Age | Commit message (Collapse) | Author |
|
When sshd decides to not allow a login (eg PermitRootLogin=no) and
it's using PAM, it sends a fake password to PAM so that the timing for
the failure is not noticeably different whether or not the password
is correct. This behaviour can be detected by sending a very long
password string which is slower to hash than the fake password.
Mitigate by constructing an invalid password that is the same length
as the one from the client and thus takes the same time to hash.
Diff from djm@
|
|
When sshd is processing a non-PAM login for a non-existent user it uses
the string from the fakepw structure as the salt for crypt(3)ing the
password supplied by the client. That string has a Blowfish prefix, so on
systems that don't understand that crypt will fail fast due to an invalid
salt, and even on those that do it may have significantly different timing
from the hash methods used for real accounts (eg sha512). This allows
user enumeration by, eg, sending large password strings. This was noted
by EddieEzra.Harari at verint.com (CVE-2016-6210).
To mitigate, use the same hash algorithm that root uses for hashing
passwords for users that do not exist on the system. ok djm@
|
|
|
|
If we don't have it, set BROKEN_STRNVIS to activate the compat replacement.
|
|
Correct equal in test.
Upstream-Regress-ID: 4e32f7a5c57a619c4e8766cb193be2a1327ec37a
|
|
Add missing "recvfd" pledge promise: Raf Czlonka reported
ssh coredumps when Control* keywords were set in ssh_config. This patch also
fixes similar problems with scp and sftp.
ok deraadt, looks good to millert
Upstream-ID: ca2099eade1ef3e87a79614fefa26a0297ad8a3b
|
|
obsolete note about fascistloggin is obsolete. ok djm
dtucker
Upstream-ID: dae60df23b2bb0e89f42661ddd96a7b0d1b7215a
|
|
If we don't have wcwidth force fallback implementations of nl_langinfo
and mbtowc. Based on advice from Ingo Schwarze.
|
|
|
|
Move implementations of err.h replacement functions into their own file
in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@
|
|
Wrap includes in the appropriate #ifdefs.
|
|
bz#2590 - testing and patch from Jakub Jelen
|
|
DEBUGLIBS has been broken since the gcc4 switch, so delete
it. CFLAGS contains -g by default anyway
problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
ok millert@ kettenis@ deraadt@
Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542
|
|
Improve crypto ordering for Encrypt-then-MAC (EtM) mode
MAC algorithms.
Previously we were computing the MAC, decrypting the packet and then
checking the MAC. This gave rise to the possibility of creating a
side-channel oracle in the decryption step, though no such oracle has
been identified.
This adds a mac_check() function that computes and checks the MAC in
one pass, and uses it to advance MAC checking for EtM algorithms to
before payload decryption.
Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and
Martin Albrecht. feedback and ok markus@
Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b
|
|
DEBUGLIBS has been broken since the gcc4 switch, so
delete it. CFLAGS contains -g by default anyway
problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
ok millert@ kettenis@ deraadt@
Upstream-ID: 96c5054e3e1f170c6276902d5bc65bb3b87a2603
|
|
Explicitly check for 100% completion to avoid potential
floating point rounding error, which could cause progressmeter to report 99%
on completion. While there invert the test so the 100% case is clearer. with
& ok djm@
Upstream-ID: a166870c5878e422f3c71ff802e2ccd7032f715d
|
|
sort the -o list;
Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac
|
|
fix AuthenticationMethods during configuration re-parse;
reported by Juan Francisco Cantero Hurtado
Upstream-ID: 8ffa1dac25c7577eca8238e825317ab20848f9b4
|
|
revert 1.34; causes problems loading public keys
reported by semarie@
Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179
|
|
grammar fix;
Upstream-ID: 5d5b21c80f1e81db367333ce0bb3e5874fb3e463
|
|
translate OpenSSL error codes to something more
meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5
|
|
ban AuthenticationMethods="" and accept
AuthenticationMethods=any for the default behaviour of not requiring multiple
authentication
bz#2398 from Jakub Jelen; ok dtucker@
Upstream-ID: fabd7f44d59e4518d241d0d01e226435cc23cf27
|
|
Include stdarg.h for va_copy as per man page.
Upstream-ID: 105d6b2f1af2fbd9d91c893c436ab121434470bd
|
|
keys stored in openssh format can have comments too; diff
from yonas yanfa, tweaked a bit;
ok djm
Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27
|
|
Apply the same get_remote_name_or_ip -> session_get_remote_name_or_ip
change as commit 95767262 to the code inside #ifdef LOGIN_NEEDS_UTMPX.
