aboutsummaryrefslogtreecommitdiff
path: root/src/bind.c
AgeCommit message (Collapse)AuthorFilesLines
2017-04-11server: Add option SSH_BIND_OPTIONS_IMPORT_KEY to serverAlfredo Mazzinghi1-6/+12
This sets the bind private key directly from an ssh_key struct instead of reading a file. Signed-off-by: Alfredo Mazzinghi <am2419@cl.cam.ac.uk> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-10bind: Correctly close sockets and invalidate them.Andreas Schneider1-13/+5
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02server: Add support for ed25519 keys in the server.Aris Adamantiadis1-0/+11
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-27style: be consistent when iterating over wanted_methodsLuka Perkov1-1/+1
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-12bind: only set bindfd after successful listenJon Simons1-1/+2
In 'ssh_bind_listen', move setting of 'sshbind->bindfd' to only happen after the listen call: otherwise 'bindfd' can be set to a bogus descriptor for the case that listen fails. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-04security: fix for vulnerability CVE-2014-0017Aris Adamantiadis1-0/+2
When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue.
2014-02-01server: allow custom server banners (bug #83)Aris Adamantiadis1-1/+2
2014-01-21Import keys during ssh_bind_accept_fdAlan Dunn1-1/+11
Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-21Separate out key import functionality from ssh_bind_listenAlan Dunn1-12/+23
Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-16bind: fix possible double-frees in ssh_bind_freeJon Simons1-0/+10
Make sure to explicitly set key pointers to NULL following the use of 'ssh_key_free' throughout bind.c. Before this change, a double free can happen via 'ssh_bind_free' as in this example callpath: // create an ssh_bind ssh_bind b = ssh_bind_new(); // provide a path to a wrong key-type ssh_bind_options_set(b, SSH_BIND_OPTIONS_DSAKEY, path_to_rsa_key); // initialize set key-type ssh_bind_listen(b); -> error path "The DSA host key has the wrong type: %d", ssh_key_free(sshbind->dsa) -> ssh_key_clean(key) // OK -> SAFE_FREE(key) // OK, but, sshbind->dsa is *not* set to NULL // ssh_bind_listen failed, so clean up ssh_bind ssh_bind_free(b); -> ssh_key_free(sshbind->dsa) // double-free here To fix, set pointers to NULL that have been free'd with 'ssh_key_free'. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-12-09bind: Correctly free all memory in ssh_bind_free().Andreas Schneider1-3/+7
Thanks to Jacob Baines.
2013-10-24bind: fix leak in ssh_bind_accept error pathJon Simons1-2/+1
Use 'ssh_socket_free' to cleanup if 'ssh_bind_accept_fd' fails, to be sure to free the ssh_socket in/out buffers.
2013-07-14log: Implment new logging functions.Andreas Schneider1-1/+1
2013-07-13bind: ssh_pki functions also return SSH_EOF error codeAris Adamantiadis1-3/+3
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2012-12-03BUG 97: Remove obsolete hsterror().Andreas Schneider1-12/+1
This function is pretty much obsolete on most platforms. The standard errno should be used. If it is not enough on Windows we should use WSAGetLastError() in future.
2012-05-09bind: Fix build.Andreas Schneider1-1/+2
2012-05-08server: Add ecdsa hostkey support.Andreas Schneider1-1/+1
2012-02-19server: Add ecdsa hostkey support.Andreas Schneider1-1/+34
2012-02-05session: Use a struct for all options.Andreas Schneider1-6/+6
2011-11-09bind: Add more error messages.Andreas Schneider1-1/+9
2011-10-17bind: Fix ssh_bind_listen in normal case.Andreas Schneider1-5/+6
2011-10-13server: use app-provided bind socket when availableAris Adamantiadis1-17/+19
2011-10-13server: ssh_bind_accept_fdAris Adamantiadis1-52/+70
This function will not call accept() but use function parameter instead
2011-09-17error: Use macros for error functions.Andreas Schneider1-1/+1
2011-08-22server: Use new pki infrastructure.Andreas Schneider1-28/+4
2011-08-16pki: Remove session from ssh_pki_import_privkey_* functions.Andreas Schneider1-2/+10
2011-08-15bind: Add checks around key functions.Andreas Schneider1-6/+31
2011-08-15bind: Read only once in ssh_bind_listen() (bug #11).Andreas Schneider1-44/+50
2011-08-09pki: Use a consistent name scheme.Andreas Schneider1-2/+2
Rename ssh_key_import_private to ssh_pki_import_privkey_file.
2011-08-08bind: Use ssh_key_import_private().Andreas Schneider1-22/+37
2011-07-19Fixes the ssh_log issue on ssh_bind handles.Aris Adamantiadis1-3/+3
2011-03-09doc: Improve the doc of ssh_bind_set_callbacks.Andreas Schneider1-19/+0
2011-02-14bind: Set errors on return.Bernhard R. Link1-1/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2011-01-02bind: Added include file for close function on Windows.Andreas Schneider1-0/+1
2010-12-29server: Added missing include files for getaddrinfo on Windows.Andreas Schneider1-1/+10
2010-12-27server: Replace gethostbyname() with getaddrinfo().Andreas Schneider1-43/+56
Fixes rlo#13.
2010-10-27Moved includes from priv.h to bind.hAris Adamantiadis1-0/+1
2010-10-20Split ssh_bind functions in a new .c fileAris Adamantiadis1-0/+372