search for: xxx_kex

Howdy, I'm working on porting the portable version of OpenSSH to the Nucleus RTOS. So far I've had a great deal of success. However, I've run into a possible memory leak, and I'm not sure whether I need to write my own cleanup function for it or not. The xxx_kex global (defined in sshd.c) seems to not get freed. I've had difficulty finding a cleanup routine for it. I've been looking for anything similar to key_free() or buffer_free() that might work for the Kex struct, but have had no luck. Does anyone know if such a cleanup function exists? Or is...

...ne 962: if (*envp == NULL && *envsizep == 0) Is it possible that *envp == NULL while *envsizep != 0? If it is feasible, null pointer dereference would occur At line 975: for (i = 0; env[i]; i++) env is null. 3. Null Pointer file: serverloop.c function: server_loop2 At line 853: rekeying = (xxx_kex != NULL && !xxx_kex->done); xxx_key may be null. At line 871: xxx_kex->done = 0; directly use xxx_key. 4. Null Pointer file: sftp.c function: parse_args At line 1143: for (i = 0; cmds[i].c != NULL; i++) { Could this loop breaks when cmds[i].c is null? if so At line 1148: cmd = cmds[...

In openssh 5.9p1, clientloop.c In line 1469, xxx_kex is checked against NULL, but at line 1513, xxx_kex is dereferenced directly. Is this inconsistent?

...ed+0x80(753b0, 6a400, f90, 1, 2151c, 6d800) main+0xbf4(2f, 6fc00, 6a800, 1ecc, 1, 6dbd0) _start+0x5c(0, 0, 0, 0, 0, 0) the corresponding c sources are: void server_loop2(Authctxt *authctxt) { [ ... ] for (;;) { process_buffered_input_packets(); rekeying = (xxx_kex != NULL && !xxx_kex->done); if (!rekeying && packet_not_very_much_data_to_write()) channel_output_poll(); wait_until_can_do_something(&readset, &writeset, &max_fd, &nalloc, 0); [ ...] an...

...tocol v2 we try to send the signal to the remote host */ + if (compat20 && !have_pty && ssh2_chan_id != -1) + send_signal = 1; + /* Set signal handlers to restore non-blocking mode. */ signal(SIGINT, signal_handler); signal(SIGQUIT, signal_handler); @@ -899,6 +928,18 @@ xxx_kex->done = 0; kex_send_kexinit(xxx_kex); need_rekeying = 0; + } + if (send_signal == 2) { + send_signal = 0; + signame = sig2name(received_signal); + debug("Sending SIG%s to the remote host.", + signame); + packet_start(SSH2_MSG_CHANNEL_REQUEST); + pack...

...Process buffered packets sent by the server. */ client_process_buffered_input_packets(); - if (compat20 && session_closed && !channel_still_open()) + if (compat20 && (session_status == SessionClose) + && !channel_still_open()) break; rekeying = (xxx_kex != NULL && !xxx_kex->done); diff -ur openssh-2.9p1/readconf.c openssh-2.9p1S/readconf.c --- openssh-2.9p1/readconf.c Tue Apr 17 12:11:37 2001 +++ openssh-2.9p1S/readconf.c Thu May 17 19:23:52 2001 @@ -111,7 +111,7 @@ oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,...

...Process buffered packets sent by the server. */ client_process_buffered_input_packets(); - if (compat20 && session_closed && !channel_still_open()) + if (compat20 && (session_status == SessionClose) + && !channel_still_open()) break; rekeying = (xxx_kex != NULL && !xxx_kex->done); diff -ur openssh-3.0.2p1/readconf.c openssh-3.0.2p1S/readconf.c --- openssh-3.0.2p1/readconf.c Wed Oct 3 11:39:39 2001 +++ openssh-3.0.2p1S/readconf.c Sat Jan 19 14:49:50 2002 @@ -115,7 +115,7 @@ oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostK...

...Process buffered packets sent by the server. */ client_process_buffered_input_packets(); - if (compat20 && session_closed && !channel_still_open()) + if (compat20 && (session_status == SessionClose) + && !channel_still_open()) break; rekeying = (xxx_kex != NULL && !xxx_kex->done); diff -u openssh-2.9.9p2/nchan.c openssh-2.9.9p2J/nchan.c --- openssh-2.9.9p2/nchan.c Thu Sep 20 13:33:33 2001 +++ openssh-2.9.9p2J/nchan.c Thu Sep 27 22:09:31 2001 @@ -81,7 +81,7 @@ /* helper */ static void chan_shutdown_write(Channel *); -static void chan...