Fixes build on AIX.
|
|
|
|
Remove "POSSIBLE BREAK-IN ATTEMPT!" from log message
about forward and reverse DNS not matching. We haven't supported IP-based
auth methods for a very long time so it's now misleading. part of bz#2585,
ok markus@
Upstream-ID: 5565ef0ee0599b27f0bd1d3bb1f8a323d8274e29
|
|
Prevents link errors resolving the extern "options" when platform.o
gets linked into ssh-agent when building --with-pam.
|
|
There are a small number of "upstream" commits that do not correspond to
a file in -portable. This file tracks those so that we can reconcile
OpenBSD and Portable to ensure that no commits are accidentally missed.
If you add something to .skipped-commit-ids please also add an upstream
ID line in the following format when you commit it.
Upstream-ID: 321065a95a7ccebdd5fd08482a1e19afbf524e35
Upstream-ID: d4f699a421504df35254cf1c6f1a7c304fb907ca
Upstream-ID: aafe246655b53b52bc32c8a24002bc262f4230f7
Upstream-ID: 8fa9cd1dee3c3339ae329cf20fb591db6d605120
Upstream-ID: f31327a48dd4103333cc53315ec53fe65ed8a17a
Upstream-ID: edbfde98c40007b7752a4ac106095e060c25c1ef
Upstream-ID: 052fd565e3ff2d8cec3bc957d1788f50c827f8e2
Upstream-ID: 7cf73737f357492776223da1c09179fa6ba74660
Upstream-ID: 180d84674be1344e45a63990d60349988187c1ae
Upstream-ID: f6ae971186ba68d066cd102e57d5b0b2c211a5ee
|
|
|
|
Back out rev 1.28 "Check min and max sizes sent by the
client" change. It caused "key_verify failed for server_host_key" in clients
that send a DH-GEX min value less that DH_GRP_MIN, eg old OpenSSH and PuTTY.
ok djm@
Upstream-ID: 452979d3ca5c1e9dff063287ea0a5314dd091f65
|
|
Where possible, use Solaris setpflags to disable process tracing on
ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee
at oracle.com, ok djm.
|
|
|
|
This should make it easier to add additional platform support such as
Solaris (bz#2584).
|
|
Add a test for ssh(1)'s config file parsing.
Upstream-Regress-ID: 558b7f4dc45cc3761cc3d3e889b9f3c5bc91e601
|
|
Add 'sshd' to the test ID as I'm about to add a similar
set for ssh.
Upstream-Regress-ID: aea7a9c3bac638530165c801ce836875b228ae7a
|
|
stricter malloc.conf(5) options for utf8 tests
Upstream-Regress-ID: 111efe20a0fb692fa1a987f6e823310f9b25abf6
|
|
Fix two rare edge cases: 1. If vasprintf() returns < 0,
do not access a NULL pointer in snmprintf(), and do not free() the pointer
returned from vasprintf() because on some systems other than OpenBSD, it
might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
rather than -1 and NULL.
Besides, free(dst) is pointless after failure (not a bug).
One half OK martijn@, the other half OK deraadt@;
committing quickly before people get hurt.
Upstream-Regress-ID: b164f20923812c9bac69856dbc1385eb1522cba4
|
|
test the new utf8 module
Upstream-Regress-ID: c923d05a20e84e4ef152cbec947fdc4ce6eabbe3
|
|
Set umask to prevent "Bad owner or permissions" errors.
Upstream-Regress-ID: 8fdf2fc4eb595ccd80c443f474d639f851145417
|
|
support doas
Upstream-Regress-ID: 8d5572b27ea810394eeda432d8b4e9e1064a7c38
|
|
unit tests for sshbuf_dup_string()
Upstream-Regress-ID: 7521ff150dc7f20511d1c2c48fd3318e5850a96d
|
|
tweak previous;
Upstream-ID: 92979f1a0b63e041a0e5b08c9ed0ba9b683a3698
|
|
Allow ExitOnForwardFailure and ClearAllForwardings to be
overridden when using ssh -W (but still default to yes in that case).
bz#2577, ok djm@.
Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4
|
|
Move the host and port used by ssh -W into the Options
struct. This will make future changes a bit easier. ok djm@
Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
|
|
Check min and max sizes sent by the client against what
we support before passing them to the monitor. ok djm@
Upstream-ID: 750627e8117084215412bff00a25b1586ab17ece
|
|
Ensure that the client's proposed DH-GEX max value is at
least as big as the minimum the server will accept. ok djm@
Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775
|
|
|
|
|
|
Backout rev. 1.43 for now.
The function update_progress_meter() calls refresh_progress_meter()
which calls snmprintf() which calls malloc(); but update_progress_meter()
acts as the SIGALRM signal handler.
"malloc(): error: recursive call" reported by sobrado@.
Upstream-ID: aaae57989431e5239c101f8310f74ccc83aeb93e
|