summaryrefslogtreecommitdiff
path: root/misc.c
AgeCommit message (Collapse)Author
2016-01-04Allow harmless group-writabilityColin Watson
Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
2015-04-29upstream commitderaadt@openbsd.org
rename xrealloc() to xreallocarray() since it follows that form. ok djm
2015-01-16upstream commitderaadt@openbsd.org
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2014-10-27upstream commitlteo@openbsd.org
Remove unnecessary include: netinet/in_systm.h is not needed by these programs. NB. skipped for portable ok deraadt@ millert@
2014-08-30 - (djm) [misc.c] Missing newline between functionsDamien Miller
2014-07-18 - millert@cvs.openbsd.org 2014/07/15 15:54:14Damien Miller
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
2014-05-21 - (djm) [misc.c] Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONICDamien Miller
when it is available. It takes into account time spent suspended, thereby ensuring timeouts (e.g. for expiring agent keys) fire correctly. bz#2228 reported by John Haxby
2014-04-20 - djm@cvs.openbsd.org 2014/04/20 02:30:25Damien Miller
[misc.c misc.h umac.c] use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on strict-alignment architectures; reported by and ok stsp@
2013-10-15 - djm@cvs.openbsd.org 2013/10/14 23:28:23Damien Miller
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c] refactor client config code a little: add multistate option partsing to readconf.c, similar to servconf.c's existing code. move checking of options that accept "none" as an argument to readconf.c add a lowercase() function and use it instead of explicit tolower() in loops part of a larger diff that was ok markus@
2013-08-08 - (dtucker) [misc.c] Remove define added for fallback testing that wasDarren Tucker
mistakenly included in the previous commit.
2013-08-08 - (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime(Darren Tucker
CLOCK_MONOTONIC...) fails. Some older versions of RHEL have the CLOCK_MONOTONIC define but don't actually support it. Found and tested by Kevin Brott, ok djm.
2013-07-18 - djm@cvs.openbsd.org 2013/07/12 00:43:50Damien Miller
[misc.c] in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when errno == 0. Avoids confusing error message in some broken resolver cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
2013-06-02 - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fallDarren Tucker
back to time(NULL) if we can't find it anywhere.
2013-06-02 - dtucker@cvs.openbsd.org 2013/06/01 13:15:52Darren Tucker
[ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c channels.c sandbox-systrace.c] Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
2013-06-02 - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
2013-05-16 - tedu@cvs.openbsd.org 2013/04/24 16:01:46Darren Tucker
[misc.c] remove extra parens noticed by nicm
2013-05-16 - tedu@cvs.openbsd.org 2013/04/23 17:49:45Darren Tucker
[misc.c] use xasprintf instead of a series of strlcats and strdup. ok djm
2013-04-23 - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] SupportDamien Miller
platforms, such as Android, that lack struct passwd.pw_gecos. Report and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
2011-09-22 - djm@cvs.openbsd.org 2011/09/05 05:59:08Damien Miller
[misc.c] fix typo in IPQoS parsing: there is no "AF14" class, but there is an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/29 18:54:17Damien Miller
[misc.c misc.h servconf.c] print ipqos friendly string for sshd -T; ok markus # sshd -Tf sshd_config|grep ipqos ipqos lowdelay throughput
2011-01-13 - (djm) [misc.c] include time.h for nanosleep() prototypeDamien Miller
2010-12-01 - djm@cvs.openbsd.org 2010/11/21 01:01:13Damien Miller
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] honour $TMPDIR for client xauth and ssh-agent temporary directories; feedback and ok markus@
2010-11-20 - djm@cvs.openbsd.org 2010/11/13 23:27:51Damien Miller
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-10-07 - matthew@cvs.openbsd.org 2010/09/24 13:33:00Damien Miller
[misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] [openbsd-compat/timingsafe_bcmp.c] Add timingsafe_bcmp(3) to libc, mention that it's already in the kernel in kern(9), and remove it from OpenSSH. ok deraadt@, djm@ NB. re-added under openbsd-compat/ for portable OpenSSH
2010-09-24 - djm@cvs.openbsd.org 2010/09/22 22:58:51Damien Miller
[atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] [sftp-client.h sftp.1 sftp.c] add an option per-read/write callback to atomicio factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism add a bandwidth limit option to sftp(1) using the above "very nice" markus@
2010-08-03 - djm@cvs.openbsd.org 2010/07/21 02:10:58Damien Miller
[misc.c] sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
2010-07-16 - djm@cvs.openbsd.org 2010/07/13 23:13:16Damien Miller
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] [ssh-rsa.c] s/timing_safe_cmp/timingsafe_bcmp/g
2010-07-16 - djm@cvs.openbsd.org 2010/07/13 11:52:06Damien Miller
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] [packet.c ssh-rsa.c] implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
2010-07-16 - djm@cvs.openbsd.org 2010/07/02 04:32:44Damien Miller
[misc.c] unbreak strdelim() skipping past quoted strings, e.g. AllowUsers "blah blah" blah was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com ok dtucker;
2010-06-26 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2010/05/21 05:00:36 [misc.c] colon() returns char*, so s/return (0)/return NULL/
2010-01-10 - dtucker@cvs.openbsd.org 2010/01/09 23:04:13Darren Tucker
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c readconf.h scp.1 sftp.1 ssh_config.5 misc.h] Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
2010-01-10 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]Darren Tucker
Remove hacks add for RoutingDomain in preparation for its removal.
