Commit Graph

6279 Commits

Author SHA1 Message Date
Damien Miller
4927aaf446 - djm@cvs.openbsd.org 2011/01/12 01:53:14
avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
     and sanity check arguments (these will be unnecessary when we switch
     struct glob members from being type into to size_t in the future);
     "looks ok" tedu@ feedback guenther@
2011-01-12 13:32:03 +11:00
Damien Miller
b66e917831 - nicm@cvs.openbsd.org 2010/10/08 21:48:42
[openbsd-compat/glob.c]
     Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
     from ARG_MAX to 64K.
     Fixes glob-using programs (notably ftp) able to be triggered to hit
     resource limits.
     Idea from a similar NetBSD change, original problem reported by jasper@.
     ok millert tedu jasper
2011-01-12 13:30:18 +11:00
Damien Miller
821de0ad2e - djm@cvs.openbsd.org 2011/01/11 06:13:10
[clientloop.c ssh-keygen.c sshd.c]
     some unsigned long long casts that make things a bit easier for
     portable without resorting to dropping PRIu64 formats everywhere
2011-01-11 17:20:29 +11:00
Damien Miller
a256c8d680 - djm@cvs.openbsd.org 2011/01/11 06:06:09
[sshlogin.c]
     fd leak on error paths; from zinovik@
     NB. Id sync only; we use loginrec.c that was also audited and fixed
     recently
2011-01-11 17:20:05 +11:00
Damien Miller
b73b6fd916 - djm@cvs.openbsd.org 2011/01/08 10:51:51
[clientloop.c]
     use host and not options.hostname, as the latter may have unescaped
     substitution characters
2011-01-11 17:18:56 +11:00
Damien Miller
81ad4b1fc0 - (djm) [platform.c] Some missing includes that show up under -Werror 2011-01-11 17:02:23 +11:00
Tim Rice
076a3b9ced - (tim) [regress/host-expand.sh] Fix for building outside of read only
source tree.
2011-01-10 12:56:26 -08:00
Damien Miller
e63b7f2821 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
openssh AT roumenpetrov.info
2011-01-09 09:19:50 +11:00
Damien Miller
996384d500 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
test on OSX and others. Reported by imorgan AT nas.nasa.gov
2011-01-08 21:58:20 +11:00
Damien Miller
ed3a8eb65f - djm@cvs.openbsd.org 2011/01/06 23:01:35
[sshconnect.c]
     reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
     ok markus@
2011-01-07 10:02:52 +11:00
Damien Miller
7d06b00032 - djm@cvs.openbsd.org 2011/01/06 22:46:21
[regress/Makefile regress/host-expand.sh]
     regress test for LocalCommand %n expansion from bert.wesarg AT
     googlemail.com; ok markus@
2011-01-07 09:54:20 +11:00
Damien Miller
64abf31425 - djm@cvs.openbsd.org 2011/01/06 22:23:02
[clientloop.c]
     when exiting due to ServerAliveTimeout, mention the hostname that caused
     it (useful with backgrounded controlmaster)
2011-01-07 09:51:52 +11:00
Damien Miller
83f8a4014d - djm@cvs.openbsd.org 2011/01/06 22:23:53
[ssh.c]
     unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
     googlemail.com; ok markus@
2011-01-07 09:51:17 +11:00
Damien Miller
322125b960 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
2011-01-07 09:50:08 +11:00
Damien Miller
8ad960b4ba - otto@cvs.openbsd.org 2011/01/04 20:44:13
[ssh-keyscan.c]
     handle ecdsa-sha2 with various key lengths; hint and ok djm@
2011-01-06 22:44:44 +11:00
Damien Miller
de53fd04b1 - djm@cvs.openbsd.org 2010/12/24 21:41:48
[auth-options.c]
     don't send the actual forced command in a debug message; ok markus deraadt
2011-01-06 22:44:18 +11:00
Damien Miller
106079c06d - djm@cvs.openbsd.org 2010/12/15 00:49:27
[readpass.c]
     fix ControlMaster=ask regression
