aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Expand)AuthorFilesLines
2012-12-03BUG 97: Remove obsolete hsterror().Andreas Schneider1-12/+1
2012-12-03BUG 94: Fix big endian issue.Andreas Schneider1-3/+5
2012-11-21pki: Add a size limit for pubkey files.Andreas Schneider1-1/+1
2012-11-14CVE-2012-4559: Make sure we don't free name and longname twice on error.Andreas Schneider1-10/+16
2012-11-14CVE-2012-4559: Ensure that we don't free req twice.Andreas Schneider1-1/+1
2012-11-14CVE-2012-4560: Fix a write one past the end of 'buf'.Andreas Schneider1-2/+3
2012-11-14CVE-2012-4560: Fix a write one past the end of the 'u' buffer.Andreas Schneider1-1/+1
2012-11-14CVE-2012-4562: Fix a possible infinite loop in buffer_reinit().Andreas Schneider1-4/+9
2012-11-14CVE-2012-4562: Fix multiple integer overflows in buffer-related functions.Xi Wang1-5/+21
2012-11-14CVE-2012-4562: Fix possible integer overflows.Xi Wang1-2/+14
2012-11-14CVE-2012-4562: Fix possible integer overflow in ssh_get_hexa().Xi Wang1-0/+5
2012-10-22pki: Fix integer overflow in ssh_pki_import_privkey_file().Xi Wang1-0/+5
2012-10-22channels: Fix integer overflow in generate_cookie().Xi Wang1-1/+1
2012-10-22channels1: Add missing request_state and set it to accepted.Andreas Schneider1-0/+1
2012-10-22auth1: Reset error state to no error.Andreas Schneider1-0/+1
2012-10-22session: Fix a possible use after free in ssh_free().Andreas Schneider1-33/+54
2012-10-14options: Fix documentation of ssh_options_get_port().Andreas Schneider1-1/+1
2012-10-12kex: Use getter functions to access kex arrays.Andreas Schneider3-7/+23
2012-10-12scp: Make sure buffer is initialzed.Andreas Schneider1-1/+1
2012-10-12pki: Make sure the key_buf is null terminated.Andreas Schneider1-0/+1
2012-10-12misc: Use a fixed buffer for getenv().Andreas Schneider1-2/+8
2012-10-12poll: Fix sizeof in ssh_poll_ctx_resize().Andreas Schneider1-2/+2
2012-10-12legacy: Use snprintf instead of sprintf.Andreas Schneider1-2/+3
2012-10-12dh: Don't use strcat for ssh_get_hexa().Andreas Schneider1-9/+8
2012-10-12server: Use strncat instead of strcat.Andreas Schneider1-4/+12
2012-10-12misc: Use strncpy instead of strcat.Andreas Schneider1-1/+1
2012-10-12pki: Fix a possible null pointer dereference.Andreas Schneider1-3/+3
2012-10-12messages: Fix memory leaks in user request callback.Andreas Schneider1-54/+41
2012-10-12connect: Don't leak the addressinfo on error.Andreas Schneider1-0/+1
2012-10-12connect: Don't leak the file descriptor on error.Andreas Schneider1-0/+1
2012-10-12session: Don't leak memory in ssh_send_debug().Andreas Schneider1-4/+4
2012-10-12channels: Don't leak memory in channel_rcv_request callback.Andreas Schneider1-0/+1
2012-10-12auth: Don't leak memory on error in info request callback.Andreas Schneider1-3/+5
2012-10-12dh: Don't leak 'f' on error.Andreas Schneider1-5/+6
2012-10-12legacy: Don't leak the key struct on error.Andreas Schneider1-0/+1
2012-10-12server: Don't leak memory on calling ssh_string_from_char().Andreas Schneider1-8/+32
2012-10-12pki: Don't leak the signature on error paths.Andreas Schneider1-0/+2
2012-10-12sftp: Don't leak owner and group in sftp_parse_attr_4.Andreas Schneider1-6/+15
2012-10-12known_hosts: Don't leak memory in ssh_write_knownhost error paths.Andreas Schneider1-0/+8
2012-10-12agent: Fix some memory leaks in error paths.Andreas Schneider1-0/+4
2012-10-12options: Check return code of ssh_iterator_value.Andreas Schneider1-1/+5
2012-10-12kex: Don't compare an array to null.Andreas Schneider1-4/+4
2012-10-12string: Don't compare an array to null.Andreas Schneider1-4/+10
2012-10-12message: Set correct request type.Andreas Schneider1-1/+1
2012-10-12sftpserver: Add missing break statement.Andreas Schneider1-0/+1
2012-10-12server: Fix for loop to free server methods.Andreas Schneider1-1/+1
2012-10-09client: If session is NULL we can't set an error.Andreas Schneider1-1/+0
2012-10-09match: Don't dereference 's' directly.Andreas Schneider1-2/+6
2012-10-09auth: Make error handling code reachable again.Andreas Schneider1-5/+5
2012-10-09pki: Make error handling code reachable again.Andreas Schneider1-1/+1