summaryrefslogtreecommitdiff
path: root/openbsd-compat
AgeCommit message (Collapse)Author
2016-07-15Determine appropriate salt for invalid users.Darren Tucker
When sshd is processing a non-PAM login for a non-existent user it uses the string from the fakepw structure as the salt for crypt(3)ing the password supplied by the client. That string has a Blowfish prefix, so on systems that don't understand that crypt will fail fast due to an invalid salt, and even on those that do it may have significantly different timing from the hash methods used for real accounts (eg sha512). This allows user enumeration by, eg, sending large password strings. This was noted by EddieEzra.Harari at verint.com (CVE-2016-6210). To mitigate, use the same hash algorithm that root uses for hashing passwords for users that do not exist on the system. ok djm@
2016-07-14Add compat code for missing wcwidth.Darren Tucker
If we don't have wcwidth force fallback implementations of nl_langinfo and mbtowc. Based on advice from Ingo Schwarze.
2016-07-13Move err.h replacements into compat lib.Darren Tucker
Move implementations of err.h replacement functions into their own file in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@
2016-06-14Remove now-defunct .cvsignore files. ok djmDarren Tucker
2016-06-03Update vis.h and vis.c from OpenBSD.Darren Tucker
This will be needed for the upcoming utf8 changes.
2016-05-31whitespace at EOLDamien Miller
2016-05-10initialise salen in binresvport_saDamien Miller
avoids failures with UsePrivilegedPort=yes patch from Juan Gallego
2016-03-11Include priv.h for priv_set_t.Darren Tucker
From alex at cooperi.net.
2016-02-19Make Solaris privs code build on older systems.Darren Tucker
Not all systems with Solaris privs have priv_basicset so factor that out and provide backward compatibility code. Similarly, not all have PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from alex at cooperi.net and djm@ with help from carson at taltos.org and wieland at purdue.edu.
2016-02-17Rollback addition of va_start.Darren Tucker
va_start was added in 0f754e29dd3760fc0b172c1220f18b753fb0957e, however it has the wrong number of args and it's not usable in non-variadic functions anyway so it breaks things (for example Solaris 2.6 as reported by Tom G. Christensen).i ok djm@
2016-01-08Support Illumos/Solaris fine-grained privilegesDamien Miller
Includes a pre-auth privsep sandbox and several pledge() emulations. bz#2511, patch by Alex Wilson. ok dtucker@
2015-11-30Revert "stub for pledge(2) for systems that lack it"Damien Miller
This reverts commit 14c887c8393adde2d9fd437d498be30f8c98535c. dtucker beat me to it :/
2015-11-30stub for pledge(2) for systems that lack itDamien Miller
2015-11-30Add a null implementation of pledge.Darren Tucker
Fixes builds on almost everything.
2015-10-29Prevent name collisions with system glob (bz#2463)Darren Tucker
Move glob.h from includes.h to the only caller (sftp) and override the names for the symbols. This prevents name collisions with the system glob in the case where something other than ssh uses it (eg kerberos). With jjelen at redhat.com, ok djm@
2015-10-16need va_copy before va_startDamien Miller
reported by Nicholas Lemonias
2015-10-15fix compilation on systems without SYMLOOP_MAXDamien Miller
2015-10-14upstream commitDamien Miller
revision 1.20 date: 2015/10/13 20:55:37; author: millert; state: Exp; lines: +2 -2; commitid: X39sl5ay1czgFIgp; In rev 1.15 the sizeof argument was fixed in a strlcat() call but the truncation check immediately following it was not updated to match. Not an issue in practice since the buffers are the same size. OK deraadt@
2015-10-14upstream commitDamien Miller
revision 1.19 date: 2015/01/16 16:48:51; author: deraadt; state: Exp; lines: +3 -3; commitid: 0DYulI8hhujBHMcR; Move to the <limits.h> universe. review by millert, binary checking process with doug, concept with guenther
2015-10-14upstream commitDamien Miller
revision 1.18 date: 2014/10/19 03:56:28; author: doug; state: Exp; lines: +9 -9; commitid: U6QxmtbXrGoc02S5; Revert last commit due to changed semantics found by make release.
