Displaying 20 results from an estimated 2000 matches similar to: "Format warnings in krl.c"
2013 Feb 06
0
Miscellaneous compiler warnings
Hi,
On RHEL 6.3 with gcc 4.4.6, a number of compiler warnings are emitted
when building recent snapshots:
These all seem to be harmless, but annoying.
readpassphrase.c:127: warning: ignoring return value of ?write?, declared with attribute warn_unused_result
readpassphrase.c:146: warning: ignoring return value of ?write?, declared with attribute warn_unused_result
make[1]: Leaving directory
2015 Dec 29
2
Bug in KRL signature verification
I believe there has been a bug in KRL signature verification that has been
present since the KRL feature was first introduced. It prevents signed KRLs
from being loaded by OpenSSH [0]. I believe this bug applies to all
versions of OpenSSH, although the majority of my effort has been devoted to
(and all of my code snippets come from) openssl-portable.
The bug is that an offset is incorrectly
2014 Nov 14
2
[Bug 2313] New: Corrupt KRL file when using multiple CA.
https://bugzilla.mindrot.org/show_bug.cgi?id=2313
Bug ID: 2313
Summary: Corrupt KRL file when using multiple CA.
Product: Portable OpenSSH
Version: 6.5p1
Hardware: Other
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at
2013 Jan 27
1
null pointer dereference in krl.c?
Hi,
In ssh_krl_from_blob(), krl.c:984,
/* Record keys used to sign the KRL */
xrealloc(ca_used, nca_used + 1, sizeof(*ca_used));
ca_used[nca_used++] = key;
The result of `xrealloc' is never assigned to `ca_used', which remains
a null pointer. Will ca_used[...] crash?. Did I miss anything?
Thanks.
- xi
2013 Apr 01
1
"no such identity"
With an OpenSSH 6.2p1 client with stock ssh_config and one of the
following cases:
- I don't have any client keys
- I have one or more client keys, but not one of each type
- I don't have an authorized_keys on the server
- I have an authorized_keys on the server, but it does not list any of
the keys I have
- One of my client keys is listed, but I don't have an agent and
2015 Jul 02
0
[PATCH] Fix various -Wformat problems.
Updating gnulib has caused -Wformat-signedness to be enabled. This
has revealed many problems in C format strings. The fixes here fall
into the following main categories:
- Using %d with an unsigned parameter.
- %x and %o expect an unsigned argument.
- uid_t and gid_t are unsigned on Linux. The safe way to print these
is to cast them to uintmax_t and then print then using the %ju
2015 Jul 02
0
[PATCH v2] Fix various -Wformat problems.
Updating gnulib has caused -Wformat-signedness to be enabled. This
has revealed many problems in C format strings. The fixes here fall
into the following main categories:
- Using %d with an unsigned parameter.
- %x and %o expect an unsigned argument.
- uid_t and gid_t are unsigned on Linux. The safe way to print these
is to cast them to uintmax_t and then print them using the %ju
2016 Mar 11
2
OpenSSH Security Advisory: xauth command injection
Nico Kadel-Garcia <nkadel at gmail.com> writes:
> Dag-Erling Sm?rgrav <des at des.no> writes:
> > Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have
> > X11Forwarding enabled by default.
> I'm not sure I see your point.
With X11Forwarding off by default, one would assume that it is only
enabled on a case-by-case basis for users or groups who
2009 May 29
1
[PATCH v2] klibc-utils: add simple ls
Simple utility to list information about a files. The utility which
does the same thing as "ls -la". This is a useful test program.
Signed-off-by: Alexey Gladkov <gladkov.alexey at gmail.com>
---
usr/utils/Kbuild | 4 +-
usr/utils/ls.c | 202 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 205 insertions(+), 1 deletions(-)
create mode 100644
2009 May 28
1
[PATCH] klibc-utils: add minils
Simple utility to list information about a files. The utility which
does the same thing as "ls -la". This is a useful test program.
