Notes:
LIBSSH2_ERROR_BUFFER_TOO_SMALL is returned if the buffer is too small
to contain a returned directory entry. On this condition we jump to the
label `end`. At this point the number of names left is decremented
despite no name being returned.
As suggested in #714, this commit moves the error label after the
decrement of `names_left`.
Fixes#714
Credit:
Co-authored-by: Gabriel Smith <gabriel.smith@precisionot.com>
Notes:
When setting a ServerAliveInterval using libssh2_keepalive_config() with want_reply set to true, some servers will reply to the keep-alive requests with a single SSH_MSG_REQUEST_FAILURE packet. This is an allowed behavior in RFC 4254, section 4.
Credit:
Michael Buckley
Notes:
In #614 it was identified the docs do not accurately show how libssh2_channel_flush_ex() return value is set. I have updated the doc's to correctly show what the function is returning.
Credit:
Ryan Kelley
File: userauth.c
Notes:
This patch fixes application crashes due to heap corruption. Turns out the null terminator is written one byte outside of the allocated area.
Credit:
Zenju
File: openssl.h
Notes:
In openssl 1.1.0 and later openssl decided to change some of the defines used to check if certain features are not compiled in the libraries. This updates the define checks.
Credit:
Harry Sintonen
Co-authored-by: Harry Sintonen <sintonen@iki.fi>
Files: userauth_kbd_packet.c, userauth_kbd_packet.h, test_keyboard_interactive_auth_info_request.c, userauth.c
Notes:
This refactors `SSH_MSG_USERAUTH_INFO_REQUEST` processing in `userauth_keyboard_interactive()` in order to improve robustness, correctness and readability or the code.
* Refactor userauth_keyboard_interactive to use new api for packet parsing
* add unit test for userauth_keyboard_interactive_parse_response()
* add _libssh2_get_boolean() and _libssh2_get_byte() utility functions
Credit:
xalopp
files: packet.c, libssh2_priv.h
notes:
* Fix heap buffer overflow in _libssh2_key_sign_algorithm
When allocating `session->server_sign_algorithms` which is a `char*` is is important to also allocate space for the string-terminating null byte at the end and make sure the string is actually null terminated.
Without this fix, the `strchr()` call inside the `_libssh2_key_sign_algorithm` (line 1219) function will try to parse the string and go out of buffer on the last invocation.
Credit: tihmstar
Co-authored-by: Will Cosgrove <will@panic.com>
Files: libssh2.h, agent.c, userauth.c
Notes:
Part 2 of the fix for #659. This adds rsa key downgrading for agents that don't support sha2 upgrading. It also adds better trace output for debugging/logging around key upgrading.
Credit:
Will Cosgrove (signed off by Michael Buckley)
It uses wolfSSL's OpenSSL compatibility layer, so rather than introduce new
wolfssl.h/c files, the new backend just reuses openssl.h/c. Additionally,
replace EVP_Cipher() calls with EVP_CipherUpdate(), since EVP_Cipher() is not
recommended.
Credit: Hayden Roche
File:
version.c, HACKING-CRYPTO, libssh2.h, libssh2_crypto_engine.3, makefile.
Notes:
libssh2_crypto_engine() API to get crypto engine at runtime.
Credit: Bastien Durel
Notes:
* Host Key RSA 256/512 support #536
* Client side key hash upgrading for RFC 8332
* Support for server-sig-algs, ext-info-c server messages
* Customizing preferred server-sig-algs via the preference LIBSSH2_METHOD_SIGN_ALGO
Credit: Anders Borum, Will Cosgrove
Notes:
Add CIFuzz integration to run fuzzer using the OSS-Fuzz infrastructure
at each PR.
Signed-off-by: David Korczynski <david@adalogics.com>
Closes#635
Files: libssh2.h
Notes:
`_WINDLL` is only defined when a Visual Studio CMake generator is used, `libssh2_EXPORTS` is used though for all CMake generator if a shared libssh2 library is being built.
Credit:
Uwe L. Korn
Fix these categories of warning:
- in `wincng.c` disagreement in signed/unsigned char when passing around
the passphrase string:
`warning: pointer targets in passing argument [...] differ in signedness [-Wpointer-sign]`
Fixed by using `const unsigned char *` in all static functions and
applying/updating casts as necessary.
- in each use of `libssh2_*_init()` macros where the result is not used:
`warning: value computed is not used [-Wunused-value]`
Fixed by using `(void)` casts.
- `channel.c:1171:7: warning: 'rc' may be used uninitialized in this function [-Wmaybe-uninitialized]`
Fixed by initializing this variable with `LIBSSH2_ERROR_CHANNEL_UNKNOWN`.
While there I replaced a few 0 literals with `LIBSSH2_ERROR_NONE`.
- in `sftp.c`, several of these two warnings:
`warning: 'data' may be used uninitialized in this function [-Wmaybe-uninitialized]`
`warning: 'data_len' may be used uninitialized in this function [-Wmaybe-uninitialized]`
Fixed by initializing these variables with NULL and 0 respectively.
- Also removed the exec attribute from `wincng.h`.
Notes:
- There are many pre-existing checksrc issues.
- The `sftp.c` and `channel.c` warnings may apply to other platforms as well.
Closes#628
