aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-07-03cmake: Fix OpenSSL detection in non-standard pathAndreas Schneider1-6/+6
This should fix the detection on Windows. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-07-03cmake: Fail if can't find OpenSSL aes and des headersAndreas Schneider1-17/+25
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-30include: Add stdarg.h so we can check for va_copy macroAndreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-29SSH_AUTH_PARTIAL is now correctly passed to the caller of ↵Tilo Eckert1-8/+7
ssh_userauth_publickey_auto(). Implicitly fixed unsafe return code handling that could result in use-after-free. Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-29available auth_methods must be reset on partial authenticationTilo Eckert1-1/+1
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-29channels: Fix exit-signal data unpackingPeter Volpe1-1/+1
Signed-off-by: Peter Volpe <pvolpe@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-29agent: Add ssh_set_agent_socketPeter Volpe2-3/+21
Allow callers to specify their own socket for an ssh agent. Signed-off-by: Peter Volpe <pvolpe@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-24Don't allocate a new identity list in the new session's options.Seb Boving1-6/+0
The previous list is not freed. Since the new session just got created, an identity list is already allocated and empty. Signed-off-by: Sebastien Boving <seb@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-24cmake: Do not use CMAKE_(SOURCE|BINARY)_DIRDouglas Heriot5-7/+7
2015-06-24pki: Fix allocation of ed25519 public keysTiamo Laitakari1-2/+2
Signed-off-by: Tiamo Laitakari <tiamo.laitakari@cs.helsinki.fi> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-24Documentation fix where unsigned is used where signed is expectedJordy Moos2-3/+3
Signed-off-by: Jordy Moos <jordymoos@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-24misc: Correctly guard the sys/time.h includeAndreas Schneider2-3/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-24include: Add support for older MSVC versionsAndreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-24kex: Add comments to #if clausesAndreas Schneider1-6/+10
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-06-03channels: fix exit-status not correctly setAris Adamantiadis1-5/+3
2015-05-29Comment that ssh_forward_cancel() is deprecated.Mike DePaulo1-0/+1
Signed-off-by: Aris Adamantiadis <aris@badcode.be>
2015-05-29Reintroduce ssh_forward_listen() (Fixes: #194)Mike DePaulo1-0/+5
Signed-off-by: Aris Adamantiadis <aris@badcode.be>
2015-05-08cpack: Use application version.Andreas Schneider1-3/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06Bump version to 0.7.0Andreas Schneider2-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06Update ChangeLogAndreas Schneider1-1/+63
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06valgrind: Add suppression for openssl FIPS dlopen leakAndreas Schneider1-0/+12
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06valgrind: Ignore valgrind free bug on exitAndreas Schneider1-0/+12
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06tests: Migrate torture_keyfiles to testkey functionsAndreas Schneider1-16/+31
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06torture: Move TORTURE_TESTKEY_PASSWORD to headerAndreas Schneider2-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-06tests: Fix memory leak in torture_server_x11 testAndreas Schneider1-0/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05kex: also compare host keys for 'first_kex_packet_follows'Jon Simons1-21/+23
Also consider the host key type at hand when computing whether a 'first_kex_packet_follows' packet matches the current server settings. Without this change libssh may incorrectly believe that guessed settings which match by kex algorithm alone fully match: the host key types must also match. Observed when testing with dropbear clients. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05server: return SSH_OK for ignored SSH_MSG_KEXDH_INIT caseJon Simons1-0/+1
Return SSH_OK for the case that an incoming SSH_MSG_KEXDH_INIT should be ignored. That is, for the case that the initial 'first_kex_packet_follows' guess is incorrect. Before this change sessions served with libssh can be observed to error out unexpectedly early when testing with dropbear clients that send an incompatible guess. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05tests: Only link against threading library if availableAndreas Schneider1-10/+14
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05cmake: Add missing OpenSSL include directoryAndreas Schneider1-0/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05cmake: Add --enable-stdcall-fixup for MinGW buildsAndreas Schneider1-0/+4
This fixes warnings for getaddrinfo() and freeaddrinfo(). Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05include: Fix variadic macro issues with MSVCAndreas Schneider1-1/+9
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05tests: Apply umask before calling mkstemp()Andreas Schneider2-1/+8
CID: #978660 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05example: Fix a use after free in the scp exampleAndreas Schneider1-0/+1
CID: #1032343 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05example: Check return value of ssh_get_fd()Andreas Schneider1-2/+11
CID: #1199454 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-05sftp: Fix size checkAndreas Schneider1-5/+7
CID: #1296588 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04external: Fix resetting the stateAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04external: Make sure we burn buffers in bcryptAndreas Schneider1-5/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04external: Fix a possible buffer overrun in bcrypt_pbkdfAndreas Schneider1-3/+9
CID: #1250106 This fixes a 1 byte output overflow for large key length (not reachable in libssh). Pulled from OpenBSD BCrypt PBKDF implementation. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04sftp: Add bound check for sizeAndreas Schneider1-1/+2
CID: #1238630 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04buffer: Cleanup vaargs in ssh_buffer_unpack_va()Andreas Schneider1-0/+1
CID: #1267977 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04string: Improve ssh_string_len() to avoid tainted variablesAndreas Schneider1-4/+11
CID: #1278978 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04pki_container: Fix a memory leakAndreas Schneider1-2/+9
CID: #1267980 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04pki_container: Add check for return valueAndreas Schneider1-1/+4
CID: #1267982 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04tests: Fix ctest default scriptAndreas Schneider1-4/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04cmake: Add support for Address SanitizerAndreas Schneider1-0/+7
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-05-04config: Add missing HAVE_ARPA_INET_H defineAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-23buffers: Fix a possible null pointer dereferenceAris Adamantiadis1-0/+8
This is an addition to CVE-2015-3146 to fix the null pointer dereference. The patch is not required to fix the CVE but prevents issues in future. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-23CVE-2015-3146: Fix state validation in packet handlersAris Adamantiadis2-9/+15
The state validation in the packet handlers for SSH_MSG_NEWKEYS and SSH_MSG_KEXDH_REPLY had a bug which did not raise an error. The issue has been found and reported by Mariusz Ziule. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-14Fix leak of sftp->ext when sftp_new() failsKevin Fan1-0/+2
Signed-off-by: Kevin Fan <kevinfan@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-10cmake: Require cmake 2.8.5Andreas Schneider1-1/+1
I've improved FindOpenSSL and FindZLIB in that version to work well with Windows and Linux. This was 2011 it should be old enough that most distributions have at least this version available. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>