Commit Graph

12086 Commits

Author SHA1 Message Date
dtucker@openbsd.org 93291bd723
upstream: Check return values of dup2. Spotted by Coverity, ok djm@
OpenBSD-Commit-ID: 19fb1b53072826d00c67df677731d2f6c1dd602b
2023-03-03 14:49:14 +11:00
dtucker@openbsd.org e37261dff3
upstream: Use time_t for x11_refuse_time timeout. We need
SSH_TIME_T_MAX for this, so move from misc.c to misc.h so it's available.
Fixes a Coverity warning for 64bit time_t safety, ok djm@

OpenBSD-Commit-ID: c69c4c3152cdaab953706db4ccf4d5fd682f7d8d
2023-03-03 14:16:42 +11:00
dtucker@openbsd.org 32755a98c2
upstream: Check return value from fctnl and warn on failure.
Spotted by Coverity, ok djm@

OpenBSD-Commit-ID: 2097c7db3cf657f1e3a6c5077041bacc63143cab
2023-03-03 14:14:12 +11:00
dtucker@openbsd.org 5fc60e8246
upstream: Remove SUDO in proxy command wrapper. Anything that needs
sudo is already run by it, and it breaks if root isn't in sudoers.

OpenBSD-Regress-ID: 6cf22fda32a89c16915f31a6ed9bbdbef2a3bac9
2023-03-02 22:33:12 +11:00
dtucker@openbsd.org 0d514659b2
upstream: Fix breakage on dhgex test.
This was due to the sshd logs being written to the wrong log file.
While there, make save_debug_logs less verbose, write the name of the
tarball to regress.log and use $SUDO to remove the old symlinks (which
shouldn't be needed, but won't hurt).  Initial problem spotted by anton@.

OpenBSD-Regress-ID: 9c44fb9cd418e6ff31165e7a6c1f9f11a6d19f5b
2023-03-02 19:32:21 +11:00
dtucker@openbsd.org 860201201d
upstream: Quote grep and log message better.
OpenBSD-Regress-ID: 3823d9063127169736aa274b1784cb28e15b64d4
2023-03-02 19:32:18 +11:00
dtucker@openbsd.org 03a03c6002
upstream: Always call fclose on checkpoints.
In the case of an fprintf failure we would not call fclose which would
leak the FILE pointer.  While we're there, try to clean up the temp file
on failure.  Spotted by Coverity, ok djm@

OpenBSD-Commit-ID: 73c7ccc5d4fcc235f54c6b20767a2815408525ef
2023-03-02 18:24:51 +11:00
dtucker@openbsd.org 13fe8f9785
upstream: Remove old log symlinks
before creating new ones. In -portable some platforms don't like
overwriting existing symlinks.

OpenBSD-Regress-ID: 7e7ddc0beb73e945e1c4c58d51c8a125b518120f
2023-03-02 17:43:00 +11:00
Darren Tucker 131fcbcaff
Adjust test jobs for new log directory. 2023-03-01 23:23:02 +11:00
dtucker@openbsd.org a6f4ac8a2b
upstream: Rework logging for the regression tests.
Previously we would log to ssh.log and sshd.log, but that is insufficient
for tests that have more than one concurent ssh/sshd.

Instead, we'll log to separate datestamped files in a $OBJ/log/ and
leave a symlink at the previous location pointing at the most recent
instance with an entry in regress.log showing which files were created
at each point.  This should be sufficient to reconstruct what happened
even for tests that use multiple instances of each program.  If the test
fails, tar up all of the logs for later analysis.

This will let us also capture the output from some of the other tools
which was previously sent to /dev/null although most of those will be
in future commits.

OpenBSD-Regress-ID: f802aa9e7fa51d1a01225c05fb0412d015c33e24
2023-03-01 22:02:47 +11:00
dtucker@openbsd.org 8ead62ed5e
upstream: fatal out if allocating banner string fails to avoid
potential null deref later in sscanf.  Spotted by Coverity, ok deraadt@

OpenBSD-Commit-ID: 74e8d228ac00552e96e9e968dfcccf8dd1f46ad5
2023-03-01 09:01:14 +11:00
dtucker@openbsd.org 44ca56ba0b
upstream: Explicitly ignore return from fchmod
similar to other calls to prevent warning.

