revision 1.14
date: 2011/07/24 21:03:00; author: miod; state: Exp; lines: +35 -13;
Recent Single Unix will malloc memory if the second argument of realpath()
is NULL, and third-party software is starting to rely upon this.
Adapted from FreeBSD via Jona Joachim (jaj ; hcl-club , .lu), with minor
tweaks from nicm@ and yours truly.
apply PubkeyAcceptedKeyTypes filtering earlier, so all
skipped keys are noted before pubkey authentication starts. ok dtucker@
Upstream-ID: ba4f52f54268a421a2a5f98bb375403f4cb044b8
don't try to change tun device flags if they are already
what we need; makes it possible to use tun/tap networking as non- root user
if device permissions and interface flags are pre-established; based on patch
by Ossi Herrala
Upstream-ID: 89099ac4634cd477b066865acf54cb230780fd21
re-order system calls in order of risk, ok i'll be
honest, ordered this way they look like tame... ok djm
Upstream-ID: 42a1e6d251fd8be13c8262bee026059ae6328813
add ssh_config CertificateFile option to explicitly list
a certificate; patch from Meghana Bhat on bz#2436; ok markus@
Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
skip if running as root; many systems (inc OpenBSD) allow
root to ptrace arbitrary processes
Upstream-Regress-ID: be2b925df89360dff36f972951fa0fa793769038
- Fix error message: passphrase needs to be at least 5
characters, not 4. - Remove unused function argument. - Remove two
unnecessary variables.
OK djm@
Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30
When adding keys to the agent, don't ignore the comment
of keys for which the user is prompted for a passphrase.
Tweak and OK djm@
Upstream-ID: dc737c620a5a8d282cc4f66e3b9b624e9abefbec
Use explicit_bzero() when zeroing before free()
from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu)
ok millert@ djm@
Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50
sync -Q in usage() to SYNOPSIS; since it's drastically
shorter, i've reformatted the block to sync with the man (80 cols) and saved
a line;
Upstream-ID: 86e2c65c3989a0777a6258a77e589b9f6f354abd
Use ssh-keygen -A instead of per-keytype invocations when generating host
keys. Add tests when doing host-key-force since we can't use ssh-keygen -A
since it can't specify alternate locations. bz#2459, ok djm@
openssh_RSA_verify return type is int, so don't make it
size_t within the function itself with only negative numbers or zero assigned
to it. bz#2460
Upstream-ID: b6e794b0c7fc4f9f329509263c8668d35f83ea55
Plug minor memory leaks when options are used more than
once. bz#2182, patch from Tiago Cunha, ok deraadt djm
Upstream-ID: 5b84d0401e27fe1614c10997010cc55933adb48e
add a debug2() right before DNS resolution; it's a place
where ssh could previously silently hang for a while. bz#2433
Upstream-ID: 52a1a3e0748db66518e7598352c427145692a6a0
don't record hostbased authentication hostkeys as user
keys in test for multiple authentication with the same key
Upstream-ID: 26b368fa2cff481f47f37e01b8da1ae5b57b1adc
Fix occurrences of "r = func() != 0" which result in the
wrong error codes being returned due to != having higher precedence than =.
ok deraadt@ markus@
Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
Improve printing of KEX offers and decisions
The debug output now labels the client and server offers and the
negotiated options. ok markus@
Upstream-ID: 8db921b3f92a4565271b1c1fbce6e7f508e1a2cb
Improve size == 0, count == 0 checking in mm_zalloc,
which is "array" like. Discussed with tedu, millert, otto.... and ok djm
Upstream-ID: 899b021be43b913fad3eca1aef44efe710c53e29
Damien Miller
djm@openbsd.org
deraadt@openbsd.org
sobrado@openbsd.org
jmc@openbsd.org
tim@openbsd.org
guenther@openbsd.org
dtucker@openbsd.org
Darren Tucker
jsg@openbsd.org