search for: buffer_init

...rver_config ?before fill_default_server_options after fill_default_server_options sshd version OpenSSH_3.7.1p2 before lodaing private keys ?after lodaing private keys ?after lodaing private keys options.host_key_files[i]=/etc/ssh/ssh_host_rsa_key ?in key_load_private ?before key_load_public_rsa1 in buffer_init in buffer_append_space in buffer_get leaving from buffer_get in buffer_free ?before key_load_private_pem ?returning from key_load_private ?after key_load_private private host key: #0 type 1 RSA options.host_key_files[i]=/etc/ssh/ssh_host_dsa_key ?in key_load_private ?before key_load_public_rsa1 in...

...rver_config before fill_default_server_options after fill_default_server_options sshd version OpenSSH_3.7.1p2 before lodaing private keys after lodaing private keys after lodaing private keys options.host_key_files[i]=/etc/ssh/ssh_host_rsa_key in key_load_private before key_load_public_rsa1 in buffer_init in buffer_append_space in buffer_get leaving from buffer_get in buffer_free before key_load_private_pem returning from key_load_private after key_load_private private host key: #0 type 1 RSA options.host_key_files[i]=/etc/ssh/ssh_host_dsa_key in key_load_private before key_load_public_rsa1 in...

This is the 1st revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH

Tried the user discussion list to no avail, can't get 3.6.p2 portable running due to buffer_get errors. Does the latest portable SNAP incorporate the latest patches? Running Red Hat 8.0 AS SHIPPED /usr/sbin/sshd ... cool, listens on 22 with 3.4p1 WITH 3.6.1p2 ./configure make make install ... /usr/local/sbin/sshd -t -f /usr/local/etc/sshd_config buffer_get: trying to get more bytes 1 than

...bits); break; case 2: - blob = buffer_get_string(&auth->identities, &blen); + blob = buffer_get_binary(&auth->identities, &blen); *comment = buffer_get_string(&auth->identities, NULL); key = key_from_blob(blob, blen); xfree(blob); @@ -430,8 +430,8 @@ buffer_init(&msg); buffer_put_char(&msg, SSH2_AGENTC_SIGN_REQUEST); - buffer_put_string(&msg, blob, blen); - buffer_put_string(&msg, data, datalen); + buffer_put_binary(&msg, blob, blen); + buffer_put_binary(&msg, data, datalen); buffer_put_int(&msg, flags); xfree(blob); @@...

Hi all, currently I am considering writing a patch for OpenSSH that will allow portforwarding using the control_master unix domain socket. The idea is to introduce an extra SSHMUX command, SSHMUX_COMMAND_SOCKS, which will then pass control to the normal socks functions used for dynamic forwarding. The main reason for me to write this patch are: - some more control over who gets to connect to

...erity: trivial Priority: P2 Component: sftp AssignedTo: unassigned-bugs at mindrot.org ReportedBy: loganaden at gmail.com Created attachment 2071 --> https://bugzilla.mindrot.org/attachment.cgi?id=2071 Fix for memory leak in sftp-client.c in do_hardlink(), buffer_init(&msg) may be unfreed if the server does not support hardlink condition is met. Jonathan Armani (armani@) advises moving it down. Same thing happens in do_readlink(): if it's unable to readlink(), the function returns without freeing msg. I've attached a patch. This runs on both openb...

...)) { + error("env_permitted: name '%.100s...' too long", env); return 0; } - /* XXX handle asynchronously */ - unset_nonblock(client_fd); + for (i = 0; i < options.num_send_env; i++) + if (match_pattern(name, options.send_env[i])) + return 1; - /* Read command */ - buffer_init(&m); - if (ssh_msg_recv(client_fd, &m) == -1) { - error("%s: client msg_recv failed", __func__); - close(client_fd); - buffer_free(&m); - return 0; - } - if ((ver = buffer_get_char(&m)) != SSHMUX_VER) { - error("%s: wrong client version %d", __func__, ver);...

...- * This returns a buffer allocated by xmalloc. - */ -char * -expand_filename(const char *filename, struct passwd *pw) -{ - Buffer buffer; - char *file; - const char *cp; - - /* - * Build the filename string in the buffer by making the appropriate - * substitutions to the given file name. - */ - buffer_init(&buffer); - for (cp = filename; *cp; cp++) { - if (cp[0] == '%' && cp[1] == '%') { - buffer_append(&buffer, "%", 1); - cp++; - continue; - } - if (cp[0] == '%' && cp[1] == 'h') { - buffer_append(&buffer, pw->pw_dir,...

This is the 1st revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH

...onitor_read(pmonitor, mon_dispatch, NULL); + + close(pmonitor->m_sendfd); + pmonitor->m_sendfd = -1; } void @@ -465,6 +494,45 @@ monitor_sync(struct monitor *pmonitor) } } +static int +monitor_read_log(struct monitor *pmonitor) +{ + Buffer logmsg; + u_int len, level; + char *msg; + + buffer_init(&logmsg); + buffer_append_space(&logmsg, 4); + if (atomicio(read, pmonitor->m_log_recvfd, + buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) { + if (errno == EPIPE) { + debug("%s: child log fd closed", __func__); + close(pmonitor->m_log_...

