Displaying 20 results from an estimated 300 matches similar to: "PATCH: Fix memory leak in sshd"
2011 Jun 02
2
preauth privsep logging via monitor
Hi,
This diff (for portable) makes the chrooted preauth privsep process
log via the monitor using a shared socketpair. It removes the need
for /dev/log inside /var/empty and makes mandatory sandboxing of the
privsep child easier down the road (no more socket() syscall required).
Please test.
-d
Index: log.c
===================================================================
RCS file:
2002 Jun 26
5
[PATCH] improved chroot handling
There are a couple of niggles with the sandboxing of the unprivileged
child in the privsep code: the empty directory causes namespace pollution,
and it requires care to ensure that it is set up properly and remains set
up properly. The patch below (against the portable OpenSSH, although the
patch against the OpenBSD version is very similar) replaces the fixed
empty directory with one that is
2014 Sep 08
1
possible deadcodes in sources
Hello,
we've run a coverity scan on the openssh sources and it found several
issues. Although the scan was run on patched rhel sources, some results are applicable to vanilla sources
too.
* servconf.c:1458:dead_error_line ? Execution cannot reach this statement "*intptr = *intptr + 1;"
--- a/servconf.c
+++ b/servconf.c
@@ -1451,12 +1451,8 @@
2012 Dec 21
0
File Attachments for previous bug report
I have renamed all of the patch files to .txt, which should be acceptable
for the mailer daemon at mindrot, per Angel's suggestion.
I am attaching the patch files to the email, with the extra space removed
and a minor correction made.
Bill Parker (wp02855 at gmail dot com)
-------------- next part --------------
--- port-linux.c.orig 2012-12-19 17:40:53.231529475 -0800
+++ port-linux.c
2013 Aug 07
29
[Bug 2140] New: Capsicum support for FreeBSD 10 (-current)
https://bugzilla.mindrot.org/show_bug.cgi?id=2140
Bug ID: 2140
Summary: Capsicum support for FreeBSD 10 (-current)
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: FreeBSD
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2013 Oct 31
9
[Bug 2167] New: Connection remains when fork() fails.
https://bugzilla.mindrot.org/show_bug.cgi?id=2167
Bug ID: 2167
Summary: Connection remains when fork() fails.
Product: Portable OpenSSH
Version: 5.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
Hello All.
Attached is an update to my previous patch to make do_pam_chauthtok and
privsep play nicely together.
First, a question: does anybody care about these or the password
expiration patches?
Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after
the pty has been allocated but before it's made the controlling tty.
This allows the child running chauthtok to
2013 Jun 25
1
RFC: encrypted hostkeys patch
Hi,
About a year and a half ago I brought up the topic of encrypted hostkeys
and posted a patch
(http://marc.info/?l=openssh-unix-dev&m=132774431906364&w=2), and while the
general reaction seemed receptive to the idea, a few problems were pointed
out with the implementation (UI issues, ssh-keysign breakage).
I've finally had some spare time in which to get back to this, and I've
2012 Dec 20
4
Deprecated calls to bzero() and index() found in OpenSSH 6.1p1
Hello All,
In reviewing source code for OpenSSH-6.1p1, I found instances
of deprecated library calls still within various source code files.
Examples of deprecated calls are: bzero() (replaced with memset()
which is ANSI compliant), index() (replaced with strchr() which
is also ANSI compliant).
In file 'auth2-jpake.c', I've replaced all the bzero() calls with
the equivalent
2005 Dec 08
0
"User child is on pid"-logging
Hi!
I sent a mail a while ago wondering if it was possible to change the
loglevel for the "User child is on pid"-message from debug2 to
verbose. It would make it easier to trace a connection in the logs
when privilege separation is used and sshd uses the user child pid to
report that the connection is closing . Is it possible to change this
or would it violate the privacy of the users?
2005 Nov 21
0
"User child pid" logging
Hi!
It would be easier to trace a connection in the logs if sshd reported
the change of pid with LogLevel set to verbose instead of debug2. Is
it possible to have it changed?
