summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-07-11Check for wchar.h and langinfo.hDarren Tucker
Wrap includes in the appropriate #ifdefs.
2016-07-08whitelist more architectures for seccomp-bpfDamien Miller
bz#2590 - testing and patch from Jakub Jelen
2016-07-08upstream commitguenther@openbsd.org
DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS contains -g by default anyway problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) ok millert@ kettenis@ deraadt@ Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542
2016-07-08upstream commitdjm@openbsd.org
Improve crypto ordering for Encrypt-then-MAC (EtM) mode MAC algorithms. Previously we were computing the MAC, decrypting the packet and then checking the MAC. This gave rise to the possibility of creating a side-channel oracle in the decryption step, though no such oracle has been identified. This adds a mac_check() function that computes and checks the MAC in one pass, and uses it to advance MAC checking for EtM algorithms to before payload decryption. Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. feedback and ok markus@ Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b
2016-07-08upstream commitguenther@openbsd.org
DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS contains -g by default anyway problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) ok millert@ kettenis@ deraadt@ Upstream-ID: 96c5054e3e1f170c6276902d5bc65bb3b87a2603
2016-07-08upstream commitdtucker@openbsd.org
Explicitly check for 100% completion to avoid potential floating point rounding error, which could cause progressmeter to report 99% on completion. While there invert the test so the 100% case is clearer. with & ok djm@ Upstream-ID: a166870c5878e422f3c71ff802e2ccd7032f715d
2016-07-08upstream commitjmc@openbsd.org
sort the -o list; Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac
2016-06-24upstream commitdjm@openbsd.org
fix AuthenticationMethods during configuration re-parse; reported by Juan Francisco Cantero Hurtado Upstream-ID: 8ffa1dac25c7577eca8238e825317ab20848f9b4
2016-06-24upstream commitdjm@openbsd.org
revert 1.34; causes problems loading public keys reported by semarie@ Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179
2016-06-24upstream commitjmc@openbsd.org
grammar fix; Upstream-ID: 5d5b21c80f1e81db367333ce0bb3e5874fb3e463
2016-06-24upstream commitdjm@openbsd.org
translate OpenSSL error codes to something more meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5
2016-06-24upstream commitdjm@openbsd.org
ban AuthenticationMethods="" and accept AuthenticationMethods=any for the default behaviour of not requiring multiple authentication bz#2398 from Jakub Jelen; ok dtucker@ Upstream-ID: fabd7f44d59e4518d241d0d01e226435cc23cf27
2016-06-24upstream commitdtucker@openbsd.org
Include stdarg.h for va_copy as per man page. Upstream-ID: 105d6b2f1af2fbd9d91c893c436ab121434470bd
2016-06-24upstream commitjmc@openbsd.org
keys stored in openssh format can have comments too; diff from yonas yanfa, tweaked a bit; ok djm Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27
2016-06-20get_remote_name_or_ip inside LOGIN_NEEDS_UTMPXDarren Tucker
Apply the same get_remote_name_or_ip -> session_get_remote_name_or_ip change as commit 95767262 to the code inside #ifdef LOGIN_NEEDS_UTMPX. Fixes build on AIX.
2016-06-17Remove duplicate code from PAM. ok djm@Darren Tucker
2016-06-15upstream commitdtucker@openbsd.org
Remove "POSSIBLE BREAK-IN ATTEMPT!" from log message about forward and reverse DNS not matching. We haven't supported IP-based auth methods for a very long time so it's now misleading. part of bz#2585, ok markus@ Upstream-ID: 5565ef0ee0599b27f0bd1d3bb1f8a323d8274e29
2016-06-15Move platform_disable_tracing into its own file.Darren Tucker
Prevents link errors resolving the extern "options" when platform.o gets linked into ssh-agent when building --with-pam.
2016-06-14Track skipped upstream commit IDs.Darren Tucker
There are a small number of "upstream" commits that do not correspond to a file in -portable. This file tracks those so that we can reconcile OpenBSD and Portable to ensure that no commits are accidentally missed. If you add something to .skipped-commit-ids please also add an upstream ID line in the following format when you commit it. Upstream-ID: 321065a95a7ccebdd5fd08482a1e19afbf524e35 Upstream-ID: d4f699a421504df35254cf1c6f1a7c304fb907ca Upstream-ID: aafe246655b53b52bc32c8a24002bc262f4230f7 Upstream-ID: 8fa9cd1dee3c3339ae329cf20fb591db6d605120 Upstream-ID: f31327a48dd4103333cc53315ec53fe65ed8a17a Upstream-ID: edbfde98c40007b7752a4ac106095e060c25c1ef Upstream-ID: 052fd565e3ff2d8cec3bc957d1788f50c827f8e2 Upstream-ID: 7cf73737f357492776223da1c09179fa6ba74660 Upstream-ID: 180d84674be1344e45a63990d60349988187c1ae Upstream-ID: f6ae971186ba68d066cd102e57d5b0b2c211a5ee
2016-06-14Remove now-defunct .cvsignore files. ok djmDarren Tucker
2016-06-14upstream commitdtucker@openbsd.org
Back out rev 1.28 "Check min and max sizes sent by the client" change. It caused "key_verify failed for server_host_key" in clients that send a DH-GEX min value less that DH_GRP_MIN, eg old OpenSSH and PuTTY. ok djm@ Upstream-ID: 452979d3ca5c1e9dff063287ea0a5314dd091f65
2016-06-14Use Solaris setpflags(__PROC_PROTECT, ...).Darren Tucker
Where possible, use Solaris setpflags to disable process tracing on ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee at oracle.com, ok djm.
