lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-07-31 00:03:07 +03:00
Code Activity
3,379 Commits 12 Branches 61 Tags
v0-7
Commit Graph

3379 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andreas Schneider
e5352e3021 include: Add stddef.h for size_t 
Fixes T119

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-30 09:20:29 +01:00
Andreas Schneider
64a2d37c30 Bump version to 0.7.7 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
libssh-0.7.7 		2018-10-29 10:52:49 +01:00
Andreas Schneider
9d5cf209df libcrypto: Fix memory leak in evp_final() 
Fixes T116

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a280747462)
 2018-10-28 14:31:33 +01:00
Meng Tan
1039732154 gssapi: Set correct state after sending GSSAPI_RESPONSE (select mechanism OID) 
Signed-off-by: Meng Tan <mtan@wallix.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit bce8d56705)
 2018-10-26 09:04:56 +02:00
Andreas Schneider
7ad80ba1cc server: Fix compile error 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-24 19:57:17 +02:00
Andreas Schneider
acb0e4f401 examples: Explicitly track auth state in samplesshd-kbdint 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0ff566b6dd)
 2018-10-19 14:10:02 +02:00
Andreas Schneider
3fe7510b26 messages: Check that the requested service is 'ssh-connection' 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 9c200d3ef4)
 2018-10-19 14:09:58 +02:00
Meng Tan
734e3ce674 server: Set correct state after sending INFO_REQUEST (Kbd Interactive) 
Signed-off-by: Meng Tan <mtan@wallix.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 4ea46eecce)
 2018-10-19 14:09:53 +02:00
Andreas Schneider
e4c6d591df packet: Add missing break in ssh_packet_incoming_filter() 
CID 1396239

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit fe618a35dc)
 2018-10-19 14:09:47 +02:00
Andreas Schneider
f81ca61612 misc: Add strndup implementation if not provides by the OS 
Fixes T112

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 247983e982)
 2018-10-17 08:23:15 +02:00
Andreas Schneider
c20b360c96 Bump version to 0.7.6 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
libssh-0.7.6 		2018-10-16 12:45:32 +02:00
Andreas Schneider
5e061962c5 cpack: Fix ignore files 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-16 12:45:32 +02:00
Anderson Toshiyuki Sasaki
f1d57223db CVE-2018-10933: Add tests for packet filtering 
Created the test torture_packet_filter.c which tests if packets are
being correctly filtered.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2018-10-09 11:45:59 +02:00
Anderson Toshiyuki Sasaki
b9033ad56a CVE-2018-10933: Introduced packet filtering 
The packet filter checks required states for the incoming packets and
reject them if they arrived in the wrong state.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2018-10-09 11:45:59 +02:00
Anderson Toshiyuki Sasaki
e5ff7aa410 CVE-2018-10933: Check channel state when OPEN_FAILURE arrives 
When a SSH2_MSG_OPEN_FAILURE arrives, the channel state is checked
to be in SSH_CHANNEL_STATE_OPENING.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2018-10-09 11:45:59 +02:00
Anderson Toshiyuki Sasaki
3837a0547f CVE-2018-10933: Check channel state when OPEN_CONFIRMATION arrives 
When a SSH2_MSG_OPEN_CONFIRMATION arrives, the channel state is checked
to be in SSH_CHANNEL_STATE_OPENING.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2018-10-09 11:45:58 +02:00
Anderson Toshiyuki Sasaki
7985acb768 CVE-2018-10933: Set correct state after sending MIC 
After sending the client token, the auth state is set as
SSH_AUTH_STATE_GSSAPI_MIC_SENT.  Then this can be expected to be the
state when a USERAUTH_FAILURE or USERAUTH_SUCCESS arrives.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2018-10-09 11:45:58 +02:00
Anderson Toshiyuki Sasaki
acd6a1ca8a CVE-2018-10933: Introduce SSH_AUTH_STATE_AUTH_NONE_SENT 
The introduced auth state allows to identify when a request without
authentication information was sent.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2018-10-09 11:45:58 +02:00
Anderson Toshiyuki Sasaki
ddea46f890 CVE-2018-10933: Introduce SSH_AUTH_STATE_PASSWORD_AUTH_SENT 
The introduced auth state allows to identify when authentication using
password was tried.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2018-10-09 11:45:58 +02:00
Anderson Toshiyuki Sasaki
e5f0e711b0 CVE-2018-10933: Introduced new auth states 
Introduced the states SSH_AUTH_STATE_PUBKEY_OFFER_SENT and
SSH_AUTH_STATE_PUBKEY_AUTH_SENT to know when SSH2_MSG_USERAUTH_PK_OK and
SSH2_MSG_USERAUTH_SUCCESS should be expected.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2018-10-09 11:45:58 +02:00
Andreas Schneider
e765c1400a dh: Use ssh_get_fingerprint_hash() in ssh_print_hash() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 92aa2cf496)
 2018-10-09 10:16:30 +02:00
Andreas Schneider
7a7c0a54bc dh: Add ssh_get_fingerprint_hash() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit bbed139eca)
 2018-10-09 10:16:27 +02:00
Jan-Niklas Burfeind
9c62d6dfcd dh: Add ssh_print_hash() function which can deal with sha256 
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f32cb70675)
 2018-10-09 10:16:20 +02:00
Jan-Niklas Burfeind
f3f140e65f dh: Add SSH_PUBLICKEY_HASH_SHA256 to ssh_get_publickey_hash() 
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1499b38aef)
 2018-10-09 10:16:14 +02:00
Jakub Jelen
c977a97093 Assorted changes to make the proxycommand test pass 
Cherry-picked from the following commit:
e4653b82bd
 2018-10-05 12:09:45 +02:00
Jakub Jelen
743a34ad9f Assorted changes to make the sftp_read test working 
CHerry-picked from the following commit:
571f547556
 2018-10-05 12:09:45 +02:00
Jakub Jelen
0f9e6598ef Assorted changes to make the sftp_dir test working 
Cherry-picked from the following commit:
af3de262b6
 2018-10-05 12:09:45 +02:00
Jakub Jelen
f8007d7147 Assorted changes to make the torture_forward test pass 
Cherry-picked from the following commit:
be25b58380
 2018-10-05 12:09:45 +02:00
Jakub Jelen
3d70d4f08d Assorted changes to make torture_request_env pass 
Cherry-picked from the following commit:
4bc6af6c17
 2018-10-05 12:09:45 +02:00
Andreas Schneider
bade29d3d5 torture: Fix torture_ssh_session() for cwrap testing 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 66f51df9)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
399ff6bbde tests: Add public keys for bob 
This also allows bob to auth as alice.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry-picked from commit ee866441)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
c0d9aeda18 Assorted changes to make knownhosts test work 
Cherry-picked from the following commit:
b65dcb3a35
 2018-10-05 12:09:45 +02:00
Andreas Schneider
82b2d31c29 tortrue: Add ed25519 hostkey to sshd 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 250bf37a)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
74102dfd7a Assorted changes from master to make torture_algorithms test working 
Cherry-picked from the following commits:
cbd75c3e35
3014e3c458
 2018-10-05 12:09:45 +02:00
Andreas Schneider
d678f6a9ea torture: Fix building on Windows 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit b74a1841)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
00b8e6d1f0 tests: UsePrivilegeSeparation has no effect since OpenSSH 7.5 
Additionally, we can already work around the privilege separation.

