Commit Graph

8288 Commits

Author SHA1 Message Date
schwarze@openbsd.org 75f0844b4f upstream commit
Fix two rare edge cases: 1. If vasprintf() returns < 0,
 do not access a NULL pointer in snmprintf(), and do not free() the pointer
 returned from vasprintf() because on some systems other than OpenBSD, it
 might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
 rather than -1 and NULL.

Besides, free(dst) is pointless after failure (not a bug).

One half OK martijn@, the other half OK deraadt@;
committing quickly before people get hurt.

Upstream-Regress-ID: b164f20923812c9bac69856dbc1385eb1522cba4
2016-06-08 11:45:05 +10:00
schwarze@openbsd.org 016881eb33 upstream commit
test the new utf8 module

Upstream-Regress-ID: c923d05a20e84e4ef152cbec947fdc4ce6eabbe3
2016-06-08 11:45:05 +10:00
dtucker@openbsd.org d4219028bd upstream commit
Set umask to prevent "Bad owner or permissions" errors.

Upstream-Regress-ID: 8fdf2fc4eb595ccd80c443f474d639f851145417
2016-06-08 11:42:39 +10:00
djm@openbsd.org 07d5608bb2 upstream commit
support doas

Upstream-Regress-ID: 8d5572b27ea810394eeda432d8b4e9e1064a7c38
2016-06-08 11:42:39 +10:00
djm@openbsd.org 01cabf10ad upstream commit
unit tests for sshbuf_dup_string()

Upstream-Regress-ID: 7521ff150dc7f20511d1c2c48fd3318e5850a96d
2016-06-08 11:40:38 +10:00
jmc@openbsd.org 6915f1698e upstream commit
tweak previous;

Upstream-ID: 92979f1a0b63e041a0e5b08c9ed0ba9b683a3698
2016-06-08 11:39:31 +10:00
dtucker@openbsd.org 0cb2f4c249 upstream commit
Allow ExitOnForwardFailure and ClearAllForwardings to be
 overridden when using ssh -W (but still default to yes in that case).
 bz#2577, ok djm@.

Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4
2016-06-08 11:39:31 +10:00
dtucker@openbsd.org 8543ff3f50 upstream commit
Move the host and port used by ssh -W into the Options
 struct. This will make future changes a bit easier.  ok djm@

Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
2016-06-08 11:39:31 +10:00
dtucker@openbsd.org 6b87311d3a upstream commit
Check min and max sizes sent by the client against what
 we support before passing them to the monitor.  ok djm@

Upstream-ID: 750627e8117084215412bff00a25b1586ab17ece
2016-06-08 11:39:31 +10:00
dtucker@openbsd.org 564cd2a892 upstream commit
Ensure that the client's proposed DH-GEX max value is at
 least as big as the minimum the server will accept.  ok djm@

Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775
2016-06-08 11:39:31 +10:00
Darren Tucker df820722e4 Add compat bits to utf8.c. 2016-06-06 11:36:13 +10:00
Darren Tucker 05c6574652 Fix utf->utf8 typo. 2016-06-06 11:33:43 +10:00
schwarze@openbsd.org 6c1717190b upstream commit
Backout rev. 1.43 for now.

The function update_progress_meter() calls refresh_progress_meter()
which calls snmprintf() which calls malloc(); but update_progress_meter()
acts as the SIGALRM signal handler.

"malloc(): error: recursive call" reported by sobrado@.

Upstream-ID: aaae57989431e5239c101f8310f74ccc83aeb93e
2016-06-06 11:27:38 +10:00
schwarze@openbsd.org cd9e1eabeb upstream commit
Even when only writing an unescaped character, the dst
 buffer may need to grow, or it would be overrun; issue found by tb@ with
 malloc.conf(5) 'C'.

While here, reserve an additional byte for the terminating NUL
up front such that we don't have to realloc() later just for that.

OK tb@

Upstream-ID: 30ebcc0c097c4571b16f0a78b44969f170db0cff
2016-06-06 11:27:38 +10:00
schwarze@openbsd.org ac284a355f upstream commit
Fix two rare edge cases: 1. If vasprintf() returns < 0,
 do not access a NULL pointer in snmprintf(), and do not free() the pointer
 returned from vasprintf() because on some systems other than OpenBSD, it
 might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
 rather than -1 and NULL.

Besides, free(dst) is pointless after failure (not a bug).

