search for: freezero

Hi, Sometimes, users might find that the `ssh-sk-helper` crashes after enrolling a new key when using external SK libraries. Currently, the memory returned by SK APIs is freed by the host, but external libraries may have their own methods of handling memory. For instance some external libraries are linked against a foreign libc statically. As a result, the `ssh-sk-helper` would have issues if

This is not valid in ISO C. --- ssh-sk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh-sk.c b/ssh-sk.c index 2b25c42f..3d6ac3d0 100644 --- a/ssh-sk.c +++ b/ssh-sk.c @@ -153,7 +153,7 @@ sshsk_free_enroll_response(struct sk_enroll_response *r) freezero(r->signature, r->signature_len); freezero(r->attestation_cert, r->attestation_cert_len); freezero(r, sizeof(*r)); -}; +} static void sshsk_free_sign_response(struct sk_sign_response *r) @@ -163,7 +163,7 @@ sshsk_free_sign_response(struct sk_sign_response *r) freezero(r->sig...

The freezero call is practically the same as calling explicit_bzero followed by free. Okay? Index: sshbuf.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshbuf.c,v diff -u -p -u -p -r1.19 sshbuf.c --- sshbuf.c 2 Dec 2022 04:40:27 -0000 1.19 +++ sshbuf.c 13...

...**commentp) ??? ??? ?pass = xstrdup(identity_passphrase); ??? ?else ??? ??? ?pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); -?? ?r = sshkey_load_private(filename, pass, &prv, commentp); +?? ?r = sshkey_load_private(filename, pass, &prv, commentp, vault_infop); ??? ?freezero(pass, strlen(pass)); ??? ?if (r != 0) ??? ??? ?fatal("Load key \"%s\": %s", filename, ssh_err(r)); @@ -429,7 +431,7 @@ do_convert_to(struct passwd *pw) ??? ?if (stat(identity_file, &st) == -1) ??? ??? ?fatal("%s: %s: %s", __progname, identity_file, strerror(errno))...

https://bugzilla.mindrot.org/show_bug.cgi?id=2687 Bug ID: 2687 Summary: Coverity scan fixes Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org

Hi, OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a feature release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

Hello. I am trying to play through the following test scenario about certificate revocation on Ubuntu 18.04, which has OpenSSH of this version: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017 1. A CA key is created ssh-keygen -t ed25519 -f ca 2. The CA public key is added to ~/.ssh/authorized_keys on some server: cert-authority ssh-ed25519 AAAA...e ca at yoga 3. A user key is created on a

Hi, OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at