Commit Graph

12417 Commits

Author SHA1 Message Date
djm@openbsd.org 4c3cf36263
upstream: fix missing field in users-groups-by-id@openssh.com reply
documentation

GHPR441 from TJ Saunders

OpenBSD-Commit-ID: ff5733ff6ef4cd24e0758ebeed557aa91184c674
2024-01-08 16:06:29 +11:00
djm@openbsd.org f64cede2a3
upstream: make kex-strict section more explicit about its intent:
banning all messages not strictly required in KEX

OpenBSD-Commit-ID: fc33a2d7f3b7013a7fb7500bdbaa8254ebc88116
2024-01-08 16:06:28 +11:00
Damien Miller 698fe6fd61
update fuzzer example makefile to clang16 2024-01-08 14:46:19 +11:00
Damien Miller fc332cb2d6
unbreak fuzzers - missing pkcs11_make_cert()
provide stub for use in fuzzer harness
2024-01-08 14:45:49 +11:00
Damien Miller 9ea0a4524a
unbreak fuzzers for clang16
getopt() needs a throw() attribute to compile, so supply one when compiling
things with C++
2024-01-08 14:45:14 +11:00
djm@openbsd.org a72833d007
upstream: remove ext-info-* in the kex.c code, not in callers;
with/ok markus@

OpenBSD-Commit-ID: c06fe2d3a0605c517ff7d65e38ec7b2d1b0b2799
2024-01-08 13:26:43 +11:00
djm@openbsd.org 86f9e96d9b
upstream: fix typo; spotted by Albert Chin
OpenBSD-Commit-ID: 77140b520a43375b886e535eb8bd842a268f9368
2024-01-08 13:26:42 +11:00
dtucker@openbsd.org f0cbd26ec9
upstream: Import regenerated moduli.
OpenBSD-Commit-ID: 5a636f6ca7f25bfe775df4952f7aac90a7fcbbee
2024-01-08 13:26:29 +11:00
jsg@openbsd.org 64ddf77653
upstream: spelling; ok markus@
OpenBSD-Commit-ID: 9d01f2e9d59a999d5d42fc3b3efcf8dfb892e31b
2024-01-08 13:25:21 +11:00
jmc@openbsd.org 503fbe9ea2
upstream: sort -C, and add to usage(); ok djm
OpenBSD-Commit-ID: 80141b2a5d60c8593e3c65ca3c53c431262c812f
2024-01-08 13:25:20 +11:00
djm@openbsd.org 5413b1c7ff
upstream: correct section numbers; from Ed Maste
OpenBSD-Commit-ID: e289576ee5651528404cb2fb68945556052cf83f
2024-01-08 13:25:20 +11:00
djm@openbsd.org 430ef86464
upstream: match flag type (s/int/u_int)
OpenBSD-Commit-ID: 9422289747c35ccb7b31d0e1888ccd5e74ad566a
2024-01-08 13:25:19 +11:00
Damien Miller 1036d77b34
better detection of broken -fzero-call-used-regs
gcc 13.2.0 on ppc64le refuses to compile some function, including
cipher.c:compression_alg_list() with an error:

> sorry, unimplemented: argument ‘used’ is not supportedcw
> for ‘-fzero-call-used-regs’ on this target

This extends the autoconf will-it-work test with a similarly-
structured function that seems to catch this.

Spotted/tested by Colin Watson; bz3645
2023-12-22 17:56:26 +11:00
Damien Miller 8241b9c052
crank versions 2023-12-19 01:59:50 +11:00
Damien Miller 2f2c65cb5f
depend 2023-12-19 01:59:06 +11:00
djm@openbsd.org e48cdee8e1
upstream: regress test for agent PKCS#11-backed certificates
OpenBSD-Regress-ID: 38f681777cb944a8cc3bf9d0ad62959a16764df9
2023-12-19 01:57:37 +11:00
djm@openbsd.org 2f512f862d
upstream: regress test for constrained PKCS#11 keys
OpenBSD-Regress-ID: b2f26ae95d609d12257b43aef7cd7714c82618ff
2023-12-19 01:57:16 +11:00
djm@openbsd.org cdddd66412
upstream: openssh-9.6
OpenBSD-Commit-ID: 21759837cf0e0092d9a2079f8fb562071c11016b
2023-12-19 01:53:47 +11:00
djm@openbsd.org 6d51feab15
upstream: ssh-agent: record failed session-bind attempts
Record failed attempts to session-bind a connection and refuse signing
operations on that connection henceforth.

Prevents a future situation where we add a new hostkey type that is not
recognised by an older ssh-agent, that consequently causes session-bind
to fail (this situation is only likely to arise when people mix ssh(1)
and ssh-agent(1) of different versions on the same host). Previously,
after such a failure the agent socket would be considered unbound and
not subject to restriction.

Spotted by Jann Horn

OpenBSD-Commit-ID: b0fdd023e920aa4831413f640de4c5307b53552e
2023-12-19 01:53:40 +11:00
djm@openbsd.org 7ef3787c84
upstream: ban user/hostnames with most shell metacharacters
This makes ssh(1) refuse user or host names provided on the
commandline that contain most shell metacharacters.

