This removes the code reported by the following coverity issue:
*** CID 1548867: Insecure data handling (INTEGER_OVERFLOW)
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
The coverity thinks the best_nlines could be 0 for logging at the end of the
function. It is obvious that the 0 is immediately incremented. Changing the code
to do this in one step to make it easier to understand for static analyzers.
** CID 1548873: Integer handling issues (INTEGER_OVERFLOW)
Thanks coverity
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
fix: implement gssapi logging according to docs
fix: remove redundant setting of session->gssapi to NULL
feat: add gssapi struct and functions to header file
refactor: initialize gssapi context once
fix: remove redundant ssh_gssapi_free
Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
feat: tests set hostname for sshd, make GSSAPIStrictAcceptorCheck yes pass
feat: add GSSAPI_TESTING cmake option
feat: gssapi libssh server test
feat: make kdc setup and teardown functions
feat: add kinit, kadmin scripts to kdc setup function
feat: add some client gssapi auth tests
Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
tests: modify proxyjump tests to check for ssh_jump_info_struct
tests: add proxyjump functionality test
feat: add SSH_OPTIONS_PROXYJUMP
tests: proxyjump, check authentication
fix: ssh_socket_connect_proxyjump add exit label to exit on error
feat: implement io forwarding using pthread
feat: proxyjump: use threading instead of forking
feat: proxyjump: cancel forwarding threads on ssh_disconnect
fix: proxyjump remove ProxyJump bool and put pthread ifdefs
feat: use ssh_event for io forwarding instead of threads
reformat: tests to use assert_int_not_equal
fix: link to pthread
refactor: make function to free proxy jump list
docs: add comment for proxy jump channel
feat: add env variable to enable libssh proxy jump
feat: open channel for proxyjump like OpenSSH
feat: add more tests for proxy jump
fix: use a global variable to close io forwarding, this prevents segfaults
fix: handle proxy list in thread without creating copy
Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
.. to satisfy restricted environment or fuzzers
We are encountering weird issues in the oss-fuzz that the file disappears during
coverage build so I assume some corpus sneaked in, that contains some commands
that end up being executed as part of the coverage run causing it randomly
failing.
The solution I propose is to build fuzzers without ability to call arbitrary
commands on the filesystem (such as `rm -rf /`) as this is not the point the
fuzzers should be testing.
This is controlled by the WITH_EXEC CMake option (enabled by default).
https://github.com/google/oss-fuzz/issues/10136
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
Turns out it indirectly included err.h, which was needed for some other uses in
this file.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
The endif preprocessor directive was corresponding to an ifndef _WIN32,
a comment has been added which clarifies that.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
This commit also initializes the pointers in match_group() to NULL
in order to follow libssh coding guidelines.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
ssh_match_group() has been moved from misc.c to match.c, because it fits
better with other match_*() functions in match.c
The name of the function has also been changed from "ssh_match_group" to
"match_group" to be consistent with the naming of the other match.c
functions.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Previously the call to ssh_handle_packets() would be skipped if the buffer
wasn't empty. This meant that if ssh_channel_poll() was called on a non-blocking
channel with callbacks to handle incoming data, and the buffer already had some
data, the callbacks would never be called.
Signed-off-by: James Wrigley <james@puiterwijk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The datatype of the option value for the option SSH_OPTIONS_CONTROL_MASTER
should be int, this wasn't mentioned in the documentation. This commit
mentions that.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Text has been added to the documentation of ssh_options_set() and
ssh_bind_options_set() which explains what the third argument (value argument)
should be depending on the option value to set.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
For the data type of the third argument <value> corresponding to the
second argument <option type>, the documentation of ssh_options_set()
and ssh_bind_options_set() uses a scheme of (data_type *) in some
places whereas (data_type) in other places. Here data_type is the type
of the value which is to be set (it can be const char *, int, bool,
long, ssh_key etc)
This commit removes this inconsistency and uses the (data_type)
scheme everywhere.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The argument for RSA_MIN_SIZE ssh and sshbind option is of
(int *) type, and hence the caller can supply a pointer to a
location storing a negative value. The commit adds a check to
not allow minimum rsa key size to be set to a negative value.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
%u was being used for printing int type argument which is signed.
This commit changes the format specifier to %d.
Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This way we will get errors as return code else we don't know if the
function failed (SSH_ERROR) or the exit_status is -1 which would
correspond to SSH_ERROR.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This is what we get in the packet and is defined in RFC4254.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This will only send the disconnect message and close the socket. We
should not free any memory here. This should be done by the server
implementation.
Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This should prevent the long standing random failures of libgcrypt pipeline. I
was recently able to reproduce it only with dropbear, which sounds like choking
on the signature starting with bit 1, possibly interpretting it as a negative
value.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Add ssh_set_error_invalid in ssh_options_set with case SSH_OPTIONS_HOST after ssh_config_parse_uri returns error.
Signed-off-by: Wenjie Yang <yangw.ing@foxmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Legacy code in 'ssh_set_callbacks' will fallback to
'ssh_legacy_log_callback' (if the current log cb is
NULL) setting the user data to the current session.
However, if any other session is created afterwards,
it won't update the user data with the new session,
potentially leading to a use-after-free.
Fixes#238.
Signed-off-by: Diego Roux <diegoroux04@protonmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
