similar to: Format warnings in krl.c

Displaying 20 results from an estimated 2000 matches similar to: "Format warnings in krl.c"

2013 Feb 06
0
Miscellaneous compiler warnings
Hi, On RHEL 6.3 with gcc 4.4.6, a number of compiler warnings are emitted when building recent snapshots: These all seem to be harmless, but annoying. readpassphrase.c:127: warning: ignoring return value of ?write?, declared with attribute warn_unused_result readpassphrase.c:146: warning: ignoring return value of ?write?, declared with attribute warn_unused_result make[1]: Leaving directory
2015 Dec 29
2
Bug in KRL signature verification
I believe there has been a bug in KRL signature verification that has been present since the KRL feature was first introduced. It prevents signed KRLs from being loaded by OpenSSH [0]. I believe this bug applies to all versions of OpenSSH, although the majority of my effort has been devoted to (and all of my code snippets come from) openssl-portable. The bug is that an offset is incorrectly
2014 Nov 14
2
[Bug 2313] New: Corrupt KRL file when using multiple CA.
https://bugzilla.mindrot.org/show_bug.cgi?id=2313 Bug ID: 2313 Summary: Corrupt KRL file when using multiple CA. Product: Portable OpenSSH Version: 6.5p1 Hardware: Other OS: Linux Status: NEW Severity: major Priority: P5 Component: ssh-keygen Assignee:
2013 Jan 27
1
null pointer dereference in krl.c?
Hi, In ssh_krl_from_blob(), krl.c:984, /* Record keys used to sign the KRL */ xrealloc(ca_used, nca_used + 1, sizeof(*ca_used)); ca_used[nca_used++] = key; The result of `xrealloc' is never assigned to `ca_used', which remains a null pointer. Will ca_used[...] crash?. Did I miss anything? Thanks. - xi
2015 Jul 02
0
[PATCH] Fix various -Wformat problems.
Updating gnulib has caused -Wformat-signedness to be enabled. This has revealed many problems in C format strings. The fixes here fall into the following main categories: - Using %d with an unsigned parameter. - %x and %o expect an unsigned argument. - uid_t and gid_t are unsigned on Linux. The safe way to print these is to cast them to uintmax_t and then print then using the %ju
2015 Jul 02
0
[PATCH v2] Fix various -Wformat problems.
Updating gnulib has caused -Wformat-signedness to be enabled. This has revealed many problems in C format strings. The fixes here fall into the following main categories: - Using %d with an unsigned parameter. - %x and %o expect an unsigned argument. - uid_t and gid_t are unsigned on Linux. The safe way to print these is to cast them to uintmax_t and then print them using the %ju
2009 May 29
1
[PATCH v2] klibc-utils: add simple ls
Simple utility to list information about a files. The utility which does the same thing as "ls -la". This is a useful test program. Signed-off-by: Alexey Gladkov <gladkov.alexey at gmail.com> --- usr/utils/Kbuild | 4 +- usr/utils/ls.c | 202 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 205 insertions(+), 1 deletions(-) create
2009 May 28
1
[PATCH] klibc-utils: add minils
Simple utility to list information about a files. The utility which does the same thing as "ls -la". This is a useful test program. Signed-off-by: Alexey Gladkov <gladkov.alexey at gmail.com> --- usr/utils/Kbuild | 4 +- usr/utils/minils.c | 198 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 201 insertions(+), 1 deletions(-) create
2013 Apr 01
1
"no such identity"
With an OpenSSH 6.2p1 client with stock ssh_config and one of the following cases: - I don't have any client keys - I have one or more client keys, but not one of each type - I don't have an authorized_keys on the server - I have an authorized_keys on the server, but it does not list any of the keys I have - One of my client keys is listed, but I don't have an agent and
2016 May 12
0
[PATCH 3/4] appliance: Move code for creating supermin appliance directory to tmpdirs.c.
