Commit Graph

225 Commits

Author SHA1 Message Date
Damien Miller
750911fd31
conditionalise stdint.h inclusion on HAVE_STDINT_H
fixes build on AIX5 at least
2023-07-18 15:41:12 +10:00
dtucker@openbsd.org
18ea857770
upstream: Include stdint.h for SIZE_MAX. Fixes OPENSSL=no build.
OpenBSD-Commit-ID: e7c31034a5434f2ead3579b13a7892960651e6b0
2023-07-17 14:52:03 +10:00
djm@openbsd.org
2ee48adb9f
upstream: add defence-in-depth checks for some unreachable integer
overflows reported by Yair Mizrahi @ JFrog; feedback/ok millert@

OpenBSD-Commit-ID: 52af085f4e7ef9f9d8423d8c1840a6a88bda90bd
2023-07-14 15:33:30 +10:00
Darren Tucker
05b8e88ebe
child_set_eng: verify both env pointer and count.
If child_set env was called with a NULL env pointer and a non-zero count
it would end up in a null deref, although we don't currently do this.
Prompted by Coverity CID 291850, tweak & ok djm@
2023-03-30 14:08:35 +11:00
dtucker@openbsd.org
e37261dff3
upstream: Use time_t for x11_refuse_time timeout. We need
SSH_TIME_T_MAX for this, so move from misc.c to misc.h so it's available.
Fixes a Coverity warning for 64bit time_t safety, ok djm@

OpenBSD-Commit-ID: c69c4c3152cdaab953706db4ccf4d5fd682f7d8d
2023-03-03 14:16:42 +11:00
djm@openbsd.org
4adf3817a2
upstream: add ptimeout API for keeping track of poll/ppoll
timeouts; ok dtucker markus

OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead
2023-01-06 16:21:38 +11:00
deraadt@openbsd.org
5a7a7acab2
upstream: The idiomatic way of coping with signed char vs unsigned
char (which did not come from stdio read functions) in the presence of
ctype macros, is to always cast to (unsigned char).  casting to (int)
for a "macro" which is documented to take int, is weird.  And sadly wrong,
because of the sing extension risk.. same diff from florian

OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea
2023-01-03 17:48:39 +11:00
dtucker@openbsd.org
e6abafe9a6
upstream: Remove errant colon and simplify format
string in error messages. Patch from vapier at chromium.org.

OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3
2022-11-09 20:43:35 +11:00
djm@openbsd.org
ec1ddb72a1 upstream: allow certificate validity intervals, sshsig verification
times and authorized_keys expiry-time options to accept dates in the UTC time
zone in addition to the default of interpreting them in the system time zone.
YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if
suffixed with a 'Z' character.

Also allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
is intended for use by regress tests and other tools that call
ssh-keygen as part of a CA workflow.

bz3468 ok dtucker

OpenBSD-Commit-ID: 454db1cdffa9fa346aea5211223a2ce0588dfe13
2022-08-11 12:00:49 +10:00
djm@openbsd.org
22e1a3a71a upstream: Make SetEnv directives first-match-wins in both
sshd_config and sshd_config; previously if the same name was reused then the
last would win (which is the opposite to how the config is supposed to work).

While there, make the ssh_config parsing more like sshd_config.

bz3438, ok dtucker

OpenBSD-Commit-ID: 797909c1e0262c0d00e09280459d7ab00f18273b
2022-06-03 14:33:18 +10:00
djm@openbsd.org
a72bde294f upstream: make addargs() and replacearg() a little more robust and
improve error reporting

make freeargs(NULL) a noop like the other free functions

ok dtucker as part of bz3403

OpenBSD-Commit-ID: 15f86da83176978b4d1d288caa24c766dfa2983d
2022-03-20 19:54:35 +11:00
dtucker@openbsd.org
50b9e4a451 upstream: Always initialize delim before passing to hpdelim2 which
might not set it. Found by the Valgrind tests on github, ok deraadt@

OpenBSD-Commit-ID: c830c0db185ca43beff3f41c19943c724b4f636d
2022-02-11 12:17:07 +11:00
dtucker@openbsd.org
45279abceb upstream: Switch hpdelim interface to accept only ":" as delimiter.
Historicallly, hpdelim accepted ":" or "/" as a port delimiter between
hosts (or addresses) and ports.  These days most of the uses for "/"
are no longer accepted, so there are several places where it checks the
delimiter to disallow it.  Make hpdelim accept only ":" and use hpdelim2
in the other cases.  ok djm@

