lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-12 15:41:16 +03:00
Code Activity
6,080 Commits 12 Branches 62 Tags
fe53cdfabdc82fd8bd50d263a653a15d9439b79c
Commit Graph

6080 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jakub Jelen
f8817c0c35 tests: Simple reproducer for rekeying with different kex 
We do not use SHA1 as it is disabled in many systems

Verifies CVE-2021-3634

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2021-08-18 14:13:56 +02:00
Jakub Jelen
f5211239f9 CVE-2021-3634: Create a separate length for session_id 
Normally, the length of session_id and secret_hash is the same,
but if we will get into rekeying with a peer that changes preference
of key exchange algorithm, the new secret hash can be larger or
smaller than the previous session_id causing invalid reads or writes.

Resolves https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35485

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2021-08-18 14:13:56 +02:00
Jakub Jelen
a3b2229a4e More consistent logging 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2021-08-18 14:13:56 +02:00
Andreas Schneider
fd9fda67f9 gitlab-ci: Fix indentation and complaints by yamllint 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2021-08-17 14:04:12 +02:00
Andreas Schneider
a7d2fe9503 Add editorconfig config file 
See https://editorconfig.org/ for details.

(neo)vim: https://github.com/editorconfig/editorconfig-vim
emacs:    https://github.com/editorconfig/editorconfig-emacs

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2021-08-12 20:02:35 +02:00
Kevin Jones
188d0785e1 Update is_cert_type to account for security key certificates. 
Signed-off-by: Kevin Jones <kevin@vcsjones.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2021-08-12 20:02:31 +02:00
Norbert Pocs
63f97a3d03 Fix some compiler warnings 
Covscan analyzer was used

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2021-08-12 20:02:25 +02:00
Jakub Jelen
6daa95f9c1 .gitlab-ci: Allow failure of windows runners as they are broken 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2021-08-11 19:33:12 +02:00
Jeremy Cross
d1abe26be3 [#48/T22] Added missing server reply on auth-agent-req when a reply was requested by the client. PuTTY for Windows chokes without this reply if "Allow agent forwarding" is enabled. Reply will be successful if channel_auth_agent_req_function callback is defined. Based on an unmerged patch by Jon Simons. 
Signed-off-by: Jeremy Cross <jcross@beyondtrust.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2021-07-07 14:17:07 +02:00
Jeremy Cross
0bee5d5e97 fixed issue with ssh_connector when data has been consumed by a channel callback 
Signed-off-by: Jeremy Cross <jcross@beyondtrust.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2021-07-07 11:05:25 +02:00
Serdar Sanli
7dfed5c3cb Fix error in documentation 
Signed-off-by: Serdar Sanli <mserdarsanli@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2021-07-06 11:25:32 +02:00
Xiang Xiao
925dc92d52 misc: Avoid the 4KB stack buffer in ssh_bind_options_expand_escape 
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: Icfd24fdb8c7f549b8cb72d793cfc767979740fdc
 2021-06-16 11:58:07 +02:00
Xiang Xiao
9eba361ca2 misc: Avoid the 4KB stack buffer in ssh_path_expand_escape 
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I908ef4dfa960bf89f8e42f99af2f8bcdbb006bc8
 2021-06-16 11:58:06 +02:00
Xiang Xiao
f2bd44969b Make the max file line length configurable 
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I0bc70f4459a6eaa6f4c87887a5ee7822faf22443
 2021-06-16 11:56:53 +02:00
Xiang Xiao
dbe504ea0a Make the transfer buffer size configurable 
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I5052bac703b5a0c289ca5c28569cadeb54d3d507
 2021-06-16 11:56:44 +02:00
Xiang Xiao
14276f0b51 log: add ssh_vlog to save the stack space 
and add LOG_SIZE macro to control the buffer size

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I3eaeea001fc531fdb55074fc3a9d140b27847c1f
 2021-06-10 14:56:29 +02:00
Xiang Xiao
672c1f8a3a windows: Define PATH_MAX to MAX_PATH 
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: Ib3358ecb029d93c263d3cb39da25e82a772ae2c7
 2021-06-10 09:22:32 +02:00
Jakub Jelen
592d256a0b Enable freebsd runner also for jjelen 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2021-06-07 11:34:32 +02:00
Jakub Jelen
aac975b7b2 Unbreak build on freebsd 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2021-06-07 11:28:29 +02:00
Andrew Wiley
c40576c6f6 add moduli file location as an ssh_bind option 
Signed-off-by: Andrew Wiley <wiley@outlook.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2021-06-04 22:27:51 -07:00
Andrew Wiley
6aa88e22d6 build samplesshd-cb example on Windows too 
Signed-off-by: Andrew Wiley <wiley@outlook.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2021-06-04 22:27:51 -07:00
Andrew Wiley
bd7bef8b50 fix error checks on channel writes in samplesshd-cb example 
Signed-off-by: Andrew Wiley <wiley@outlook.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2021-06-04 22:27:51 -07:00
Andrew Wiley
fb8d120bec make GSSAPI optional in the samplesshd-cb example 
Signed-off-by: Andrew Wiley <wiley@outlook.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2021-06-04 22:27:51 -07:00
Xiang Xiao
286a706394 scp: Avoid allocate 8KB stack buffer in ssh_scp_deny_request 
since ssh_scp_deny_request is seldom called, let's
utilize malloc to reserve the precise size memory.

