search for: sshbuf

This simple additional check hardens sshbuf against linking an sshbuf into itself as parent/child pair, which could lead to ref counting issues. Purely defensive measure. I am not aware that this could happen somehwere in the code by now. Okay? Index: sshbuf.c =================================================================== RCS file: /...

On Thu, 25 Jun 2015, Michael Felt wrote: > Just running a standard make, and then a make install to a packaging > directory. It seems to be complaining about missing keys - not sure yet if > this is a show stopper For packaging you want the install-nokeys rule not install. -- Tim Rice Multitalents tim at multitalents.net

--- sshbuf.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sshbuf.h b/sshbuf.h index 78e32264..4b71405a 100644 --- a/sshbuf.h +++ b/sshbuf.h @@ -140,7 +140,7 @@ int sshbuf_allocate(struct sshbuf *buf, size_t len); /* * Reserve len bytes in buf. * Returns 0 on success and a pointer t...

Hello! I have a minor observation about code in sshbuf.c, not sure if it would be useful, but here it is. sshbuf_reset() is currently implemented like this: void sshbuf_reset(struct sshbuf *buf) { u_char *d; if (buf->readonly || buf->refcount > 1) { /* Nonsensical. Just make buffer appear empty */ buf->off = buf->size; return;...

...Aug 2024 16:46:00 -0000 @@ -249,7 +249,7 @@ cipher_init(struct sshcipher_ctx **ccp, #endif *ccp = NULL; - if ((cc = calloc(sizeof(*cc), 1)) == NULL) + if ((cc = calloc(1, sizeof(*cc))) == NULL) return SSH_ERR_ALLOC_FAIL; cc->plaintext = (cipher->flags & CFLAG_NONE) != 0; Index: sshbuf.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshbuf.c,v diff -u -p -u -p -r1.19 sshbuf.c --- sshbuf.c 2 Dec 2022 04:40:27 -0000 1.19 +++ sshbuf.c 13 Aug 2024 16:46:00 -0000 @@ -91,7 +91,7 @@ sshbuf_new(void) { struct sshbuf *ret; - if ((re...

...please excuse me if something is wrong with this message... I'm pretty interested in the OpenSSH codebase, and a couple of questions arose while I was investigating it, and I guess this is the place where I can find answers. 1. There are a lot of allocations, even for short lived objects like sshbufs and sshkeys. Creating an sshbuf always requires at least one allocation, two allocations if it is created with sshbuf_new(). There are a lot of times when they are allocated and freed within the same function. Same thing with bitmaps. What is the reason behind not allocating them on the stack? 2....

This patch fixes two spelling mistakes in code comments, which means no functional change: still-extant -> still-existant the -> then Okay? Index: sshbuf.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshbuf.c,v diff -u -p -u -p -r1.19 sshbuf.c --- sshbuf.c 2 Dec 2022 04:40:27 -0000 1.19 +++ sshbuf.c 13 Aug 2024 16:39:12 -0000 @@ -168,8 +168,8 @@ sshbuf_free(struct sshbuf *buf) return; /* -...

...regress/unittests/test_helper/fuzz.o ar: Creating an archive file regress/unittests/test_helper/libtest_helper.a. a - regress/unittests/test_helper/test_helper.o a - regress/unittests/test_helper/fuzz.o ranlib regress/unittests/test_helper/libtest_helper.a xlc -o regress/unittests/sshbuf/test_sshbuf -L. -Lopenbsd-compat/ -blibpath:/usr/lib:/lib regress/unittests/sshbuf/tests.o regress/unittests/sshbuf/test_sshbuf.o regress/unittests/sshbuf/test_sshbuf_getput_basic.o regress/unittests/sshbuf/test_sshbuf_getput_crypto.o regress/unittests/sshbuf/test_sshbuf_misc.o regress/unitte...

...regress/unittests/test_helper/fuzz.o ar: Creating an archive file regress/unittests/test_helper/libtest_helper.a. a - regress/unittests/test_helper/test_helper.o a - regress/unittests/test_helper/fuzz.o ranlib regress/unittests/test_helper/libtest_helper.a xlc -o regress/unittests/sshbuf/test_sshbuf -L. -Lopenbsd-compat/ -blibpath:/usr/lib:/lib regress/unittests/sshbuf/tests.o regress/unittests/sshbuf/test_sshbuf.o regress/unittests/sshbuf/test_sshbuf_getput_basic.o regress/unittests/sshbuf/test_sshbuf_getput_crypto.o regress/unittests/sshbuf/test_sshbuf_misc.o regress/unitte...

https://bugzilla.mindrot.org/show_bug.cgi?id=3539 Bug ID: 3539 Summary: sshbuf memory leak in recv_rexec_state() Product: Portable OpenSSH Version: 9.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org...

