summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Limit the number of PAM environment variables.Darren Tucker2023-03-091-5/+10
| | | | From Coverity CID 405194, tweaks and ok djm@
* upstream: Plug mem leak. Coverity CID 405196, ok djm@dtucker@openbsd.org2023-03-081-2/+4
| | | | OpenBSD-Commit-ID: 175f09349387c292f626da68f65f334faaa085f2
* upstream: ssh-pkcs11: synchronize error messages with errorstb@openbsd.org2023-03-081-4/+4
| | | | | | | | | A handful of error messages contained incorrect function names or otherwise inaccurate descriptions. Fix them to match reality. input/ok djm OpenBSD-Commit-ID: 165a15db52f75b31e1804b043480c36af09f3411
* upstream: Delete obsolete /* ARGSUSED */ lint comments.guenther@openbsd.org2023-03-0813-51/+13
| | | | | | ok miod@ millert@ OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c
* Extra brackets to prevent warning.Darren Tucker2023-03-081-1/+1
|
* upstream: use RSA/SHA256 when testing usability of private key indjm@openbsd.org2023-03-081-3/+6
| | | | | | agent; with/ok dtucker OpenBSD-Commit-ID: fe1382e2fdf23fcae631308e72342bad56066a56
* upstream: use RSA/SHA256 when testing usability of private key;djm@openbsd.org2023-03-081-3/+5
| | | | | | based on fix in bz3546 by Dmitry Belyavskiy; with/ok dtucker OpenBSD-Commit-ID: 0ef414cc363a832f9fab92a5da0234448bce2eba
* upstream: refactor to be more readable top to bottom. Prompted bydjm@openbsd.org2023-03-081-11/+19
| | | | | | Coverity CID 405048 which was a false-positive fd leak; ok dtucker@ OpenBSD-Commit-ID: fc55ec2af622a017defb9b768bf26faefc792c00
* Add header changes missed in previous.Darren Tucker2023-03-071-2/+5
|
* upstream: Fix mem leak in environment setup.dtucker@openbsd.org2023-03-071-1/+2
| | | | | | From jjelen at redhat.com via bz#2687, ok djm@ OpenBSD-Commit-ID: 9f9e4ba3cac003e6f81da3bcebd1b9ec43e7f353
* upstream: Unit test for kex_proposal_populate_entries.dtucker@openbsd.org2023-03-072-4/+44
| | | | OpenBSD-Regress-ID: bdb211d80d572a08bf14b49fe2a58b9ff265c006
* upstream: fix memory leak in process_read() path; Spotted by Jamesdjm@openbsd.org2023-03-071-2/+2
| | | | | | Robinson in GHPR363; ok markus@ OpenBSD-Commit-ID: cdc2d98e6478b7e7f3a36976845adae3820429d8
* upstream: correct size for array argument when changingdjm@openbsd.org2023-03-071-2/+3
| | | | | | UMAC_OUTPUT_LEN Coverity CID 291845; ok dtucker@ OpenBSD-Commit-ID: 2eb017d10705bb623d4418691f961c930eafaec0
* upstream: Refactor creation of KEX proposal.dtucker@openbsd.org2023-03-066-86/+102
| | | | | | | | | | This adds kex_proposal_populate_entries (and corresponding free) which populates the KEX proposal array with dynamically allocated strings. This replaces the previous mix of static and dynamic that has been the source of previous leaks and bugs. Remove unused compat functions. With & ok djm@. OpenBSD-Commit-ID: f2f99da4aae2233cb18bf9c749320c5e040a9c7b
* upstream: Fix mem and FILE leaks in moduli screening.dtucker@openbsd.org2023-03-051-1/+4
| | | | | | | | If multiple -Ocheckpoint= options are passed, the earlier ones would be overwritten and leaked. If we use an input file that wasn't stdin, close that. From Coverity CIDs 291884 and 291894. OpenBSD-Commit-ID: a4d9d15f572926f841788912e2b282485ad09e8b
* upstream: Plug mem leak in moduli checkpoint option parsing.dtucker@openbsd.org2023-03-051-1/+2
| | | | | | From Coverity CID 291894. OpenBSD-Commit-ID: 9b1aba2d049741ae21c8dc4560a7e29ab17310f4
* upstream: Remove unused compat.h includes.dtucker@openbsd.org2023-03-0516-32/+16
| | | | | | | | We've previously removed a lot of the really old compatibility code, and with it went the need to include compat.h in most of the files that have it. OpenBSD-Commit-ID: 5af8baa194be00a3092d17598e88a5b29f7ea2b4
* upstream: Use time_t for x11 timeout.dtucker@openbsd.org2023-03-042-6/+6