OpenBSD-Commit-ID: 7e6420bd1be87590b6840973f5ad5305804e3102
2022-02-10 15:14:17 +11:00
djm@openbsd.org
9614113377 upstream: refactor tilde_expand_filename() and make it handle ~user
paths with no trailing slash; feedback/ok markus and jsg

OpenBSD-Commit-ID: a2ab365598a902f0f14ba6a4f8fb2d07a9b5d51d
2022-01-08 18:38:49 +11:00
deraadt@openbsd.org
6582a31c38 upstream: replace select() with ppoll(), including converting
timeval's to timespec's to make things easier. back and forth and ok; djm

OpenBSD-Commit-ID: 89d3b23c60875da919e7820f9de6213286ffbec9
2021-11-18 09:09:59 +11:00
Damien Miller
bf944e3794 initgroups needs grp.h 2021-09-27 00:03:19 +10:00
djm@openbsd.org
f3cbe43e28 upstream: need initgroups() before setresgid(); reported by anton@,
ok deraadt@

OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
2021-09-27 00:02:42 +10:00
djm@openbsd.org
2ab864010e upstream: SFTP protocol extension to allow the server to expand
~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept
these paths, like scp in rcp mode does.

prompted by and much discussion deraadt@
ok markus@

OpenBSD-Commit-ID: 7d794def9e4de348e1e777f6030fc9bafdfff392
2021-08-10 12:47:46 +10:00
Darren Tucker
f5fc6a4c34 Add configure-time detection for SSH_TIME_T_MAX.
Should fix printing cert times exceeding INT_MAX (bz#3329) on platforms
were time_t is a long long.  The limit used is for the signed type, so if
some system has a 32bit unsigned time_t then the lower limit will still
be imposed and we would need to add some way to detect this.  Anyone using
an unsigned 64bit can let us know when it starts being a problem.
2021-07-12 18:21:26 +10:00
dtucker@openbsd.org
fd2d06ae44 upstream: Make limit for time_t test unconditional in the
format_absolute_time fix for bz#3329 that allows printing of timestamps past
INT_MAX. This was incorrectly included with the previous commit.   Based on
discussion with djm@.

OpenBSD-Commit-ID: 835936f6837c86504b07cabb596b613600cf0f6e
2021-07-12 17:38:47 +10:00
dtucker@openbsd.org
8c4ef0943e upstream: Remove obsolete comments about SSHv1 auth methods. ok
djm@

OpenBSD-Commit-ID: 6060f70966f362d8eb4bec3da2f6c4712fbfb98f
2021-07-05 10:27:03 +10:00
djm@openbsd.org
aae4b4d358 upstream: Allow argv_split() to optionally terminate tokenisation
when it encounters an unquoted comment.

Add some additional utility function for working with argument
vectors, since we'll be switching to using them to parse
ssh/sshd_config shortly.

ok markus@ as part of a larger diff; tested in snaps

OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac
2021-06-08 17:12:51 +10:00
djm@openbsd.org
f64f8c00d1 upstream: allow ssh_config SetEnv to override $TERM, which is otherwise
handled specially by the protocol. Useful in ~/.ssh/config to set TERM to
something generic (e.g. "xterm" instead of "xterm-256color") for destinations
that lack terminfo entries. feedback and ok dtucker@

OpenBSD-Commit-ID: 38b1ef4d5bc159c7d9d589d05e3017433e2d5758
2021-06-04 15:04:52 +10:00
Damien Miller
be2866d620 Handle Android libc returning NULL pw->pw_passwd
Reported by Luke Dashjr
2021-05-17 09:41:46 +10:00
djm@openbsd.org
31d8d231eb upstream: highly polished whitespace, mostly fixing spaces-for-tab
and bad indentation on continuation lines. Prompted by GHPR#185

OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
2021-04-03 17:23:02 +11:00
djm@openbsd.org
dc3c0be820 upstream: Fix two problems in string->argv conversion: 1) multiple
backslashes were not being dequoted correctly and 2) quoted space in the
middle of a string was being incorrectly split.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

