search for: ssh_err_invalid_argument

...h_sandbox *); void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t); +#define setrlimit(x,y) (0) diff --git a/sshkey.c b/sshkey.c index e91c54f..cfdd437 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1394,8 +1394,11 @@ rsa_generate_private_key(u_int bits, RSA **rsap) if (rsap == NULL) return SSH_ERR_INVALID_ARGUMENT; if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE || - bits > SSHBUF_MAX_BIGNUM * 8) + bits > SSHBUF_MAX_BIGNUM * 8) { + fprintf(stderr, "%s bits %d min %d max %d\n", __func__, bits, + SSH_RSA_MINIMUM_MODULUS_SIZE, SSHBUF_MAX_BIGNUM); return SSH_ERR_KEY_LENGTH; + } *r...

...host keys. Specifically, after the key exchange phase, when a client requests proof of ownership for the host keys via the "hostkeys-prove-00 at openssh.com" request, the server prepares the response without specifying the signature algoorithm in case of non-RSA keys. This leads to "SSH_ERR_INVALID_ARGUMENT" when verifying the signature in : openssh-portable/authfd.c line if ((r = sshkey_check_sigtype(sig, len, alg)) != 0) To resolve this, I explicitly sets the signature algorithm, ensuring proper verification for all key types. I would appreciate any feedback or suggestions regarding this is...

Hello! I have a minor observation about code in sshbuf.c, not sure if it would be useful, but here it is. sshbuf_reset() is currently implemented like this: void sshbuf_reset(struct sshbuf *buf) { u_char *d; if (buf->readonly || buf->refcount > 1) { /* Nonsensical. Just make buffer appear empty */ buf->off = buf->size; return; } if (sshbuf_check_sanity(buf) != 0)

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex

Hi, OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

..._LIBZSTD */ } -#endif /* WITH_ZLIB */ cipher_free(state->send_context); cipher_free(state->receive_context); state->send_context = state->receive_context = NULL; @@ -696,11 +727,11 @@ start_compression_out(struct ssh *ssh, int level) if (level < 1 || level > 9) return SSH_ERR_INVALID_ARGUMENT; debug("Enabling compression at level %d.", level); - if (ssh->state->compression_out_started == 1) + if (ssh->state->compression_out_started == COMP_ZLIB) deflateEnd(&ssh->state->compression_out_stream); switch (deflateInit(&ssh->state->compression_...

I added ZSTD support to OpenSSH roughly three years ago and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port

https://bugzilla.mindrot.org/show_bug.cgi?id=2687 Bug ID: 2687 Summary: Coverity scan fixes Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org

I hacked zstd support into OpenSSH a while ago and just started to clean it up in the recent days. The cleanup includes configuration support among other things that I did not have. During testing I noticed the following differences compared to zlib: - highly interactive shell output (as in refreshed at a _very_ high rate) may result in higher bandwidth compared to zlib. Since zstd is quicker

I added ZSTD support to OpenSSH roughly over a year and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port

...*ciphercontext = NULL; ??? ?struct sshkey *pubkey = NULL; +?? ?struct sshkey_vault *vault_info = NULL; ??? ?u_char *key = NULL, *salt = NULL, *dp; ??? ?u_int blocksize, rounds, nkeys, encrypted_len, check1, check2; ? ??? ?if (decoded == NULL || decryptedp == NULL || pubkeyp == NULL) ??? ??? ?return SSH_ERR_INVALID_ARGUMENT; ? +?? ?if (vault_infop != NULL) { +?? ??? ?*vault_infop = NULL; +?? ?} +?? ?if ((vault_info = sshkey_vault_new()) == NULL) { +?? ??? ?r = SSH_ERR_ALLOC_FAIL; +?? ??? ?goto out; +?? ?} + ??? ?*decryptedp = NULL; ??? ?*pubkeyp = NULL; ? @@ -4074,10 +4126,18 @@ private2_decrypt(struct sshbuf *decoded...

Hi, OpenSSH 6.8 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is