Age | Commit message (Collapse) | Author |
|
|
|
|
|
Patch from Corinna Vinschen.
|
|
accidents happen to the best of us; ok djm
Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604
|
|
fix regression in 7.4: deletion of PKCS#11-hosted keys
would fail unless they were specified by full physical pathname. Report and
fix from Jakub Jelen via bz#2682; ok dtucker@
Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268
|
|
Fix segfault when sshd attempts to load RSA1 keys (can
only happen when protocol v.1 support is enabled for the client). Reported by
Jakub Jelen in bz#2686; ok dtucker
Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7
|
|
Mark the sshd_config UsePrivilegeSeparation option as
deprecated, effectively making privsep mandatory in sandboxing mode. ok
markus@ deraadt@
(note: this doesn't remove the !privsep code paths, though that will
happen eventually).
Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a
|
|
Allow clock_gettime syscall with X32 bit masked off. Apparently
this is required for at least some kernel versions. bz#2142
Patch mostly by Colin Watson. ok dtucker@
|
|
|
|
This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros
prepending __NR_ to the syscall number parameter and just makes
them explicit in the macro invocations.
No binary change in stripped object file before/after.
|
|
Based on patch from Eduardo Barretto; ok dtucker@
|
|
|
|
Add unit test for convtime().
Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1
|
|
Add ASSERT_LONG_* helpers.
Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431
|
|
Fix convtime() overflow test on boundary condition,
spotted by & ok djm.
Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708
|
|
Check for integer overflow when parsing times in
convtime(). Reported by nicolas.iooss at m4x.org, ok djm@
Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13
|
|
|
|
Syscall arguments are passed via an array of 64-bit values in struct
seccomp_data, but we were only inspecting the bottom 32 bits and not
even those correctly for BE systems.
Fortunately, the only case argument inspection was used was in the
socketcall filtering so using this for sandbox escape seems
impossible.
ok dtucker
|
|
regress tests for loading certificates without public keys;
bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@
Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0
|
|
allow ssh to use certificates accompanied by a private
key file but no corresponding plain *.pub public key. bz#2617 based on patch
from Adam Eijdenberg; ok dtucker@ markus@
Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9
|
|
Don't count the initial block twice when computing how
many bytes to discard for the work around for the attacks against CBC-mode.
ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL
Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2
|
|
krl.c
Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1
|
|
revision 1.13
date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R;
fix signed integer overflow in scan_scaled. Found by Nicolas Iooss
using AFL against ssh_config. ok deraadt@ millert@
----------------------------
revision 1.12
date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5;
fairly simple unsigned char casts for ctype
ok krw
----------------------------
revision 1.11
date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2;
make scan_scaled set errno to EINVAL rather than ERANGE if it encounters
an invalid multiplier, like the man page says it should
"looks sensible" deraadt@, ok ian@
----------------------------
revision 1.10
date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4;
use llabs instead of the home-grown version; and some comment changes
ok ian@, millert@
----------------------------
|
|
When updating hostkeys, accept RSA keys if
HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA
keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms
nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok
dtucker@
Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2
|
|
make hostname matching really insensitive to case;
bz#2685, reported by Petr Cerny; ok dtucker@
Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253
|
|
reword a comment to make it fit 80 columns
Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4
|
|
better match sshd config parser behaviour: fatal() if
line is overlong, increase line buffer to match sshd's; bz#2651 reported by
Don Fong; ok dtucker@
Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18
|
|
ensure hostname is lower-case before hashing it;
bz#2591 reported by Griff Miller II; ok dtucker@
Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17
|
|
make hostname matching really insensitive to case;
bz#2685, reported by Petr Cerny; ok dtucker@
Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549
|
|
Remove old null check from config dumper. Patch from
jjelen at redhat.com vi bz#2687, ok djm@
Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528
|
|
fix regression in 7.4 server-sig-algs, where we were
accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno
Goncalves; ok dtucker@
Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
|
|
Check for NULL return value from key_new. Patch from
jjelen at redhat.com via bz#2687, ok djm@
Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e
|
|
reword a comment to make it fit 80 columns
Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349
|
|
Check for NULL argument to sshkey_read. Patch from
jjelen at redhat.com via bz#2687, ok djm@
Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e
|
|
Plug some mem leaks mostly on error paths. From jjelen
at redhat.com via bz#2687, ok djm@
Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2
|
|
Plug mem leak on GLOB_NOMATCH case. From jjelen at
redhat.com via bz#2687, ok djm@
Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d
|
|
Plug descriptor leaks of auth_sock. From jjelen at
redhat.com via bz#2687, ok djm@
Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88
|
|
correctly hash hosts with a port number. Reported by Josh
Powers in bz#2692; ok dtucker@
Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
|
|
don't truncate off \r\n from long stderr lines; bz#2688,
reported by Brian Dyson; ok dtucker@
Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4
|
|
Validate digest arg in ssh_digest_final; from jjelen at
redhat.com via bz#2687, ok djm@
Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878
|
|
Part of bz#2687, from jjelen at redhat.com.
|
|
Check for socket with and without screen number. From Apple and Jakob
Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@
|
|
quote [host]:port in generated ProxyJump commandline; the
[ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri
Tirkkonen via bugs@
Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182
|
|
Check l->hosts before dereferencing; fixes potential null
pointer deref. ok djm@
Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301
|
|
linenum is unsigned long so use %lu in log formats. ok
deraadt@
Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08
|
|
fix ssh-keygen -H accidentally corrupting known_hosts that
contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by
hostkeys_foreach() when hostname matching is in use, so we need to look for
the hash marker explicitly.
Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528
|
|
small memleak: free fd_set on connection timeout (though
we are heading to exit anyway). From Tom Rix in bz#2683
Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4
|
|
errant dot; from klemens nanni
Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921
|
|
might as well set the listener socket CLOEXEC
Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57
|
|
add test cases for C locale; ok schwarze@
Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87
|