Regards
Claes Leufv?n
Here is a patch for it:
--- sshd.c_orig 2005-11-21 10:51:08.000000000 +0100
+++ sshd.c 2005-11-21 10:51:11.000000000 +0100
@@ -652,7 +652,7 @@
if (pmonitor->m_pid == -1)
fatal("fork of
2014 Apr 12
4
[Bug 2225] New: sshd core dumps when used in high scaled environments.
https://bugzilla.mindrot.org/show_bug.cgi?id=2225
Bug ID: 2225
Summary: sshd core dumps when used in high scaled environments.
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2006 Jan 08
3
Allow --without-privsep build.
I've been trying to cut down the size of openssh so I can run it on my
Nokia 770. One thing which helps a fair amount (and will help even more
when I get '-ffunction-sections -fdata-sections --gc-sections' working)
is to have the option of compiling out privilege separation...
Is it worth me tidying this up and trying to make it apply properly to
the OpenBSD version? Does the openbsd
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
Hi,
I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with
FIPS 140-2 OpenSSL.
These are based on previously reported patches by Steve Marquess
<marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>,
for ver. OpenSSH 3.8.
Note that these patches are NOT OFFICIAL, and MAY be used freely by
anyone.
Issues [partially] handled:
SSL FIPS Self test.
RC4,
2003 Jul 06
10
[Bug 585] sshd core dumping on IRIX 6.5.18 with VerifyReverseMapping enabled
http://bugzilla.mindrot.org/show_bug.cgi?id=585
------- Additional Comments From dtucker at zip.com.au 2003-07-07 00:32 -------
dmalloc (http://dmalloc.com/) claims to work on IRIX. It's likely to increase
the CPU and memory load, though.
I've built with dmalloc on Linux thusly:
LDFLAGS=-ldmalloc ./configure && make
eval `dmalloc -l /path/to/log high`
./sshd [options]
2003 Oct 08
4
OS/390 openssh
Hello Steve, Hello OpenSSH-portable developers,
I am building OpenSSH for our (EBCDIC-based) BS2000 mainframe
operating system, and I noticed you do the same for OS/390.
Because my initial ssh port was based on IBM's OSS port (ssh-1.2.2
or some such), I thought it was fair enough to help with a little
co-operation; we might come up with a unified EBCDIC patch which could
be contributed to
2020 Mar 11
6
[PATCH 0/1] *** SUBJECT HERE ***
Hi,
sifting through my system's logs, I noticed many break-in attempts by
rogue ssh clients trying long lists of common passwords. For some time
now I pondered different approaches to counter these, but could not come
up with a solution that really satisfied me.
I finally reached the conclusion that any countermeasures required
support in sshd itself, and created the attached patch. If
2003 Mar 26
0
Password expiry in auth-krb5.c
Due to difficulties in getting PAM (with krb5) password expiry working
consistently on multiple platforms, I'd like to see if I could hack
something into auth-krb5.c to do so.
Here's a backtrace when stopped in auth_krb5_password:
#0 auth_krb5_password (authctxt=0x8e148, password=0x90250 "XXXXXXXX") at auth-krb5.c:270
#1 0x274d8 in auth_password (authctxt=0x8e148,
2011 Jun 22
3
sandbox pre-auth privsep child
Hi,
This patch (relative to -HEAD) defines an API to allow sandboxing of the
pre-auth privsep child and a couple of sandbox implementations.
The idea here is to heavily restrict what the network-face pre-auth
process can do. This was the original intent behind dropping to a
dedicated uid and chrooting to an empty directory, but even this still
allows a compromised slave process to make new
2003 May 22
1
sshd crashing on IRIX (3.6.1p1)
Occasionally, we're noticing that sshd is core dumping on our IRIX
6.5.18f machine.
The only time we've really noticed it is when users are logging in with
putty from offsite (although I'm not really sure it's a client issue).
The user manages to log in, sshd apparently core dumps, but the user is
not logged out, the privilege separated user is still running their own