Commit Graph

11748 Commits

Author SHA1 Message Date
Darren Tucker e75bbc1d88 Capture stderr output from configure. 2022-07-12 14:37:15 +10:00
Darren Tucker d9eaea4bea Refuse to use OpenSSL 3.0.4 due to potential RCE.
OpenSSL has a potential RCE in its RSA implementation (CVE-2022-2274)
so refuse to use that specific version.
2022-07-12 12:54:49 +10:00
Darren Tucker fb2f3a61bf Move unset to before we set anything. 2022-07-12 12:54:24 +10:00
Darren Tucker c483a5c0fb Test against openssl-3.0.5. 2022-07-06 11:52:54 +10:00
Darren Tucker 669a56bcfe Update sanitizer test targets:
- remove clang-sanitize-memory for now.  It takes so long that the test
   times out.
 - add gcc sanitize-address and sanitize-undefined test targets.
2022-07-05 18:35:53 +10:00
Darren Tucker 48cc68b691 Add GCC address sanitizer build/test. 2022-07-05 18:30:10 +10:00
Darren Tucker 55c60bdd39 Move sanitizer logs into regress for collection. 2022-07-05 18:30:10 +10:00
dtucker@openbsd.org 35ef2b3b6e upstream: Add TEST_REGRESS_CACHE_DIR.
If set, it is used to cache regress test names that have succeeded and
skip those on a re-run.

OpenBSD-Regress-ID: a7570dd29a58df59f2cca647c3c2ec989b49f247
2022-07-04 19:41:06 +10:00
Darren Tucker 7394ed80c4 Add clang sanitizer tests. 2022-07-03 22:53:44 +10:00
Darren Tucker bfce0e66b6 Skip all rlimit tests when sandboxing disabled.
The rlimit tests can hang when being run with some compiler sanitizers
so skip all of them if sandbox=no.
2022-07-03 18:14:09 +10:00
Darren Tucker 6208d61152 Move checks for pollfd.fd and nfds_t.
Move the checks for struct pollfd.fd and nfds_t to before the sandboxing
checks.  This groups all the sandbox checks together so we can skip them
all when sandboxing is disabled.
2022-07-03 17:54:49 +10:00
dtucker@openbsd.org 322964f8f2 upstream: Remove leftover line.
Remove extra line leftover from merge conflict. ok djm@

OpenBSD-Commit-ID: 460e2290875d7ae64971a7e669c244b1d1c0ae2e
2022-07-01 16:00:17 +10:00
djm@openbsd.org 7ec81daad0 upstream: use consistent field names (s/char/byte)
in format description

OpenBSD-Commit-ID: 3de33572733ee7fcfd7db33d37db23d2280254f0
2022-07-01 16:00:01 +10:00
Darren Tucker 32e82a392d Skip select+rlimit check if sandboxing is disabled
It's not needed in that case, and the test can fail when being built
with some compiler memory sanitizer flags.  bz#3441
2022-07-01 13:57:43 +10:00
djm@openbsd.org 4be7184ebe upstream: bump up loglevel from debug to info when unable to open
authorized keys/principals file for errno != ENOENT; bz2042 ok dtucker

OpenBSD-Commit-ID: e79aa550d91ade6a80f081bda689da24c086d66b
2022-07-01 13:54:53 +10:00
dtucker@openbsd.org 6c31ba10e9 upstream: Don't leak the strings allocated by order_hostkeyalgs()
and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of
github PR#324 from ZoltanFridrich, ok djm@

This is a roll-forward of the previous rollback now that the required
changes in compat.c have been done.

OpenBSD-Commit-ID: c7cd93730b3b9f53cdad3ae32462922834ef73eb
2022-07-01 13:41:16 +10:00
dtucker@openbsd.org 486c4dc3b8 upstream: Always return allocated strings from the kex filtering so
that we can free them later.  Fix one leak in compat_kex_proposal.  Based on
github PR#324 from ZoltanFridrich with some simplications by me. ok djm@

OpenBSD-Commit-ID: 9171616da3307612d0ede086fd511142f91246e4
2022-07-01 13:41:16 +10:00
djm@openbsd.org 96faa0de6c upstream: ignore SIGPIPE earlier in main(), specifically before
muxclient() which performs operations that could cause one; Reported by Noam
Lewis via bz3454, ok dtucker@

