Displaying 20 results from an estimated 600 matches similar to: "[PATCH 9/12] bug fix: openssh 4.3p2 possible NULL dereference"
2006 Aug 28
0
patch for ssh-agent force confirm keys
Hi all
Patch adds flag -C to ssh-agent which will force
confirmation for any key added in agent (similar
to ssh-add -c)
Helps when forwarded agent authentication is used and
each key should be confirmed before use
catam
--- ssh-agent.c 2006-08-28 14:02:12.000000000 +0300
+++ ssh-agent.c.orig 2006-08-28 13:36:05.000000000 +0300
@@ -111,9 +111,6 @@
/* Default lifetime (0 == forever) */
2015 Jul 26
2
[PATCH] ssh-agent: Add support to load additional certificates
Add support to load additional certificates
for already loaded private keys. Useful
if the private key is on a PKCS#11 hardware token.
The private keys inside ssh-agent are now using a refcount
to share the private parts between "Identities".
The reason for this change was that the PKCS#11 code
might have redirected ("wrap") the RSA functions to a hardware token.
We don't
2006 May 15
2
[PATCH 10/12 bugfix: openssh-4.3p2: memory leak
The variable local_user was allocated by xstrdup and is not freed or
pointed to in this branch. This patch adds the xfree. This entire set
of patches passed the regression tests on my system. Bug found by
Coverity.
Signed-off-by: Kylene Hall <kjhall at us.ibm.com>
---
sshconnect.c | 1 +
1 files changed, 1 insertion(+)
diff -uprN openssh-4.3p2/sshconnect.c
2006 May 15
1
[PATCH 2/12] bug fix: openssh-4.3p2 NULL dereference
The variable IV does can be NULL when passed into the function. However,
IV is dereferenced in CMP, therefore, IV should be checked before
sending it to this macro. This patch adds what is common in other parts
of the code but is missing on this particular check. This entire set of
patches passed the regression tests on my system. Null dereference bug
found by Coverity.
Signed-off-by: Kylene
2006 May 15
1
[PATCH 8/12] openssh-4.3p2 return code check bugs
The get_handle function can return a negative value. The variable that
value is assigned to is eventually passed to handle_close which uses the
value as an array index thus not being able to handle negative values.
This patch adds the return code check and provides an appropriate error
exit in the event of a negative return code. This entire set of patches
passed the regression tests on my
2006 May 15
0
[PATCH 11/12] bugfix: openssh-4.3p2 variable reuse bug
Since the comment variable is used later in the function for other
purposes. It is necessary to NULL the variable so it can be
differentiated as a new allocation from the previous use remenants
(which have already been freed) to avoid using an already freed pointer
in the assignment comment = cp ? *cp : comment. When the code path is
such that comment has not been reset. This entire set of
2006 May 15
0
[PATCH 1/12] bug fix: openssh-4.3p2 memory leak
The variable cmd is xmalloc'd by buffer_get_string. It is then used in
some places but never freed. This patch places the xfree after the last
usage and within the confines of all paths. This entire set of patches
passed the regression tests on my system. Memory leak bug found by
Coverity.
Signed-off-by: Kylene Hall <kjhall at us.ibm.com>
---
clientloop.c | 2 ++
1 files changed,
2006 May 15
0
[PATCH 3/12] bug fix: openssh-4.3p2 resource leak
The file descriptor f is not closed in this error path. This patch adds
the fclose as is customary in the rest of the function. This entire set
of patches passed the regression tests on my system. Resource leak bug
found by Coverity.
Signed-off-by: Kylene Hall <kjhall at us.ibm.com>
---
hostfile.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletion(-)
diff -uprN
2006 May 15
0
[PATCH 4/12] bug fix: openssh-4.3p2 memory leak
If the operation in the function is not allowed memory is leaked in
three variables which were xmalloc'ed with buffer_get_string. In the
allowed case these variables are pointed to by variables with a greater
scope thus the reason this is a condtional leak. This entire set of
patches passed the regression tests on my system. Resource leak bugs
found by Coverity.
Signed-off-by:
2006 May 15
0
[PATCH 5/12] bug fix: openssh-4.3p2 scp bugs
There are 2 bugs here. The first is pipe's return code is not checked
in this instance and it can return a negative value. The purpose of the
call is to make sure 0 and 1 are not assigned to the pin and pout
descriptors because those values won't work for later calls. If the
pipe call fails the correct behavior cannot be ensured. This patch adds
an error case consistent with the rest
2006 May 15
0
[PATCH 6/12] bug fix: openssh-4.3p2 memory leak
cancel_address is allocated in packet_get_string and used in the call to
channel_cancel_rport_listener and then it goes out of scope. This patch
adds the xfree. This entire set of patches passed the regression tests
on my system. Resource leak bug found by Coverity.
