the respective next_crypto kex methods slots. Ensure to set all slots to NULL in the error-out path. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 2ced24ddd67a261dc364ad4d8958c068c1671ae7)
2014-12-17libcrypto: Fix Windows build with ssh_reseed().Andreas Schneider3-0/+9
gettimeofday() is not available on Windows and we need it only in case of forking. Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit b7b535816d5fa49b0d1783f4cb42086f4169b1da)
2014-12-17cmake: Fix the build on Windows.Andreas Schneider1-66/+68
(cherry picked from commit a738507ad24aa283c6af91fc2a5e8b35473d4c77)
2014-12-17cmake: Fix config variable names.Andreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit d8e691b58a54ccaadcad11b3b205c77b27b8dbe5)
2014-12-17cmake: Fix libssh cmake-config files.Andreas Schneider2-7/+13
(cherry picked from commit 142b2e4edeb1be1f3d5d5ea665e535d8d62bb597)
2014-12-17config: Also tokenize on equal sign.William Orr1-1/+1
The ssh config specifies it as a valid separator. BUG: https://red.libssh.org/issues/166 Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 52968b1a11a5e204daa75d1a0b388625b115f847)
2014-12-05doc: clarify tutorial error sectionDavide \"FunkyAss\" Del Zompo1-5/+4
Signed-off-by: Davide "FunkyAss" Del Zompo <davide.delzompo@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit bb197de75dc283eb0047e16f107c2441e957ea4f)
2014-12-05Set the correct error in ssh_options_set().Hani Benhabiles1-2/+2
Signed-off-by: Hani Benhabiles <hani@linux.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 03095f1516b7f5b8b0d55f05fa9a39bae68ee8fe)
2014-12-05messages: Fix a possible double free.Andreas Schneider1-0/+1
Thanks to Ramana Gampa. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2014-12-05pki_crypto.c: plug ecdsa_sig->[r,s] bignum leaksJon Simons3-3/+12
Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields. Fix a bug where the initial 'r' and 's' bignums were being overwritten with newly-allocated bignums, resulting in a memory leak. BUG: https://red.libssh.org/issues/175 Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 4745d652b5e71c27fd891edfe690162c0b8d3005)
2014-10-28connect: Do not fail if the connect is in progress.Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit a48711ae7ef890c94e2a824afb899df385c406ee)
2014-10-12gssapi: ssh_gssapi_set_creds() is a client side functionStef Walter1-2/+4
It should not be guarded by the WITH_SERVER #ifdef Signed-off-by: Stef Walter <stefw@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit cd2dc3770a49fc4487cbb0625003983e43520ec7)
2014-10-12Check return code of connect(2).William Orr1-1/+9
Signed-off-by: William Orr <will@worrbase.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 250f50648755415a138b1347a17a367ad384b66d)
2014-10-02pki_gcrypt: Initialize 'type_c' in 'pki_do_sign_sessionid'Artyom V. Poptsov1-0/+1
Add missing initialization of 'type_c' field of a SSH signature in 'pki_do_sign_sessionid' procedure. If libssh is compiled with GCrypt, 'dh_handshake_server' fails with "Could not sign the session id" error. The change fixes that. Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit aaae6cd97d3b99061fcf5444d491895690fb4cde)
2014-10-02crypto: check malloc return in ssh_mac_ctx_initJon Simons2-2/+10
Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit af25c5e668fa817521496ac2278127b516f219d3)
2014-10-02wrapper: fix z_stream leakJon Simons1-0/+3
Ensure to free the z_stream structures as allocated from the gzip.c initcompress, initdecompress functions. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 092fe0b727399cd971709c16c030bc093ca54d87)
2014-09-15string: Correctly burn the string buffer.Andreas Schneider1-4/+5
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be> (cherry picked from commit 1ddb99c46ffbeeac52f27a630b50670848b39e0c)
2014-05-28session: fix ssh_session->srv.ecdsa_key leakJon Simons1-0/+4
Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-05-09pki: Fix build without ECC support.Andreas Schneider1-0/+5
Signed-off-by: Andreas Schneider <asn@samba.org>
2014-05-07pki: Add missing semi-colon.Andreas Schneider1-1/+1
2014-05-07pki: Move ssh_pki_key_ecdsa_name() to the correct file.Andreas Schneider1-14/+0
2014-05-07cmake: Fix doxygen.Andreas Schneider3-1551/+1
2014-05-07cmake: Update doxygen module.Andreas Schneider1-67/+111
2014-05-07pki crypto: expose new ssh_pki_key_ecdsa_name APIJon Simons3-10/+158
Enable retrieving the "ecdsa-sha2-nistpNNN" name of ECDSA keys with a new 'ssh_pki_key_ecdsa_name' API. This gives more information than the 'ssh_key_type_to_char' API, which yields "ssh-ecdsa" for ECDSA keys. The motivation is that this info is useful to have in a server context. The torture_pki unit test is updated to include the new API, and a few more passes are added to additionally test 384 and 521-bit keys. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-05-06messages: Add missing ntohl on X11 request screen numberAlan Dunn1-1/+3
BUG: https://red.libssh.org/issues/160 Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-05-06pki: Correctly update the ECDSA keytype.Andreas Schneider1-1/+8
(cherry picked from commit 2884bbf5b1bfe915160a1dc03eddbcd000555ec1)
2014-05-06pki: Move ssh_pki_key_ecdsa_name() to the correct file.Andreas Schneider1-0/+14
(cherry picked from commit f48a99b97c399174ad35b83a91df922f106ade13)
2014-05-06pki: Make pki_key_ecdsa_nid_to_name() a shared function.Andreas Schneider2-1/+2