OpenBSD-Commit-ID: fdc5287dcee0860b5a493186414226c655b0eb0a
2023-02-28 20:02:29 +11:00
dtucker@openbsd.org 803392933a
upstream: Plug mem leak on globbed ls error path.
Spotted by Coverity, ok deraadt@

OpenBSD-Commit-ID: de28476025db29820a9a2e56e98b964d8a02861c
2023-02-28 19:51:21 +11:00
Darren Tucker aa33b4d396
Cast time_t's in debug output to long long.
Should fix Coverity warning about truncation of 64bit time_t.
2023-02-27 21:04:22 +11:00
Darren Tucker b0fd60a9de
Do shadow expiry calcs using "long long".
Coverity flags these as potentially not 64bit time_t safe so use
long long for the calculations and debug output.  ok djm@
2023-02-27 17:28:59 +11:00
Damien Miller 01dbeb3084
avoid clash between for getopt's struct option
Since we don't use getopt_long() nothing outside the getopt()
implementation itself uses this structure, so move it into the
source to remove it from visibility and clashes with libc's

ok dtucker@
2023-02-27 17:10:12 +11:00
Darren Tucker eb88d07c43
Revert explicit chmods on private keys.
This should no longer be needed on Cygwin test runners due to previous
commit.
2023-02-25 14:45:41 +11:00
Darren Tucker 52b75db610
Remove extended ACLs from working dirs.
This should allow umask to work as expected and prevent tests from
failing due to excessive permissions on private keys.
2023-02-25 14:43:28 +11:00
Darren Tucker 0c5d4c843d
Explicitly set permissions on user and host keys.
On cygwin, the umask might not be sufficient.  Should fix tests on
Github runners.
2023-02-24 13:44:13 +11:00
djm@openbsd.org 6c9fc9d7a9
upstream: fix progressmeter corruption on wide displays; bz3534
feedback/ok dtucker@

OpenBSD-Commit-ID: f4affee067cec7c182f3e0b307d758e0472762a3
2023-02-22 15:06:44 +11:00
dtucker@openbsd.org fe0bd3cde9
upstream: fseek to end of known_hosts before writing to it.
POSIX and ANSI C require that applications call fseek or similar between
read and writing to a RW file.  OpenBSD doesn't enforce this, but some
(System V derived) platforms need this to prevent it from writing a
spurious extra byte (in this case, a newline).  ok djm@ deraadt@

OpenBSD-Commit-ID: 33e680dcd8110582a93a40a8491024e961f45137
2023-02-21 18:28:26 +11:00
Darren Tucker 357fb8ae14
Also run unit tests on AIX VMs.
In the past these tests took too long, but these days it only adds
about 5 min to the run.
2023-02-21 17:51:09 +11:00
Darren Tucker 17781aaa51
Wrap stdint.h inside ifdef. 2023-02-21 17:49:22 +11:00
Mayank Sharma ef798bad38
Add includes to ptimeout test.
Fixes test failures on AIX due to type mismatches.
2023-02-20 23:24:15 +11:00
Darren Tucker ab69dda05d
Always use the openssl binary configure tells us.
This fixes tests on platforms that do not have the openssl tool
installed at all.
2023-02-20 20:01:29 +11:00
dtucker@openbsd.org 2a7e344990
upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code
to set this was removed in OpenSSH 7.7 when support for SSH implementations
dating back to before RFC standardization were removed.  "burn it all" djm@

OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda
2023-02-17 15:43:57 +11:00
dtucker@openbsd.org 0833ccf2c8
upstream: Remove now-unused compat bit SSH_BUG_BIGENDIANAES. This
was previously set for OpenSSH 2.3 (released in 2000) but this check was
removed in OpenSSH 7.7 (2018).  ok djm@ deraadt@

OpenBSD-Commit-ID: 326426ea328707fc9e83305291ab135c87f678af
2023-02-17 15:43:54 +11:00
Damien Miller c81c2bea6e
whitespace fixes 2023-02-17 10:12:40 +11:00
Damien Miller 500f90b39d
whitespace at EOL 2023-02-17 10:02:08 +11:00
dtucker@openbsd.org 6835015240
upstream: Remove SSH_BUG_PASSWORDPAD compat bit
since it's no longer used. ok markus@

OpenBSD-Commit-ID: b92c21f56fe4b7f9a54790d6a9650725c226820b
2023-02-16 21:33:00 +11:00
dtucker@openbsd.org 537cccd804
upstream: Remove SSH_BUG_IGNOREMSG compat flag
since it's only applicable to SSH1 and thus no longer used.  ok markus@
"kill it with fire" djm@

