tyler.durden
/
ssh-chat
mirror of https://github.com/shazow/ssh-chat.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
586 Commits 15 Branches 20 Tags 1 MiB
Commit Graph

17 Commits

Author SHA1 Message Date
Benny Siegert bdd716e621 Bump golang.org/x/crypto to 0.17.0 (security) 
This fixes the following vulnerabilities, as reported by govulncheck:

Vulnerability #1: GO-2023-2402
    Man-in-the-middle attacker can compromise integrity of secure channel in
    golang.org/x/crypto
  More info: https://pkg.go.dev/vuln/GO-2023-2402
  Module: golang.org/x/crypto
    Found in: golang.org/x/crypto@v0.0.0-20200420104511-884d27f42877
    Fixed in: golang.org/x/crypto@v0.17.0
    Example traces found:
      #1: work/ssh-chat-1.10/sshd/client.go:42:33: sshd.ConnectShell calls ssh.Client.NewSession
      #2: work/ssh-chat-1.10/sshd/client.go:36:23: sshd.ConnectShell calls ssh.Dial
      #3: work/ssh-chat-1.10/sshd/net.go:49:2: sshd.SSHListener.handleConn calls ssh.DiscardRequests
      #4: work/ssh-chat-1.10/sshd/net.go:43:55: sshd.SSHListener.handleConn calls ssh.NewServerConn
      #5: work/ssh-chat-1.10/sshd/terminal.go:222:13: sshd.Terminal.listen calls ssh.Request.Reply
      #6: work/ssh-chat-1.10/sshd/client.go:46:2: sshd.ConnectShell calls ssh.Session.Close
      #7: work/ssh-chat-1.10/sshd/client.go:70:30: sshd.ConnectShell calls ssh.Session.SendRequest
      #8: work/ssh-chat-1.10/sshd/client.go:65:21: sshd.ConnectShell calls ssh.Session.Shell
      #9: work/ssh-chat-1.10/cmd/ssh-chat/cmd.go:243:14: ssh.main calls fmt.Fprintln, which eventually calls ssh.channel.Read
      #10: work/ssh-chat-1.10/sshd/terminal/terminal.go:954:17: terminal.Terminal.SetBracketedPasteMode calls io.WriteString, which calls ssh.channel.Write
      #11: work/ssh-chat-1.10/cmd/ssh-chat/cmd.go:243:14: ssh.main calls fmt.Fprintln, which eventually calls ssh.extChannel.Read

Vulnerability #4: GO-2022-0968
    Panic on malformed packets in golang.org/x/crypto/ssh
  More info: https://pkg.go.dev/vuln/GO-2022-0968
  Module: golang.org/x/crypto
    Found in: golang.org/x/crypto@v0.0.0-20200420104511-884d27f42877
    Fixed in: golang.org/x/crypto@v0.0.0-20211202192323-5770296d904e
    Example traces found:
      #1: work/ssh-chat-1.10/sshd/client.go:36:23: sshd.ConnectShell calls ssh.Dial
      #2: work/ssh-chat-1.10/sshd/net.go:43:55: sshd.SSHListener.handleConn calls ssh.NewServerConn

Vulnerability #5: GO-2021-0356
    Denial of service via crafted Signer in golang.org/x/crypto/ssh
  More info: https://pkg.go.dev/vuln/GO-2021-0356
  Module: golang.org/x/crypto
    Found in: golang.org/x/crypto@v0.0.0-20200420104511-884d27f42877
    Fixed in: golang.org/x/crypto@v0.0.0-20220314234659-1baeb1ce4c0b
    Example traces found:
      #1: work/ssh-chat-1.10/cmd/ssh-chat/cmd.go:122:19: ssh.main calls ssh.ServerConfig.AddHostKey

Vulnerability #6: GO-2021-0227
    Panic on crafted authentication request message in golang.org/x/crypto/ssh
  More info: https://pkg.go.dev/vuln/GO-2021-0227
  Module: golang.org/x/crypto
    Found in: golang.org/x/crypto@v0.0.0-20200420104511-884d27f42877
    Fixed in: golang.org/x/crypto@v0.0.0-20201216223049-8b5274cf687f
    Example traces found:
      #1: work/ssh-chat-1.10/sshd/net.go:43:55: sshd.SSHListener.handleConn calls ssh.NewServerConn
 2023-12-22 18:25:25 +01:00
Andrey Petrov aaf0671f01 go mod update 
Fixes #419 #409
 2022-11-27 20:15:03 -06:00
Andrey Petrov df72223a5f go mod update 2022-01-29 15:05:59 -05:00
Andrey Petrov 84bc5c76dd go mod update for golang.org/x/crypto/ssh 2021-12-03 11:03:08 -05:00
Andrey Petrov 3848014d41 main: Update host_test.go to pass vet, use errgroup 2021-03-26 12:49:08 -04:00
Andrey Petrov 4840634434 go mod update 2021-03-26 12:17:55 -04:00
Andrey Petrov 1a00bd81f2 go mod update 2020-11-11 15:44:24 -05:00
Andrey Petrov 5c71e9b242 go mod: Update, mostly for x/crypto 2020-04-20 15:34:28 -04:00
yumaokao 8c7ea173ad sshd/terminal: Add fullwidth check for CJK in visualLength 2020-03-21 19:57:39 +08:00
Andrey Petrov 5af617f3b9
sshd: Apply read deadline to connection handler (#331) 
This should prevent connections from stalling out and eating up file descriptors without ever joining the chat.
 2020-01-06 20:09:34 -05:00
Andrey Petrov 69c496424e go mod tidy 2019-03-21 15:33:18 -04:00
Andrey Petrov 8653f0a730 sshchat: Replace terminal echo hack with our forked terminal 2019-03-18 10:08:39 -04:00
Andrey Petrov d3eda56f82 build: Update go modules 2019-03-15 22:40:30 -04:00
Andrey Petrov 60f3202818 go mod tidy 2018-12-27 13:46:04 -05:00
Andrey Petrov 903d6c9420
/ban query support (#286) 
For #285 

Turns out there were some bugs in Set, and I was using it incorrectly too.

The query syntax is a little awkward but couldn't find a nicer easy to parse format that worked with quoted string values.
 2018-12-25 14:29:19 -05:00
Andrey Petrov 86dae2a53e main: auth: Fix ban by IP, also improve log formatting. 
Closes #284
 2018-12-15 18:47:35 -05:00
Andrey Petrov 9697c7d37f
Switch to go modules, update travisci for Go 1.11 (#279) 
* Switch to go modules, update travisci for go 1.11

* Add go.{mod,sum}

* travisci: Merge envs, oops

Closes #271
 2018-09-06 14:03:53 -05:00