Notes:
* Bug fix for gen_publickey_from_rsa
Increment buffer write pointer after writing modulus and after writing exponent.
Add 1 to modulus(bignum) size.
Credit:
skuodi
- move dependency properties (libs, libdirs, C flags, header dirs,
pkg-config module names) from global lists to imported target
`INTERFACE` properties. Rework FInd modules to return their results
like this and update the libssh2 build process to use it. It makes
Find modules re-usable from the cmake-config script by libssh2
consumers, to integrate with libssh2 dependencies.
- define libssh2 dependencies as "imported targets" by the name:
`libssh2::<depname>`, e.g. `libssh2::libgcrypt`.
- cmake-config: add fall-back logic for CMake without
CMP0099 (v3.17 2020-03-20) to set lib directories.
- generate `libssh2.pc` based on imported target properties (instead of
global lists).
- add target property dump debug function.
- ci/GHA: also test cmake integration on macOS.
Follow-up to 96d7f404e7#1534Closes#1535
Notes:
PR Description:
Bug Type: Segv on unknown address
Summary: A vulnerability was discovered in the libssh2 program where an invalid memory access occurred due to dereferencing a NULL pointer. The issue was identified in the diffie_hellman_sha_algo function within kex.c.
Fix Summary: The patch resolves the issue by introducing a NULL pointer check for session->hostkey before dereferencing it. If the pointer is NULL, a corresponding error is returned, and the function exits gracefully. This fix ensures the program does not attempt to access invalid memory. The patch improves the security and stability of the program by preventing segmentation faults caused by invalid memory access.
Make sure to allocate enough space for malformed base64 encoded data. Changed signed size values to unsigned to match input so we can't possibly truncate input.
Credit:
Stanislav Osipov
- drop adding redundant ZLIB manual include headers.
It's done now via `ZLIB::ZLIB`.
Follow-up to 96d7f404e7#1534
- src: replace missed `ZLIB_LIBRARIES` with `ZLIB::ZLIB`.
Follow-up to 96d7f404e7#1534
- src: drop always true `ZLIB_FOUND` check.
Cherry-picked from #1535
CMake:
- Find*: set `<modulename>_FOUND` for compatibility when found via
`pkg-config`. E.g. `MbedTLS_FOUND`.
`find_package_handle_standard_args()` sets both `<MODULENAME>_FOUND`
and `<Modulename>_FOUND` when detecting the dependency. Some CMake
code relies on this and 3rd-party code may rely on it too. Make sure
to set the latter variant when detecting the dependency via
`pkg-config`, where we don't call
`find_package_handle_standard_args()`.
CMake sets these variable to `TRUE` (not `ON` or `1`). Replicate this
for compatibility.
- libssh2-config.cmake: inherit default `LIBSSH2_USE_PKGCONFIG`.
Follow-up to a3aa6b4ca8#1525
- document variables consumed by `libssh2-config.cmake.in`.
- `libssh2-config.cmake`: fix to link to non-OpenSSL crypto backends.
This is most likely not how this is supposed to be done, but better
than failing.
What's the canonical way to do this, and how OpenSSL and zlib does it
is yet to be figured out.
- use `ZLIB::ZLIB` to reference zlib.
- use `IN ITEMS` where missed.
- harmonize variable dump output formats.
CMake `find_package` integration tests:
- extend to all crypto backends (was: OpenSSL).
- show libssh2 variables set by `find_package()`.
- stop building examples and tests for the consumed package.
For performance.
- enable zlib, for coverage.
- be verbose when building the test targets.
ci/GHA:
- add packaged mbedTLS (2.x) build to Linux matrix.
- alphasort some tests.
Follow-up to d9c2e550ca#1460
Follow-up to 82b09f9b3a#1322Closes#1534
- ci/appveyor: add clang-cl job.
- ci/appvayor: optimize setting an env.
- build: fix clang-cl builds.
- build: fix `-Wcast-function-type` compiler warnings for OpenSSL 3.
- build: use `stdint.h` with MSVC when supported.
- src: use `PRId64` for MSVC where supported.
- src: avoid recursive macro definition for `recv()` and `send()`.
- session: silence `-Wcast-function-type` for `libssh2_session_callback_set2()`.
Sadly this function is still not fully warning-clean, and it
seems we'd need separate setter-getters for each callback
to avoid all warnings.
Closes#1484
Also:
- switch to non-deprecated alternative in examples.
- add pointers and deprecation warning to libssh2_scp_send man page.
Cherry-picked from #1484
- enable compiler warning `-Wcast-qual`.
- add `LIBSSH2_UNCONST()` macro to strip const where absolutely
necessary to avoid compiler warnings.
- fix const stripping by constifying where necessary.
- fix const stripping by using `LIBSSH2_UNCONST()`.
- libgcrypt.h: drop unnecessary casts.
- openssl: fix to use new `BIO_new_mem_buf()` parameter types
with wolfSSL.
Cherry-picked from #1484Closes#1527
- show platform flags (via curl).
- add `LIBSSH2_USE_PKGCONFIG` option to control whether to use
`pkg-config` to find dependencies.
- set `.pc` names withing the Find modules.
- add `mbedcrypto` to `libssh2.pc` only when detected via `pkg-config`.
Workaround for older mbedtls versions and non-CMake mbedTLS builds
(as of mbedTLS 3.6.2) that don't emit an `mbedcrypto.pc` file.
- set header paths relative to the project root (tidy-up).
- use `-isystem` for crypto backend and zlib header paths.