| | | | | | | Use time_t instead of u_int for remaining x11 timeout checks for 64bit time_t safety. From Coverity CIDs 405197 and 405028, ok djm@ OpenBSD-Commit-ID: 356685bfa1fc3d81bd95722d3fc47101cc1a4972
* upstream: Ensure ms_remain is always initializeddtucker@openbsd.org2023-03-041-2/+2
| | | | | | | similar to what we do in ssh_packet_write_wait. bz#2687, from jjelen at redhat.com. OpenBSD-Commit-ID: a50e0541cf823f8d1c72f71ccde925d3dbe6dfac
* upstream: Check for non-NULL before stringdtucker@openbsd.org2023-03-041-2/+2
| | | | | | comparison. From jjelen at redhat.com via bz#2687. OpenBSD-Commit-ID: 0d9b2e0cac88a311b5766b1aef737082583c285f
* upstream: guard against getsockname(-1, ...) from Coverity CIDdjm@openbsd.org2023-03-031-1/+4
| | | | | | 291832 OpenBSD-Commit-ID: e58d5227327917d189229b7f0b37d2780f360d5f
* upstream: some options are not first-match-wins. Mention that theredjm@openbsd.org2023-03-031-3/+15
| | | | | | | are exceptions at the start of the manpage and label some of them in the option description. OpenBSD-Commit-ID: 3b74728446fa6fc8742769eeb8c3674e233e84c4
* upstream: actually print "channeltimeout none" in config dump mode;djm@openbsd.org2023-03-031-3/+11
| | | | | | spotted via Coverity CID 405022 OpenBSD-Commit-ID: b074b52bf138b75f08264e8da15880b29c7a630f
* Add Coverity badges.Darren Tucker2023-03-032-0/+2
|
* upstream: Check return values of dup2. Spotted by Coverity, ok djm@dtucker@openbsd.org2023-03-032-8/+14
| | | | OpenBSD-Commit-ID: 19fb1b53072826d00c67df677731d2f6c1dd602b
* upstream: Use time_t for x11_refuse_time timeout. We needdtucker@openbsd.org2023-03-033-10/+10
| | | | | | | SSH_TIME_T_MAX for this, so move from misc.c to misc.h so it's available. Fixes a Coverity warning for 64bit time_t safety, ok djm@ OpenBSD-Commit-ID: c69c4c3152cdaab953706db4ccf4d5fd682f7d8d
* upstream: Check return value from fctnl and warn on failure.dtucker@openbsd.org2023-03-031-2/+3
| | | | | | Spotted by Coverity, ok djm@ OpenBSD-Commit-ID: 2097c7db3cf657f1e3a6c5077041bacc63143cab
* upstream: Remove SUDO in proxy command wrapper. Anything that needsdtucker@openbsd.org2023-03-021-5/+5
| | | | | | sudo is already run by it, and it breaks if root isn't in sudoers. OpenBSD-Regress-ID: 6cf22fda32a89c16915f31a6ed9bbdbef2a3bac9
* upstream: Fix breakage on dhgex test.dtucker@openbsd.org2023-03-021-6/+9
| | | | | | | | | This was due to the sshd logs being written to the wrong log file. While there, make save_debug_logs less verbose, write the name of the tarball to regress.log and use $SUDO to remove the old symlinks (which shouldn't be needed, but won't hurt). Initial problem spotted by anton@. OpenBSD-Regress-ID: 9c44fb9cd418e6ff31165e7a6c1f9f11a6d19f5b
* upstream: Quote grep and log message better.dtucker@openbsd.org2023-03-021-3/+3
| | | | OpenBSD-Regress-ID: 3823d9063127169736aa274b1784cb28e15b64d4
* upstream: Always call fclose on checkpoints.dtucker@openbsd.org2023-03-021-5/+8
| | | | | | | | In the case of an fprintf failure we would not call fclose which would leak the FILE pointer. While we're there, try to clean up the temp file on failure. Spotted by Coverity, ok djm@ OpenBSD-Commit-ID: 73c7ccc5d4fcc235f54c6b20767a2815408525ef
* upstream: Remove old log symlinksdtucker@openbsd.org2023-03-021-3/+5
| | | | | | | before creating new ones. In -portable some platforms don't like overwriting existing symlinks. OpenBSD-Regress-ID: 7e7ddc0beb73e945e1c4c58d51c8a125b518120f
* Adjust test jobs for new log directory.Darren Tucker2023-03-014-1/+4
|
* upstream: Rework logging for the regression tests.dtucker@openbsd.org2023-03-019-39/+128
