aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2020-09-29priv.h: Fix typo in comment; “cound” → “count”Paul Capron1-1/+1
Signed-off-by: Paul Capron <paul@fragara.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-29priv.h: Fix “MAX_PACKAT_LEN” typo in #ifndef guardPaul Capron1-1/+1
The preprocessor guard was previously effectively inoperative; it used to read “MAX_PACKAT_LEN” (note the ‘A’!), now is ‘E’. Signed-off-by: Paul Capron <paul@fragara.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-29src/kex.c: removes DES and SHA1 from mac and kex algorithms by default.Sahana Prasad2-22/+30
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-17misc: Do not call random()Anderson Toshiyuki Sasaki1-10/+13
Avoid calling random() and use ssh_get_random() instead. CID #1412376 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-03Fix another memory leak on invalid nid valueDirkjan Bussink1-0/+4
In 906cc7e7e95047981677a43743cb7c4aa2bb3aab a memory leak was fixed but a similar one is present here that needs a fix as well. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-02ConfigureChecks.cmake: Disable HAVE_DSA by default (when mbedTLS is not enabled)Sahana Prasad4-10/+23
Ensure that it is not possible to enable it back with mbedTLS Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-09-02Add a new location of sftp-server on TumbleweedJakub Jelen1-0/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-08-13README.md: Add OSS-Fuzz badgeAnderson Toshiyuki Sasaki1-0/+1
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-08-12sftp: Fix more typosJakub Jelen2-2/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-08-12sftp: fix documentation typosHarald Sitter1-8/+8
Signed-off-by: Harald Sitter <sitter@kde.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-07-16tests: Add test case for T191Anderson Toshiyuki Sasaki1-0/+99
Add a test case to verify that the server returns the correct signature when it negotiated an RSA signature algorithm for the host key different from the one it prefers (e.g. when the client prefers ssh-rsa over rsa-sha2-256 and rsa-sha2-512). Fixes T240 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16tests: Add a test case for T75Anderson Toshiyuki Sasaki1-0/+56
The test checks if the client can handle the error returned by the server when the maximum number of channel sessions is exceeded. Fixes T239 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16Disable *-cbc ciphers by defaultJakub Jelen1-10/+13
OpenSSH disabled them in 2014 and 2017 for servers and clients so its our turn to follow the suit. Fixes T236 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16pki: Avoid memory leak on invalid curve NIDJakub Jelen1-0/+2
Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24166 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16packet: Fix unterminated brace and better context name in debug messageJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16misc: Do not confuse client/server in debug messagesJakub Jelen1-1/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-06-24tests: Do not parse configuration file in torture_knownhostsAnderson Toshiyuki Sasaki1-0/+8
The test might fail if there is a local configuration file that changes the location of the known_hosts file. The test should not be affected by configuration files present in the testing environment. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-23channel: Do not return error if the server closed the channelAnderson Toshiyuki Sasaki1-3/+4
If the server properly closed the channel, the client should not return error if it finds the channel closed. Fixes T231 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-22examples: Tolerate incomplete writes in exec exampleAnderson Toshiyuki Sasaki1-7/+22
Previously, the exec example would fail if it could not write the whole read buffer to stdout. With this changes, the exec example will be able to write parts of the buffer until the whole buffer is written. This makes the exec example to run when the stdout buffer is small. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-06-22tests: Add test for CVE-2019-14889Anderson Toshiyuki Sasaki1-0/+84
The test checks if a command appended to the file path is not executed. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-06-19Merge SubmittingPatches and README.CodingStyle to CONTRIBUTING.mdAndreas Schneider2-161/+152
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-06-03buffer: Add NULL check for 'buffer' argumentAndreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-03buffer: Reformat ssh_buffer_add_data()Andreas Schneider1-17/+18
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-03sftpserver: Add missing return check for ssh_buffer_add_data()Andreas Schneider1-3/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-03sftpserver: Add missing NULL check for ssh_buffer_new()Andreas Schneider1-0/+6
Thanks to Ramin Farajpour Cami for spotting this. Fixes T232 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-21Removed old, 10 years unused test filesJakub Jelen8-622/+0
They do not build anymore and I believe most of their functionality is already covered by new testst. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-21options: Do not reference non-existing functionJakub Jelen1-2/+2
Fixes T227 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-20unittests: updates torture_pki_ecdsa_uri test by adding negative test cases ↵Sahana Prasad1-1/+58
to ensure there is no crash when ssh_pki_export_pubkey_blob() is incorrectly used to export ecdsa pubkeys from privkeys when pubkeys are not imported into pkcs #11 tokens. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-20tests/torture.c: update the definition of torture_setup_tokens() to take ↵Sahana Prasad5-11/+16
load_public as an option that determines if public keys must be loaded in pkcs #11 tokens or not. tests: Adds the load_public parameter in all files where torture_setup_tokens() was used. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-20tests/pkcs11/setup-softhsm-tokens.sh: updates the script to handle ↵Sahana Prasad1-9/+13
LOADPUBLIC parameter. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-20src/pki_crypto.c pki_publickey_to_blob() should not be used to export public ↵Sahana Prasad1-0/+8
key from private keys for ecdsa keys. ssh_userauth_publickey() calls ssh_pki_export_pubkey_blob() and tries to export the the public key from private key if public keys are not already imported into pkcs #11 tokens. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-15cmake: add _POSIX_SOURCEDavid Wedderwille1-0/+1
Fixes T228 Signed-off-by: David Wedderwille <davidwe@posteo.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-05-06cmake: Add autogenerated libssh_version.hHeiko Thiery9-18/+55
Set the cmake project verision to the autogenerated file to have a single point to set the version. This will be included in the libssh.h file. Pair-Programmed-With: Andreas Schneider <asn@cryptomilk.org> Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-05fuzz: Avoid warnings from csbuild in fuzzersJakub Jelen2-3/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Add instructions for corpus creation and first corpus filesJakub Jelen3-0/+69
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Allow to increase log level from server fuzzerJakub Jelen1-0/+10
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Do not parse configuration filesJakub Jelen2-0/+6
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Use none cipher and MACJakub Jelen2-1/+18
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05Allow example client and server to process different configuration filesJakub Jelen2-5/+27
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05tests: Cover ssh_options_getopt with unit testsJakub Jelen1-0/+148
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05options: Avoid memory leaks during modification of argvJakub Jelen1-8/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05options: Properly handle unknown options with argumentsJakub Jelen1-2/+18
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05tests: Verify functionality of none cipher and macJakub Jelen1-8/+46
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05packet: Skip HMAC handling if none is selectedJakub Jelen2-23/+30
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05packet: Check if set_*_key functions exists before calling itJakub Jelen1-15/+19
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05packet: Use temporary variables to avoid long linesJakub Jelen1-14/+12
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05Add basic support for none cipher and MACsJakub Jelen9-6/+85
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05Drop none cipher and MAC as they are not implementedJakub Jelen1-2/+2
or not intended for production Related: T85 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Simplify definition of fuzzing targets and build them also with gccJakub Jelen2-21/+57
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Correctly sort members initialization to prevent GCC warningsJakub Jelen1-1/+1
tests/fuzz/ssh_client_fuzzer.cpp:45:1: error: designator order for field ‘ssh_callbacks_struct::userdata’ does not match declaration order in ‘ssh_callbacks_struct’ Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>