     reset SIGCHLD handler before fork (and restore it after) so we don't miss
     the the askpass child's exit status. Correct test for exit status/signal to
     account for waitpid() failure; with claudio@ ok claudio@ markus@
2011-01-06 22:43:44 +11:00
Damien Miller
05c8997b33 - markus@cvs.openbsd.org 2010/12/14 11:59:06
[sshconnect.c]
     don't mention key type in key-changed-warning, since we also print
     this warning if a new key type appears. ok djm@
2011-01-06 22:42:04 +11:00
Damien Miller
907998df72 - jmc@cvs.openbsd.org 2010/12/09 14:13:33
[scp.1 scp.c]
     scp.1: grammer fix
     scp.c: add -3 to usage()
2011-01-06 22:41:21 +11:00
Damien Miller
f12114366b - markus@cvs.openbsd.org 2010/12/08 22:46:03
[scp.1 scp.c]
     add a new -3 option to scp: Copies between two remote hosts are
     transferred through the local host.  Without this option the data
     is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
2011-01-06 22:40:30 +11:00
Damien Miller
30a69e7bba - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
formatter if it is present, followed by nroff and groff respectively.
   Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
   in favour of mandoc). feedback and ok tim
2011-01-04 08:16:27 +11:00
Damien Miller
d197fd64a1 - (djm) [Makefile.in] revert local hack I didn't intend to commit 2011-01-03 14:48:14 +11:00
Damien Miller
41bccf75af - (djm) [configure.ac] Check whether libdes is needed when building
with Heimdal krb5 support. On OpenBSD this library no longer exists,
   so linking it unconditionally causes a build failure; ok dtucker
2011-01-02 21:53:07 +11:00
Damien Miller
4a06f9271f - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker 2011-01-02 21:43:59 +11:00
Damien Miller
928362dc03 - djm@cvs.openbsd.org 2010/12/08 04:02:47
[ssh_config.5 sshd_config.5]
     explain that IPQoS arguments are separated by whitespace; iirc requested
     by jmc@ a while back
2010-12-26 14:26:45 +11:00
Darren Tucker
bf5fec1bc6 Id sync 2010-12-05 10:34:08 +11:00
Darren Tucker
4288c53d04 - djm@cvs.openbsd.org 2010/12/04 00:21:19
[regress/sftp-cmds.sh]
     adjust for hard-link support
2010-12-05 09:45:50 +11:00
Darren Tucker
7e1a5a4e1b - (dtucker) [regress/Makefile] Id sync. 2010-12-05 09:29:31 +11:00
Darren Tucker
094f1e9934 - djm@cvs.openbsd.org 2010/12/04 13:31:37
[hostfile.c]
     fix fd leak; spotted and ok dtucker
2010-12-05 09:03:31 +11:00
Darren Tucker
af1f909254 - djm@cvs.openbsd.org 2010/12/04 00:18:01
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
     add a protocol extension to support a hard link operation. It is
     available through the "ln" command in the client. The old "ln"
     behaviour of creating a symlink is available using its "-s" option
     or through the preexisting "symlink" command; based on a patch from
     miklos AT szeredi.hu in bz#1555; ok markus@
2010-12-05 09:02:47 +11:00
Darren Tucker
adab6f1299 - djm@cvs.openbsd.org 2010/12/03 23:55:27
[auth-rsa.c]
     move check for revoked keys to run earlier (in auth_rsa_key_allowed)
     bz#1829; patch from ldv AT altlinux.org; ok markus@
2010-12-05 09:01:47 +11:00
Darren Tucker
7336b904ff - (dtucker) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/12/03 23:49:26
     [schnorr.c]
     check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
     (this code is still disabled, but apprently people are treating it as
     a reference implementation)
2010-12-05 09:00:30 +11:00
Darren Tucker
37bb7568ab - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
debugging.  Spotted by djm.
