search for: sshbuf_ptr

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex

...OpenSSH, although the majority of my effort has been devoted to (and all of my code snippets come from) openssl-portable. The bug is that an offset is incorrectly treated as a length [2]: /* Check signature over entire KRL up to this point */ > if ((r = sshkey_verify(key, blob, blen, > sshbuf_ptr(buf), sshbuf_len(buf) - sig_off, 0)) != 0) > goto out; "sshbuf_len(buf) - sig_off" should read "sig_off". The result of this bug is that the number of unparsed bytes after our current parse cursor, rather than the number of parsed bytes before the cursor, is used as...

...600000) <- __addvdi3() = 5 -> ssh_packet_write_poll(0xa870151e0, 0x0, 0x0, 0x2dc, 0x8, 0x101010101010101) -> sshbuf_len(0xa86ffc5d0, 0x0, 0x0, 0x2dc, 0x8, 0x101010101010101) <- sshbuf_len() = 80 -> sshbuf_ptr(0xa86ffc5d0, 0x0, 0x50, 0xf00, 0x8, 0x101010101010101) <- sshbuf_ptr() = 0xa87070ae0 -> roaming_write(0x4, 0xa87070ae0, 0x50, 0xffff80dc43363680, 0x8, 0x101010101010101) write(4, "1F {\004DB e iAC9399FA 8".., 80) Err#...

...Y *pk = NULL; struct sshkey *prv = NULL; BIO *bio = NULL; int r; if (keyp != NULL) *keyp = NULL; if ((bio = BIO_new(BIO_s_mem())) == NULL || sshbuf_len(blob) > INT_MAX) return SSH_ERR_ALLOC_FAIL; if (BIO_write(bio, sshbuf_ptr(blob), sshbuf_len(blob)) != (int)sshbuf_len(blob)) { r = SSH_ERR_ALLOC_FAIL; goto out; } char keybuf[T_L_4] = {0}; BIO_read(bio, keybuf, bio->num_write); -- You are receiving this mail because: You are watching the assignee o...

...other ciphers which don't include a built-in MAC. The error happens for all key types when using the new private key format. The error is in the call inside sshkey_parse_private2() where it passes in the length of the encrypted buffer: if ((r = cipher_crypt(&ciphercontext, 0, dp, sshbuf_ptr(decoded), sshbuf_len(decoded), 0, cipher_authlen(cipher))) != 0) { The length here should be encrypted_len, not sshbuf_len(decoded), as that includes the cipher_authlen(cipher) additional MAC bytes. A few additional changes are needed to use encrypted_len safely here and to later prop...

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

Hello. I am trying to play through the following test scenario about certificate revocation on Ubuntu 18.04, which has OpenSSH of this version: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017 1. A CA key is created ssh-keygen -t ed25519 -f ca 2. The CA public key is added to ~/.ssh/authorized_keys on some server: cert-authority ssh-ed25519 AAAA...e ca at yoga 3. A user key is created on a

Hi, OpenSSH 8.0p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at