2015-10-14upstream commitDamien Miller
revision 1.17 date: 2014/10/18 20:43:52; author: doug; state: Exp; lines: +10 -10; commitid: I74hI1tVZtsspKEt; Better POSIX compliance in realpath(3). millert@ made changes to realpath.c based on FreeBSD's version. I merged Todd's changes into dl_realpath.c. ok millert@, guenther@
2015-10-14upstream commitDamien Miller
revision 1.16 date: 2013/04/05 12:59:54; author: kurt; state: Exp; lines: +3 -1; - Add comments regarding copies of these files also in libexec/ld.so okay guenther@
2015-10-14upstream commitDamien Miller
revision 1.15 date: 2012/09/13 15:39:05; author: deraadt; state: Exp; lines: +2 -2; specify the bounds of the dst to strlcat (both values were static and equal, but it is more correct) from Michal Mazurek
2015-10-14upstream commitDamien Miller
revision 1.14 date: 2011/07/24 21:03:00; author: miod; state: Exp; lines: +35 -13; Recent Single Unix will malloc memory if the second argument of realpath() is NULL, and third-party software is starting to rely upon this. Adapted from FreeBSD via Jona Joachim (jaj ; hcl-club , .lu), with minor tweaks from nicm@ and yours truly.
2015-08-21expose POLLHUP and POLLNVAL for netcat.cDamien Miller
2015-07-30downgrade OOM adjustment logging: verbose -> debugDamien Miller
2015-07-20make realpath.c compile -Wsign-compare cleanDamien Miller
2015-07-17Check if realpath works on nonexistent files.Darren Tucker
On some platforms the native realpath doesn't work with non-existent files (this is actually specified in some versions of POSIX), however the sftp spec says its realpath with "canonicalize any given path name". On those platforms, use realpath from the compat library. In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines the realpath symbol to the checked version, so redefine ours to something else so we pick up the compat version we want. bz#2428, ok djm@
2015-06-02Replace strcpy with strlcpy.Darren Tucker
ok djm, sanity check by Corinna Vinschen.
2015-05-10upstream commitDamien Miller
- tedu@cvs.openbsd.org 2015/01/12 03:20:04 [bcrypt_pbkdf.c] rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks, nor are they the same size.
2015-05-10upstream commitDamien Miller
- deraadt@cvs.openbsd.org 2015/01/08 00:30:07 [bcrypt_pbkdf.c] declare a local version of MIN(), call it MINIMUM()
2015-05-10upstream commitDamien Miller
- djm@cvs.openbsd.org 2014/12/30 01:41:43 [bcrypt_pbkdf.c] typo in comment: ouput => output
2015-05-08Put brackets around mblen() compat constant.Darren Tucker
This might help with the reported problem cross compiling for Android ("error: expected identifier or '(' before numeric constant") but shouldn't hurt in any case.
2015-04-17Wrap endian.h include inside ifdef (bz#2370).Darren Tucker
2015-04-07Use do{}while(0) for no-op functions.Darren Tucker
From FreeBSD.
2015-04-07Wrap blf.h include in ifdef. From FreeBSD.Darren Tucker
2015-02-26Remove dependency on xmalloc.Darren Tucker
Remove ssh_get_progname's dependency on xmalloc, which should reduce link order problems. ok djm@
2015-02-25Move definition of _NSIG.Darren Tucker
_NSIG is only unsed in one file, so move it there prevent redefinition warnings reported by Kevin Brott.
2015-02-24Add AI_NUMERICSERV to fake-rfc2553.Darren Tucker
Our getaddrinfo implementation always returns numeric values already.
2015-02-23Wrap stdint.h includes in ifdefs.Darren Tucker
2015-01-15kludge around tun API mismatch bettererDamien Miller
2015-01-15unbreak across API changeDamien Miller
2015-01-15support --without-openssl at configure timeDamien Miller
Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
2015-01-14support --without-openssl at configure timeDamien Miller
Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
2014-12-30avoid uninitialised free of ldns_resDamien Miller
If an invalid rdclass was passed to getrrsetbyname() then this would execute a free on an uninitialised pointer. OpenSSH only ever calls this with a fixed and valid rdclass. Reported by Joshua Rogers
2014-12-29pull updated OpenBSD BCrypt PBKDF implementationDamien Miller
Includes fix for 1 byte output overflow for large key length requests (not reachable in OpenSSH). Pointed out by Joshua Rogers
2014-12-18upstream libc changeDamien Miller
revision 1.2 date: 2014/12/08 03:45:00; author: bcook; state: Exp; lines: +2 -2; commitid: 7zWEBgJJOCZ2hvTV; avoid left shift overflow in reallocarray. Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting 1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with (size_t)1 so that we get the correct constant size for the platform. discussed with tedu@ & deraadt@
2014-12-10Add reallocarray to compat libraryDarren Tucker
2014-10-01 - (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c]Damien Miller
[openbsd-compat/openbsd-compat.h] Kludge around bad glibc _FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets; ok dtucker@
2014-09-04 - (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNGDamien Miller