merge up to date

--HG-- branch : fuzz
2025-03-09 21:41:07 +00:00 · 2018-01-23 22:46:07 +08:00 · 2018-01-23 22:46:07 +08:00 · 597f7eb5e9
commit 597f7eb5e9
parent 5cd003d9e6 ba23b823dc
18 changed files with 134 additions and 69 deletions
--- a/6
+++ b/6
@ -22,7 +22,11 @@ recompiling - bad things will happen otherwise)
 See MULTI for instructions on making all-in-one binaries.
-If you want to compile statically, add "STATIC=1" to the make command-line.
+If you want to compile statically use ./configure --enable-static
 By default Dropbear adds various build flags that improve robustness 
 against programming bugs (good for security) - if these cause problems
 they can be disabled with ./configure --disable-harden
 Binaries can be stripped with "make strip"
--- a/Makefile.in
+++ b/Makefile.in
@ -2,12 +2,11 @@
 # @configure_input@
 # invocation:
-# make PROGRAMS="dropbear dbclient scp" MULTI=1 STATIC=1 SCPPROGRESS=1
+# make PROGRAMS="dropbear dbclient scp" MULTI=1 SCPPROGRESS=1
 #
-# to make a multiple-program statically linked binary "staticdropbearmulti".
+# to make a multiple-program binary "dropbearmulti".
 # This example will include dropbear, scp, dropbearkey, dropbearconvert, and
 # dbclient functionality, and includes the progress-bar functionality in scp.
 # Hopefully that seems intuitive.
 ifndef PROGRAMS
 	PROGRAMS=dropbear dbclient dropbearkey dropbearconvert
@ -35,7 +34,7 @@ COMMONOBJS=dbutil.o buffer.o dbhelpers.o \
 		atomicio.o compat.o fake-rfc2553.o \
 		ltc_prng.o ecc.o ecdsa.o crypto_desc.o \
 		dbmalloc.o \
-		gensignkey.o gendss.o genrsa.o 
+		gensignkey.o gendss.o genrsa.o
 SVROBJS=svr-kex.o svr-auth.o sshpty.o \
 		svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o \
@ -99,6 +98,8 @@ LDFLAGS=@LDFLAGS@
 EXEEXT=@EXEEXT@
 STATIC=@STATIC@
 # whether we're building client, server, or both for the common objects.
 # evilness so we detect 'dropbear' by itself as a word
 space:= $(empty) $(empty)
@ -120,7 +121,7 @@ ifeq ($(STATIC), 1)
 endif
 ifeq ($(MULTI), 1)
-	TARGETS=dropbearmulti
+	TARGETS=dropbearmulti$(EXEEXT)
 else
 	TARGETS=$(PROGRAMS)
 endif
@ -137,14 +138,14 @@ strip: $(TARGETS)
 install: $(addprefix inst_, $(TARGETS))
-insmultidropbear: dropbearmulti
+insmultidropbear: dropbearmulti$(EXEEXT)
 	$(INSTALL) -d $(DESTDIR)$(sbindir)
 	-rm -f $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
 	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/dropbear$(EXEEXT) 
 	$(INSTALL) -d $(DESTDIR)$(mandir)/man8
 	$(INSTALL) -m 644 $(srcdir)/dropbear.8  $(DESTDIR)$(mandir)/man8/dropbear.8
-insmulti%: dropbearmulti
+insmulti%: dropbearmulti$(EXEEXT)
 	$(INSTALL) -d $(DESTDIR)$(bindir)
 	-rm -f $(DESTDIR)$(bindir)/$*$(EXEEXT) 
 	-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)/$*$(EXEEXT) 
@ -224,8 +225,9 @@ sizes: dropbear
 clean: ltc-clean ltm-clean thisclean
 thisclean:
-	-rm -f dropbear dbclient dropbearkey dropbearconvert scp scp-progress \
+	-rm -f dropbear$(EXEEXT) dbclient$(EXEEXT) dropbearkey$(EXEEXT) \
-			dropbearmulti *.o *.da *.bb *.bbg *.prof 
+			dropbearconvert$(EXEEXT) scp$(EXEEXT) scp-progress$(EXEEXT) \
 			dropbearmulti$(EXEEXT) *.o *.da *.bb *.bbg *.prof
 distclean: clean tidy
 	-rm -f config.h
--- a/configure.ac
+++ b/configure.ac
@ -33,9 +33,20 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
    [AC_MSG_RESULT(no); CFLAGS="$OLDCFLAGS" ]
    )
 STATIC=0
 AC_ARG_ENABLE(static,
 	[  --enable-static         Build static binaries],
 	[
 		if test "x$enableval" = "xyes"; then
 			STATIC=1
 			AC_MSG_NOTICE(Static Build)
 		fi
 	], [])
 AC_SUBST(STATIC)
 hardenbuild=1
 AC_ARG_ENABLE(harden,
-	[  --disable-harden          Don't set hardened build flags],
