aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
12 dayschannels: Fix segfaults when the channel data is freedHEADmasterArtyom V. Poptsov2-5/+155
Calling some channel procedures on a freed channel is always resulting in segmentation fault errors. The reason is that when a channel is freed with 'ssh_channel_do_free' procedure, its 'session' field is set to NULL; then when a channel procedure tries to access any field of 'channel->session' structure it is effectively dereferencing a NULL pointer. The change fixes that behavior by adding a check which ensures that a channel state is not SSH_CHANNEL_FLAG_FREED_LOCAL before accessing its parent session. Also the test suite is updated to check for the fixed errors, and the Doxygen documentation updated accordingly. There was a bug introduced in b0fb7d15: 'ssh_channel_poll', 'ssh_channel_poll_timeout' and 'ssh_channel_get_exit_status' would compare the channel state to the 'SSH_CHANNEL_FLAG_FREED_LOCAL' constant to check if the channel is alive. But the procedures must check the channel flags for the presence of 'SSH_CHANNEL_FLAG_FREED_LOCAL' bits instead. This change fixes the bug. Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-08-26cpack: Do not package .cache directory used by clangdAndreas Schneider2-1/+2
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-08-18tests: Simple reproducer for rekeying with different kexJakub Jelen1-3/+155
We do not use SHA1 as it is disabled in many systems Verifies CVE-2021-3634 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-08-18CVE-2021-3634: Create a separate length for session_idJakub Jelen10-18/+23
Normally, the length of session_id and secret_hash is the same, but if we will get into rekeying with a peer that changes preference of key exchange algorithm, the new secret hash can be larger or smaller than the previous session_id causing invalid reads or writes. Resolves https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35485 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-08-18More consistent loggingJakub Jelen4-4/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-08-17gitlab-ci: Fix indentation and complaints by yamllintAndreas Schneider1-93/+91
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-08-12Add editorconfig config fileAndreas Schneider1-0/+18
See https://editorconfig.org/ for details. (neo)vim: https://github.com/editorconfig/editorconfig-vim emacs: https://github.com/editorconfig/editorconfig-emacs Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-08-12Update is_cert_type to account for security key certificates.Kevin Jones1-0/+2
Signed-off-by: Kevin Jones <kevin@vcsjones.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-08-12Fix some compiler warningsNorbert Pocs3-4/+22
Covscan analyzer was used Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-08-11.gitlab-ci: Allow failure of windows runners as they are brokenJakub Jelen1-0/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-07-07[#48/T22] Added missing server reply on auth-agent-req when a reply was ↵Jeremy Cross1-8/+29
requested by the client. PuTTY for Windows chokes without this reply if "Allow agent forwarding" is enabled. Reply will be successful if channel_auth_agent_req_function callback is defined. Based on an unmerged patch by Jon Simons. Signed-off-by: Jeremy Cross <jcross@beyondtrust.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-07-07fixed issue with ssh_connector when data has been consumed by a channel callbackJeremy Cross1-0/+3
Signed-off-by: Jeremy Cross <jcross@beyondtrust.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-07-06Fix error in documentationSerdar Sanli1-2/+1
Signed-off-by: Serdar Sanli <mserdarsanli@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-06-16misc: Avoid the 4KB stack buffer in ssh_bind_options_expand_escapeXiang Xiao1-4/+23
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: Icfd24fdb8c7f549b8cb72d793cfc767979740fdc
2021-06-16misc: Avoid the 4KB stack buffer in ssh_path_expand_escapeXiang Xiao1-5/+23
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I908ef4dfa960bf89f8e42f99af2f8bcdbb006bc8
2021-06-16Make the max file line length configurableXiang Xiao5-7/+22
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I0bc70f4459a6eaa6f4c87887a5ee7822faf22443
2021-06-16Make the transfer buffer size configurableXiang Xiao11-15/+53
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I5052bac703b5a0c289ca5c28569cadeb54d3d507
2021-06-10log: add ssh_vlog to save the stack spaceXiang Xiao4-20/+39
and add LOG_SIZE macro to control the buffer size Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I3eaeea001fc531fdb55074fc3a9d140b27847c1f
2021-06-10windows: Define PATH_MAX to MAX_PATHXiang Xiao3-11/+15
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: Ib3358ecb029d93c263d3cb39da25e82a772ae2c7
2021-06-07Enable freebsd runner also for jjelenJakub Jelen1-0/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-06-07Unbreak build on freebsdJakub Jelen1-1/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-06-04add moduli file location as an ssh_bind optionAndrew Wiley7-5/+48
Signed-off-by: Andrew Wiley <wiley@outlook.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-06-04build samplesshd-cb example on Windows tooAndrew Wiley1-4/+6
