Age | Commit message (Collapse) | Author |
|
account check failure path. The vulnerable format buffer is supplied
from PAM and should not contain attacker-supplied data.
|
|
|
|
[PROTOCOL]
grammar
|
|
|
|
|
|
[auth1.c auth2.c]
Make protocol 1 MaxAuthTries logic match protocol 2's.
Do not treat the first protocol 2 authentication attempt as
a failure IFF it is for method "none".
Makes MaxAuthTries' user-visible behaviour identical for
protocol 1 vs 2.
ok dtucker@
|
|
- djm@cvs.openbsd.org 2008/07/04 23:08:25
[packet.c]
handle EINTR in packet_write_poll()l ok dtucker@
|
|
Tru64. readv doesn't seem to be a comparable object there.
bz#1386, patch from dtucker@ ok me
|
|
passwords disabled. bz#1083 report & patch from senthilkumar_sen AT
hotpop.com, w/ dtucker@
|
|
[packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c]
[sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on
some platforms (HP nonstop) it is a distinct errno;
bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
|
|
[regress/conch-ciphers.sh]
explicitly disable conch options that could interfere with the test
|
|
[putty-transfer.sh putty-kex.sh putty-ciphers.sh]
remove "set -e" left over from debugging
|
|
[key-options.sh]
shell portability: use "=" instead of "==" in test(1) expressions,
double-quote string with backslash escaped /
|
|
returns EXDEV. Patch from Mike Garrison, ok djm@
|
|
[monitor.c]
Make debug a little clearer. ok djm@
|
|
[servconf.c groupaccess.h groupaccess.c]
support negation of groups in "Match group" block (bz#1315); ok dtucker@
|
|
[auth2-pubkey.c]
avoid nasty double free; ok dtucker@ djm@
|
|
[ssh.1 ssh.c]
When forking after authentication ("ssh -f") with ExitOnForwardFailure
enabled, delay the fork until after replies for any -R forwards have
been seen. Allows for robust detection of -R forward failure when
using -f (similar to bz#92); ok dtucker@
|
|
[auth2.c]
really really remove the freebie "none" auth try for protocol 2
|
|
[auth2-none.c auth2.c]
Make protocol 2 MaxAuthTries behaviour a little more sensible:
Check whether client has exceeded MaxAuthTries before running
an authentication method and skip it if they have, previously it
would always allow one try (for "none" auth).
Preincrement failure count before post-auth test - previously this
checked and postincremented, also to allow one "none" try.
Together, these two changes always count the "none" auth method
which could be skipped by a malicious client (e.g. an SSH worm)
to get an extra attempt at a real auth method. They also make
MaxAuthTries=0 a useful way to block users entirely (esp. in a
sshd_config Match block).
Also, move sending of any preauth banner from "none" auth method
to the first call to input_userauth_request(), so worms that skip
the "none" method get to see it too.
|
|
[auth-rsa.c auth.c auth2-pubkey.c auth.h]
Merge duplicate host key file checks, based in part on a patch from Rob
Holland via bz #1348 . Also checks for non-regular files during protocol
1 RSA auth. ok djm@
|
|
[sshd_config sshd_config.5 sshd.8 servconf.c]
increase default size of ssh protocol 1 ephemeral key from 768 to 1024
bits; prodded by & ok dtucker@ ok deraadt@
|
|
[PROTOCOL.agent]
fix some typos; ok djm@
|
|
[sshconnect.c sshd.c]
Send CR LF during protocol banner exchanges, but only for Protocol 2 only,
in order to comply with RFC 4253. bz #1443, ok djm@
|
|
[sshconnect.c]
Check ExitOnForwardFailure if forwardings are disabled due to a failed
host key check. ok djm@
|
|
[PROTOCOL]
clarify that eow@openssh.com is only sent on session channels
|
|
[nchan.c]
only send eow@openssh.com notifications for session channels; ok! markus@
|
|
[serverloop.c]
only pass channel requests on session channels through to the session
channel handler, avoiding spurious log messages; ok! markus@
|
|
[PROTOCOL.agent]
typo: s/constraint_date/constraint_data/
|
|
|
|
[regress/Makefile regress/test-exec.sh regress/conch-ciphers.sh]
very basic regress test against Twisted Conch in "make interop"
target (conch is available in ports/devel/py-twisted/conch);
ok markus@
|
|
[Makefile]
Don't run cipher-speed test by default; mistakenly enabled by me
|
|
[regress/Makefile regress/key-options.sh]
Add regress test for key options. ok djm@
|
|
[PROTOCOL PROTOCOL.agent]
document the protocol used by ssh-agent; "looks ok" markus@
|
|
[ssh-agent.c]
reset global compat flag after processing a protocol 2 signature
request with the legacy DSA encoding flag set; ok markus
|
|
[ssh-agent.c]
refuse to add a key that has unknown constraints specified;
ok markus
|
|
[PROTOCOL]
spelling fixes
|
|
[ssh.1]
add VisualHostKey to the list of options listed in -o;
|
|
[readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
Move SSH Fingerprint Visualization away from sharing the config option
CheckHostIP to an own config option named VisualHostKey.
While there, fix the behaviour that ssh would draw a random art picture
on every newly seen host even when the option was not enabled.
prodded by deraadt@, discussions,
help and ok markus@ djm@ dtucker@
|
|
[dh.c dh.h moduli.c]
when loading moduli from /etc/moduli in sshd(8), check that they
are of the expected "safe prime" structure and have had
appropriate primality tests performed;
feedback and ok dtucker@
|
|
[sftp-client.c sftp-server.c]
allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky
bits. Note that this only affects explicit setting of modes (e.g. via
sftp(1)'s chmod command) and not file transfers. (bz#1310)
ok deraadt@ at c2k8
|
|
[key.c]
add key length to visual fingerprint; zap magical constants;
ok grunk@ djm@
|
|
- martynas@cvs.openbsd.org 2008/06/21 07:46:46
[sftp.c]
use optopt to get invalid flag, instead of return value of getopt,
which is always '?'; ok djm@
|
|
RFC.nroff lacks a license, remove it (it is long gone in OpenBSD).
|
|
[contrib/suse/openssh.spec] Include moduli.5 in RPM spec files.
|
|
(bz#1372)
|
|
|
|
[session.c channels.c]
Rename the isatty argument to is_tty so we don't shadow
isatty(3). ok markus@
|
|
[channels.c channels.h session.c]
don't call isatty() on a pty master, instead pass a flag down to
channel_set_fds() indicating that te fds refer to a tty. Fixes a
hang on exit on Solaris (bz#1463) in portable but is actually
a generic bug; ok dtucker deraadt markus
|
|
[servconf.c sshd_config.5]
Allow MaxAuthTries within a Match block. ok djm@
|