Age | Commit message (Collapse) | Author |
|
|
|
|
|
recallocarray() needs getpagesize() so add a tiny replacement for that.
|
|
Fix overly-conservative overflow checks on mulitplications and add checks
on additions. This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN
will still be flagged as a range error). ok millert@
|
|
Collapse underflow and overflow checks into a single block.
ok djm@ millert@
|
|
Catch integer underflow in scan_scaled reported by Nicolas Iooss.
ok deraadt@ djm@
|
|
|
|
revision 1.13
date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R;
fix signed integer overflow in scan_scaled. Found by Nicolas Iooss
using AFL against ssh_config. ok deraadt@ millert@
----------------------------
revision 1.12
date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5;
fairly simple unsigned char casts for ctype
ok krw
----------------------------
revision 1.11
date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2;
make scan_scaled set errno to EINVAL rather than ERANGE if it encounters
an invalid multiplier, like the man page says it should
"looks sensible" deraadt@, ok ian@
----------------------------
revision 1.10
date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4;
use llabs instead of the home-grown version; and some comment changes
ok ian@, millert@
----------------------------
|
|
These commented-out includes have "Still needed?" comments. Since
they've been commented out for ~13 years I assert that they're not.
|
|
|
|
Fixes build on (at least) Solaris 10.
|
|
Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the
ripemd160 MACs.
|
|
getdefaultproj() returns a pointer so test it for NULL inequality
instead of >0. Fixes compiler warning and is more correct. Patch from
David Binderman.
|
|
Author: miller@openbsd.org:
Avoid generate SIGTTOU when restoring the terminal mode. If we get
SIGTTOU it means the process is not in the foreground process group
which, in most cases, means that the shell has taken control of the tty.
Requiring the user the fg the process in this case doesn't make sense
and can result in both SIGTSTP and SIGTTOU being sent which can lead to
the process being suspended again immediately after being brought into
the foreground.
|
|
Wrap <readpassphrase.h> so internal calls go direct and
readpassphrase is weak.
(DEF_WEAK is a no-op in portable.)
|
|
As well pull in more recent changes from OpenBSD these will start to
arrive so put it where the definition is shared.
|
|
revision 1.24
date: 2013/11/24 23:51:29; author: deraadt; state: Exp; lines: +4 -4;
most obvious unsigned char casts for ctype
ok jca krw ingo
|
|
revision 1.23
date: 2010/05/14 13:30:34; author: millert; state: Exp; lines: +41 -39;
Defer installing signal handlers until echo is disabled so that we
get suspended normally when not the foreground process. Fix potential
infinite loop when restoring terminal settings if process is in the
background when restore occurs. OK miod@
|
|
This makes it a no-op when we use it below, which allows us to re-sync
those lines with the upstream and make future updates easier.
|
|
We no longer need to wrap/replace mmap for portability now that
pre-auth compression has been removed from OpenSSH.
|
|
Since -portable switched to git the CVS $Id tags are no longer being
updated and are becoming increasingly misleading. Remove them.
|
|
Our explicit_bzero successfully confused clang -fsanitize-memory
in to thinking that memset is never called to initialise memory.
Ensure that it is called in a way that the compiler recognises.
|
|
Mechanically replace spaces with tabs in compat files not synced with
OpenBSD.
|
|
Mechanically strip trailing whitespace on files not synced with OpenBSD
(or in the case of bsd-snprint.c, rsync).
|
|
|
|
|
|
If the root account is locked (eg password "!!" or "*LK*") keep looking
until we find a user with a valid salt to use for crypting passwords of
invalid users. ok djm@
|
|
|
|
Some AIX compilers unconditionally undefine va_copy but don't set it back
to an internal function, causing link errors. In some compat code we
already use VA_COPY instead so move the two existing instances into the
shared header and use for sshbuf-getput-basic.c too. Should fix building
with at lease some versions of AIX's compiler. bz#2589, ok djm@
|
|
When sshd is processing a non-PAM login for a non-existent user it uses
the string from the fakepw structure as the salt for crypt(3)ing the
password supplied by the client. That string has a Blowfish prefix, so on
systems that don't understand that crypt will fail fast due to an invalid
salt, and even on those that do it may have significantly different timing
from the hash methods used for real accounts (eg sha512). This allows
user enumeration by, eg, sending large password strings. This was noted
by EddieEzra.Harari at verint.com (CVE-2016-6210).
To mitigate, use the same hash algorithm that root uses for hashing
passwords for users that do not exist on the system. ok djm@
|
|
If we don't have wcwidth force fallback implementations of nl_langinfo
and mbtowc. Based on advice from Ingo Schwarze.
|
|
Move implementations of err.h replacement functions into their own file
in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@
|
|
|
|
This will be needed for the upcoming utf8 changes.
|
|
|
|
avoids failures with UsePrivilegedPort=yes
patch from Juan Gallego
|
|
From alex at cooperi.net.
|
|
Not all systems with Solaris privs have priv_basicset so factor that
out and provide backward compatibility code. Similarly, not all have
PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from
alex at cooperi.net and djm@ with help from carson at taltos.org and
wieland at purdue.edu.
|
|
va_start was added in 0f754e29dd3760fc0b172c1220f18b753fb0957e, however
it has the wrong number of args and it's not usable in non-variadic
functions anyway so it breaks things (for example Solaris 2.6 as
reported by Tom G. Christensen).i ok djm@
|
|
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.
ok dtucker@
|
|
This reverts commit 14c887c8393adde2d9fd437d498be30f8c98535c.
dtucker beat me to it :/
|
|
|
|
Fixes builds on almost everything.
|
|
Move glob.h from includes.h to the only caller (sftp) and override the
names for the symbols. This prevents name collisions with the system glob
in the case where something other than ssh uses it (eg kerberos). With
jjelen at redhat.com, ok djm@
|
|
reported by Nicholas Lemonias
|
|
|
|
revision 1.20
date: 2015/10/13 20:55:37; author: millert; state: Exp; lines: +2 -2; commitid: X39sl5ay1czgFIgp;
In rev 1.15 the sizeof argument was fixed in a strlcat() call but
the truncation check immediately following it was not updated to
match. Not an issue in practice since the buffers are the same
size. OK deraadt@
|
|
revision 1.19
date: 2015/01/16 16:48:51; author: deraadt; state: Exp; lines: +3 -3; commitid: 0DYulI8hhujBHMcR;
Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther
|
|
revision 1.18
date: 2014/10/19 03:56:28; author: doug; state: Exp; lines: +9 -9; commitid: U6QxmtbXrGoc02S5;
Revert last commit due to changed semantics found by make release.
|
|
revision 1.17
date: 2014/10/18 20:43:52; author: doug; state: Exp; lines: +10 -10; commitid: I74hI1tVZtsspKEt;
Better POSIX compliance in realpath(3).
millert@ made changes to realpath.c based on FreeBSD's version. I merged
Todd's changes into dl_realpath.c.
ok millert@, guenther@
|