similar to: Request information about the patch "57d10cb"

This simple additional check hardens sshbuf against linking an sshbuf into itself as parent/child pair, which could lead to ref counting issues. Purely defensive measure. I am not aware that this could happen somehwere in the code by now. Okay? Index: sshbuf.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshbuf.c,v diff -u -p -u -p -r1.19

--- sshbuf.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sshbuf.h b/sshbuf.h index 78e32264..4b71405a 100644 --- a/sshbuf.h +++ b/sshbuf.h @@ -140,7 +140,7 @@ int sshbuf_allocate(struct sshbuf *buf, size_t len); /* * Reserve len bytes in buf. * Returns 0 on success and a pointer to the first reserved byte via the - * optional dpp parameter or a negative * SSH_ERR_*

Reordering calloc arguments silences gcc compiler warnings of latest versions. Spotted with OpenSSH-portable on a Linux system. Okay? Index: cipher.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/cipher.c,v diff -u -p -u -p -r1.121 cipher.c --- cipher.c 17 May 2024 02:39:11 -0000 1.121 +++ cipher.c 13 Aug 2024 16:46:00 -0000 @@ -249,7 +249,7

Hello! I have a minor observation about code in sshbuf.c, not sure if it would be useful, but here it is. sshbuf_reset() is currently implemented like this: void sshbuf_reset(struct sshbuf *buf) { u_char *d; if (buf->readonly || buf->refcount > 1) { /* Nonsensical. Just make buffer appear empty */ buf->off = buf->size; return; } if (sshbuf_check_sanity(buf) != 0)

https://bugzilla.mindrot.org/show_bug.cgi?id=2371 Bug ID: 2371 Summary: make check fails when using --without-openssl on AIX Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5 Component: Build system Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=2371 Bug ID: 2371 Summary: make check fails when using --without-openssl on AIX Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5 Component: Build system Assignee:

Good news/Bad News The test race in RHEL 3.4 seems to be gone ... but another ec.h failure ... Using http://www.mindrot.org/openssh_snap/openssh-SNAP-20140827.tar.gz OS Build_Target CC OpenSSL BUILD TEST ============== =========================== ================ ============= ====== ================= *RHEL 3.4 i386-redhat-linux gcc

Hello! I'm sorry in advance if I'm asking stupid questions, this is my first time dealing with a development list, so please excuse me if something is wrong with this message... I'm pretty interested in the OpenSSH codebase, and a couple of questions arose while I was investigating it, and I guess this is the place where I can find answers. 1. There are a lot of allocations, even for

From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc> The "zstd at breakpoint.cc" compression algorithm enables ZSTD based compression as defined in RFC8478. The compression is delayed until the server sends the SSH_MSG_USERAUTH_SUCCESS which is the same time as with the "zlib at openssh.com" method. Signed-off-by: Sebastian Andrzej Siewior <sebastian at

https://bugzilla.mindrot.org/show_bug.cgi?id=3539 Bug ID: 3539 Summary: sshbuf memory leak in recv_rexec_state() Product: Portable OpenSSH Version: 9.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

On Sat, 4 May 2024, openssh at tr.id.au wrote: > Hey there, > > I often want different behavior in my ssh client depending on > whether I'm logging into an interactive session or running > a remote non-interactive command. We can see at, say, > https://unix.stackexchange.com/a/499562/305714 that this isn't a > unique wish, and existing solutions are kind of baroque.

Hi, sshd crashes at below location. After compilation, when I start sshd it crashes in ?sshbuf-misc.c? file inside ?sshbuf_b64tod? function at line size_t plen = strlen(b64); The call trace is as below, Sshd main function -> sshkey_load_public -> sshkey_try_load_public -> sshkey_read -> sshbuf_b64tod During compilation a warning is thrown. Is this the trigger point for the crash?

Remove sshkey_load_private(), as this function's role is similar to sshkey_load_private_type(). --- Dependency: This change depends over recently merged change in openbsd: https://github.com/openbsd/src/commit/b0c328c8f066f6689874bef7f338179145ce58d0 Change log: v1->v2 - Remove declaration of sshkey_load_private() in authfile.h authfile.c | 38

On Thu, 25 Jun 2015, Michael Felt wrote: > Just running a standard make, and then a make install to a packaging > directory. It seems to be complaining about missing keys - not sure yet if > this is a show stopper For packaging you want the install-nokeys rule not install. -- Tim Rice Multitalents tim at multitalents.net

Hi, for the last two weeks ive been trying, to authenticate against a samba-domain using a win2k3-server. the server joined the domain without any problem and the basic login seems to work. but if i try to execute programs from mapped network drive (mapped using a domain-logon-skript), it fails with a message telling me, that i dont have sufficient rights to do so. the share has a forced user

This patch fixes two spelling mistakes in code comments, which means no functional change: still-extant -> still-existant the -> then Okay? Index: sshbuf.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshbuf.c,v diff -u -p -u -p -r1.19 sshbuf.c --- sshbuf.c 2 Dec 2022 04:40:27 -0000 1.19 +++ sshbuf.c 13 Aug 2024 16:39:12 -0000 @@

https://bugzilla.mindrot.org/show_bug.cgi?id=2370 Bug ID: 2370 Summary: make fails with "rmd160.c", line 35.10: 1506-296 (S) #include file <endian.h> not found. when using --without-openssl on AIX Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: AIX

Add private key protection information extraction to shh-keygen using -v option on top of -y option which is already parsing the private key. Technically, the passphrase isn't necessary to do this, but it is the most logical thing to do for me. Adding this to -l option is not appropriate because fingerprinting is using the .pub file when available. An other idea is to add a new option, I

I added ZSTD support to OpenSSH roughly three years ago and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port

The freezero call is practically the same as calling explicit_bzero followed by free. Okay? Index: sshbuf.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshbuf.c,v diff -u -p -u -p -r1.19 sshbuf.c --- sshbuf.c 2 Dec 2022 04:40:27 -0000 1.19 +++ sshbuf.c 13 Aug 2024 16:54:20 -0000 @@ -183,10 +183,8 @@ sshbuf_free(struct sshbuf *buf)