2010-01-09 - (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don'tDarren Tucker
have it.
2010-01-08 - (dtucker] [misc.c] Shrink the area covered by USE_ROUTINGDOMAIN moreDarren Tucker
to eliminate an unused variable warning.
2010-01-08 - (dtucker) [misc.c] Move the routingdomain ifdef to allow the socket toDarren Tucker
be created.
2010-01-08 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] MakeDarren Tucker
RoutingDomain an unsupported option on platforms that don't have it.
2010-01-08 - stevesk@cvs.openbsd.org 2009/12/25 19:40:21Darren Tucker
[readconf.c servconf.c misc.h ssh-keyscan.c misc.c] validate routing domain is in range 0-RT_TABLEID_MAX. 'Looks right' deraadt@
2010-01-08 - djm@cvs.openbsd.org 2009/11/20 03:24:07Darren Tucker
[misc.c] correct off-by-one in percent_expand(): we would fatal() when trying to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually work. Note that nothing in OpenSSH actually uses close to this limit at present. bz#1607 from Jan.Pechanec AT Sun.COM
2010-01-08 - reyk@cvs.openbsd.org 2009/10/28 16:38:18Darren Tucker
[ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1 sftp.1 sshd_config.5 readconf.c ssh.c misc.c] Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@
2009-11-18 - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() toDamien Miller
set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only() report and fix from jan.kratochvil AT redhat.com
2009-02-22 - (djm) OpenBSD CVS SyncDamien Miller
- tobias@cvs.openbsd.org 2009/02/21 19:32:04 [misc.c sftp-server-main.c ssh-keygen.c] Added missing newlines in error messages. ok dtucker
2009-01-28 - djm@cvs.openbsd.org 2009/01/22 10:02:34Damien Miller
[clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h] [serverloop.c ssh-keyscan.c ssh.c sshd.c] make a2port() return -1 when it encounters an invalid port number rather than 0, which it will now treat as valid (needed for future work) adjust current consumers of a2port() to check its return value is <= 0, which in turn required some things to be converted from u_short => int make use of int vs. u_short consistent in some other places too feedback & ok markus@
2008-06-13 - dtucker@cvs.openbsd.org 2008/06/13 01:38:23Darren Tucker
[misc.c] upcast uid to long with matching %ld, prevents warnings in portable
2008-06-13 - dtucker@cvs.openbsd.org 2008/06/12 20:38:28Darren Tucker
[sshd.c sshconnect.c packet.h misc.c misc.h packet.c] Make keepalive timeouts apply while waiting for a packet, particularly during key renegotiation (bz #1363). With djm and Matt Day, ok djm@
2008-01-01 - dtucker@cvs.openbsd.org 2008/01/01 08:47:04Darren Tucker
[misc.c] spaces -> tabs from my previous commit
2007-12-29 - dtucker@cvs.openbsd.org 2007/12/27 14:22:08Darren Tucker
[servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c sshd.c] Add a small helper function to consistently handle the EAI_SYSTEM error code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. ok markus@ stevesk@
2007-01-05 - ray@cvs.openbsd.org 2006/11/23 01:35:11Damien Miller
[misc.c sftp.c] Don't access buf[strlen(buf) - 1] for zero-length strings. ``ok by me'' djm@.
2006-08-05 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 - stevesk@cvs.openbsd.org 2006/08/01 23:22:48Damien Miller
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] [uuencode.h xmalloc.c] move #include <stdio.h> out of includes.h
2006-08-05 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17Damien Miller
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c] [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c] [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c] [sshconnect1.c sshd.c xmalloc.c] move #include <stdlib.h> out of includes.h