A unit test for these cases has already been committed

prompted by and based on GHPR#223 by Eero Häkkinen; ok markus@

OpenBSD-Commit-ID: d7ef27abb4eeeaf6e167e9312e4abe9e89faf1e4
2021-04-03 16:24:40 +11:00
dtucker@openbsd.org
e774bac359 upstream: Do not try to reset signal handler for signal 0 in
subprocess. Prevents spurious debug message.  ok djm@

OpenBSD-Commit-ID: 7f9785e292dcf304457566ad4637effd27ad1d46
2021-02-28 13:01:20 +11:00
markus@openbsd.org
b696858a7f upstream: factor out opt_array_append; ok djm@
OpenBSD-Commit-ID: 571bc5dd35f99c5cf9de6aaeac428b168218e74a
2021-02-17 15:03:41 +11:00
dtucker@openbsd.org
02da325f10 upstream: Change types in convtime() unit test to int to match
change its new type. Add tests for boundary conditions and fix convtime to
work up to INT_MAX. ok djm@

OpenBSD-Commit-ID: 01dc0475f1484ac2f47facdfcf9221f9472145de
2021-01-18 18:43:43 +11:00
dtucker@openbsd.org
5339ab369c upstream: In waitfd(), when poll returns early we are subtracting
the elapsed time from the timeout each loop, so we only want to measure the
elapsed time the poll() in that loop, not since the start of the function.
Spotted by chris.xj.zhu at gmail.com, ok djm@

OpenBSD-Commit-ID: 199df060978ee9aa89b8041a3dfaf1bf7ae8dd7a
2021-01-18 18:43:43 +11:00
dtucker@openbsd.org
6d30673fed upstream: Change convtime() from returning long to returning int.
On platforms where sizeof(int) != sizeof(long), convtime could accept values
>MAX_INT which subsequently truncate when stored in an int during config
parsing.  bz#3250, ok djm@

OpenBSD-Commit-ID: 8fc932683d6b4660d52f50911d62bd6639c5db31
2021-01-11 15:04:12 +11:00
djm@openbsd.org
a34e14a5a0 upstream: move subprocess() from auth.c to misc.c
make privilege dropping optional but allow it via callbacks (to avoid
need to link uidswap.c everywhere)

add some other flags (keep environment, disable strict path safety check)
that make this more useful for client-side use.

feedback & ok markus@

OpenBSD-Commit-ID: a80ea9fdcc156f1a18e9c166122c759fae1637bf
2020-12-22 15:43:59 +11:00
djm@openbsd.org
33313ebc1c upstream: Set the specified TOS/DSCP for interactive use prior to
TCP connect. The connection phase of the SSH session is time-sensitive (due
to server side login grace periods) and is frequently interactive (e.g.
entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after
authentication completes.

ok dtucker@

OpenBSD-Commit-ID: f31ab10d9233363a6d2c9996007083ba43a093f1
2020-11-27 13:21:16 +11:00
djm@openbsd.org
816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
djm@openbsd.org
396d32f3a1 upstream: There are lots of place where we want to redirect stdin,
stdout and/or stderr to /dev/null. Factor all these out to a single
stdfd_devnull() function that allows selection of which of these to redirect.
ok markus@

OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
2020-10-03 19:34:24 +10:00
djm@openbsd.org
3d06ff4bbd upstream: handle EINTR in waitfd() and timeout_connect() helpers;
bz#3071; ok dtucker@

OpenBSD-Commit-ID: 08fa87be50070bd8b754d9b1ebb1138d7bc9d8ee
2020-06-26 15:25:24 +10:00
dtucker@openbsd.org
712ac1efb6 upstream: Make dollar_expand variadic and pass a real va_list to
vdollar_percent_expand. Fixes build error on arm64 spotted by otto@.

OpenBSD-Commit-ID: 181910d7ae489f40ad609b4cf4a20f3d068a7279
2020-05-29 21:53:37 +10:00
dtucker@openbsd.org
f85b118d21 upstream: Pass a NULL instead of zeroed out va_list from
dollar_expand.  The original intent was in case there's some platform where
va_list is not a pointer equivalent, but on i386 this chokes on the memset.
This unbreaks that build, but will require further consideration.