...tocol v2 we try to send the signal to the remote host */ + if (compat20 && !have_pty && ssh2_chan_id != -1) + send_signal = 1; + /* Set signal handlers to restore non-blocking mode. */ signal(SIGINT, signal_handler); signal(SIGQUIT, signal_handler); @@ -899,6 +928,18 @@ xxx_kex->done = 0; kex_send_kexinit(xxx_kex); need_rekeying = 0; + } + if (send_signal == 2) { + send_signal = 0; + signame = sig2name(received_signal); + debug("Sending SIG%s to the remote host.", + signame); + packet_start(SSH2_MSG_CHANNEL_REQUEST); + pack...

In the changelog, there is an entry: 20001129 - (djm) Back out all the serverloop.c hacks. sshd will now hang again if there are background children with open fds. Does this mean that this is regarded as expected (and correct) behavior, that should not change in the future, or does it mean that this behavior is a known problem that someone will eventually fix? --Adam -- Adam McKenna

...Process buffered packets sent by the server. */ client_process_buffered_input_packets(); - if (compat20 && session_closed && !channel_still_open()) + if (compat20 && (session_status == SessionClose) + && !channel_still_open()) break; rekeying = (xxx_kex != NULL && !xxx_kex->done); diff -ur openssh-3.0p1/nchan.c openssh-3.0p1J/nchan.c --- openssh-3.0p1/nchan.c Thu Oct 11 19:35:06 2001 +++ openssh-3.0p1J/nchan.c Tue Nov 13 15:55:52 2001 @@ -81,7 +81,7 @@ /* helper */ static void chan_shutdown_write(Channel *); -static void chan_shutdo...

...usercontext(pw); @@ -561,6 +556,7 @@ static Authctxt* privsep_preauth(void) { + char emptydir[] = "/var/tmp/sshd.XXXXXXXXXX"; Authctxt *authctxt = NULL; int status; pid_t pid; @@ -570,12 +566,31 @@ /* Store a pointer to the kex for later rekeying */ pmonitor->m_pkex = &xxx_kex; + /* + * We create a safe environment for the child by creating an empty + * directory into which the child chroots, and the parent prevents + * others from fooling around with it by removing the directory. We do + * it this way because the child can't remove its own current working + *...

...e "canohost.h" #include "hostfile.h" #include "auth.h" +#include "authfd.h" #include "misc.h" #include "msg.h" #include "dispatch.h" @@ -194,6 +195,9 @@ char *server_version_string = NULL; /* for rekeying XXX fixme */ Kex *xxx_kex; +/* Daemon's agent connection */ +AuthenticationConnection *auth_conn = NULL; + /* * Any really sensitive data in the application is contained in this * structure. The idea is that this structure could be locked into memory so @@ -206,6 +210,7 @@ struct { Key *server_key; /* ephemera...

...PEN; diff -ur openssh/sshconnect2.c openssh-sshfp/sshconnect2.c --- openssh/sshconnect2.c 2010-09-24 14:11:14.000000000 +0200 +++ openssh-sshfp/sshconnect2.c 2010-11-27 23:38:36.154046251 +0100 @@ -90,24 +90,26 @@ char *xxx_host; struct sockaddr *xxx_hostaddr; +const char *xxx_canohost; Kex *xxx_kex = NULL; static int verify_host_key_callback(Key *hostkey) { - if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) + if (verify_host_key(xxx_host, xxx_hostaddr, hostkey, xxx_canohost) == -1) fatal("Host key verification failed."); return 0; } void -ssh_kex2(char *host...

I'm reading this fine article on O'Reilly: http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html <quote> The paper concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions--enough to locate typed passwords in the session data stream and reduce the

https://bugzilla.mindrot.org/show_bug.cgi?id=2167 Bug ID: 2167 Summary: Connection remains when fork() fails. Product: Portable OpenSSH Version: 5.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

...int bogus_send_count = 0 ; + int time_out = 0; + /* End SD Mod */ + debug("Entering interactive session for SSH2."); mysignal(SIGCHLD, sigchld_handler); @@ -692,30 +782,44 @@ process_buffered_input_packets(); rekeying = (xxx_kex != NULL && !xxx_kex->done); - - if (!rekeying && packet_not_very_much_data_to_write()) - channel_output_poll(); - wait_until_can_do_something(&readset, &writeset, &max_fd, - &nalloc, 0); +...

Hello, In response to the timing analysis attacks presented by Dawn Song et. al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html we at Silicon Defense developed a patch for openssh to avoid such measures. Timing Analysis Evasion changes were developed by C. Jason Coit and Roel Jonkman of Silicon Defense. These changes cause SSH to send packets unless request not to,

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,