One half OK martijn@, the other half OK deraadt@;
committing quickly before people get hurt.

Upstream-ID: b7bcd2e82fc168a8eff94e41f5db336ed986fed0
2016-06-06 11:27:38 +10:00
schwarze@openbsd.org 0e059cdf5f upstream commit
To prevent screwing up terminal settings when printing to
 the terminal, for ASCII and UTF-8, escape bytes not forming characters and
 bytes forming non-printable characters with vis(3) VIS_OCTAL. For other
 character sets, abort printing of the current string in these cases.  In
 particular, * let scp(1) respect the local user's LC_CTYPE locale(1); *
 sanitize data received from the remote host; * sanitize filenames, usernames,
 and similar data even locally; * take character display widths into account
 for the progressmeter.

This is believed to be sufficient to keep the local terminal safe
on OpenBSD, but bad things can still happen on other systems with
state-dependent locales because many places in the code print
unencoded ASCII characters into the output stream.

Using feedback from djm@ and martijn@,
various aspects discussed with many others.

deraadt@ says it should go in now, i probably already hesitated too long

Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
2016-06-06 11:27:38 +10:00
dtucker@openbsd.org 8c02e3639a upstream commit
KNF compression proposal and simplify the client side a
 little.  ok djm@

Upstream-ID: aa814b694efe9e5af8a26e4c80a05526ae6d6605
2016-06-06 11:25:38 +10:00
dtucker@openbsd.org 7ec4946fb6 upstream commit
Back out 'plug memleak'.

Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0
2016-06-06 11:25:37 +10:00
djm@openbsd.org 82f24c3ddc upstream commit
prefer agent-hosted keys to keys from PKCS#11; ok markus

Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4
2016-06-06 11:25:37 +10:00
dtucker@openbsd.org a0cb7778fb upstream commit
Plug mem leak in filter_proposal.  ok djm@

Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34
2016-06-06 11:25:37 +10:00
Darren Tucker ae9c0d4d5c Update vis.h and vis.c from OpenBSD.
This will be needed for the upcoming utf8 changes.
2016-06-03 16:03:44 +10:00
Tim Rice e1d93705f8 modified: configure.ac
whitspace clean up. No code changes.
2016-05-31 11:13:22 -07:00
Damien Miller 604a037d84 whitespace at EOL 2016-05-31 16:45:28 +10:00
Darren Tucker 1842420016 Add missing ssh-host-config --name option
Patch from vinschen@redhat.com.
2016-05-30 19:35:28 +10:00
Darren Tucker 39c0cecaa1 Fix comment about sshpam_const and AIX.
From mschwager via github.
2016-05-20 10:01:58 +10:00
Damien Miller f64062b1f7 Deny lstat syscalls in seccomp sandbox
Avoids sandbox violations for some krb/gssapi libraries.
2016-05-20 09:56:53 +10:00
djm@openbsd.org 531c135409 upstream commit
fix type of ed25519 values

Upstream-ID: b32d0cb372bbe918ca2de56906901eae225a59b0
2016-05-19 17:48:36 +10:00
markus@openbsd.org 75e21688f5 upstream commit
add IdentityAgent; noticed & ok jmc@

Upstream-ID: 4ba9034b00a4cf1beae627f0728da897802df88a
2016-05-19 17:48:36 +10:00
markus@openbsd.org 1a75d14daf upstream commit
allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@

Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac
2016-05-19 17:48:35 +10:00
markus@openbsd.org 0516454151 upstream commit
move SSH_MSG_NONE, so we don't have to include ssh1.h;
 ok deraadt@

Upstream-ID: c2f97502efc761a41b18c17ddf460e138ca7994e
2016-05-19 17:48:34 +10:00
Damien Miller 332ff3d770 initialise salen in binresvport_sa
avoids failures with UsePrivilegedPort=yes

patch from Juan Gallego
2016-05-10 09:51:06 +10:00
markus@openbsd.org c5c1d5d2f0 upstream commit
missing const in prototypes (ssh1)

Upstream-ID: 789c6ad4928b5fa557369b88c3a6a34926082c05
2016-05-05 00:10:03 +10:00
dtucker@openbsd.org 9faae50e2e upstream commit
Fix inverted logic for updating StreamLocalBindMask which
 would cause the server to set an invalid mask. ok djm@

