aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-06-30Bump version to 0.7.1libssh-0.7.1Andreas Schneider3-2/+9
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-29SSH_AUTH_PARTIAL is now correctly passed to the caller of ↵Tilo Eckert1-8/+7
ssh_userauth_publickey_auto(). Implicitly fixed unsafe return code handling that could result in use-after-free. Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 0423057424ce5af157e56defb129ad0607953985)
2015-06-29available auth_methods must be reset on partial authenticationTilo Eckert1-1/+1
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit cc25d747d45f139729f1728cc5dcbd1666709a4f)
2015-06-29channels: Fix exit-signal data unpackingPeter Volpe1-1/+1
Signed-off-by: Peter Volpe <pvolpe@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 763735106564a3bff1ba9a3fece0dca58eec403f)
2015-06-29agent: Add ssh_set_agent_socketPeter Volpe2-3/+21
Allow callers to specify their own socket for an ssh agent. Signed-off-by: Peter Volpe <pvolpe@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 7aeba71a92d5a2dcb606e94f95516b975242586c)
2015-06-24Don't allocate a new identity list in the new session's options.Seb Boving1-6/+0
The previous list is not freed. Since the new session just got created, an identity list is already allocated and empty. Signed-off-by: Sebastien Boving <seb@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit e020dd8d5917c3c957b73211cecc618d9f0207cb)
2015-06-24cmake: Do not use CMAKE_(SOURCE|BINARY)_DIRDouglas Heriot5-7/+7
(cherry picked from commit a65af1b3b8a4ea50fd687b6583eac93e38cf4f3b)
2015-06-24pki: Fix allocation of ed25519 public keysTiamo Laitakari1-2/+2
Signed-off-by: Tiamo Laitakari <tiamo.laitakari@cs.helsinki.fi> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 5478de1a64251c3f7e19260e599045061136f2e9)
2015-06-24Documentation fix where unsigned is used where signed is expectedJordy Moos2-3/+3
Signed-off-by: Jordy Moos <jordymoos@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit fa9fbb1d670e1ee99ba8c5255c2d80ac699496e4)
2015-06-24misc: Correctly guard the sys/time.h includeAndreas Schneider2-3/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit ef751a26d0cb746966aaee64cfb5d1a87efba535)
2015-06-24include: Add support for older MSVC versionsAndreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 30a7229fc5f147c9f39abfa9272546773f58678c)
2015-06-24kex: Add comments to #if clausesAndreas Schneider1-6/+10
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 1d69e073af6a460eb00cc68869cde9caf7031856)
2015-06-03channels: fix exit-status not correctly setAris Adamantiadis1-5/+3
2015-05-29Comment that ssh_forward_cancel() is deprecated.Mike DePaulo1-0/+1
Signed-off-by: Aris Adamantiadis <aris@badcode.be>
2015-05-29Reintroduce ssh_forward_listen() (Fixes: #194)Mike DePaulo1-0/+5
Signed-off-by: Aris Adamantiadis <aris@badcode.be>
2015-05-11ChangeLog: Set release date for 0.7.0libssh-0.7.0Andreas Schneider1-1/+1
2015-05-08cpack: Use application version.Andreas Schneider1-3/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06Bump version to 0.7.0Andreas Schneider2-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06Update ChangeLogAndreas Schneider1-1/+63
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06valgrind: Add suppression for openssl FIPS dlopen leakAndreas Schneider1-0/+12
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06valgrind: Ignore valgrind free bug on exitAndreas Schneider1-0/+12
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06tests: Migrate torture_keyfiles to testkey functionsAndreas Schneider1-16/+31
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06torture: Move TORTURE_TESTKEY_PASSWORD to headerAndreas Schneider2-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06tests: Fix memory leak in torture_server_x11 testAndreas Schneider1-0/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05kex: also compare host keys for 'first_kex_packet_follows'Jon Simons1-21/+23
Also consider the host key type at hand when computing whether a 'first_kex_packet_follows' packet matches the current server settings. Without this change libssh may incorrectly believe that guessed settings which match by kex algorithm alone fully match: the host key types must also match. Observed when testing with dropbear clients. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05server: return SSH_OK for ignored SSH_MSG_KEXDH_INIT caseJon Simons1-0/+1
Return SSH_OK for the case that an incoming SSH_MSG_KEXDH_INIT should be ignored. That is, for the case that the initial 'first_kex_packet_follows' guess is incorrect. Before this change sessions served with libssh can be observed to error out unexpectedly early when testing with dropbear clients that send an incompatible guess. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05tests: Only link against threading library if availableAndreas Schneider1-10/+14
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05cmake: Add missing OpenSSL include directoryAndreas Schneider1-0/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05cmake: Add --enable-stdcall-fixup for MinGW buildsAndreas Schneider1-0/+4
This fixes warnings for getaddrinfo() and freeaddrinfo(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05include: Fix variadic macro issues with MSVCAndreas Schneider1-1/+9
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05tests: Apply umask before calling mkstemp()Andreas Schneider2-1/+8
CID: #978660 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05example: Fix a use after free in the scp exampleAndreas Schneider1-0/+1
CID: #1032343 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05example: Check return value of ssh_get_fd()Andreas Schneider1-2/+11
CID: #1199454 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05sftp: Fix size checkAndreas Schneider1-5/+7
CID: #1296588 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04external: Fix resetting the stateAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04external: Make sure we burn buffers in bcryptAndreas Schneider1-5/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04external: Fix a possible buffer overrun in bcrypt_pbkdfAndreas Schneider1-3/+9
CID: #1250106 This fixes a 1 byte output overflow for large key length (not reachable in libssh). Pulled from OpenBSD BCrypt PBKDF implementation. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04sftp: Add bound check for sizeAndreas Schneider1-1/+2
CID: #1238630 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04buffer: Cleanup vaargs in ssh_buffer_unpack_va()Andreas Schneider1-0/+1
CID: #1267977 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04string: Improve ssh_string_len() to avoid tainted variablesAndreas Schneider1-4/+11
CID: #1278978 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04pki_container: Fix a memory leakAndreas Schneider1-2/+9
CID: #1267980 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04pki_container: Add check for return valueAndreas Schneider1-1/+4
CID: #1267982 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04tests: Fix ctest default scriptAndreas Schneider1-4/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04cmake: Add support for Address SanitizerAndreas Schneider1-0/+7
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04config: Add missing HAVE_ARPA_INET_H defineAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-23buffers: Fix a possible null pointer dereferenceAris Adamantiadis1-0/+8
This is an addition to CVE-2015-3146 to fix the null pointer dereference. The patch is not required to fix the CVE but prevents issues in future. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-23CVE-2015-3146: Fix state validation in packet handlersAris Adamantiadis2-9/+15
The state validation in the packet handlers for SSH_MSG_NEWKEYS and SSH_MSG_KEXDH_REPLY had a bug which did not raise an error. The issue has been found and reported by Mariusz Ziule. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-14Fix leak of sftp->ext when sftp_new() failsKevin Fan1-0/+2
Signed-off-by: Kevin Fan <kevinfan@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-10cmake: Require cmake 2.8.5Andreas Schneider1-1/+1
I've improved FindOpenSSL and FindZLIB in that version to work well with Windows and Linux. This was 2011 it should be old enough that most distributions have at least this version available. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-10cmake: Detect network function correctly on WindowsAndreas Schneider1-11/+17
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>