2016-06-14Shorten prctl code a tiny bit.Darren Tucker
2016-06-09Move prctl PR_SET_DUMPABLE into platform.c.Darren Tucker
This should make it easier to add additional platform support such as Solaris (bz#2584).
2016-06-08upstream commitdtucker@openbsd.org
Add a test for ssh(1)'s config file parsing. Upstream-Regress-ID: 558b7f4dc45cc3761cc3d3e889b9f3c5bc91e601
2016-06-08upstream commitdtucker@openbsd.org
Add 'sshd' to the test ID as I'm about to add a similar set for ssh. Upstream-Regress-ID: aea7a9c3bac638530165c801ce836875b228ae7a
2016-06-08upstream commitschwarze@openbsd.org
stricter malloc.conf(5) options for utf8 tests Upstream-Regress-ID: 111efe20a0fb692fa1a987f6e823310f9b25abf6
2016-06-08upstream commitschwarze@openbsd.org
Fix two rare edge cases: 1. If vasprintf() returns < 0, do not access a NULL pointer in snmprintf(), and do not free() the pointer returned from vasprintf() because on some systems other than OpenBSD, it might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and "" rather than -1 and NULL. Besides, free(dst) is pointless after failure (not a bug). One half OK martijn@, the other half OK deraadt@; committing quickly before people get hurt. Upstream-Regress-ID: b164f20923812c9bac69856dbc1385eb1522cba4
2016-06-08upstream commitschwarze@openbsd.org
test the new utf8 module Upstream-Regress-ID: c923d05a20e84e4ef152cbec947fdc4ce6eabbe3
2016-06-08upstream commitdtucker@openbsd.org
Set umask to prevent "Bad owner or permissions" errors. Upstream-Regress-ID: 8fdf2fc4eb595ccd80c443f474d639f851145417
2016-06-08upstream commitdjm@openbsd.org
support doas Upstream-Regress-ID: 8d5572b27ea810394eeda432d8b4e9e1064a7c38
2016-06-08upstream commitdjm@openbsd.org
unit tests for sshbuf_dup_string() Upstream-Regress-ID: 7521ff150dc7f20511d1c2c48fd3318e5850a96d
2016-06-08upstream commitjmc@openbsd.org
tweak previous; Upstream-ID: 92979f1a0b63e041a0e5b08c9ed0ba9b683a3698
2016-06-08upstream commitdtucker@openbsd.org
Allow ExitOnForwardFailure and ClearAllForwardings to be overridden when using ssh -W (but still default to yes in that case). bz#2577, ok djm@. Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4
2016-06-08upstream commitdtucker@openbsd.org
Move the host and port used by ssh -W into the Options struct. This will make future changes a bit easier. ok djm@ Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
2016-06-08upstream commitdtucker@openbsd.org
Check min and max sizes sent by the client against what we support before passing them to the monitor. ok djm@ Upstream-ID: 750627e8117084215412bff00a25b1586ab17ece
2016-06-08upstream commitdtucker@openbsd.org
Ensure that the client's proposed DH-GEX max value is at least as big as the minimum the server will accept. ok djm@ Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775
2016-06-06Add compat bits to utf8.c.Darren Tucker
2016-06-06Fix utf->utf8 typo.Darren Tucker
2016-06-06upstream commitschwarze@openbsd.org
Backout rev. 1.43 for now. The function update_progress_meter() calls refresh_progress_meter() which calls snmprintf() which calls malloc(); but update_progress_meter() acts as the SIGALRM signal handler. "malloc(): error: recursive call" reported by sobrado@. Upstream-ID: aaae57989431e5239c101f8310f74ccc83aeb93e
2016-06-06upstream commitschwarze@openbsd.org
Even when only writing an unescaped character, the dst buffer may need to grow, or it would be overrun; issue found by tb@ with malloc.conf(5) 'C'. While here, reserve an additional byte for the terminating NUL up front such that we don't have to realloc() later just for that. OK tb@ Upstream-ID: 30ebcc0c097c4571b16f0a78b44969f170db0cff
2016-06-06upstream commitschwarze@openbsd.org
Fix two rare edge cases: 1. If vasprintf() returns < 0, do not access a NULL pointer in snmprintf(), and do not free() the pointer returned from vasprintf() because on some systems other than OpenBSD, it might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and "" rather than -1 and NULL. Besides, free(dst) is pointless after failure (not a bug). One half OK martijn@, the other half OK deraadt@; committing quickly before people get hurt. Upstream-ID: b7bcd2e82fc168a8eff94e41f5db336ed986fed0
2016-06-06upstream commitschwarze@openbsd.org
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter. This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream. Using feedback from djm@ and martijn@, various aspects discussed with many others. deraadt@ says it should go in now, i probably already hesitated too long Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
2016-06-06upstream commitdtucker@openbsd.org
KNF compression proposal and simplify the client side a little. ok djm@ Upstream-ID: aa814b694efe9e5af8a26e4c80a05526ae6d6605
2016-06-06upstream commitdtucker@openbsd.org
Back out 'plug memleak'. Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0
2016-06-06upstream commitdjm@openbsd.org
prefer agent-hosted keys to keys from PKCS#11; ok markus Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4
2016-06-06upstream commitdtucker@openbsd.org
Plug mem leak in filter_proposal. ok djm@ Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34
2016-06-03Update vis.h and vis.c from OpenBSD.Darren Tucker
This will be needed for the upcoming utf8 changes.
2016-05-31modified: configure.acTim Rice
whitspace clean up. No code changes.
2016-05-31whitespace at EOLDamien Miller