1
0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-29 01:03:57 +03:00
Commit Graph

38 Commits

Author SHA1 Message Date
Alfredo Mazzinghi
9dc650b7fb server: Add option SSH_BIND_OPTIONS_IMPORT_KEY to server
This sets the bind private key directly from an ssh_key struct instead
of reading a file.

Signed-off-by: Alfredo Mazzinghi <am2419@cl.cam.ac.uk>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-04-11 10:00:13 +02:00
Andreas Schneider
3f04367fb8 bind: Correctly close sockets and invalidate them.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2015-04-10 13:32:09 +02:00
Aris Adamantiadis
c02b260e7e server: Add support for ed25519 keys in the server.
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-02-02 14:45:52 +01:00
Luka Perkov
53644a14ac style: be consistent when iterating over wanted_methods
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-27 11:23:34 +01:00
Jon Simons
5eeac3566e bind: only set bindfd after successful listen
In 'ssh_bind_listen', move setting of 'sshbind->bindfd' to only happen after
the listen call: otherwise 'bindfd' can be set to a bogus descriptor for the
case that listen fails.

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-03-12 14:09:35 +01:00
Aris Adamantiadis
e99246246b security: fix for vulnerability CVE-2014-0017
When accepting a new connection, a forking server based on libssh forks
and the child process handles the request. The RAND_bytes() function of
openssl doesn't reset its state after the fork, but simply adds the
current process id (getpid) to the PRNG state, which is not guaranteed
to be unique.
This can cause several children to end up with same PRNG state which is
a security issue.
2014-03-04 09:55:28 +01:00
Aris Adamantiadis
671f1979a6 server: allow custom server banners (bug #83) 2014-02-01 18:00:01 +01:00
Alan Dunn
d3e081ba44 Import keys during ssh_bind_accept_fd
Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-21 16:07:04 +01:00
Alan Dunn
086847f997 Separate out key import functionality from ssh_bind_listen
Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-21 16:06:53 +01:00
Jon Simons
6007c3c43f bind: fix possible double-frees in ssh_bind_free
Make sure to explicitly set key pointers to NULL following the use
of 'ssh_key_free' throughout bind.c.

Before this change, a double free can happen via 'ssh_bind_free'
as in this example callpath:

  // create an ssh_bind
  ssh_bind b = ssh_bind_new();

  // provide a path to a wrong key-type
  ssh_bind_options_set(b, SSH_BIND_OPTIONS_DSAKEY, path_to_rsa_key);

  // initialize set key-type
  ssh_bind_listen(b);

    -> error path "The DSA host key has the wrong type: %d",

       ssh_key_free(sshbind->dsa)

         -> ssh_key_clean(key) // OK

         -> SAFE_FREE(key)     // OK, but, sshbind->dsa is *not* set to NULL

  // ssh_bind_listen failed, so clean up ssh_bind
  ssh_bind_free(b);

    -> ssh_key_free(sshbind->dsa)  // double-free here

To fix, set pointers to NULL that have been free'd with 'ssh_key_free'.

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-01-16 09:27:41 +01:00
Andreas Schneider
4f4e917187 bind: Correctly free all memory in ssh_bind_free().
Thanks to Jacob Baines.
2013-12-09 19:49:54 +01:00
Jon Simons
099b914fd9 bind: fix leak in ssh_bind_accept error path
Use 'ssh_socket_free' to cleanup if 'ssh_bind_accept_fd'
fails, to be sure to free the ssh_socket in/out buffers.
2013-10-24 10:37:37 +02:00
Andreas Schneider
2c91efcc68 log: Implment new logging functions. 2013-07-14 12:36:59 +02:00
Aris Adamantiadis
82b4cffe66 bind: ssh_pki functions also return SSH_EOF error code
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2013-07-13 14:03:55 +02:00
Andreas Schneider
c6fc69fbdd BUG 97: Remove obsolete hsterror().
This function is pretty much obsolete on most platforms. The standard
errno should be used. If it is not enough on Windows we should use
WSAGetLastError() in future.
2012-12-03 13:08:17 +01:00
Andreas Schneider
9bac67a05a bind: Fix build. 2012-05-09 09:04:32 +02:00
Andreas Schneider
a3cb5b0707 server: Add ecdsa hostkey support. 2012-05-08 11:34:24 +02:00
Andreas Schneider
1973e833f2 server: Add ecdsa hostkey support. 2012-02-19 18:49:07 +01:00
Andreas Schneider
ee774479de session: Use a struct for all options. 2012-02-05 11:50:49 +01:00
Andreas Schneider
bc2ab9b414 bind: Add more error messages. 2011-11-09 10:21:51 +01:00
Andreas Schneider
d8d9755b7d bind: Fix ssh_bind_listen in normal case. 2011-10-17 19:27:29 +02:00
Aris Adamantiadis
1fcddebadc server: use app-provided bind socket when available 2011-10-13 22:30:27 +02:00
Aris Adamantiadis
551a0c855b server: ssh_bind_accept_fd
This function will not call accept() but use function parameter
instead
2011-10-13 22:23:48 +02:00
Andreas Schneider
c19c638d74 error: Use macros for error functions. 2011-09-17 10:38:08 +02:00
Andreas Schneider
4de4520559 server: Use new pki infrastructure. 2011-08-22 14:29:39 +02:00
Andreas Schneider
25a2108809 pki: Remove session from ssh_pki_import_privkey_* functions. 2011-08-16 18:53:18 +02:00
Andreas Schneider
fe375132c3 bind: Add checks around key functions. 2011-08-15 18:48:08 +02:00
Andreas Schneider
e06b3dba0d bind: Read only once in ssh_bind_listen() (bug #11). 2011-08-15 16:50:30 +02:00
Andreas Schneider
9c0af42dd8 pki: Use a consistent name scheme.
Rename ssh_key_import_private to ssh_pki_import_privkey_file.
2011-08-09 18:05:47 +02:00
Andreas Schneider
38d00c0e7a bind: Use ssh_key_import_private(). 2011-08-08 15:28:31 +02:00
Aris Adamantiadis
da954c2c5e Fixes the ssh_log issue on ssh_bind handles. 2011-07-19 22:16:28 +02:00
Andreas Schneider
7daa81f3aa doc: Improve the doc of ssh_bind_set_callbacks. 2011-03-09 18:33:03 +01:00
Bernhard R. Link
b1db0e54ad bind: Set errors on return.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2011-02-14 22:48:53 +01:00
Andreas Schneider
c54d6b7f8a bind: Added include file for close function on Windows. 2011-01-02 19:35:53 +01:00
Andreas Schneider
887d201bd3 server: Added missing include files for getaddrinfo on Windows. 2010-12-29 20:53:28 +01:00
Andreas Schneider
b4c62ac9ea server: Replace gethostbyname() with getaddrinfo().
Fixes rlo#13.
2010-12-27 21:51:55 +01:00
Aris Adamantiadis
0e82cdeadc Moved includes from priv.h to bind.h 2010-10-27 23:06:38 +02:00
Aris Adamantiadis
ea4aa26dbb Split ssh_bind functions in a new .c file 2010-10-20 16:54:22 +02:00