2010-12-05 08:46:05 +11:00
Darren Tucker
ebdef76b5d - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
shims for the new, non-deprecated OpenSSL key generation functions for
   platforms that don't have the new interfaces.
2010-12-04 23:20:50 +11:00
Damien Miller
d89745b9e7 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
instead of (arc4random() % range)
2010-12-03 10:50:26 +11:00
Damien Miller
d925dcd8a5 - djm@cvs.openbsd.org 2010/11/29 23:45:51
[auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
     [sshconnect.h sshconnect2.c]
     automatically order the hostkeys requested by the client based on
     which hostkeys are already recorded in known_hosts. This avoids
     hostkey warnings when connecting to servers with new ECDSA keys
     that are preferred by default; with markus@
2010-12-01 12:21:51 +11:00
Damien Miller
03c0e533de - markus@cvs.openbsd.org 2010/11/29 18:57:04
[authfile.c]
     correctly load comment for encrypted rsa1 keys;
     report/fix Joachim Schipper; ok djm@
2010-12-01 12:03:39 +11:00
Damien Miller
87dc0a4188 - djm@cvs.openbsd.org 2010/11/26 05:52:49
[scp.c]
     Pass through ssh command-line flags and options when doing remote-remote
     transfers, e.g. to enable agent forwarding which is particularly useful
     in this case; bz#1837 ok dtucker@
2010-12-01 12:03:19 +11:00
Damien Miller
f80c3deaaf - djm@cvs.openbsd.org 2010/11/25 04:10:09
[session.c]
     replace close() loop for fds 3->64 with closefrom();
     ok markus deraadt dtucker
2010-12-01 12:02:59 +11:00
Damien Miller
b7f827ae45 - djm@cvs.openbsd.org 2010/11/24 01:24:14
[channels.c]
     remove a debug() that pollutes stderr on client connecting to a server
     in debug mode (channel_close_fds is called transitively from the session
     code post-fork); bz#1719, ok dtucker
2010-12-01 12:02:35 +11:00
Damien Miller
d0fdd6818c - djm@cvs.openbsd.org 2010/11/23 23:57:24
[clientloop.c]
     avoid NULL deref on receiving a channel request on an unknown or invalid
     channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
2010-12-01 12:02:14 +11:00
Damien Miller
6a740e7b92 - djm@cvs.openbsd.org 2010/11/23 02:35:50
[auth.c]
     use strict_modes already passed as function argument over referencing
     global options.strict_modes
2010-12-01 12:01:51 +11:00
Damien Miller
a232792783 - djm@cvs.openbsd.org 2010/11/21 10:57:07
[authfile.c]
     Refactor internals of private key loading and saving to work on memory
     buffers rather than directly on files. This will make a few things
     easier to do in the future; ok markus@
2010-12-01 12:01:21 +11:00
Damien Miller
2cd629349d - djm@cvs.openbsd.org 2010/11/21 01:01:13
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
     honour $TMPDIR for client xauth and ssh-agent temporary directories;
     feedback and ok markus@
2010-12-01 11:50:35 +11:00
Damien Miller
188ea814b1 - OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2010/11/20 05:12:38
     [auth2-pubkey.c]
     clean up cases of ;;
2010-12-01 11:50:14 +11:00
Damien Miller
73de86ac5a - (djm) [defines.h] Add IP DSCP defines 2010-11-24 10:50:04 +11:00
Darren Tucker
4b6cbf7aab - (dtucker) [packet.c] Remove redundant local declaration of "int tos". 2010-11-24 10:46:37 +11:00
Damien Miller
88e341e1ca - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
group read/write. ok dtucker@
2010-11-24 10:36:15 +11:00
Darren Tucker
d995712383 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
into the platform-specific code  Only affects SCO, tested by and ok tim@.
2010-11-24 10:09:13 +11:00
Darren Tucker
9e0ff7afc8 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch
from vapier at gentoo org.
2010-11-22 17:59:00 +11:00