aboutsummaryrefslogtreecommitdiff
path: root/src/bind.c
AgeCommit message (Collapse)AuthorFilesLines
2019-01-15bind: Check for POLLRDHUP on the server if availableAndreas Schneider1-1/+8
This is a feature on modern Linux. Thanks to Ludovic Court├Ęs <ludo@gnu.org> for the pointer. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-15bind: Reformat ssh_bind_get_poll()Andreas Schneider1-5/+10
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-25socket: Undouble socket fdsSanne Raymaekers1-1/+1
Signed-off-by: Sanne Raymaekers <sraymaek@redhat.com>
2018-08-03Remove internal calls to ssh_initAnderson Toshiyuki Sasaki1-5/+0
Since the call is made automatically when the library is loaded, these calls are no longer required (if the library is not linked statically). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-01bind: Complete loading ed25519 in serverJakub Jelen1-4/+32
Previously, the support was only partial and if the ed25519 key was the only one, the internal checks were failing the tests. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29Rest in Peace SSHv1Andreas Schneider1-3/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2017-12-28add mbedtls crypto supportJuraj Vijtiuk1-0/+4
Summary: This patch adds support for mbedTLS as a crypto backend for libssh. mbedTLS is an SSL/TLS library that has been designed to mainly be used in embedded systems. It is loosely coupled and has a low memory footprint. mbedTLS also provides a cryptography library (libmbedcrypto) that can be used without the TLS modules. The patch is unfortunately quite big, since several new files had to be added. DSA is disabled at compile time, since mbedTLS doesn't support DSA Patch review and feedback would be appreciated, and if any issues or suggestions appear, I'm willing to work on them. Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Test Plan: * The patch has been tested with a Debug and MinSizeRel build, with libssh unit tests, client tests and the pkd tests. * All the tests have been run with valgrind's memcheck, drd and helgrind tools. * The examples/samplessh client works when built with the patch. Reviewers: asn, aris Subscribers: simonsj Differential Revision: https://bugs.libssh.org/D1
2017-04-11server: Add option SSH_BIND_OPTIONS_IMPORT_KEY to serverAlfredo Mazzinghi1-6/+12
This sets the bind private key directly from an ssh_key struct instead of reading a file. Signed-off-by: Alfredo Mazzinghi <am2419@cl.cam.ac.uk> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-10bind: Correctly close sockets and invalidate them.Andreas Schneider1-13/+5
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02server: Add support for ed25519 keys in the server.Aris Adamantiadis1-0/+11
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-27style: be consistent when iterating over wanted_methodsLuka Perkov1-1/+1
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-12bind: only set bindfd after successful listenJon Simons1-1/+2
In 'ssh_bind_listen', move setting of 'sshbind->bindfd' to only happen after the listen call: otherwise 'bindfd' can be set to a bogus descriptor for the case that listen fails. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-04security: fix for vulnerability CVE-2014-0017Aris Adamantiadis1-0/+2
When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue.
2014-02-01server: allow custom server banners (bug #83)Aris Adamantiadis1-1/+2
2014-01-21Import keys during ssh_bind_accept_fdAlan Dunn1-1/+11
Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-21Separate out key import functionality from ssh_bind_listenAlan Dunn1-12/+23
Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-16bind: fix possible double-frees in ssh_bind_freeJon Simons1-0/+10
Make sure to explicitly set key pointers to NULL following the use of 'ssh_key_free' throughout bind.c. Before this change, a double free can happen via 'ssh_bind_free' as in this example callpath: // create an ssh_bind ssh_bind b = ssh_bind_new(); // provide a path to a wrong key-type ssh_bind_options_set(b, SSH_BIND_OPTIONS_DSAKEY, path_to_rsa_key); // initialize set key-type ssh_bind_listen(b); -> error path "The DSA host key has the wrong type: %d", ssh_key_free(sshbind->dsa) -> ssh_key_clean(key) // OK -> SAFE_FREE(key) // OK, but, sshbind->dsa is *not* set to NULL // ssh_bind_listen failed, so clean up ssh_bind ssh_bind_free(b); -> ssh_key_free(sshbind->dsa) // double-free here To fix, set pointers to NULL that have been free'd with 'ssh_key_free'. Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-12-09bind: Correctly free all memory in ssh_bind_free().Andreas Schneider1-3/+7
Thanks to Jacob Baines.
2013-10-24bind: fix leak in ssh_bind_accept error pathJon Simons1-2/+1
Use 'ssh_socket_free' to cleanup if 'ssh_bind_accept_fd' fails, to be sure to free the ssh_socket in/out buffers.
2013-07-14log: Implment new logging functions.Andreas Schneider1-1/+1
2013-07-13bind: ssh_pki functions also return SSH_EOF error codeAris Adamantiadis1-3/+3
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2012-12-03BUG 97: Remove obsolete hsterror().Andreas Schneider1-12/+1
This function is pretty much obsolete on most platforms. The standard errno should be used. If it is not enough on Windows we should use WSAGetLastError() in future.
2012-05-09bind: Fix build.Andreas Schneider1-1/+2
2012-05-08server: Add ecdsa hostkey support.Andreas Schneider1-1/+1
2012-02-19server: Add ecdsa hostkey support.Andreas Schneider1-1/+34
2012-02-05session: Use a struct for all options.Andreas Schneider1-6/+6
2011-11-09bind: Add more error messages.Andreas Schneider1-1/+9
2011-10-17bind: Fix ssh_bind_listen in normal case.Andreas Schneider1-5/+6
2011-10-13server: use app-provided bind socket when availableAris Adamantiadis1-17/+19
2011-10-13server: ssh_bind_accept_fdAris Adamantiadis1-52/+70
This function will not call accept() but use function parameter instead
2011-09-17error: Use macros for error functions.Andreas Schneider1-1/+1
2011-08-22server: Use new pki infrastructure.Andreas Schneider1-28/+4
2011-08-16pki: Remove session from ssh_pki_import_privkey_* functions.Andreas Schneider1-2/+10
2011-08-15bind: Add checks around key functions.Andreas Schneider1-6/+31
2011-08-15bind: Read only once in ssh_bind_listen() (bug #11).Andreas Schneider1-44/+50
2011-08-09pki: Use a consistent name scheme.Andreas Schneider1-2/+2
Rename ssh_key_import_private to ssh_pki_import_privkey_file.
2011-08-08bind: Use ssh_key_import_private().Andreas Schneider1-22/+37
2011-07-19Fixes the ssh_log issue on ssh_bind handles.Aris Adamantiadis1-3/+3
2011-03-09doc: Improve the doc of ssh_bind_set_callbacks.Andreas Schneider1-19/+0
2011-02-14bind: Set errors on return.Bernhard R. Link1-1/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2011-01-02bind: Added include file for close function on Windows.Andreas Schneider1-0/+1
2010-12-29server: Added missing include files for getaddrinfo on Windows.Andreas Schneider1-1/+10
2010-12-27server: Replace gethostbyname() with getaddrinfo().Andreas Schneider1-43/+56
Fixes rlo#13.
2010-10-27Moved includes from priv.h to bind.hAris Adamantiadis1-0/+1
2010-10-20Split ssh_bind functions in a new .c fileAris Adamantiadis1-0/+372