Some programs that invoke ssh(1) using untrusted data do not filter
metacharacters in arguments they supply. This could create
interactions with user-specified ProxyCommand and other directives
that allow shell injection attacks to occur.

It's a mistake to invoke ssh(1) with arbitrary untrusted arguments,
but getting this stuff right can be tricky, so this should prevent
most obvious ways of creating risky situations. It however is not
and cannot be perfect: ssh(1) has no practical way of interpreting
what shell quoting rules are in use and how they interact with the
user's specified ProxyCommand.

To allow configurations that use strange user or hostnames to
continue to work, this strictness is applied only to names coming
from the commandline. Names specified using User or Hostname
directives in ssh_config(5) are not affected.

feedback/ok millert@ markus@ dtucker@ deraadt@

OpenBSD-Commit-ID: 3b487348b5964f3e77b6b4d3da4c3b439e94b2d9
2023-12-19 01:53:40 +11:00
djm@openbsd.org 0cb50eefdd
upstream: stricter handling of channel window limits
This makes ssh/sshd more strict in handling non-compliant peers that
send more data than the advertised channel window allows. Previously
the additional data would be silently discarded. This change will
cause ssh/sshd to terminate the connection if the channel window is
exceeded by more than a small grace allowance.

ok markus@

OpenBSD-Commit-ID: 811e21b41831eba3dd7f67b3d409a438f20d3037
2023-12-19 01:52:55 +11:00
djm@openbsd.org 4448a2938a
upstream: Make it possible to load certs from PKCS#11 tokens
Adds a protocol extension to allow grafting certificates supplied by
ssh-add to keys loaded from PKCS#11 tokens in the agent.

feedback/ok markus@

OpenBSD-Commit-ID: bb5433cd28ede2bc910996eb3c0b53e20f86037f
2023-12-19 01:52:55 +11:00
djm@openbsd.org 881d9c6af9
upstream: apply destination constraints to all p11 keys
Previously applied only to the first key returned from each token.

ok markus@

OpenBSD-Commit-ID: 36df3afb8eb94eec6b2541f063d0d164ef8b488d
2023-12-19 01:51:46 +11:00
djm@openbsd.org a7ed931cae
upstream: add "ext-info-in-auth@openssh.com" extension
This adds another transport protocol extension to allow a sshd to send
SSH2_MSG_EXT_INFO during user authentication, after the server has
learned the username that is being logged in to.

This lets sshd to update the acceptable signature algoritms for public
key authentication, and allows these to be varied via sshd_config(5)
"Match" directives, which are evaluated after the server learns the
username being authenticated.

Full details in the PROTOCOL file

OpenBSD-Commit-ID: 1de7da7f2b6c32a46043d75fcd49b0cbb7db7779
2023-12-19 01:51:46 +11:00
djm@openbsd.org 1edb00c58f
upstream: implement "strict key exchange" in ssh and sshd
This adds a protocol extension to improve the integrity of the SSH
transport protocol, particular in and around the initial key exchange
(KEX) phase.

Full details of the extension are in the PROTOCOL file.

with markus@

OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14
2023-12-19 01:51:11 +11:00
Damien Miller 59d691b886
better detection of broken -fzero-call-used-regs
Use OSSH_CHECK_CFLAG_LINK() for detection of these flags and extend
test program to exercise varargs, which seems to catch more stuff.

ok dtucker@
2023-12-18 14:49:11 +11:00
djm@openbsd.org aa7b217085
upstream: when invoking KnownHostsCommand to determine the order of
host key algorithms to request, ensure that the hostname passed to the
command is decorated with the port number for ports other than 22.

This matches the behaviour of KnownHostsCommand when invoked to look
up the actual host key.

bz3643, ok dtucker@

OpenBSD-Commit-ID: 5cfabc0b7c6c7ab473666df314f377b1f15420b1
2023-12-13 14:33:50 +11:00
markus@openbsd.org 4086bd6652
upstream: prevent leak in sshsig_match_principals; ok djm@
OpenBSD-Commit-ID: 594f61ad4819ff5c72dfe99ba666a17f0e1030ae
2023-12-13 14:33:50 +11:00
djm@openbsd.org 19d3ee2f3a
upstream: short circuit debug log processing early if we're not going
to log anything. From Kobe Housen

OpenBSD-Commit-ID: 2bcddd695872a1bef137cfff7823044dcded90ea
2023-12-07 08:09:11 +11:00
Darren Tucker 947affad48
Add tests for OpenSSL 3.2.0 and 3.2 stable branch. 2023-11-27 09:37:28 +11:00
Darren Tucker 747dce3620
Use non-zero arg in compiler test program.
Now that we're running the test program, passing zero to the test function
can cause divide-by-zero exceptions which might show up in logs.
2023-11-25 09:03:38 +11:00
dtucker@openbsd.org 3d44a5c565
upstream: Plug mem leak of msg when processing a quit message.
Coverity CID#427852, ok djm@