| | | | | | | | | | | | | | | | | | Previously we would log to ssh.log and sshd.log, but that is insufficient for tests that have more than one concurent ssh/sshd. Instead, we'll log to separate datestamped files in a $OBJ/log/ and leave a symlink at the previous location pointing at the most recent instance with an entry in regress.log showing which files were created at each point. This should be sufficient to reconstruct what happened even for tests that use multiple instances of each program. If the test fails, tar up all of the logs for later analysis. This will let us also capture the output from some of the other tools which was previously sent to /dev/null although most of those will be in future commits. OpenBSD-Regress-ID: f802aa9e7fa51d1a01225c05fb0412d015c33e24
* upstream: fatal out if allocating banner string fails to avoiddtucker@openbsd.org2023-02-281-2/+2
| | | | | | potential null deref later in sscanf. Spotted by Coverity, ok deraadt@ OpenBSD-Commit-ID: 74e8d228ac00552e96e9e968dfcccf8dd1f46ad5
* upstream: Explicitly ignore return from fchmoddtucker@openbsd.org2023-02-281-2/+2
| | | | | | similar to other calls to prevent warning. OpenBSD-Commit-ID: fdc5287dcee0860b5a493186414226c655b0eb0a
* upstream: Plug mem leak on globbed ls error path.dtucker@openbsd.org2023-02-281-1/+2
| | | | | | Spotted by Coverity, ok deraadt@ OpenBSD-Commit-ID: de28476025db29820a9a2e56e98b964d8a02861c
* Cast time_t's in debug output to long long.Darren Tucker2023-02-271-2/+2
| | | | Should fix Coverity warning about truncation of 64bit time_t.
* Do shadow expiry calcs using "long long".Darren Tucker2023-02-271-5/+5
| | | | | Coverity flags these as potentially not 64bit time_t safe so use long long for the calculations and debug output. ok djm@
* avoid clash between for getopt's struct optionDamien Miller2023-02-272-0/+17
| | | | | | | | Since we don't use getopt_long() nothing outside the getopt() implementation itself uses this structure, so move it into the source to remove it from visibility and clashes with libc's ok dtucker@
* Revert explicit chmods on private keys.Darren Tucker2023-02-251-3/+0
| | | | | This should no longer be needed on Cygwin test runners due to previous commit.
* Remove extended ACLs from working dirs.Darren Tucker2023-02-251-3/+3
| | | | | This should allow umask to work as expected and prevent tests from failing due to excessive permissions on private keys.
* Explicitly set permissions on user and host keys.Darren Tucker2023-02-241-0/+3
| | | | | On cygwin, the umask might not be sufficient. Should fix tests on Github runners.
* upstream: fix progressmeter corruption on wide displays; bz3534djm@openbsd.org2023-02-221-42/+51
| | | | | | feedback/ok dtucker@ OpenBSD-Commit-ID: f4affee067cec7c182f3e0b307d758e0472762a3
* upstream: fseek to end of known_hosts before writing to it.dtucker@openbsd.org2023-02-211-8/+9
| | | | | | | | | POSIX and ANSI C require that applications call fseek or similar between read and writing to a RW file. OpenBSD doesn't enforce this, but some (System V derived) platforms need this to prevent it from writing a spurious extra byte (in this case, a newline). ok djm@ deraadt@ OpenBSD-Commit-ID: 33e680dcd8110582a93a40a8491024e961f45137
* Also run unit tests on AIX VMs.Darren Tucker2023-02-211-1/+1
| | | | | In the past these tests took too long, but these days it only adds about 5 min to the run.
* Wrap stdint.h inside ifdef.Darren Tucker2023-02-211-1/+3
|
* Add includes to ptimeout test.Mayank Sharma2023-02-201-0/+2
| | | | Fixes test failures on AIX due to type mismatches.
* Always use the openssl binary configure tells us.Darren Tucker2023-02-201-1/+2
| | | | | This fixes tests on platforms that do not have the openssl tool installed at all.
* upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The codedtucker@openbsd.org2023-02-177-54/+11
| | | | | | | to set this was removed in OpenSSH 7.7 when support for SSH implementations dating back to before RFC standardization were removed. "burn it all" djm@ OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 05:19:29 +0100