* Complete pending write operations before canceling io.
* Removed comment, question has been addressed in mr.
* include useful comment from vthiebaut10
---------
Co-authored-by: Christopher Greene <christopher.greene@thetradedesk.com>
* support SSH2_AGENTC_ADD_ID_CONSTRAINED by treating it as SSH2_AGENTC_ADD_IDENTITY
This ignores the requested constraints:
- SSH_AGENT_CONSTRAIN_LIFETIME
- SSH_AGENT_CONSTRAIN_CONFIRM
- SSH_AGENT_CONSTRAIN_MAXSIGN
- SSH_AGENT_CONSTRAIN_EXTENSION
SSH2_AGENTC_ADD_ID_CONSTRAINED is needed to support add U2F/Fido2 ssh keys to the agent from WSL ssh-add and KeePassXC
ref PowerShell/Win32-OpenSSH#1961
* update buffer pointer to after comment string
sshbuf_peek_string_direct doesn't update request offset pointer
* parse agent constraint messages
returns SSH_AGENT_FAILURE on unsupported constraint types, such as:
* SSH_AGENT_CONSTRAIN_LIFETIME
* SSH_AGENT_CONSTRAIN_CONFIRM
* SSH_AGENT_CONSTRAIN_MAXSIGN
returns SSH_AGENT_FAILURE on unsupported constrain extensions, such as:
"restrict-destination-v00@openssh.com"
accepts and ignores constrain extension "sk-provider@openssh.com"
* reject non-internal skproviders & log
Based on Coverity CID 291863 which points out we check the channel
pointer for NULLness after dereferencing it. Move this to the start
of the function, and while there simplify initialization of efc a bit.
ok djm@
OpenBSD-Commit-ID: de36e5ad6fde0fe263ca134e986b9095dc59380a
if sock <0 so we don't call getsockname on a negative FD. From Coverity
CID 291840, ok djm@
OpenBSD-Commit-ID: de1c1130646230c2eda559831fc6bfd1b61d9618
dup could in theory return fd 0 although currently it doesn't in practice.
From Dmitry Belyavskiy vi github PR#238.
OpenBSD-Commit-ID: 4a95f3f7330394dffee5c749d52713cbf3b54846
is empty, not SSH_ERR_INTERNAL_ERROR. Also remove some dead code spotted
by Coverity; with/ok dtucker@
OpenBSD-Commit-ID: 898a1e817cda9869554b1f586a434f67bcc3b650
The only way the if statement can be true is if both dup()s fail, and
in that case the tmp2 can never be set. Coverity CID 291805, ok djm@
OpenBSD-Commit-ID: c0d6089b3fb725015462040cd94e23237449f0c8
If child_set env was called with a NULL env pointer and a non-zero count
it would end up in a null deref, although we don't currently do this.
Prompted by Coverity CID 291850, tweak & ok djm@
It allocates abs_dst inside a loop but only frees it on exit, so free
inside the loop if necessary. Coverity CID 291837, ok djm@
OpenBSD-Commit-ID: a01616503a185519b16f00dde25d34ceaf4ae1a3
make_absolute_pwd_glob work in the same way as make_absolute: you
pass it a dynamically allocated string and it either returns it, or
frees it and allocates a new one. Patch from emaste at freebsd.org and
https://reviews.freebsd.org/D37253 ok djm@
OpenBSD-Commit-ID: 85f7404e9d47fd28b222fbc412678f3361d2dffc
Since this test doesn't use OpenSSL's SHA2 and may cause conflicts we
don't want to include it, but OPENSSL_NO_SHA was removed beginning in
OpenSSL's 1.1 series.
