| Age | Commit message (Collapse) | Author |
|---|
|
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
replace remaining setuid() calls with permanently_set_uid() and
check seteuid() return values; report Marcus Meissner; ok dtucker djm
|
|
[sshd.c]
call get_remote_ipaddr() early; fixes logging after client disconnects;
report mpf@; ok dtucker@
|
|
[ssh-add.c]
Sync usage() with man page and reality.
ok deraadt dtucker
|
|
[ssh.1]
add GSSAPI to the list of authentication methods supported;
|
|
[ssh_config.5]
oops - previous was too long; split the list of auths up
|
|
[ssh_config]
Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample
ssh_config. ok markus@
|
|
[ssh_config.5]
Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
|
|
[kexdhc.c kexgexc.c]
paramter -> parameter
|
|
[scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
fix leak; coverity via Kylene Jo Hall
|
|
[clientloop.c]
missing free; from Kylene Hall
|
|
[sshconnect2.c]
uint32_t -> u_int32_t (which we use everywhere else)
(Id sync only - portable already had this)
|
|
and slave, we can remove the special-case handling in the audit hook in
auth_log.
|
|
pointer leak. From kjhall at us.ibm.com, found by coverity.
|
|
|
|
do not allow kbdint again after the PAM account check fails. ok djm@
|
|
default. Patch originally from tim@, ok djm
|
|
_res, prevents problems on some platforms that have _res as a global but
don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by
georg.schwarz at freenet.de, ok djm@.
|
|
[auth-krb5.c]
Add $OpenBSD$ in comment here too
|
|
[OVERVIEW]
$OpenBSD$ in here too
|
|
[dh.c]
tighter DH exponent checks here too; feedback and ok markus@
|
|
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
Prevent ssh from trying to open private keys with bad permissions more than
once or prompting for their passphrases (which it subsequently ignores
anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
|
|
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
in Portable-only code; since calloc zeros, remove now-redundant memsets.
Also add a couple of sanity checks. With & ok djm@
|
|
and double including it on IRIX 5.3 causes problems. From Georg Schwarz,
"no objections" tim@
|
|
|
|
sig_atomic_t
|
|
[bufaux.c bufbn.c Makefile.in]
Move Buffer bignum functions into their own file, bufbn.c. This means
that sftp and sftp-server (which use the Buffer functions in bufaux.c
but not the bignum ones) no longer need to be linked with libcrypto.
ok markus@
|
|
[crc32.c]
remove extra spaces
|
|
[uidswap.c]
use setres[ug]id() to permanently revoke privileges; ok deraadt@
(ID Sync only - portable already uses setres[ug]id() whenever possible)
|
|
[includes.h session.c sftp.c]
Switch from using pipes to socketpairs for communication between
sftp/scp and ssh, and between sshd and its subprocesses. This saves
a file descriptor per session and apparently makes userland ppp over
ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
decision on a per-platform basis)
|
|
[sshconnect.c]
simplify; ok djm@
|
|
[auth.h clientloop.c dispatch.c dispatch.h kex.h]
replace the last non-sig_atomic_t flag used in a signal handler with a
sig_atomic_t, unfortunately with some knock-on effects in other (non-
signal) contexts in which it is used; ok markus@
|
|
[bufaux.c bufbn.c]
Move Buffer bignum functions into their own file, bufbn.c. This means
that sftp and sftp-server (which use the Buffer functions in bufaux.c
but not the bignum ones) no longer need to be linked with libcrypto.
ok markus@
|
|
[atomicio.c]
reorder sanity test so that it cannot dereference past the end of the
iov array; well spotted canacar@!
|
|
[sftp-client.c]
avoid making a tiny 4-byte write to send the packet length of sftp
commands, which would result in a separate tiny packet on the wire by
using atomiciov(writev, ...) to write the length and the command in one
pass; ok deraadt@
|
|
[atomicio.c atomicio.h]
introduce atomiciov() function that wraps readv/writev to retry
interrupted transfers like atomicio() does for read/write;
feedback deraadt@ dtucker@ stevesk@ ok deraadt@
|
|
[buffer.c buffer.h channels.c]
Fix condition where we could exit with a fatal error when an input
buffer became too large and the remote end had advertised a big window.
The problem was a mismatch in the backoff math between the channels code
and the buffer code, so make a buffer_check_alloc() function that the
channels code can use to propsectivly check whether an incremental
allocation will succeed. bz #1131, debugged with the assistance of
cove AT wildpackets.com; ok dtucker@ deraadt@
|
|
[gss-genr.c]
GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066
by dleonard AT vintela.com. use xasprintf() to simplify code while in
there; "looks right" deraadt@
|
|
[ssh-keysign.c]
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
|
[atomicio.c]
ANSIfy; requested deraadt@
|
|
[scp.c]
xasprintification; ok deraadt@
|
|
- deraadt@cvs.openbsd.org 2006/04/01 05:42:20
[scp.c]
minimal lint cleanup (unused crud, and some size_t); ok djm
|
|
[contrib/redhat/sshd.init openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
[openbsd-compat/port-linux.h] Add support for SELinux, setting
the execution and TTY contexts. based on patch from Daniel Walsh,
bz #880; ok dtucker@
|
|
mapped addresses; bz #1179 reported by markw wtech-llc.com;
ok dtucker@
|
|
[ssh_config.5]
remote user escape is %r not %h; spotted by jmc@
|
|
[ssh_config.5]
kill trailing whitespace;
|
|
[auth.c monitor.c]
Prevent duplicate log messages when privsep=yes; ok djm@
|
|
[ssh-keygen.c]
Correctly handle truncated files while converting keys; ok djm@
|
|
[ssh.c ssh_config.5]
add percent escape chars to the IdentityFile option, bz #1159 based
on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
|
|
[authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
[monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
replace {GET,PUT}_XXBIT macros with functionally similar functions,
silencing a heap of lint warnings. also allows them to use
__bounded__ checking which can't be applied to macros; requested
by and feedback from deraadt@
|
|
[channels.c]
ARGSUSED for dispatch table-driven functions
|
