search for: getrrsetbyname

...install of all prerequisites has scucceeded. Now make of openssh-3.7.1p2 gives the following: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. -I/usr/local/openssl-0.9.7b/include -I/opt/zlib/include -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -DHAVE_CONFIG_H -c getrrsetbyname.c getrrsetbyname.c: In function `getrrsetbyname': getrrsetbyname.c:191: warning: implicit declaration of function `res_init' getrrsetbyname.c:207: warning: implicit declaration of function `res_query' getrrsetbyname.c:265: `T_SIG' undeclared (first use in this function) getrrsetbyna...

...looked at this yet but it looks like the resolver changes broke AIX and HP-UX. -Daz. AIX 4.3.3.11: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I../../openbsd-compat -I../../openbsd-compat/.. -I/usr/local/ssl/include -I/usr/local/include -DHAVE_CONFIG_H -c ../../openbsd-compat/getrrsetbyname.c ../../openbsd-compat/getrrsetbyname.c:133: warning: static declaration for `_getshort? follows non-static ../../openbsd-compat/getrrsetbyname.c:143: conflicting types for `_getlong? /usr/include/arpa/onameser_compat.h:322: previous declaration of `_getlong? ../../openbsd-compat/getrrsetbyname.c:...

http://bugzilla.mindrot.org/show_bug.cgi?id=1111 Summary: memory leak in openbsd-compat/getrrsetbyname.c, function: getrrsetbyname Product: Portable OpenSSH Version: 4.2p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot...

I've been trying to figure out why I can't seem to use SSHFP fingerprints delivered via DNSSEC, which led me to try to figure out why OpenSSH won't use DNSSEC on my NetBSD-4-branch platform. It turns out that around line 70 in openbsd-compat/getrrsetbyname.c, we have the following: /* to avoid conflicts where a platform already has _res */ #ifdef _res # undef _res #endif #define _res _compat_res struct __res_state _res; This defines a global, _compat_res, used only by OpenSSH (at least on NetBSD), and makes _res be...

...2p1 on MacOSX 10.6.0, I get the following ld error gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o mux.o -L. -Lopenbsd-compat/ -fstack-protector-all -lssh -lopenbsd-compat -lcrypto -lz Undefined symbols: "_res_9_query", referenced from: _getrrsetbyname in libopenbsd-compat.a(getrrsetbyname.o) "_res_9_getshort", referenced from: _parse_dns_rrsection in libopenbsd-compat.a(getrrsetbyname.o) _parse_dns_rrsection in libopenbsd-compat.a(getrrsetbyname.o) _parse_dns_rrsection in libopenbsd-compat.a(getrrsetbyname.o)...

Hello. I have an issue with SSHFP lookups using "VerifyHostKeyDNS=yes" and "options edns0" in /etc/resolv.conf (glib >= 2.6). getrrsetbyname() calls res_query() with a maximum buffer size of 65536. The glibc resolver truncates this value to 16 bits, reducing the query's advertised buffer size to 0. BIND appears to ignore it while Unbound returns a server failure. glibc's source suggests that it should retry the query without E...

...t; ../defines.h:195: #error "16 bit int type not found." ../defines.h:204: #error "32 bit int type not found." ../defines.h:243: warning: `SIZE_T_MAX' redefined ../defines.h:237: warning: this is the location of the previous definition In file included from ../openbsd-compat/getrrsetbyname.h:57, from ../openbsd-compat/openbsd-compat.h:40, from ../includes.h:173, from bsd-arc4random.c:25: /usr/include/arpa/nameser.h:48: warning: `/*' within comment In file included from ../openbsd-compat/openbsd-compat.h:128, from...

http://bugzilla.mindrot.org/show_bug.cgi?id=1299 Summary: Remove redefinition of _res in getrrsetbyname.c Product: Portable OpenSSH Version: 4.5p1 Platform: All OS/Version: NetBSD Status: NEW Keywords: patch Severity: major Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org Reporte...

...nown_hosts in a secure or timely manner, we are keen on using SSHFP records .. but only if the DNSSEC last mile issue can be addressed in a relatively easy way for users. We propose that openssh be modified as follows: (1) introduce a new ssh_config directive: UnboundConfigurationFile (2) modify getrrsetbyname() such that, if UnboundConfigurationFile is set, then the unbound resolver is used; if not, then libc (3) provide a default unbound configuration in /etc/ssh/ssh_unbound_conf In this way, the standard mode of operation for ssh remains unchanged by default. Users who would like to use SSHFP recor...

http://bugzilla.mindrot.org/show_bug.cgi?id=1050 Summary: getrrsetbyname compat broken Product: Portable OpenSSH Version: 4.1p1 Platform: All OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: jakob...