OpenBSD-Commit-ID: 63d8e13276869eebac6d7a05d5a96307f9026e47
2022-07-01 10:37:46 +10:00
jmc@openbsd.org 33efac790f upstream: reflect the update to -D arg name in usage();
OpenBSD-Commit-ID: abdcde4f92b1ef094ae44210ee99d3b0155aad9c
2022-07-01 10:37:46 +10:00
Darren Tucker c71a1442d0 Update OpenSSL tests to the most recent releases. 2022-06-29 18:28:47 +10:00
djm@openbsd.org 2a822f2930 upstream: allow arguments to sftp -D option, e.g. sftp -D
"/usr/libexec/sftp-server -el debug3"

ok markus@

OpenBSD-Commit-ID: 5a002b9f3a7aef2731fc0ffa9c921cf15f38ecce
2022-06-28 07:43:15 +10:00
dtucker@openbsd.org 2369a28101 upstream: Roll back previous KEX changes as they aren't safe until
compat_pkalg_proposal and friends always allocate their returned strings.
Reported by Qualys.

OpenBSD-Commit-ID: 1c7a88a0d5033f42f88ab9bec58ef1cf72c81ad0
2022-06-28 07:43:15 +10:00
dtucker@openbsd.org 646686136c upstream: Don't leak the strings allocated by order_hostkeyalgs()
and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of
github PR#324 from ZoltanFridrich, ok djm@

OpenBSD-Commit-ID: b2f6e5f60f2bba293b831654328a8a0035ef4a1b
2022-06-28 07:43:15 +10:00
Darren Tucker 193c6d8d90 Zero out LIBFIDO2 when SK support not usable.
Prevents us from trying to link them into ssh-sk-helper and failing to
build.
2022-06-25 12:16:15 +10:00
Darren Tucker 40f5d849d2 Disable SK support if FIDO libs not found. 2022-06-25 11:47:28 +10:00
Damien Miller 5fd922ade1 fix broken case statement in previous 2022-06-24 14:43:54 +10:00
Damien Miller f51423bdaf request 1.1x API compatibility for OpenSSL >=3.x
idea/patch from Pedro Martelletto via GHPR#322; ok dtucker@
2022-06-24 14:40:42 +10:00
djm@openbsd.org 455cee8d6c upstream: make it clear that RekeyLimit applies to both transmitted
and received data. GHPR#328 from Jan Pazdziora

OpenBSD-Commit-ID: d180a905fec9ff418a75c07bb96ea41c9308c3f9
2022-06-24 14:28:29 +10:00
tobhe@openbsd.org 17904f0580 upstream: Make sure not to fclose() the same fd twice in case of an
error.

ok dtucker@

OpenBSD-Commit-ID: e384c4e05d5521e7866b3d53ca59acd2a86eef99
2022-06-24 14:28:29 +10:00
dtucker@openbsd.org f29d6cf98c upstream: Don't attempt to fprintf a null identity comment. From
Martin Vahlensieck via tech@.

OpenBSD-Commit-ID: 4c54d20a8e8e4e9912c38a7b4ef5bfc5ca2e05c2
2022-06-24 14:28:29 +10:00
dtucker@openbsd.org ad1762173b upstream: Log an error if pipe() fails while accepting a
connection.  bz#3447, from vincent-openssh at vinc17 net, ok djm@

OpenBSD-Commit-ID: 9d59f19872b94900a5c79da2d57850241ac5df94
2022-06-24 14:28:29 +10:00
Damien Miller 9c59e7486c automatically enable built-in FIDO support
If libfido2 is found and usable, then enable the built-in
security key support unless --without-security-key-builtin
was requested.

ok dtucker@
2022-06-24 14:20:43 +10:00
Damien Miller 7d25b37fb2 fix possible NULL deref when built without FIDO
Analysis/fix from kircher in bz3443; ok dtucker@
2022-06-24 13:46:39 +10:00
djm@openbsd.org f5ba85dadd upstream: make sure that UseDNS hostname lookup happens in the monitor
and not in the pledge(2)'d unprivileged process; fixes regression caused by
recent refactoring spotted by henning@

OpenBSD-Commit-ID: a089870b95101cd8881a2dff65b2f1627d13e88d
2022-06-16 02:12:11 +10:00
djm@openbsd.org acb2059feb upstream: move auth_openprincipals() and auth_openkeyfile() over to
auth2-pubkeyfile.c too; they make more sense there.

OpenBSD-Commit-ID: 9970d99f900e1117fdaab13e9e910a621b7c60ee
2022-06-03 14:49:18 +10:00
djm@openbsd.org 3d9b0845f3 upstream: test setenv in both client and server, test first-match-wins
too

OpenBSD-Regress-ID: 4c8804f9db38a02db480b9923317457b377fe34b
2022-06-03 14:34:12 +10:00
djm@openbsd.org 22e1a3a71a upstream: Make SetEnv directives first-match-wins in both
sshd_config and sshd_config; previously if the same name was reused then the
last would win (which is the opposite to how the config is supposed to work).