...c =================================================================== RCS file: /cvs/src/usr.bin/ssh/buffer.c,v retrieving revision 1.16 retrieving revision 1.18 diff -u -r1.16 -r1.18 --- buffer.c 26 Jun 2002 08:54:18 -0000 1.16 +++ buffer.c 16 Sep 2003 21:02:39 -0000 1.18 @@ -23,8 +23,11 @@ void buffer_init(Buffer *buffer) { - buffer->alloc = 4096; - buffer->buf = xmalloc(buffer->alloc); + const u_int len = 4096; + + buffer->alloc = 0; + buffer->buf = xmalloc(len); + buffer->alloc = len; buffer->offset = 0; buffer->end = 0; } @@ -34,8 +37,10 @@ void buffer_free(Buffer *...

...count; i++) { type = buffer_get_string(b, NULL); - data = buffer_get_string(b, NULL); + data = buffer_get_string_ptr(b, &datalen); debug3("Got file attribute \"%s\"", type); + if (strcmp(type, "extattr at openssh.com") == 0) { + Buffer ext; + + buffer_init(&ext); + buffer_append(&ext, data, datalen); + decode_extra_attrib(&ext, &a); + buffer_free(&ext); + } xfree(type); - xfree(data); } } return &a; } +static void +encode_extra_attrib(Buffer *b, const Attrib *a) +{ + buffer_put_int(b, a->ext_flags...

...- * This returns a buffer allocated by xmalloc. - */ -char * -expand_filename(const char *filename, struct passwd *pw) -{ - Buffer buffer; - char *file; - const char *cp; - - /* - * Build the filename string in the buffer by making the appropriate - * substitutions to the given file name. - */ - buffer_init(&buffer); - for (cp = filename; *cp; cp++) { - if (cp[0] == '%' && cp[1] == '%') { - buffer_append(&buffer, "%", 1); - cp++; - continue; - } - if (cp[0] == '%' && cp[1] == 'h') { - buffer_append(&buffer, pw->pw_dir,...

...mset(buf, 0, bytes); + xfree(buf); + + return (0); +} + +static int +do_convert_private_ssh2_to_blob(const Key *key, u_char **blobp, u_int *lenp) +{ + Buffer b; + int len, len1; + char *pb; + + if (key == NULL) { + error("do_convert_private_ssh2_to_blob: key == NULL"); + return 0; + } + buffer_init(&b); + buffer_put_int(&b, SSH_COM_PRIVATE_KEY_MAGIC); + buffer_put_int(&b, 0); + + switch (key->type) { + case KEY_DSA: + buffer_put_cstring(&b, "dl-modp{sign{dsa-nist-sha1},dh{plain}}"); + break; + case KEY_RSA: + buffer_put_cstring(&b, "if-mo...

Hi, I don't see any way to view the details of a certificate once it is generated. Having such a capability would be very handy for debugging purposes to check what constraints, principals, and validity interval are associated with a given cert. -- Iain Morgan

...icated = 0; #ifdef USE_PAM /* PAM needs to perform account checks after auth */ - if (options.use_pam) { + if (authenticated && options.use_pam) { Buffer m; buffer_init(&m); -----Original Message----- From: Damien Miller [mailto:djm at mindrot.org] Sent: Dienstag, 18. November 2003 00:50 To: Edgar, Bob Cc: openssh-unix-dev at mindrot.org Subject: Re: 3.7.1P2, PermitRootLogin and PAM with hidden NISplus passwords Edgar, Bob wrote: > What all of the abo...

...In function input_userauth_request(from line no 299) we allocate memory using xstrdup call and this was not freeed. 3, In Function list_hostkey_types (from line no 825) we allocate memory using xstrdup call and this was not freeed. 4, In function kex_setup (line no : 246) we allocate memory using buffer_init call and this was not freeed. 5, In Function channel_new (line no :332) allocate memory using xstrdup call and this was not freeed. 6, In function channel_new (line no:317) we allocate memory using buffer_init call and this was not freeed. If this issue was fixed in the later release, can you pl...

...- * This returns a buffer allocated by xmalloc. - */ -char * -expand_filename(const char *filename, struct passwd *pw) -{ - Buffer buffer; - char *file; - const char *cp; - - /* - * Build the filename string in the buffer by making the appropriate - * substitutions to the given file name. - */ - buffer_init(&buffer); - for (cp = filename; *cp; cp++) { - if (cp[0] == '%' && cp[1] == '%') { - buffer_append(&buffer, "%", 1); - cp++; - continue; - } - if (cp[0] == '%' && cp[1] == 'h') { - buffer_append(&buffer, pw->pw_dir,...

...@@ -203,6 +203,7 @@ /* message to be displayed after login */ Buffer loginmsg; +Buffer expiremsg; /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); @@ -1506,6 +1507,7 @@ /* prepare buffers to collect authentication messages */ buffer_init(&loginmsg); + buffer_init(&expiremsg); if (use_privsep) if ((authctxt = privsep_preauth()) != NULL)