...quot;no address associated with name". After some digging through the code I found what is causing this strange behaviour. Basically it was introduced with the following change: revision 1.3954 date: 2005/11/05 05:56:52; author: djm; state: Exp; lines: +4 -1 - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version, resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu; ok dtucker@ When I take out the line struct __res_state _res; things work. Also, the problem does not occur when compiling with gcc (I used 3.4.4) instead of the SGI IDO cc. I...

...hort _getlong) + AC_CHECK_MEMBER(struct HEADER.ad, + [AC_DEFINE(HAVE_HEADER_AD)],, + [#include arpa/nameser.h]) ]) fi ] --- openssh/acconfig.h.old 2003-09-07 11:01:43.989760001 -0700 +++ openssh/acconfig.h 2003-09-08 09:58:18.714080015 -0700 @@ -418,6 +418,9 @@ /* Define if getrrsetbyname() exists */ #undef HAVE_GETRRSETBYNAME +/* Define if HEADER.ad exists in arpa/nameser.h */ +#undef HAVE_HEADER_AD + @BOTTOM@ /* ******************* Shouldn't need to edit below this line ************** */ --- openssh/openbsd-compat/getrrsetbyname.c.old 2003-09-08 06:29:05.644640000 -0700...

...at//libopenbsd-compat.a(fake-rfc2553.o): In function `ssh_getaddrinfo': /openssh-3.8p1/openbsd-compat/fake-rfc2553.c(164): undefined reference to `getservbyname' /openssh-3.8p1/openbsd-compat/fake-rfc2553.c(198): undefined reference to `gethostbyname' openbsd-compat//libopenbsd-compat.a(getrrsetbyname.o): In function `getrrsetbyname': /openssh-3.8p1/openbsd-compat/getrrsetbyname.c(190): undefined reference to `_res' /openssh-3.8p1/openbsd-compat/getrrsetbyname.c(190): undefined reference to `res_init' /openssh-3.8p1/openbsd-compat/getrrsetbyname.c(206): undefined reference to `res_qu...

http://bugzilla.mindrot.org/show_bug.cgi?id=1299 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Comment #3 from dtucker at zip.com.au 2007-04-29 14:06

...ATUS_OK; exit(0); } + ]])], + [AC_MSG_RESULT(yes)], + [ + AC_MSG_RESULT(no) + AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) + ]) + fi + ] +) + # Check whether user wants libedit support LIBEDIT_MSG="no" AC_ARG_WITH(libedit, Index: openbsd-compat/getrrsetbyname.c =================================================================== RCS file: /cvs/openssh/openbsd-compat/getrrsetbyname.c,v retrieving revision 1.24 diff -u -r1.24 getrrsetbyname.c --- openbsd-compat/getrrsetbyname.c 29 Apr 2007 03:58:07 -0000 1.24 +++ openbsd-compat/getrrsetbyname.c 21 May 2007...

...penssh-7.3p1/openbsd-compat' gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I.. -I. -I./.. -DHAVE_CONFIG_H -c getrrsetbyname-ldns.c In file included from ../openbsd-compat/openbsd-compat.h:173:0, from ../includes.h:171, from getrrsetbyname-ldns.c:46: ../openbsd-compat/bsd-misc.h:139:39: error: expected identifier or '(' before 'do' # define krb5_free_error_message(a,b) d...

...ommunicated to the agent. This resulted in the keys being added without constraints. The common cases of non-smartcard keys and keys without destination constraints are unaffected. This problem was reported by Luci Stanescu. * ssh(1): Portable OpenSSH provides an implementation of the getrrsetbyname(3) function if the standard library does not provide it, for use by the VerifyHostKeyDNS feature. A specifically crafted DNS response could cause this function to perform an out-of-bounds read of adjacent stack data, but this condition does not appear to be exploitable beyond denial-of-...

http://bugzilla.mindrot.org/show_bug.cgi?id=1033 Summary: Fix compile-time warnings Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P2 Component: Miscellaneous AssignedTo: openssh-bugs at mindrot.org ReportedBy: dtucker at

...for using DNSSEC lookups to check host keys. I've also made the changes to the OPENBSD_2_9 tree. Both patches are available at ftp://ftp.tislabs.com/pub/fmeshd/ as openssh.[portable,openbsd].patch.20010709 I'm really looking for testers at this time. Right now the lookups are done using a getrrsetbyname() function that is part of the BIND9 lwres API. I'm in the process of writing a similar standalone function for the OpenBSD tree. There is a README.DNSSEC file in the directory that has more details. -- Wesley Griffin NAI Labs wgriffin at tisl...

Please find attached file "configure.ac+dns.patch". This patch allow to compile current (30 Jun 2003) with options --with-dns on my platform. Output from "ssh -v -o VerifyHostKeyDNS=yes ..." follow: ... debug1: found 1 fingerprints in DNS debug1: matching host key fingerprint found in DNS ... -------------- next part -------------- An embedded and charset-unspecified text