...========================= ================ ============= ====== ================= *RHEL 3.4 i386-redhat-linux gcc 3.2.3-47 1.0.1i**a OK*1 all tests passed* *AIX 5300-12-04 powerpc-ibm-aix5.3.0.0 gcc 4.2.0-3 0.9.8k FAIL*1 * *FAIL*1 missing e.h in test_sshbuf_getput_crypto* gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -I. -I. -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_...

https://bugzilla.mindrot.org/show_bug.cgi?id=2370 Bug ID: 2370 Summary: make fails with "rmd160.c", line 35.10: 1506-296 (S) #include file <endian.h> not found. when using --without-openssl on AIX Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: AIX

...++++++++++++++++++++++++++++++------ readconf.c | 8 +- servconf.c | 14 +-- ssh.c | 4 +- 9 files changed, 300 insertions(+), 46 deletions(-) diff --git a/cipher.c b/cipher.c index 02aea4089ff91..1634bb4019c86 100644 --- a/cipher.c +++ b/cipher.c @@ -48,6 +48,7 @@ #include "sshbuf.h" #include "ssherr.h" #include "digest.h" +#include "kex.h" #include "openbsd-compat/openssl-compat.h" @@ -142,12 +143,33 @@ cipher_alg_list(char sep, int auth_only) const char * compression_alg_list(int compression) { -#ifdef WITH_ZLIB - retu...

...me, passphrase, -?? ???? keyp, commentp); +?? ???? keyp, commentp, vault_infop); ?} ? ?int ?sshkey_load_private_type_fd(int fd, int type, const char *passphrase, -??? struct sshkey **keyp, char **commentp) +??? struct sshkey **keyp, char **commentp, struct sshkey_vault **vault_infop) ?{ ??? ?struct sshbuf *buffer = NULL; ??? ?int r; @@ -159,7 +161,7 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase, ??? ??? ?*keyp = NULL; ??? ?if ((r = sshbuf_load_fd(fd, &buffer)) != 0 || ??? ???? (r = sshkey_parse_private_fileblob_type(buffer, type, -?? ???? passphrase, keyp, commentp)) !=...

I added ZSTD support to OpenSSH roughly three years ago and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port

The freezero call is practically the same as calling explicit_bzero followed by free. Okay? Index: sshbuf.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshbuf.c,v diff -u -p -u -p -r1.19 sshbuf.c --- sshbuf.c 2 Dec 2022 04:40:27 -0000 1.19 +++ sshbuf.c 13 Aug 2024 16:54:20 -0000 @@ -183,10 +183,8 @@ sshbuf_free(struct sshbuf *buf) sshbuf_free(buf...

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex

...expected[i].l.key, NULL), 0); diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index c61e2bd..cf35f09 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -141,13 +141,16 @@ do_kex_with_key(char *kex, int keytype, int bits) sshbuf_free(state); ASSERT_PTR_NE(server2->kex, NULL); /* XXX we need to set the callbacks */ +#ifdef WITH_OPENSSL server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; s...

On Wed, 17 Feb 2016, Tom G. Christensen wrote: > On 12/02/16 04:56, Damien Miller wrote: > > Portable OpenSSH is available via Git at > > https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at > > https://github.com/openssh/openssh-portable > > > > I'm seeing a hang in the testsuite on Solaris: > run test transfer.sh ... > transfer data:

...nSSL 3.0.10 1 Aug 2023 -------------- next part -------------- diff --git a/readconf.c b/readconf.c index 3a64a0441..dff6a9df6 100644 --- a/readconf.c +++ b/readconf.c @@ -70,6 +70,7 @@ #include "uidswap.h" #include "myproposal.h" #include "digest.h" +#include "sshbuf.h" /* Format of the configuration file: @@ -133,11 +134,11 @@ */ static int read_config_file_depth(const char *filename, struct passwd *pw, - const char *host, const char *original_host, Options *options, - int flags, int *activep, int *want_final_pass, int depth); + const ch...