OpenBSD-Commit-ID: 7b90afcd8e1137a1d863204060052aef415baaf7
2020-05-29 20:10:21 +10:00
dtucker@openbsd.org
4a1b46e6d0 upstream: Allow some keywords to expand shell-style ${ENV}
environment variables on the client side.  The supported keywords are
CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus
LocalForward and RemoteForward when used for Unix domain socket paths.  This
would for example allow forwarding of Unix domain socket paths that change at
runtime.  bz#3140, ok djm@

OpenBSD-Commit-ID: a4a2e801fc2d4df2fe0e58f50d9c81b03822dffa
2020-05-29 15:46:47 +10:00
dtucker@openbsd.org
1001dd148e upstream: Fix multiplier in convtime when handling seconds after
other units. bz#3171, spotted by ronf at timeheart.net, ok djm@.

OpenBSD-Commit-ID: 95b7a848e1083974a65fbb6ccb381d438e1dd5be
2020-05-29 13:28:46 +10:00
djm@openbsd.org
756c6f66ae upstream: add fmt_timeframe() (from bgpd) to format a time
interval in a human- friendly format. Switch copyright for this file from BSD
to MIT to make it easier to add Henning's copyright for this function. ok
markus@

OpenBSD-Commit-ID: 414a831c662df7e68893e5233e86f2cac081ccf9
2020-05-27 10:13:58 +10:00
Darren Tucker
6c6072ba8b See if SA_RESTART signals will interrupt select().
On some platforms (at least older HP-UXes such as 11.11, possibly others)
setting SA_RESTART on signal handers will cause it to not interrupt
select(), at least for calls that do not specify a timeout.  Try to
detect this and if found, don't use SA_RESTART.

POSIX says "If SA_RESTART has been set for the interrupting signal, it
is implementation-dependent whether select() restarts or returns with
[EINTR]" so this behaviour is within spec.
2020-05-01 15:09:26 +10:00
dtucker@openbsd.org
4d2c87b4d1 upstream: We've standardized on memset over bzero, replace a couple
that had slipped in.  ok deraadt markus djm.

OpenBSD-Commit-ID: f5be055554ee93e6cc66b0053b590bef3728dbd6
2020-05-01 13:13:28 +10:00
djm@openbsd.org
4594c76276 upstream: make IPTOS_DSCP_LE available via IPQoS directive; bz2986,
based on patch by veegish AT cyberstorm.mu

OpenBSD-Commit-ID: 9902bf4fbb4ea51de2193ac2b1d965bc5d99c425
2020-01-28 12:52:46 +11:00
djm@openbsd.org
8075fccbd4 upstream: add xextendf() to extend a string with a format
(reallocating as necessary). ok aja@ as part of a larger diff

OpenBSD-Commit-ID: 30796b50d330b3e0e201747fe40cdf9aa70a77f9
2020-01-25 11:27:29 +11:00
dtucker@openbsd.org
3bf2a6ac79 upstream: Replace all calls to signal(2) with a wrapper around
sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.

OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
2020-01-23 18:51:25 +11:00
dtucker@openbsd.org
e2c0a21ade upstream: Wait for FD to be readable or writeable during a nonblocking
connect, not just readable.  Prevents a timeout when the server doesn't
immediately send a banner (eg multiplexers like sslh) but is also slightly
quicker for other connections since, unlike ssh1, ssh2 doesn't specify
that the client should parse the server banner before sending its own.
Patch from mnissler@chromium.org, ok djm@

OpenBSD-Commit-ID: aba9cd8480d1d9dd31d0ca0422ea155c26c5df1d
2019-11-22 18:38:14 +11:00
Darren Tucker
6fc7e1c6fe Wrap poll.h includes in HAVE_POLL_H. 2019-10-28 16:27:53 +11:00
djm@openbsd.org
5485f8d50a upstream: move authorized_keys option parsing helpsers to misc.c
and make them public; ok markus@

OpenBSD-Commit-ID: c18bcb2a687227b3478377c981c2d56af2638ea2
2019-09-03 18:39:31 +10:00
djm@openbsd.org
c72d78ccbe upstream: move skip_space() to misc.c and make it public; ok
markus@

OpenBSD-Commit-ID: caa77e8a3b210948e29ad3e28c5db00852961eae
2019-09-03 18:39:31 +10:00