Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
ssh_userauth_publickey_auto().
Implicitly fixed unsafe return code handling that could result in use-after-free.
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0423057424ce5af157e56defb129ad0607953985)
|
|
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit cc25d747d45f139729f1728cc5dcbd1666709a4f)
|
|
Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 763735106564a3bff1ba9a3fece0dca58eec403f)
|
|
Allow callers to specify their own socket
for an ssh agent.
Signed-off-by: Peter Volpe <pvolpe@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 7aeba71a92d5a2dcb606e94f95516b975242586c)
|
|
The previous list is not freed. Since the new session just got
created, an identity list is already allocated and empty.
Signed-off-by: Sebastien Boving <seb@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit e020dd8d5917c3c957b73211cecc618d9f0207cb)
|
|
(cherry picked from commit a65af1b3b8a4ea50fd687b6583eac93e38cf4f3b)
|
|
Signed-off-by: Tiamo Laitakari <tiamo.laitakari@cs.helsinki.fi>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5478de1a64251c3f7e19260e599045061136f2e9)
|
|
Signed-off-by: Jordy Moos <jordymoos@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit fa9fbb1d670e1ee99ba8c5255c2d80ac699496e4)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit ef751a26d0cb746966aaee64cfb5d1a87efba535)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 30a7229fc5f147c9f39abfa9272546773f58678c)
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1d69e073af6a460eb00cc68869cde9caf7031856)
|
|
|
|
Signed-off-by: Aris Adamantiadis <aris@badcode.be>
|
|
Signed-off-by: Aris Adamantiadis <aris@badcode.be>
|
|
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Also consider the host key type at hand when computing whether a
'first_kex_packet_follows' packet matches the current server settings.
Without this change libssh may incorrectly believe that guessed
settings which match by kex algorithm alone fully match: the host
key types must also match. Observed when testing with dropbear
clients.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Return SSH_OK for the case that an incoming SSH_MSG_KEXDH_INIT should be
ignored. That is, for the case that the initial 'first_kex_packet_follows'
guess is incorrect. Before this change sessions served with libssh can be
observed to error out unexpectedly early when testing with dropbear clients
that send an incompatible guess.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
This fixes warnings for getaddrinfo() and freeaddrinfo().
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #978660
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1032343
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1199454
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1296588
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1250106
This fixes a 1 byte output overflow for large key length (not reachable
in libssh). Pulled from OpenBSD BCrypt PBKDF implementation.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1238630
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1267977
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1278978
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1267980
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
CID: #1267982
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
This is an addition to CVE-2015-3146 to fix the null pointer
dereference. The patch is not required to fix the CVE but prevents
issues in future.
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
The state validation in the packet handlers for SSH_MSG_NEWKEYS and
SSH_MSG_KEXDH_REPLY had a bug which did not raise an error.
The issue has been found and reported by Mariusz Ziule.
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Kevin Fan <kevinfan@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
I've improved FindOpenSSL and FindZLIB in that version to work well with
Windows and Linux. This was 2011 it should be old enough that most
distributions have at least this version available.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|