search for: buffer_get_string

...s_authentication == 1) { diff -bur openssh-3.7.1p2.orig/authfd.c openssh-3.7.1p2/authfd.c --- openssh-3.7.1p2.orig/authfd.c Thu Jul 3 05:46:56 2003 +++ openssh-3.7.1p2/authfd.c Tue Oct 7 08:21:59 2003 @@ -336,7 +336,7 @@ BN_num_bits(key->rsa->n), bits); break; case 2: - blob = buffer_get_string(&auth->identities, &blen); + blob = buffer_get_binary(&auth->identities, &blen); *comment = buffer_get_string(&auth->identities, NULL); key = key_from_blob(blob, blen); xfree(blob); @@ -430,8 +430,8 @@ buffer_init(&msg); buffer_put_char(&msg, SSH...

i think our strategy for privsep is to just keep portable sync'd closely with openbsd's tree, even though things will be broken wrt privsep for many platforms. then we just get primary one's working and work out issues as we go along. i'll start to work on sun and hp-ux again tomorrow.

...efine MUX_S_OK 0x80000001 #define MUX_S_PERMISSION_DENIED 0x80000002 #define MUX_S_FAILURE 0x80000003 diff --git a/mux.c b/mux.c index f1f7e6b..9b3633b 100644 --- a/mux.c +++ b/mux.c @@ -1530,7 +1530,7 @@ mux_client_request_forward(int fd, u_int ftype, Forward *fwd) case MUX_S_FAILURE: e = buffer_get_string(&m, NULL); buffer_free(&m); - error("%s: session request failed: %s", __func__, e); + error("%s: forwarding request failed: %s", __func__, e); return -1; default: fatal("%s: unexpected response from master 0x%08x", @@ -1649,12 +1649,12 @@ mux_clien...

.../* Import environment from subprocess */ num_env = buffer_get_int(b); - sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env)); + sshpam_env = xcalloc(num_env + 1, sizeof(*sshpam_env)); debug3("PAM: num env strings %d", num_env); for(i = 0; i < num_env; i++) sshpam_env[i] = buffer_get_string(b, NULL); Index: groupaccess.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/groupaccess.c,v retrieving revision 1.10 diff -u -p -r1.10 groupaccess.c --- groupaccess.c 26 Mar 2006 03:24:49 -0000 1.10 +++ groupaccess.c 4...

...st_receive entering mm_getpwnamallow: option block size mismatch It appears that some of the debugging messages are coming from the parent thread and some from the child thread. All I can add is that the buffer "m" in mm_getpwnamallow() has alloc=32768, offset=52, end=10055 and also that buffer_get_string() returns len=7, which is rather different from sizeof(*newopts)=9988, indeed. I am really lost here and cannot figure out what is wrong. Can anybody advise me on how to fix it or perhaps there is already a patch? Thanks, Eugene _________________________________________________________________ Cl...

...------------------------------------------------------------------------ diff -Naur openssh-4.2p1.old/monitor.c openssh-4.2p1.new/monitor.c --- openssh-4.2p1.old/monitor.c Sun Jul 17 03:53:31 2005 +++ openssh-4.2p1.new/monitor.c Tue Dec 20 09:10:04 2005 @@ -1716,6 +1716,11 @@ child_state.input = buffer_get_string(&m, &child_state.ilen); child_state.output = buffer_get_string(&m, &child_state.olen); + /* Let's not forget our loginmsg, now, eh? */ + p = buffer_get_string (&m, &plen); + if (plen) buffer_append (&loginmsg, p, plen); + xfree (p); + buffer_free(&m); }...

server is running openssh 4.6p1 on linux x86 (32bit) client is running openssh 4.6p1 on linux x86_64 (64bit) Just connecting from the client to the server and running "top" long enough results in: Disconnecting: Bad packet length 3690378913. This seems like a 32/64 bit problem to me. -- Andreas Steinmetz SPAMmers use robotrap at domdv.de

...ristos Exp $"); +__RCSID("$NetBSD: ssh-agent.c,v 1.3 2009/12/17 15:55:16 agc Exp $"); #include <sys/types.h> #include <sys/time.h> #include <sys/queue.h> @@ -307,13 +307,13 @@ Buffer msg; Key *key; + odatafellows = datafellows; datafellows = 0; blob = buffer_get_string(&e->request, &blen); data = buffer_get_string(&e->request, &dlen); flags = buffer_get_int(&e->request); - odatafellows = datafellows; if (flags & SSH_AGENT_OLD_SIGNATURE) datafellows = SSH_BUG_SIGBLOB;

..., +#endif {0, 0, NULL} }; @@ -1333,6 +1340,42 @@ return (success); } + +#ifdef KRB5 +int +mm_answer_krb5(int socket, Buffer *m) +{ + krb5_data tkt, reply; + char *client_user; + unsigned int len; + int success; + + /* use temporary var to avoid size issues on 64bit arch */ + tkt.data = buffer_get_string(m, &len); + tkt.length = len; + + success = auth_krb5(authctxt, &tkt, &client_user, &reply); + + if (tkt.length) + xfree(tkt.data); + + buffer_clear(m); + buffer_put_int(m, success); + + if (success) { + buffer_put_cstring(m, client_user); + buffer_put_string(m, reply.data, reply...