Signed-off-by: Andrew Wiley <wiley@outlook.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-06-04fix error checks on channel writes in samplesshd-cb exampleAndrew Wiley1-8/+17
Signed-off-by: Andrew Wiley <wiley@outlook.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-06-04make GSSAPI optional in the samplesshd-cb exampleAndrew Wiley1-0/+4
Signed-off-by: Andrew Wiley <wiley@outlook.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-06-01scp: Avoid allocate 8KB stack buffer in ssh_scp_deny_requestXiang Xiao1-3/+11
since ssh_scp_deny_request is seldom called, let's utilize malloc to reserve the precise size memory. Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I8e7a6d3153cff7691329b9487cd534a7f2887a35
2021-05-31socket: Read the data directly into in_bufferXiang Xiao1-8/+12
to avoid allocate 4KB buffer from stack Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: Id144ff764ee1ae98f87aee36793a9f0e4fce21b7
2021-05-31agent: Avoid 1KB temporary buffer in agent_talkXiang Xiao1-16/+14
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I9acffc6deef534659f89ca8ddb0cd60b325aaeb2
2021-05-31examples/ssh_server_fork: Support the multi-client through pthreadXiang Xiao2-4/+43
so the same code base demo both multi-process and multi-thread model Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I98554a99b7a31586be37abde7c357f81a05c3d6e
2021-05-27sftp: Read the data directly into packet->payloadXiang Xiao1-20/+12
to avoid allocate 16KB buffer from stack and one memory copy Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: Ib71cb5834b7810bf9791e13c58571e2b9fa5bca1
2021-05-27channels: Read into buffer directly in channel_read_bufferXiang Xiao1-11/+20
to avoid allocate 8KB buffer from stack Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: Ifc198705cb8ecec6f0a609f84965382dc151693b
2021-05-27Don't allocate ssh_blf_ctx from stack in bcrypt_pbkdfXiang Xiao1-10/+18
to reduce the stack size requirement Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I6a91250524786af3358b0fd0f05ba8e45f76d278
2021-05-27packet: Change the last argument of ssh_packet_encrypt to uint32_tXiang Xiao1-1/+1
to match the implemntation in packet_crypt.c Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: Ib76c3585f67dae22ed0f1dfc10dadcd03c762032
2021-05-27mbedtls: Change the last argument of cipher_[de|en]crypt_cbc to size_tXiang Xiao1-2/+2
to avoid their prototype different from ssh_cipher_struct Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I6cba2d4fea131f13d028226023da692494caa87d
2021-05-27Fix error: dereferencing pointer to incomplete type ‘struct timeval’Xiang Xiao3-0/+9
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I99d2016595966d805c9e27b5c2f2a0a5b4ad8611
2021-05-27examples/ssh_server: Free the resource in the failure pathXiang Xiao1-0/+3
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I60f64b9eda3ba233a825b2c4fe19d5bf7eaf2fa3
2021-05-27Fixes typo in src/buffer.cSahana Prasad1-1/+1
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-05-27Replace the hardcode max path length with PATH_MAXXiang Xiao5-10/+12
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: Icb1d36b48a759ec11dbaa4c09a39037a80ab0f85
2021-05-27gitlab-ci: Enable new freebsd runnerAndreas Schneider1-1/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-05-27doc: Add REAMDE how to setup a freebsd gitlab runnerAndreas Schneider1-0/+101
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-05-27gitlab-ci: Use shared Windows runners from gitlabAndreas Schneider1-20/+27
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-05-26gitlab-ci: Disable the freebsd runnerAndreas Schneider1-1/+1
We need a new one. Disable till set up and registered Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-05-26tests: Fix running timeout tests on gitlab windows runnersAndreas Schneider1-1/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-05-12examples/ssh_client: Fix the memory leak in RTOS environmentXiang Xiao1-7/+6
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I20108753cf0b86e18724171dc7b25790350edb08
2021-05-12examples/ssh_client: call ssh_init explicitlyXiang Xiao1-0/+1
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I52011de66a9e1a6a318fcb91fb7357cd97c534a3
2021-05-12examples/ssh_server: Support the command line parser without argp packageXiang Xiao1-4/+88
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: Ia39a402e4684d2f0ef014b4effd255692b576ce3
2021-05-12examples/ssh_server: Add -u and -P optionXiang Xiao1-3/+25
enable pass username and password from command line Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I6404b90a99253d3240f7a28827635b159ff6a574
2021-05-12examples/libssh_scp: Remove the duplication of free(loc->host)Xiang Xiao1-4/+1
and free sources at the end of program Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: Ia6a51d52439722b46547449e85350b3193e5ba28
2021-05-12examples/libssh_scp: call ssh_init and ssh_finalize explicitlyXiang Xiao1-2/+4
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I4c80904d40b068f47334c3116576de07782162f6
2021-05-12examples/ssh_client: Check SIGWINCH is defined before using itXiang Xiao1-5/+7
since not all POSIX platform support SIGWINCH signal and remove the global variable chan Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Change-Id: I70217020c84b056270ed680008a1871383b5fc7b