OpenBSD-Commit-ID: ea13318b1937795d9db4790d3ce0a6ed01584dab
2023-02-16 21:12:07 +11:00
jmc@openbsd.org 285cf6cd4b
upstream: space between macro and punctuation; sort usage();
OpenBSD-Commit-ID: 6141610cfca037700730e41f868d1d9124958f8c
2023-02-16 21:11:38 +11:00
jmc@openbsd.org d39a96f70f
upstream: space between macro and punctuation;
OpenBSD-Commit-ID: abc95e550be9e6d9a7ff64b65c104c7be21ab19e
2023-02-16 21:11:35 +11:00
jmc@openbsd.org 16e82bf53f
upstream: sort SYNOPSIS;
OpenBSD-Commit-ID: dacd9da33277d5669a51213d880632599c890c1e
2023-02-16 21:11:32 +11:00
Darren Tucker d9685121ff
Improve seccomp compat on older systems.
Check if flags to mmap and madvise are defined before using them.
Should fix problems building on older Linux systems that don't have
these.  bz#3537, with & ok djm@.
2023-02-11 12:32:19 +11:00
djm@openbsd.org 6180b0fa4f
upstream: test -Ohashalg=... and that the default output contains both
specified hash algorithms; prompted by dtucker@

OpenBSD-Regress-ID: 26f309208c8d8b8fa9c5f419767b85f1e9b22f51
2023-02-10 16:13:06 +11:00
djm@openbsd.org d651f5c9fe
upstream: let ssh-keygen and ssh-keyscan accept
-Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm
selection. bz3493 ok dtucker@

OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d
2023-02-10 16:12:42 +11:00
djm@openbsd.org 18938d11a9
upstream: add a `sshd -G` option that parses and prints the
effective configuration without attempting to load private keys and perform
other checks. This allows usage of the option before keys have been
generated.

bz3460 feedback/ok dtucker@

OpenBSD-Commit-ID: 774504f629023fc25a559ab1d95401adb3a7fb29
2023-02-10 16:12:42 +11:00
djm@openbsd.org df7d3dbf71
upstream: make `ssh -Q CASignatureAlgorithms` work as the manpage says
it should bz3532

OpenBSD-Commit-ID: 0ddb17b3fcbd99bfb5baea4ac5e449620cbd3adc
2023-02-10 15:44:19 +11:00
Darren Tucker d3b8d4198b
Add CentOS 7 test targets. 2023-02-10 14:26:44 +11:00
dtucker@openbsd.org 22efb01e35
upstream: Test adding terminating newline to known_hosts.
OpenBSD-Regress-ID: 5fc3010ac450195b3fbdeb68e875564968800365
2023-02-09 21:08:33 +11:00
dtucker@openbsd.org caec6da1a5
upstream: ssh-agent doesn't actually take -v,
so the recently-added ones will result in the test not cleaning up
after itself.  Patch from cjwatson at debian.org vi bz#3536.

OpenBSD-Regress-ID: 1fc8283568f5bf2f918517c2c1e778072cf61b1a
2023-02-09 21:08:16 +11:00
dtucker@openbsd.org 3c379c9a84
upstream: Ensure that there is a terminating newline when adding a new
entry to known_hosts.  bz#3529, with git+openssh at limpsquid.nl, ok deraadt@
markus@

OpenBSD-Commit-ID: fa8d90698da1886570512b96f051e266eac105e0
2023-02-09 21:07:59 +11:00
Darren Tucker 95b6bbd255
Replace 9.1 with 9.2 on CI status page. 2023-02-07 08:46:06 +11:00
Damien Miller 195313dfe1
harden Linux seccomp sandbox
Linux mmap(2) and madvise(2) syscalls support quite a number of funky
flags that we don't expect that sshd/libc will ever need. We can
exclude this kernel attack surface by filtering the mmap(2) flags
and the madvise(2) advice arguments.

Similarly, the sandboxed process in sshd is a single-threaded program
that does not use shared memory for synchronisation or communication.
Therefore, there should be no reason for the advanced priority
inheritance futex(2) operations to be necessary. These can also be
excluded.

Motivated by Jann Horn pointing out that there have been kernel bugs
in nearby Linux kernel code, e.g. CVE-2020-29368, CVE-2020-29374 and
CVE-2022-42703.

Feedback Jann Horn, ok dtucker@
2023-02-06 13:26:42 +11:00
Damien Miller 6dfb65de94
crank versions in RPM specs 2023-02-02 23:21:54 +11:00
Damien Miller d07cfb11a0
update version in README 2023-02-02 23:21:45 +11:00
Damien Miller 9fe207565b
adapt compat_kex_proposal() test to portable 2023-02-02 23:17:49 +11:00
djm@openbsd.org 903c556b93
upstream: test compat_kex_proposal(); by dtucker@
OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2
2023-02-02 23:16:40 +11:00
dtucker@openbsd.org 405fba7196
upstream: Check if we can copy sshd or need to use sudo to do so
during reexec test. Skip test if neither can work.  Patch from anton@, tweaks
from me.

OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d
2023-02-02 23:15:47 +11:00