OpenBSD-Commit-ID: bf85362addbe2134c3d8c4b80f16601fbff823b7
2023-11-24 12:01:34 +11:00
dtucker@openbsd.org 1d7f9b6e29
upstream: Include existing mux path in debug message.
OpenBSD-Commit-ID: 1c3641be10c2f4fbad2a1b088a441d072e18bf16
2023-11-24 12:01:31 +11:00
Darren Tucker f29934066b
Add an Ubuntu 22.04 test VM.
This is the same version as Github's runners so most of the testing on
it is over there, but having a local VM makes debugging much easier.
2023-11-23 19:41:27 +11:00
Darren Tucker a93284a780
Add gcc-12 -Werror test on Ubuntu 22.04.
Explictly specify gcc-11 on Ubuntu 22.04 (it's the system compiler).
2023-11-23 19:36:22 +11:00
Darren Tucker 670f5a647e
Check return value from write to prevent warning.
... and since we're testing for flags with -Werror, this caused
configure to mis-detect compiler flags.
2023-11-23 19:34:57 +11:00
Darren Tucker cea007d691
Run compiler test program when compiling natively.
ok djm@
2023-11-23 14:40:51 +11:00
Darren Tucker ee0d305828
Factor out compiler test program into a macro.
ok djm@
2023-11-23 14:40:48 +11:00
Darren Tucker de304c7631
Add fbsd14 VM to test pool. 2023-11-22 08:55:36 +11:00
Darren Tucker 99a2df5e19
Expand -fzero-call-used-regs test to cover gcc 11.
It turns out that gcc also has some problems with -fzero-call-used-regs,
at least v11 on mips.  Previously the test in OSSH_CHECK_CFLAG_COMPILE
was sufficient to catch it with "=all", but not sufficient for "=used".
Expand the testcase and include it in the other tests for good measure.
See bz#3629.  ok djm@.
2023-11-21 16:24:17 +11:00
Darren Tucker ff220d4010
Stop using -fzero-call-used-regs=all
... since it seems to be problematic with several different versions of
clang.  Only use -fzero-call-used-regs=used which is less
problematic, except with Apple's clang where we don't use it at all.
bz#3629, ok djm@
2023-11-21 14:04:34 +11:00
Darren Tucker 2a19e02f36
Allow for vendor prefix on clang version numbers.
Correctly detects the version of OpenBSD's native clang, as well as
Apple's.  Spotted tb@, ok djm@.
2023-11-21 14:02:18 +11:00
djm@openbsd.org c52db01148
upstream: set errno=EAFNOSUPPORT when filtering addresses that don't
match AddressFamily; yields slightly better error message if no address
matches. bz#3526

OpenBSD-Commit-ID: 29cea900ddd8b04a4d1968da5c4a893be2ebd9e6
2023-11-20 13:51:15 +11:00
djm@openbsd.org 26f3f3bbc6
upstream: when connecting via socket (the default case), filter
addresses by AddressFamily if one was specified. Fixes the case where, if
CanonicalizeHostname is enabled, ssh may ignore AddressFamily. bz5326; ok
dtucker

OpenBSD-Commit-ID: 6c7d7751f6cd055126b2b268a7b64dcafa447439
2023-11-16 10:05:32 +11:00
djm@openbsd.org 050c335c8d
upstream: when deciding whether to enable keystroke timing
obfuscation, only consider enabling it when a channel with a tty is open.

Avoids turning on the obfucation when X11 forwarding only is in use,
which slows it right down. Reported by Roger Marsh

OpenBSD-Commit-ID: c292f738db410f729190f92de100c39ec931a4f1
2023-11-16 09:53:42 +11:00
tobhe@openbsd.org 676377ce67
upstream: Make sure sftp_get_limits() only returns 0 if 'limits'
was initialized. This fixes a potential uninitialized use of 'limits' in
sftp_init() if sftp_get_limits() returned early because of an unexpected
message type.

ok djm@

OpenBSD-Commit-ID: 1c177d7c3becc1d71bc8763eecf61873a1d3884c
2023-11-16 09:53:42 +11:00
Darren Tucker 64e0600f23
Test current releases of LibreSSL and OpenSSL.
Retire some of the older releases.
2023-11-13 20:03:31 +11:00
dtucker@openbsd.org c8ed7cc545
upstream: Specify ssh binary to use
... instead of relying on installed one.  Fixes test failures in -portable
when running tests prior to installation.

OpenBSD-Regress-ID: b6d6ba71c23209c616efc805a60d9a445d53a685
2023-11-01 13:55:45 +11:00
Darren Tucker e9fc2c4812
Put long-running test targets on hipri runners.
Some of the selfhosted test targets take a long time to run for various
reasons, so label them for "libvirt-hipri" runners so that they can
start immediately.  This should reduce the time to complete all tests.
2023-11-01 13:11:31 +11:00
djm@openbsd.org 7ddf27668f
upstream: add some tests of forced commands overriding Subsystem
directives

OpenBSD-Regress-ID: eb48610282f6371672bdf2a8b5d2aa33cfbd322b
2023-11-01 11:39:55 +11:00