Signed-off-by: Alexey Gladkov <gladkov.alexey at gmail.com>
---
usr/utils/Kbuild | 4 +-
usr/utils/minils.c | 198 ++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 201 insertions(+), 1 deletions(-)
create mode 100644
2016 Mar 05
2
Using 'ForceCommand' Option
Nico Kadel-Garcia <nkadel at gmail.com> writes:
> Dag-Erling Sm?rgrav <des at des.no> writes:
> > It is relatively trivial to write a PAM module to do that.
> Which will have the relevant configuration overwritten and disabled
> the next time you run "authconfig" on Red Hat based sysems. I'm not
> sure if this occurs with other systems, but tuning PAM is
2012 Aug 12
0
[robertot@redix.it: Please confirm your message]
Could a clueful list admin take this d00f off the list...
robertot@redix.it
----- Forwarded message from robertot@redix.it -----
Date: Sun, 12 Aug 2012 18:34:56 +0200 (CEST)
From: robertot@redix.it
To: jhellenthal@dataix.net
Subject: Please confirm your message
This message was created automatically by mail delivery software (TMDA).
Your message attached below is being held because the
2016 May 12
0
[PATCH 3/4] appliance: Move code for creating supermin appliance directory to tmpdirs.c.
This is largely code motion.
---
src/appliance.c | 40 +++++++-----------------------------
src/guestfs-internal.h | 1 +
src/tmpdirs.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 63 insertions(+), 33 deletions(-)
diff --git a/src/appliance.c b/src/appliance.c
index 2cf6374..d293c2b 100644
--- a/src/appliance.c
+++ b/src/appliance.c
@@ -48,7 +48,7
2004 Feb 26
2
HEADS UP: OpenSSH 3.8p1
Take the usual precautions when upgrading.
Also note that I have changed some configuration defaults: the server
no longer accepts protocol version 1 nor password authentication by
default. If your ssh client does not support ssh protocol version 2
or keyboard-interactive authentication, the recommended measures are:
1) get a better client
2) get a better client (I mean it)
3) get a better
2016 Mar 04
2
Using 'ForceCommand' Option
Lesley Kimmel <lesley.j.kimmel at gmail.com> writes:
> So I probably shouldn't have said "arbitrary" script. What I really
> want to do is to present a terms of service notice (/etc/issue). But I
> also want to get the user to actually confirm (by typing 'y') that
> they accept. If they try to exit or type anything other than 'y' they
> will be
2008 Jul 09
2
loginmsg bug
Cf. http://seclists.org/fulldisclosure/2008/Jul/0090.html
This Mrdkaaa character claims to have exploited this, but does not say
how.
The issue is that if do_pam_account() fails, do_authloop() will call
packet_disconnect() with loginmsg as the format string (classic
printf(foo) instead of printf("%s", foo) bug).
The stuff that do_authloop() appends to loginmsg is harmless (the user
2016 Mar 11
2
OpenSSH Security Advisory: xauth command injection
Nico Kadel-Garcia <nkadel at gmail.com> writes:
> I'm just trying to figure out under what normal circumstances a
> connection with X11 forwarding enabled wouldn't be owned by a user who
> already has normal system privileges for ssh, sftp, and scp access.
Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have
X11Forwarding enabled by default.
DES
--
2017 Aug 03
2
[PATCH] Capsicum headers
FreeBSD's <sys/capability.h> was renamed to <sys/capsicum.h> a few years
ago to avoid future conflicts with POSIX capabilities. There is still a
stub for compatibility, but it would be better not to rely on it.
DES
--
Dag-Erling Sm?rgrav - des at des.no
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-capsicum_h.diff
Type: text/x-patch
2016 Jun 08
2
unbound and ntp issuse
Slawa Olhovchenkov <slw at zxy.spb.ru> writes:
> IMHO, ntp.conf need to include some numeric IP of public ntp servers.
https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse
https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link
DES
--
Dag-Erling Sm?rgrav - des at des.no
2016 Jun 08
2
unbound and ntp issuse
Slawa Olhovchenkov <slw at zxy.spb.ru> writes:
> IMHO, ntp.conf need to include some numeric IP of public ntp servers.
https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse
https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link
DES
--
Dag-Erling Sm?rgrav - des at des.no