| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
This adds kex_proposal_populate_entries (and corresponding free) which
populates the KEX proposal array with dynamically allocated strings.
This replaces the previous mix of static and dynamic that has been the
source of previous leaks and bugs. Remove unused compat functions.
With & ok djm@.
OpenBSD-Commit-ID: f2f99da4aae2233cb18bf9c749320c5e040a9c7b
|
|
|
|
|
|
|
| |
to set this was removed in OpenSSH 7.7 when support for SSH implementations
dating back to before RFC standardization were removed. "burn it all" djm@
OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda
|
|
|
|
|
|
|
| |
was previously set for OpenSSH 2.3 (released in 2000) but this check was
removed in OpenSSH 7.7 (2018). ok djm@ deraadt@
OpenBSD-Commit-ID: 326426ea328707fc9e83305291ab135c87f678af
|
|
|
|
|
|
| |
since it's no longer used. ok markus@
OpenBSD-Commit-ID: b92c21f56fe4b7f9a54790d6a9650725c226820b
|
|
|
|
|
|
|
| |
since it's only applicable to SSH1 and thus no longer used. ok markus@
"kill it with fire" djm@
OpenBSD-Commit-ID: ea13318b1937795d9db4790d3ce0a6ed01584dab
|
|
|
|
|
|
| |
by dtucker@, ok me
OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80
|
|
|
|
|
|
|
| |
that we can free them later. Fix one leak in compat_kex_proposal. Based on
github PR#324 from ZoltanFridrich with some simplications by me. ok djm@
OpenBSD-Commit-ID: 9171616da3307612d0ede086fd511142f91246e4
|
|
|
|
|
|
| |
Dmitry Belyavskiy, ok dtucker@
OpenBSD-Commit-ID: 4b823ae448f6e899927ce7b04225ac9e489f58ef
|
|
|
|
|
|
|
|
|
|
|
|
| |
allows RSA/SHA2 signatures for public key authentication but fails to
advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these
server to incorrectly match PubkeyAcceptedAlgorithms and potentially refuse
to offer valid keys.
Reported by and based on patch from Gordon Messmer via bz3213, thanks
also for additional analysis by Jakub Jelen. ok dtucker
OpenBSD-Commit-ID: d6d0b7351d5d44c45f3daaa26efac65847a564f7
|
|
|
|
|
|
| |
purpose-built ssh->compat variable instead; feedback/ok markus@
OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
|
|
|
|
|
|
| |
__func__ and appending ssh_err(r) manually; ok markus@
OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
|
|
|
|
| |
OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
|
|
|
|
|
|
| |
ok djm@
OpenBSD-Commit-ID: 2e2b18e3aa6ee22a7b69c39f2d3bd679ec35c362
|
|
|
|
|
|
|
|
|
|
|
|
| |
causes double-free under some circumstances.
--
date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh;
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
feedback and ok dtucker@
OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137
|
|
|
|
|
|
| |
in bz#2366 feedback and ok dtucker@
OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563
|
|
|
|
| |
OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
signature work - returns ability to add/remove/specify algorithms by
wildcard.
Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.
Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.
(lots of) feedback, ok markus@
OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
|
|
|
|
|
|
| |
for prior version; part of RSA-SHA2 strictification, ok markus@
OpenBSD-Commit-ID: 84a11fc0efd2674c050712336b5093f5d408e32b
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
|
|
|
|
|
|
|
|
|
|
| |
without version numbers since they choke on them under some circumstances.
https://twistedmatrix.com/trac/ticket/9422 via Colin Watson
Newer Conch versions have a version number in their ident string and
handle debug messages okay. https://twistedmatrix.com/trac/ticket/9424
OpenBSD-Commit-ID: 6cf7be262af0419c58ddae11324d9c0dc1577539
|
|
|
|
|
|
|
|
| |
Some SSH servers eg "ConfD" drop the connection if the client sends the
new IUTF8 (RFC8160) terminal mode even if it's not set. Add a bug bit
for such servers and avoid sending IUTF8 to them. ok djm@
OpenBSD-Commit-ID: 26425855402d870c3c0a90491e72e2a8a342ceda
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.
ok markus@
OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
|
|
|
|
|
|
|
| |
Make WinSCP patterns for SSH_OLD_DHGEX more specific to
exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@
Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a
|
|
|
|
|
|
|
|
| |
remove compat20/compat13/compat15 variables
ok markus@
Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
|
|
|
|
|
|
|
|
|
| |
remove options.protocol and client Protocol
configuration knob
ok markus@
Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366
|
|
|
|
|
|
| |
unifdef WITH_SSH1 ok markus@
Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
|
|
|
|
|
|
|
|
| |
support =- for removing methods from algorithms lists,
e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
it" markus@
Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
|
|
|
|
|
|
| |
Back out 'plug memleak'.
Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0
|
|
|
|
|
|
| |
Plug mem leak in filter_proposal. ok djm@
Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34
|
|
|
|
|
|
|
| |
Better compat matching for WinSCP, add compat matching
for FuTTY (fork of PuTTY); ok markus@ deraadt@
Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389
|
|
|
|
|
|
|
| |
add Cisco to the list of clients that choke on the
hostkeys update extension. Pointed out by Howard Kash
Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84
|
|
|
|
|
|
|
|
|
|
| |
Add "PuTTY_Local:" to the clients to which we do not
offer DH-GEX. This was the string that was used for development versions
prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately
there are some extant products based on those versions. bx2424 from Jay
Rouman, ok markus@ djm@
Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5
|
|
|
|
|
|
|
|
| |
Cap DH-GEX group size at 4kbits for Cisco implementations.
Some of them will choke when asked for preferred sizes >4k instead of
returning the 4k group that they do have. bz#2209, ok djm@
Upstream-ID: 54b863a19713446b7431f9d06ad0532b4fcfef8d
|
|
|
|
|
|
|
|
|
|
|
| |
Remove pattern length argument from match_pattern_list(), we
only ever use it for strlen(pattern).
Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.
ok markus@
|
|
|
|
|
|
|
| |
Blacklist DH-GEX for specific PuTTY versions known to
send non-RFC4419 DH-GEX messages rather than all versions of PuTTY.
According to Simon Tatham, 0.65 and newer versions will send RFC4419 DH-GEX
messages. ok djm@
|
|
|
|
|
| |
WinSCP doesn't implement RFC4419 DH-GEX so flag it so we
don't offer that KEX method. ok markus@
|
|
|
|
|
|
| |
deprecate ancient, pre-RFC4419 and undocumented
SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems
reasonable" dtucker@
|
|
|
|
|
|
|
| |
Don't send hostkey advertisments
(hostkeys-00@openssh.com) to current versions of Tera Term as they can't
handle them. Newer versions should be OK. Patch from Bryan Drewery and
IWAMOTO Kouichi, ok djm@
|
|
|
|
|
| |
treat Protocol=1,2|2,1 as Protocol=2 when compiled
without SSH1 support; ok dtucker@ millert@
|
|
|
|
| |
store compat flags in struct ssh; ok djm@
|
|
|
|
| |
another -Wpointer-sign from clang
|
|
|
|
|
|
| |
[compat.c]
add a canonical 6.6 + curve25519 bignum fix fake version that I can
recommend people use ahead of the openssh-6.7 release
|
|
|
|
|
| |
[compat.c]
missing wildcard; pointed out by naddy@
|
|
|
|
|
|
|
|
|
|
|
|
| |
[compat.c compat.h sshconnect2.c sshd.c version.h]
OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
using the curve25519-sha256@libssh.org KEX exchange method to fail
when connecting with something that implements the spec properly.
Disable this KEX method when speaking to one of the affected
versions.
reported by Aris Adamantiadis; ok markus@
|
|
|
|
|
|
|
|
|
| |
[auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
[sshconnect.c sshconnect2.c sshd.c]
refuse RSA keys from old proprietary clients/servers that use the
obsolete RSA+MD5 signature scheme. it will still be possible to connect
with these clients/servers but only DSA keys will be accepted, and we'll
deprecate them entirely in a future release. ok markus@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
dns.c packet.c readpass.c authfd.c moduli.c]
bye, bye xfree(); ok markus@
|
|
|
|
|
|
|
| |
[compat.c sshconnect.c]
Send client banner immediately, rather than waiting for the server to
move first for SSH protocol 2 connections (the default). Patch based on
one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
|
|
|
|
|
|
|
|
|
|
|
| |
[mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c version.h]
unbreak remote portforwarding with dynamic allocated listen ports:
1) send the actual listen port in the open message (instead of 0).
this allows multiple forwardings with a dynamic listen port
2) update the matching permit-open entry, so we can identify where
to connect to
report: den at skbkontur.ru and P. Szczygielski
feedback and ok djm@
|
|
|
|
|
|
| |
[compat.c compat.h nchan.c ssh.c]
only send eow and no-more-sessions requests to openssh 5 and newer;
fixes interop problems with broken ssh v2 implementations; ok djm@
|
|
|
|
|
|
|
|
|
| |
[channels.c compat.c compat.h]
bz #1019: some ssh.com versions apparently can't cope with the
remote port forwarding bind_address being a hostname, so send
them an address for cases where they are not explicitly
specified (wildcard or localhost bind). reported by daveroth AT
acm.org; ok dtucker@ deraadt@
|