(cherry picked from commit 11cfb2903eb319d32a2432a015c61506f50dc78b)
2014-04-22cmake: Install cmake config files to the correct directory.Andreas Schneider1-1/+1
(cherry picked from commit 291312c5e4774307a79365623065764220a673e9)
2014-04-22doc: Improve docs for ssh_channel_get_exit_status().Andreas Schneider1-0/+5
BUG: https://red.libssh.org/issues/154 (cherry picked from commit adf23533e02d997118d1732f91abf9f116a47cec)
2014-04-22channels: Fix exit-signal request.Andreas Schneider1-3/+3
BUG: https://red.libssh.org/issues/153 (cherry picked from commit 927cd90dc171b7e7a400ab8c1c9474f627e89167)
2014-04-22session: Fix a memory leak with custom banner.Andreas Schneider1-0/+1
BUG: https://red.libssh.org/issues/152 (cherry picked from commit b5efbe75cd7b3881618940f9508b313222176bd8)
2014-04-22cmake: Enable creation of the compile command database by default.Andreas Schneider1-0/+3
(cherry picked from commit 437a39c7988ae157e2171f57d8c0cfdcc99584f6)
2014-03-27packet: elide two buffer_prepend calls into oneJon Simons1-8/+9
In packet_send2, rather than issue two separate buffer_prepend_data calls (each of which may entail realloc + memmove + memcpy), elide the prepend work into a single buffer_prepend_data: the header information is computed locally, and a single 5 byte prepend operation is now done instead of prepending 1, then 4 bytes. Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit aa05248ca81e3bd9e949ad724d45518707446e2c) Conflicts: src/packet.c
2014-03-27doc: Fix ssh_userauth_none() function signature.Andreas Schneider1-2/+2
Thanks to David Tibbe! BUG: https://red.libssh.org/issues/151 (cherry picked from commit 04543c9dbc2e7fb3d43985cd913a0b1225be43d5)
2014-03-27doc: Improve and consolidate ssh_bind_options_set docsAlan Dunn2-111/+53
Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 47bd0b6d1f3176a4539c22741848d37b9357175b)
2014-03-27libssh: libhpp: overload read function to support timeout parameterPetar Koretic1-1/+19
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 8e2590b5353f800a2dd11045a1e7ff4848fc8c25)
2014-03-27libssh: libhpp: avoid unnecessary call to ssh_channel_readPetar Koretic1-1/+1
ssh_channel_read is a wrapper for ssh_channel_read_timeout with timeout -1 (infinite) so we call that directly. Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit c51f42a566879f61c2349066bc4e8dd35bc5c311)
2014-03-27libssh: libhpp: fix multiple definitions for acceptForward functionPetar Koretic1-2/+2
Defining a non inlined class function in a header will cause multiple definitions when header is included in more that one file since for each file function will get defined. Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 00d4fbe75336b66262fdca86430655094adb8322) Conflicts: include/libssh/libsshpp.hpp
2014-03-27channel: check for closed state in waitwindow loopsJon Simons1-2/+4
Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit dee8e5688b4395ee379fd7f36f4a488d57fd0d6c)
2014-03-27kex: enable more ECDSA hostkey algosJon Simons1-1/+1
Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 40d81bb7cafe528639cb201e893ba62db1e813bf)
2014-03-27pki_crypto: guard against NULL pubkey->rsa in signature extractionJon Simons1-1/+7
Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 10bc5ac203a428699508293f91faa460358ca6dc)
2014-03-27session: fix comment typoLuka Perkov1-1/+1
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 8ba94022824dadfec2b6650324a06106abaeac13)
2014-03-27messages: use predefined macro for clearing sensitive dataLuka Perkov1-2/+1
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit a2fe341da558d27c348d55b1fbf9824f42ff2432)
2014-03-27client: fix corner case when sockets are manually createdLuka Perkov1-1/+4
If the sockets are created manually and passed to libssh the internal session state is set to SSH_SESSION_STATE_SOCKET_CONNECTED. Result of this fix can be verified by running torture_connect test (torture_connect_socket) with -vvvv flags. Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit dbb2de272b57c7327204adb7b7bdef5c98bfbfd6)
2014-03-27tests: torture_connect: add test for user provided socketLuka Perkov1-0/+25
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 9423a3a065c947ed5ff89da615fbd6ad7f61f60a)
2014-03-27tests: torture_connect: fix coding styleLuka Perkov1-8/+7
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 0c5d4954a78714c35e18fef9ef1010b3f53ee094)
2014-03-27pki_crypto: Replace deprecated RSA_generate_key() with RSA_generate_key_ex()Petar Koretic1-4/+14
On Mar 16, 09:41, Aris Adamantiadis wrote: > Hi Petar, > I agree with the principle, but I don't think this code can work... > RSA_generate_key takes an RSA* as parameter and in our code we probably > have key->rsa==NULL. (if we don't then the old code had a memory leak). > > Does the test case work ? > > Aris > Yes, you are right. This works, tested with tests/unittests/torture_pki Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> (cherry picked from commit 0b8d24f800bae5f4f86c0eaca41c609f40d7baef)
2014-03-27update gitignore fileLuka Perkov1-0/+1
The libssh library by default does not allow in-source build (with cmake MacroEnsureOutOfSourceBuild macro). The INSTALL file (implicitly) suggests creating a build directory. So lets add build to list of git ignore files to avoid complaints from git. Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 48354f56ec86bcd23b0947e2eb4ce85b9cdebd0f)
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-16 04:46:46 +0000