...;Unsupported multiplexing protocol version %d " + "(expected %d)", ver, SSHMUX_VER); + return -1; + } + debug2("%s: channel %d slave version %u", __func__, c->self, ver); + + /* No extensions are presently defined */ + while (buffer_len(m) > 0) { + char *name = buffer_get_string_ret(m, NULL); + char *value = buffer_get_string_ret(m, NULL); + + if (name == NULL || value == NULL) { + if (name != NULL) + xfree(name); + goto malf; } - buffer_free(&m); - close(client_fd); - return start_close; - default: - error("Unsupported command %d", mux_comman...

..._SETUP_SIA, 1); +#endif } if (!no_pty_flag) { monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); @@ -716,6 +732,22 @@ auth_method = "skey"; return (authok != 0); +} +#endif + +#ifdef HAVE_OSF_SIA +int +mm_answer_setup_sia(int socket, Buffer *m) +{ + char *user, *tty; + + user = buffer_get_string(m, NULL); + tty = buffer_get_string(m, NULL); + + setup_sia(user, tty); + + xfree(user); + xfree(tty); } #endif Index: monitor.h =================================================================== RCS file: /var/cvs/openssh/monitor.h,v retrieving revision 1.8 diff -u -r1.8 monitor.h --- monitor....

...tup_sia}, +#endif #ifdef USE_PAM {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, #endif @@ -716,6 +726,22 @@ auth_method = "skey"; return (authok != 0); +} +#endif + +#ifdef HAVE_OSF_SIA +int +mm_answer_setup_sia(int socket, Buffer *m) +{ + char *user, *tty; + + user = buffer_get_string(m, NULL); + tty = buffer_get_string(m, NULL); + + setup_sia(user, tty); + + xfree(user); + xfree(tty); } #endif Index: monitor.h =================================================================== RCS file: /var/cvs/openssh/monitor.h,v retrieving revision 1.8 diff -u -r1.8 monitor.h --- monitor....

...r_permit(mon_dispatch, MONITOR_REQ_SETUP_SIA, 1); +#endif } if (!no_pty_flag) { monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); @@ -717,6 +733,22 @@ return (authok != 0); } +#endif + +#ifdef HAVE_OSF_SIA +int +mm_answer_setup_sia(int socket, Buffer *m) +{ + char *user, *tty; + + user = buffer_get_string(m, NULL); + tty = buffer_get_string(m, NULL); + + setup_sia(user, tty); + + xfree(user); + xfree(tty); +} #endif #ifdef USE_PAM diff -ur openssh-3.4p1/monitor.h openssh-3.4p1+/monitor.h --- openssh-3.4p1/monitor.h Tue Jun 11 12:42:49 2002 +++ openssh-3.4p1+/monitor.h Sun Jul 21 22:53:14 2002 @@...

I'm not on the mailing list, so I'd appreciate it if you could cc: me, though I will keep an eye on the archives. I am running openssh 2.2.0p1 on Debian GNU/Linux. I was pleased to see that 2.2.0p1 had support for DSA keys in the agent, and I have successfully used the v2 protocol to another openssh server with the agent providing authentication. I am also able to successfully connect

Hi, I don't see any way to view the details of a certificate once it is generated. Having such a capability would be very handy for debugging purposes to check what constraints, principals, and validity interval are associated with a given cert. -- Iain Morgan

...P_STATUS) { + reply = find_request(req, num_req, id); + + switch (type) { + case SSH2_FXP_STATUS: status = buffer_get_int(&msg); + if (status != SSH2_FX_EOF) + read_error = 1; + max_req = 0; + remove_request(req, &num_req, reply); + break; + case SSH2_FXP_DATA: + data = buffer_get_string(&msg, &len); + if (len > req[reply].len) + fatal("Received more data than asked for " + "%d > %d", len, req[reply].len); + + debug3("In read loop, got %d offset %llu", + len, req[reply].offset); + if ((lseek(local_fd, req[reply]...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

...auth_password() they should be calling auth_pam_password().. So in mm_answer_authpassword() function it should look something like this (untested, and unsure if any other PAM tweaks are needed), but I won't commit anything until someone says ya or na for it being correct. passwd = buffer_get_string(m, &plen); /* Only authenticate if the context is valid */ +#ifdef USE_PAM + /* Do PAM auth with password */ + authenticated = authctxt->valid && auth_pam_password + (authctxt>pw,passwd); +#else authenticated = authctxt->valid &&am...

...e data received from ssh is freed before key_sign is run on it, which results in a bogus signature, at least under Linux. (Solaris and IRIX don't seem to mind.) --- ssh-keysign.c~ Wed Jun 26 17:01:42 2002 +++ ssh-keysign.c Wed Jun 26 17:01:49 2002 @@ -192,7 +192,6 @@ data = buffer_get_string(&b, &dlen); if (valid_request(pw, host, &key, data, dlen) < 0) fatal("not a valid request"); - xfree(data); xfree(host); found = 0; @@ -208,6 +207,7 @@ if (key_sign(keys[i], &signature, &slen, data, dlen) != 0)...

The variable cmd is xmalloc'd by buffer_get_string. It is then used in some places but never freed. This patch places the xfree after the last usage and within the confines of all paths. This entire set of patches passed the regression tests on my system. Memory leak bug found by Coverity. Signed-off-by: Kylene Hall <kjhall at us.ibm.com&gt...