Signed-off-by: Kylene Hall <kjhall at us.ibm.com>
---
serverloop.c | 1 +
1 files changed, 1 insertion(+)
diff -uprN
2006 May 15
0
[PATCH 12/12] bug fix: openssh 4.3p2 ssh-rand-helper bugs
There are 2 bugs here. Since mkdir can return an error. The rest of
the function's operations depend on this directory being created thus an
error should be handled at this point.
The second is f is never closed. This patch adds the needed fclose.
This entire set of patches passed the regression tests on my system.
Bugs found by Coverity.
Signed-off-by: Kylene Hall <kjhall at
2006 May 15
0
[PATCH 7/12] bugfix: openssh-4.3p2
There are several memory management bugs here. First, the variable tmp
is allocated by infer_path. In one path this allocating function is
called again on the same variable without freeing the first instance.
In another path the variable is just not freed. The fix is to add the
xfree before the second call to infer_path and to move the existing
xfree to cover both paths (in one case this is on
2012 Mar 11
2
[patch] Threading support in ssh-agent
Hi all!
I do not know openssh patch policy so I am just sending
the patch to the mailing list. Sorry for inconvenience.
Ssh-agent seems to be too slow if you need to access thousands of
servers. This is a simple patch to enable threading in ssh2 authentication.
Patch adds "-p numthreads" option and defaults to the number of processors.
I've tested it as I could, but
2017 Nov 15
2
OpenSSH 7.6p1 ssh-agent exiting if passed an invalid key blob
On Nov 14, 2017, at 4:11 PM, Damien Miller <djm at mindrot.org> wrote:
> On Mon, 13 Nov 2017, Ron Frederick wrote:
>> I noticed a problem recently when running some test code against
>> the OpenSSH 7.6p1 ssh-agent. These tests ran fine against OpenSSH
>> 7.5p1 and earlier, but with OpenSSH 7.6p1, they were suddenly causing
>> ssh-agent to exit.
>
> Sorry,
2017 Nov 14
2
OpenSSH 7.6p1 ssh-agent exiting if passed an invalid key blob
Hello,
I noticed a problem recently when running some test code against the OpenSSH 7.6p1 ssh-agent. These tests ran fine against OpenSSH 7.5p1 and earlier, but with OpenSSH 7.6p1, they were suddenly causing ssh-agent to exit. The request being made was a ?sign? request, and the point of the test was to have the sign operation fail. To trigger this, I was passing in an invalid key blob
2000 Oct 08
1
OpenSSH-2.2.0 problem with ssh.com ssh-agent2
The OpenSSH and ssh.com agents use a completely different set of messages for
dealing with DSA keys, so I don't expect the OpenSSH client to be able to get
DSA keys from ssh-agent2. However, if I'm running "ssh-agent2 -1", I expect
OpenSSH to be able to use RSA keys stored in ssh-agent2's agent1 compatibility
box. And it does. However, there's a problem. If I'm
2005 Jul 26
1
Linux in-kernel keys support
Hi all,
I recently made a patch to openssh 4.1p1 to allow it to use the
in-kernel key management provided by 2.6.12 or later Linux kernels.
I've attached the patch (which is still only a proof-of-concept, for
instance its very verbose right now) to this mail.
Now, my question is, is this a completely insane idea and would (a later
version of) the patch have a chance of making it into the
2019 Jul 24
0
[External] Re: Any plans for ALTREP lists (VECSXP)?
If one of you wanted to try to create a patch to support ALTREP
generic vectors here are some notes:
The main challenge I am aware of (there might be others): Allowing
DATAPTR to return a writable pointer would be too dangerous because
the GC write barrier needs to see all mutations. So it would be best
if Dataptr and Dataptr_or_null methods were not allowed to be
defined. The default methods in
2019 Jul 24
1
[External] Re: Any plans for ALTREP lists (VECSXP)?
I can work on this. Thanks Luke.
~G
On Wed, Jul 24, 2019 at 8:25 AM Tierney, Luke <luke-tierney at uiowa.edu>
wrote:
> If one of you wanted to try to create a patch to support ALTREP
> generic vectors here are some notes:
>
> The main challenge I am aware of (there might be others): Allowing
> DATAPTR to return a writable pointer would be too dangerous because
> the GC