This is largely code motion. --- src/appliance.c | 40 +++++++----------------------------- src/guestfs-internal.h | 1 + src/tmpdirs.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+), 33 deletions(-) diff --git a/src/appliance.c b/src/appliance.c index 2cf6374..d293c2b 100644 --- a/src/appliance.c
2016 Mar 11
2
OpenSSH Security Advisory: xauth command injection
Nico Kadel-Garcia <nkadel at gmail.com> writes: > Dag-Erling Sm?rgrav <des at des.no> writes: > > Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have > > X11Forwarding enabled by default. > I'm not sure I see your point. With X11Forwarding off by default, one would assume that it is only enabled on a case-by-case basis for users or groups who
2016 Mar 05
2
Using 'ForceCommand' Option
Nico Kadel-Garcia <nkadel at gmail.com> writes: > Dag-Erling Sm?rgrav <des at des.no> writes: > > It is relatively trivial to write a PAM module to do that. > Which will have the relevant configuration overwritten and disabled > the next time you run "authconfig" on Red Hat based sysems. I'm not > sure if this occurs with other systems, but tuning PAM is
2012 Aug 12
0
[robertot@redix.it: Please confirm your message]
Could a clueful list admin take this d00f off the list... robertot@redix.it ----- Forwarded message from robertot@redix.it ----- Date: Sun, 12 Aug 2012 18:34:56 +0200 (CEST) From: robertot@redix.it To: jhellenthal@dataix.net Subject: Please confirm your message This message was created automatically by mail delivery software (TMDA). Your message attached below is being held because the
2004 Feb 26
3
HEADS UP: OpenSSH 3.8p1
Take the usual precautions when upgrading. Also note that I have changed some configuration defaults: the server no longer accepts protocol version 1 nor password authentication by default. If your ssh client does not support ssh protocol version 2 or keyboard-interactive authentication, the recommended measures are: 1) get a better client 2) get a better client (I mean it) 3) get a better
2016 Mar 04
2
Using 'ForceCommand' Option
Lesley Kimmel <lesley.j.kimmel at gmail.com> writes: > So I probably shouldn't have said "arbitrary" script. What I really > want to do is to present a terms of service notice (/etc/issue). But I > also want to get the user to actually confirm (by typing 'y') that > they accept. If they try to exit or type anything other than 'y' they >
2008 Jul 09
2
loginmsg bug
Cf. http://seclists.org/fulldisclosure/2008/Jul/0090.html This Mrdkaaa character claims to have exploited this, but does not say how. The issue is that if do_pam_account() fails, do_authloop() will call packet_disconnect() with loginmsg as the format string (classic printf(foo) instead of printf("%s", foo) bug). The stuff that do_authloop() appends to loginmsg
2016 Mar 11
2
OpenSSH Security Advisory: xauth command injection
Nico Kadel-Garcia <nkadel at gmail.com> writes: > I'm just trying to figure out under what normal circumstances a > connection with X11 forwarding enabled wouldn't be owned by a user who > already has normal system privileges for ssh, sftp, and scp access. Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have X11Forwarding enabled by default. DES --
2017 Aug 03
2
[PATCH] Capsicum headers
FreeBSD's <sys/capability.h> was renamed to <sys/capsicum.h> a few years ago to avoid future conflicts with POSIX capabilities. There is still a stub for compatibility, but it would be better not to rely on it. DES -- Dag-Erling Sm?rgrav - des at des.no -------------- next part -------------- A non-text attachment was scrubbed... Name: openssh-capsicum_h.diff Type:
2019 Feb 04
3
Signing KRLs?
Hi! While reading through PROTOCOL.krl I came across "5. KRL signature sections". If my understanding is correct - and that's basically what I would like to get knocked down for if appropriate ;) - this is a way for SSHDs to ensure they only accept KRLs signed by a trusted CA. However, I cannot seem to find a way to actually _sign_ a KRL with ssh-keygen? The aforementioned
2013 Jul 05
2
Trouble with -W
I want to ssh from a client to a machine on a closed network via a jumphost; let's call them {client,internal,jumphost}.example.com. I have authpf set up on the jumphost so that when logged in, I am allowed to open TCP connections from the jumphost to port 22 on internal nodes. This works well with port forwarding: des at client ~% ssh -L2222:internal.example.com:22 jumphost.example.com