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I8e7a6d3153cff7691329b9487cd534a7f2887a35
 2021-06-01 10:48:41 +08:00
Xiang Xiao
b6b5c59223 socket: Read the data directly into in_buffer 
to avoid allocate 4KB buffer from stack

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: Id144ff764ee1ae98f87aee36793a9f0e4fce21b7
 2021-05-31 21:44:08 +02:00
Xiang Xiao
f7369423a4 agent: Avoid 1KB temporary buffer in agent_talk 
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I9acffc6deef534659f89ca8ddb0cd60b325aaeb2
 2021-05-31 21:36:26 +02:00
Xiang Xiao
a8a74a70fa examples/ssh_server_fork: Support the multi-client through pthread 
so the same code base demo both multi-process and multi-thread model

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I98554a99b7a31586be37abde7c357f81a05c3d6e
 2021-05-31 12:21:42 +02:00
Xiang Xiao
3b29e2ad4c sftp: Read the data directly into packet->payload 
to avoid allocate 16KB buffer from stack and one memory copy

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: Ib71cb5834b7810bf9791e13c58571e2b9fa5bca1
 2021-05-27 13:45:47 +02:00
Xiang Xiao
3ab17e3fbd channels: Read into buffer directly in channel_read_buffer 
to avoid allocate 8KB buffer from stack

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: Ifc198705cb8ecec6f0a609f84965382dc151693b
 2021-05-27 13:45:47 +02:00
Xiang Xiao
c027585a50 Don't allocate ssh_blf_ctx from stack in bcrypt_pbkdf 
to reduce the stack size requirement

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I6a91250524786af3358b0fd0f05ba8e45f76d278
 2021-05-27 13:45:47 +02:00
Xiang Xiao
ef02e524df packet: Change the last argument of ssh_packet_encrypt to uint32_t 
to match the implemntation in packet_crypt.c

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: Ib76c3585f67dae22ed0f1dfc10dadcd03c762032
 2021-05-27 13:45:47 +02:00
Xiang Xiao
50934a542d mbedtls: Change the last argument of cipher_[de|en]crypt_cbc to size_t 
to avoid their prototype different from ssh_cipher_struct

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I6cba2d4fea131f13d028226023da692494caa87d
 2021-05-27 13:45:47 +02:00
Xiang Xiao
07245c1cdd Fix error: dereferencing pointer to incomplete type ‘struct timeval’ 
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I99d2016595966d805c9e27b5c2f2a0a5b4ad8611
 2021-05-27 13:45:47 +02:00
Xiang Xiao
094aeeafbe examples/ssh_server: Free the resource in the failure path 
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I60f64b9eda3ba233a825b2c4fe19d5bf7eaf2fa3
 2021-05-27 13:45:47 +02:00
Sahana Prasad
cfd883196d Fixes typo in src/buffer.c 
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2021-05-27 13:45:47 +02:00
Xiang Xiao
d2182bb7af Replace the hardcode max path length with PATH_MAX 
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: Icb1d36b48a759ec11dbaa4c09a39037a80ab0f85
 2021-05-27 13:45:47 +02:00
Andreas Schneider
ae44d846b8 gitlab-ci: Enable new freebsd runner 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2021-05-27 13:25:02 +02:00
Andreas Schneider
dfcf793a9f doc: Add REAMDE how to setup a freebsd gitlab runner 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2021-05-27 13:25:02 +02:00
Andreas Schneider
7657994aed gitlab-ci: Use shared Windows runners from gitlab 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2021-05-27 11:59:38 +02:00
Andreas Schneider
7ab6194a82 gitlab-ci: Disable the freebsd runner 
We need a new one. Disable till set up and registered

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2021-05-26 17:43:49 +02:00
Andreas Schneider
d2a41e606b tests: Fix running timeout tests on gitlab windows runners 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2021-05-26 17:36:51 +02:00
Xiang Xiao
9b7c4307a4 examples/ssh_client: Fix the memory leak in RTOS environment 
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I20108753cf0b86e18724171dc7b25790350edb08
 2021-05-12 16:01:18 +02:00
Xiang Xiao
c9e6461546 examples/ssh_client: call ssh_init explicitly 
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I52011de66a9e1a6a318fcb91fb7357cd97c534a3
 2021-05-12 16:01:18 +02:00
Xiang Xiao
5c919c4edb examples/ssh_server: Support the command line parser without argp package 
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: Ia39a402e4684d2f0ef014b4effd255692b576ce3
 2021-05-12 16:01:18 +02:00
Xiang Xiao
9bff4cb9b9 examples/ssh_server: Add -u and -P option 
enable pass username and password from command line

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I6404b90a99253d3240f7a28827635b159ff6a574
 2021-05-12 16:01:18 +02:00
Xiang Xiao
43a31b81f2 examples/libssh_scp: Remove the duplication of free(loc->host) 
and free sources at the end of program

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: Ia6a51d52439722b46547449e85350b3193e5ba28
 2021-05-12 16:01:18 +02:00
Xiang Xiao
46624648f9 examples/libssh_scp: call ssh_init and ssh_finalize explicitly 
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I4c80904d40b068f47334c3116576de07782162f6
 2021-05-12 16:01:18 +02:00
Xiang Xiao
e909bde2c5 examples/ssh_client: Check SIGWINCH is defined before using it 
since not all POSIX platform support SIGWINCH signal
and remove the global variable chan

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I70217020c84b056270ed680008a1871383b5fc7b
 2021-05-12 16:01:18 +02:00
Jakub Jelen
605f7fb2de Revert "Fix error: dereferencing pointer to incomplete type ‘struct timeval’" 
because of inconsistent author and sign-off

This reverts commit 8ea7fc6129.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2021-05-12 16:01:15 +02:00
Jakub Jelen
ba04f788f4 Revert "mbedtls: Change the last argument of cipher_[de|en]crypt_cbc to size_t" 
because of inconsistent author and sign-off

This reverts commit aef467ab4a.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2021-05-12 16:01:12 +02:00