http://www.openssh.com/txt/release-7.5

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 56317caa)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
aeb859e130 tests: Do not trace sshd 
OpenSSH's sshd does not work well under valgrind so lets avoid tracing it.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit ca4fb9c6)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
b393f7e5e9 tests: Temporarily build chroot_wrapper 
(cherry-picked from commit 094aa5eb)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
2004617fd0 tests: Always start tests as root so we can switch to a user 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 1729d4a1)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
c5fe7c5a72 tests: Do not generate pcap file by default 
pcap file is generated by the processes writing to the sockets,
which is not allowed for privilege-separated process in new
OpenSSH servers (confined by seccomp filter).

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 5d3ab421)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
fec4dc4eff tests: Give server more time to start 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit f8f7989c)
 2018-10-05 12:09:45 +02:00
Jakub Jelen
3d0c9cc6b5 tests: Do not test blowfish ciphers with OpenSSH 7.6 and newer 
(cherry-picked from commit b92c4996)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
4d6048ef88 torture: Add support to specify verbosity level via env variable 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 2a9c3966)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
3d2d777e26 torture: Fix a warning 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 2bd65015)
 2018-10-05 12:09:45 +02:00
Aris Adamantiadis
8520adf609 osx: fix compilation 
(cherry-picked from commit 886fdc8b)
 2018-10-05 12:09:45 +02:00
Justus Winter
c0be59f876 tests: Make test suite work out of the box on Debian 
* tests/torture.c (torture_setup_create_sshd_config): Rework how the
location of the sftp server is discovered, and add the Debian-specific
location.

Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit e37fd832)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
2983b21996 torture: Fix ssh version detection 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit de309c51)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
88ae595583 torture: Set sshd debug level to DEBUG3 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 06343074)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
a228c3f728 torture: Also write stderr to a file 
This allows to capture debug information of the wrappers.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit c365ff3d)
 2018-10-05 12:09:45 +02:00
Andreas Schneider
53ed121a9c torture: Add additional sftp-server path for BSD 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

(cherry-picked from commit 1bbfe058)
 2018-10-05 12:09:45 +02:00