lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-09 15:41:10 +03:00
Code Activity
6,049 Commits 12 Branches 62 Tags
cf1e02010cf358b50d7744d61fa2bc8184fbffcb
Commit Graph

6049 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Francesco Rollo
cf1e02010c fix: change ipv6 addresses processing for CIDR matching 
Signed-off-by: Francesco Rollo <eferollo@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-06-07 13:19:56 +02:00
Francesco Rollo
e33ef71dee tests: Add tests for CIDR matching and predicate matching 
Signed-off-by: Francesco Rollo <eferollo@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
 2024-06-06 12:30:43 +02:00
Francesco Rollo
e90df71955 feature: Add match_localnetwork predicate and its feature 
Signed-off-by: Francesco Rollo <eferollo@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
 2024-06-06 12:29:27 +02:00
Jakub Jelen
c93a730bc1 examples: Make sure the callback structure is initialized 
When the callback structure is allocated with malloc, some fields might be
uninitialized and therefore could cause undefined behavior or crashes.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-06-04 12:47:25 +02:00
Jakub Jelen
70d0993312 gssapi: Fix typo 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-06-04 12:47:20 +02:00
Jakub Jelen
0cbd35f1fd INSTALL: Update minimal CMake version to match reality 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-06-04 12:46:55 +02:00
Bastian Germann
f3fe85f45e external: Update OpenSSH blowfish implementation 
Import blowfish that was last changed in OpenSSH v8.9:
https://github.com/openssh/openssh-portable/commit/158bf854e2a22cf0906430

"The main change is that Niels Provos kindly agreed to rescind the
BSD license advertising clause, shifting them to the 3-term BSD
license."

Fixes: #153

Signed-off-by: Bastian Germann <bage@debian.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-05-21 11:33:17 +02:00
Wenjie Yang
51a728dcdf Remove the offending supression record. 
Signed-off-by: Wenjie Yang <yangw.ing@foxmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-05-21 11:32:19 +02:00
Jakub Jelen
e17161dc4f tests: Fix setting home dir argument 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-05-17 12:00:59 +02:00
Jakub Jelen
0796331c67 ci: Run mbedtls CI also on Centos9 as it will likely not get rebase to 3.6 soon 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-05-16 11:12:18 +02:00
Jakub Jelen
48d8733f6e ci: Add CI target with mbedtls 3.6.0 branch 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-05-16 11:12:18 +02:00
Jakub Jelen
c15ef71999 tests: Test coverage for bignum_dup() 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-05-16 11:12:18 +02:00
Jakub Jelen
32d99ec5e5 mbedcrypto: Fix bignum_dup() 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-05-16 09:56:38 +02:00
Jakub Jelen
fc5dd6f57c mbedcrypto: Simplify copy&paste code between v2 and v3 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-05-16 09:56:38 +02:00
Jakub Jelen
b815ca08b3 mbedcrypto: Initialize mpi structs to avoid crashes 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-05-16 09:56:38 +02:00
Jakub Jelen
0882338142 Detect blowfish in mbedtls and skip it if not found 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-05-16 09:56:38 +02:00
Jakub Jelen
a8883199d4 cmake: Compatibility with MbedTLS 3.6.0 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-05-16 09:56:38 +02:00
Jakub Jelen
1db37cd9f4 cmake: Fix typo in error message 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-05-16 09:56:38 +02:00
Andreas Schneider
a5f082db83 tests:client: Add test which checks if we got an exit signal 
Fixes #235

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-05-13 15:41:54 +02:00
Andreas Schneider
04d86aeeae channels: Implement better ssh_channel_get_exit_state() variant 
This way we will get errors as return code else we don't know if the
function failed (SSH_ERROR) or the exit_status is -1 which would
correspond to SSH_ERROR.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-05-13 15:41:54 +02:00
Andreas Schneider
d40a6448a4 channels: Store exit-signal in channel structure 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-05-13 15:41:54 +02:00
Andreas Schneider
fdf8dc2750 channels: Reformat SSH_PACKET_CALLBACK(channel_rcv_request) 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-05-13 15:41:54 +02:00
Andreas Schneider
b2d3a4670a channels: Use a structure to store exit information 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-05-13 15:41:54 +02:00
Andreas Schneider
bc1acb5312 channels: Make exit_status and uint32_t 
This is what we get in the packet and is defined in RFC4254.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-05-13 15:41:54 +02:00
Andreas Schneider
3ce68badca channels: Reformat ssh_channel_exit_status_termination() 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-05-13 15:41:54 +02:00
Andreas Schneider
d7bfbebad6 tests:client: Add test for exit_status 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-05-13 15:41:54 +02:00
Andreas Schneider
765597e31f tests:client: We need to set channel to NULL after we freed it 
This fixes an invalid memory read in ssh_channel_get_exit_status() below.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2024-05-13 15:41:54 +02:00
Andreas Schneider
8aa808a600 include: Introduce a SSH_CHANNEL_FREE() macro 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2024-05-13 15:41:54 +02:00
Andreas Schneider
649f381029 cmake: Rename torture_server test 
This makes it easier to select it as a single test with:
`ctest -R torture_server_default*`

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-05-13 15:41:54 +02:00
Andreas Schneider
081a59371b server: Introduce ssh_send_disconnect() 
This will only send the disconnect message and close the socket. We
should not free any memory here. This should be done by the server
implementation.

Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 2024-05-13 15:41:54 +02:00
Jakub Jelen
8577f588c3 tests: Support logging into separate file for exec-ed libssh test server 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2024-05-13 11:56:22 +02:00
Jakub Jelen
9170320298 ci: Update tags for shared linux and windows runners 
Use the Windows tags from the following article:

https://docs.gitlab.com/ee/ci/runners/hosted_runners/windows.html

The Windows runner are now extremely slow so moving them out of the
pipeline/dependency chain.

The Linux tags were removed with GitLab 17.0. But we need to use the new tags to
avoid the generic jobs being picked up by specific runners, such as freebsd.

https://about.gitlab.com/blog/2023/08/15/removing-tags-from-small-saas-runner-on-linux/
https://docs.gitlab.com/ee/update/deprecations.html#removal-of-tags-from-small-saas-runners-on-linux

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 2024-05-13 11:56:22 +02:00
Wenjie Yang
7f442afd57 Fix missing memory free functions in pki_key_to_blob(). 
Signed-off-by: Wenjie Yang <yangw.ing@foxmail.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-05-07 12:41:09 +02:00
Jakub Jelen
89c53e1962 libgcrypt: Prevent signature blob to start with 1 bit 
This should prevent the long standing random failures of libgcrypt pipeline. I
was recently able to reproduce it only with dropbear, which sounds like choking
on the signature starting with bit 1, possibly interpretting it as a negative
value.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-04-29 14:33:16 +02:00
Jakub Jelen
dceb17d2ad libgcrypt: Reformat 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-04-29 14:33:16 +02:00
Jakub Jelen
2e4a9e3f7b libgcrypt: Initialize pointers 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-04-29 14:33:16 +02:00
Feynman-young
cbabc72555 Add an error handler unittest for ssh_options_set(). 
Add an error handler unittest for ssh_options_set with case SSH_OPTIONS_HOST when ssh_config_parse_uri returns error.

Signed-off-by: Wenjie Yang <yangw.ing@foxmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-04-29 08:42:59 +02:00
Feynman-young
3577eea324 Add ssh_set_error_invalid in ssh_options_set(). 
Add ssh_set_error_invalid in ssh_options_set with case SSH_OPTIONS_HOST after ssh_config_parse_uri returns error.

Signed-off-by: Wenjie Yang <yangw.ing@foxmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-04-29 08:42:58 +02:00
Diego Roux
46a28cfc49 log: fixes legacy fallback for multiple sessions. 
Legacy code in 'ssh_set_callbacks' will fallback to
'ssh_legacy_log_callback' (if the current log cb is
NULL) setting the user data to the current session.

However, if any other session is created afterwards,
it won't update the user data with the new session,
potentially leading to a use-after-free.

Fixes #238.

Signed-off-by: Diego Roux <diegoroux04@protonmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-04-29 08:42:26 +02:00
Abdelrahman Youssef
3227a4cae0 use internal-sftp 
Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-04-29 08:36:03 +02:00
Abdelrahman yossef
efc1176232 tests: setstat and lsetstat 
Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-04-29 08:36:00 +02:00
Abdelrahman yossef
fc451a8f3d fs_wrapper: added stat and lstat 
Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-04-29 08:35:42 +02:00
Abdelrahman Youssef
19e62a78a6 sftp: Added lsetstat extension 
Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-04-29 08:35:42 +02:00
Jakub Jelen
164ca9ae93 libcrypto: Check return values in KDF handling 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2024-04-27 10:40:06 +02:00
Debanga Sarma
455d26a479 parse count, longname and attrs fields of SSH_FXP_NAME message 
Signed-off-by: Debanga Sarma <deb737@proton.me>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-04-18 02:30:21 +05:30
Debanga Sarma
095ab5ad61 use internal-sftp for testing 
Signed-off-by: Debanga Sarma <deb737@proton.me>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-04-16 03:10:52 +05:30
Debanga Sarma
a9c998c080 test: add tests for sftp extension "home-directory" 
Signed-off-by: Debanga Sarma <deb737@proton.me>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-04-15 11:54:35 +00:00
Debanga Sarma
b500c2f0cf feat: add support for sftp extension "home-directory" 
Signed-off-by: Debanga Sarma <deb737@proton.me>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-04-15 11:54:35 +00:00
Debanga Sarma
4edd0669fd test: test coverage for SSH_BIND_OPTIONS_IMPORT_KEY_STR and ed25519 keys 
Signed-off-by: Debanga Sarma <deb737@proton.me>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-04-15 11:48:31 +02:00
Debanga Sarma
2daf3dc4a8 feat: add option to read user-supplied key string in ssh_bind_options_set() 
Signed-off-by: Debanga Sarma <deb737@proton.me>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2024-04-15 11:48:31 +02:00