While there, make the ssh_config parsing more like sshd_config.

bz3438, ok dtucker

OpenBSD-Commit-ID: 797909c1e0262c0d00e09280459d7ab00f18273b
2022-06-03 14:33:18 +10:00
dtucker@openbsd.org 38ed6c57e9 upstream: Add missing *-sk types to ssh-keyscan manpage. From
skazi0 via github PR#294.

OpenBSD-Commit-ID: fda2c869cdb871f3c90a89fb3f985370bb5d25c0
2022-06-03 14:33:18 +10:00
dtucker@openbsd.org ea97ec98c4 upstream: Add period at end of "not known by any other names"
message.  github PR#320 from jschauma, ok djm@

OpenBSD-Commit-ID: bd60809803c4bfd3ebb7c5c4d918b10e275266f2
2022-06-03 13:38:21 +10:00
dtucker@openbsd.org 88e376fcd6 upstream: ssh-keygen -A: do not generate DSA keys by default.
Based on github PR#303 from jsegitz with man page text from jmc@, ok markus@
djm@

OpenBSD-Commit-ID: 5c4c57bdd7063ff03381cfb6696659dd3f9f5b9f
2022-06-03 13:38:19 +10:00
naddy@openbsd.org 6b3fb62467 upstream: ssh-keygen: implement "verify-required" certificate option.
This was already documented when support for user-verified FIDO
keys was added, but the ssh-keygen(1) code was missing.

ok djm@

OpenBSD-Commit-ID: f660f973391b593fea4b7b25913c9a15c3eb8a06
2022-06-03 13:38:15 +10:00
jmc@openbsd.org b7f86ffc30 upstream: keywords ref ssh_config.5;
from caspar schutijser

OpenBSD-Commit-ID: f146a19d7d5c9374c3b9c520da43b2732d7d1a4e
2022-06-03 13:38:12 +10:00
Damien Miller dc7bc52372 fix some bugs in the fuzzer 2022-05-30 09:29:20 +10:00
Darren Tucker 1781f507c1 Test against OpenSSL 1.1.1o and 3.0.3. 2022-05-27 18:19:48 +10:00
Darren Tucker c53906e0c5 Test against LibreSSL 3.5.3. 2022-05-27 18:18:31 +10:00
Damien Miller 9b3ad432ad fuzzer for authorized_keys parsing
mostly redundant to authopt_fuzz, but it's sensitive code so IMO it
makes sense to test this layer too
2022-05-27 17:00:43 +10:00
djm@openbsd.org c83d8c4d6f upstream: split the low-level file handling functions out from
auth2-pubkey.c

Put them in a new auth2-pubkeyfile.c to make it easier to refer to them
(e.g. in unit/fuzz tests) without having to refer to everything else
pubkey auth brings in.

ok dtucker@

OpenBSD-Commit-ID: 3fdca2c61ad97dc1b8d4a7346816f83dc4ce2217
2022-05-27 16:38:03 +10:00
djm@openbsd.org 3b0b142d2a upstream: refactor authorized_keys/principals handling
remove "struct ssh *" from arguments - this was only used to pass the
remote host/address. These can be passed in instead and the resulting
code is less tightly coupled to ssh_api.[ch]

ok dtucker@

OpenBSD-Commit-ID: 9d4373d013edc4cc4b5c21a599e1837ac31dda0d
2022-05-27 16:36:06 +10:00
dtucker@openbsd.org 2c334fd36f upstream: f sshpkt functions fail, then password is not cleared
with freezero. Unconditionally call freezero to guarantee that password is
removed from RAM.

From tobias@ and c3h2_ctf via github PR#286, ok djm@

OpenBSD-Commit-ID: 6b093619c9515328e25b0f8093779c52402c89cd
2022-05-27 14:59:17 +10:00
dtucker@openbsd.org 5d3a77f4c5 upstream: Avoid kill with -1 argument. The out_ctx label can be
reached before fork has been called. If this happens, then kill -1 would be
called, sending SIGTERM to all processes reachable by the current process.

From tobias@ and c3h2_ctf via github PR#286, ok djm@

OpenBSD-Commit-ID: 6277af1207d81202f5daffdccfeeaed4c763b1a8
2022-05-27 14:59:17 +10:00