Upstream-ID: 8a4404c8307a5ef9e07ee2169fc6d8106b527587
2016-05-05 00:10:03 +10:00
markus@openbsd.org b02ad1ce91 upstream commit
IdentityAgent for specifying specific agent sockets; ok
 djm@

Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1
2016-05-05 00:01:49 +10:00
djm@openbsd.org 910e59bba0 upstream commit
fix junk characters after quotes

Upstream-ID: cc4d0cd32cb6b55a2ef98975d2f7ae857d0dc578
2016-05-05 00:01:49 +10:00
jmc@openbsd.org 9283884e64 upstream commit
correct article;

Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168
2016-05-05 00:01:49 +10:00
djm@openbsd.org cfefbcea10 upstream commit
fix overriding of StreamLocalBindMask and
 StreamLocalBindUnlink in Match blocks; found the hard way Rogan Dawes

Upstream-ID: 940bc69ec0249ab428d24ccd0722ce35cb932ee2
2016-05-04 01:58:46 +10:00
djm@openbsd.org 771c2f51ff upstream commit
don't forget to include StreamLocalBindUnlink in the
 config dump output

Upstream-ID: 14a6d970b3b45c8e94272e3c661e9a0b2a0ee7cb
2016-05-04 01:58:46 +10:00
djm@openbsd.org cdcd941994 upstream commit
make nethack^wrandomart fingerprint flag more readily
 searchable pointed out by Matt Johnston

Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb
2016-05-04 01:58:46 +10:00
djm@openbsd.org 05855bf2ce upstream commit
clarify ordering of subkeys; pointed out by ietf-ssh AT
 stbuehler.de

Upstream-ID: 05ebe9f949449a555ebce8e0aad7c8c9acaf8463
2016-05-04 00:55:21 +10:00
dtucker@openbsd.org cca3b43958 upstream commit
Use a subshell for constructing key types to work around
 different sed behaviours for -portable.

Upstream-Regress-ID: 0f6eb673162df229eda9a134a0f10da16151552d
2016-05-03 23:05:32 +10:00
djm@openbsd.org fa58208c65 upstream commit
correct some typos and remove a long-stale XXX note.

add specification for ed25519 certificates

mention no host certificate options/extensions are currently defined

pointed out by Simon Tatham

Upstream-ID: 7b535ab7dba3340b7d8210ede6791fdaefdf839a
2016-05-03 20:29:14 +10:00
djm@openbsd.org b466f956c3 upstream commit
add ed25519 keys that are supported but missing from this
 documents; from Peter Moody

Upstream-ID: 8caac2d8e8cfd2fca6dc304877346e0a064b014b
2016-05-03 20:29:13 +10:00
dtucker@openbsd.org 7f3d76319a upstream commit
Implement IUTF8 as per draft-sgtatham-secsh-iutf8-00.  Patch
 from Simon Tatham, ok markus@

Upstream-ID: 58268ebdf37d9d467f78216c681705a5e10c58e8
2016-05-03 20:04:42 +10:00
djm@openbsd.org 31bc01c05d upstream commit
unbreak config parsing on reexec from previous commit

Upstream-ID: bc69932638a291770955bd05ca55a32660a613ab
2016-05-03 00:14:01 +10:00
djm@openbsd.org 67f1459efd upstream commit
unit and regress tests for SHA256/512; ok markus

Upstream-Regress-ID: a0cd1a92dc824067076a5fcef83c18df9b0bf2c6
2016-05-02 20:59:50 +10:00
djm@openbsd.org 0e8eeec8e7 upstream commit
add support for additional fixed DH groups from
 draft-ietf-curdle-ssh-kex-sha2-03

diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)

based on patch from Mark D. Baushke and Darren Tucker
ok markus@

Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
2016-05-02 20:39:32 +10:00
djm@openbsd.org 57464e3934 upstream commit
support SHA256 and SHA512 RSA signatures in certificates;
 ok markus@

Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a
2016-05-02 20:35:05 +10:00
djm@openbsd.org 1a31d02b24 upstream commit
fix signed/unsigned errors reported by clang-3.7; add
 sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
 better safety checking; feedback and ok markus@

Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
2016-05-02 20:35:04 +10:00
djm@openbsd.org d2d6bf864e upstream commit
close ControlPersist background process stderr when not
 in debug mode or when logging to a file or syslog. bz#1988 ok dtucker

Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24
2016-04-29 18:09:02 +10:00