To match autotools.
- sync header path order with autotools.
- rename local variables to underscore-lowercase.
- minor tidy-ups.
Cherry-picked from #1484Closes#1525
- cmake: add support to build ossfuzz.
Enable with `-DBUILD_OSSFUZZ=ON`.
Also supports `-DLIB_FUZZING_ENGINE=` like autotools does.
- check for `__clang__` when suppressing warnings in source. Necessary
for clang-cl, which set `__clang__`, but doesn't set `__GNU__`.
- cmake: optimize out 4 picky warning option detections with gcc.
- cmake: bring `-pedantic-error`, `-Wall` use closer to curl's.
- cmake: set `-Wno-language-extension-token` for clang-cl.
- cmake: escape only the necessary `-W` options for clang-cl.
- cmake: apply picky warnings to C++.
- cmake: replace `unset(VAR)` with `set(VAR "")` for init.
- cmake: prefer dash-style MSVC options.
- cmake: simplify `MATCHES` expression.
- cmake: formatting/whitespace.
- ci/GHA: bump `actions/upload-artifact` to v4
Closes#1524
* userauth.c: fix possible memory leaks #1504
Notes:
Fix possible memory leaks if `userauth_list()` is called more than once, e.g. an auth error case.
Author:
Will Cosgrove
Credit:
pyscripter
The trace handler is called from two places in libssh2. One of them was
passing a newline at the end of the trace message string, the other one
was not.
When the trace handler feature was introduced, a newline was passed both
via `debugdump()` and `libssh2_debug()`:
44eba0c993 (2010-01-15)
Shortly after a commit deleted the newline for `libssh2_debug()`:
0f0652a309 (2010-06-23)
This patch re-syncs behaviour between the traceback callbacks by
dropping the newline for trace handler calls made from `debugdump()`.
Reported-by: Chris Emsen
Fixes#1485
Follow-up to 0f0652a309Closes#1492
Building 3 tests require static libssh2 lib. Some may prefer not to
create the static lib, yet prefer to build all tests, including those
3 that require it.
Detect such intent by looking for an explicit `BUILD_TESTING=ON` and
`BUILD_STATIC_LIBS=OFF`, then build the static lib anyway but without
installing it.
Reported-by: Eli Schwartz
Fixes#1450Closes#1469
If server had banner exceeding 256 bytes there wasn't enough room in
`_LIBSSH2_SESSION.banner_TxRx_banner`. Only the first 256 bytes would be
read making the first packet read fail but also dooming key exchange as
`session->remote.banner` didn't include everything.
This change bumps the banner buffer to 8KB to match OpenSSH.
Fixes#1442Closes#1443
Generate `LIBSSH2_PC_LIBS_PRIVATE` from `LIBSSH2_LIBS`.
Also add extra libdirs (`-L`) to `Libs` and `Libs.private`.
Logic copied from curl.
Closes#1466
The `send_existing()` function allows partially sent packets to be sent
fully before any further packets are sent. Originally this returned
`LIBSSH2_ERROR_BAD_USE` when a different caller or thread tried to send
an existing packet created by a different caller or thread causing the
connection to disconnect. Commit 33dddd2f8a removed the return
allowing any caller to continue sending another caller's packet. This
caused connection instability as discussed in #1397 and confused the
client and server causing occasional duplicate packets to be sent and
giving the error `rcvd too much data` as discussed in #1431. We return
`LIBSSH2_ERROR_EAGAIN` instead to allow existing callers to finish
sending their own packets.
Fixes#1397Fixes#1431
Related #720
Credit: klux21, rolag
Probably the biggest and potentially most controversial change we have
to upstream.
Because earlier versions of OpenSSL implemented the algorithm before
standardization, using an older version of OpenSSL can cause problems
connecting to OpenSSH servers. Because of this, we use the public domain
reference implementation instead of the crypto backends, just like
OpenSSH does.
We've been holding this one for a few years. We were about to upstream
it around the same time as aes128gcm landed upstream, and the two
changes were completely incompatible. Honestly, it took me weeks to
reconcile these two implementations, and it could be much better.
Our original implementation changed every crypt method to decrypt the
entire message at once. the AESGCM implementation instead went with this
firstlast design, where a firstlast paramater indicates whether this is
the first or last call to the crypt method for each message. That added
a lot of bookkeeping overhead, and wasn't compatible with the chacha
public domain implementation.
As far as I could tell, OpenSSH uses the technique of decrypting the
entire message in one go, and doesn't have anything like firstlast.
However, I could not get out aes128gcm implementation to work that way,
nor could I get the chacha implementation to work with firstlast, so I
split it down the middle and let each implementation work differently.
It's kind of a mess, and probably should be cleaned up, but I don't have
the time to spend on it anymore, and it's probably better to have
everything upstream.
Fixes#584Closes#1426
The wolfSSL OpenSSL headers reside in `wolfssl/openssl/*.h`.
Before this patch the wolfSSL OpenSSL compatibilty header includes were
shared with the native OpenSSL codepath, and used `openssl/*h`. For
wolfSSL builds this required a hack to append the
`<wolfssl-prefix>/wolfssl` directory to the header search path, to find
the headers.
This patch changes the source to use the correct header references,
allowing to drop the header path hack.
Also fix to use the correct variable to set up the header path in CMake:
`WOLFSSL_INCLUDE_DIRS` (was: `WOLFSSL_INCLUDE_DIR`, without the `S`)
Closes#1439