+	[  --disable-harden        Don't set hardened build flags],
 	[
 		if test "x$enableval" = "xno"; then
 			hardenbuild=0
@ -45,37 +56,40 @@ AC_ARG_ENABLE(harden,
 if test "$hardenbuild" -eq 1; then
 	AC_MSG_NOTICE(Checking for available hardened build flags:)
-	# pie
+	# relocation flags don't make sense for static builds
-	OLDCFLAGS="$CFLAGS"
+	if test "$STATIC" -ne 1; then
-	TESTFLAGS="-fPIE"
+		# pie
-	CFLAGS="$CFLAGS $TESTFLAGS"
+		OLDCFLAGS="$CFLAGS"
-	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
+		TESTFLAGS="-fPIE"
-	    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		CFLAGS="$CFLAGS $TESTFLAGS"
-	    [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
-	    )
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
-	OLDLDFLAGS="$LDFLAGS"
+			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
-	TESTFLAGS="-Wl,-pie"
+			)
-	LDFLAGS="$LDFLAGS $TESTFLAGS"
+		OLDLDFLAGS="$LDFLAGS"
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
+		TESTFLAGS="-Wl,-pie"
-	    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		LDFLAGS="$LDFLAGS $TESTFLAGS"
-		[
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
-			LDFLAGS="$OLDLDFLAGS"
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
-			TESTFLAGS="-pie"
+			[
-			LDFLAGS="$LDFLAGS $TESTFLAGS"
+				LDFLAGS="$OLDLDFLAGS"
-			AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
+				TESTFLAGS="-pie"
-				[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+				LDFLAGS="$LDFLAGS $TESTFLAGS"
-				[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+				AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
-				)
+					[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
-		]
+					[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
-	    )
+					)
-	# readonly elf relocation sections (relro)
+			]
-	OLDLDFLAGS="$LDFLAGS"
+			)
-	TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
+		# readonly elf relocation sections (relro)
-	LDFLAGS="$LDFLAGS $TESTFLAGS"
+		OLDLDFLAGS="$LDFLAGS"
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
+		TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
-	    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		LDFLAGS="$LDFLAGS $TESTFLAGS"
-	    [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
-	    )
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
 			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
 			)
 	fi # non-static
 	# stack protector. -strong is good but only in gcc 4.9 or later
 	OLDCFLAGS="$CFLAGS"
 	TESTFLAGS="-fstack-protector-strong"
@ -230,7 +244,7 @@ AC_ARG_WITH(pam,
 AC_ARG_ENABLE(pam,
-	[  --enable-pam          Try to include PAM support],
+	[  --enable-pam            Try to include PAM support],
 	[
 		if test "x$enableval" = "xyes"; then
 			AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check config.log ***]))
@ -827,6 +841,7 @@ AS_MKDIR_P(libtomcrypt/src/modes/ecb)
 AS_MKDIR_P(libtomcrypt/src/modes/ofb)
 AS_MKDIR_P(libtomcrypt/src/modes/f8)
 AS_MKDIR_P(libtomcrypt/src/modes/lrw)
 AS_MKDIR_P(libtomcrypt/src/modes/xts)
 AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/bit)
 AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/boolean)
 AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/choice)
--- a/dbutil.c
+++ b/dbutil.c
@ -514,7 +514,7 @@ out:
 void m_close(int fd) {
 	int val;
-	if (fd == -1) {
+	if (fd < 0) {
 		return;
 	}
--- a/default_options.h
+++ b/default_options.h
@ -10,7 +10,7 @@ Local customisation should be added to localoptions.h which is
 used if it exists. Options defined there will override any options in this
 file (#ifndef guards added by ifndef_wrapper.sh).
-Options can also be defined with -DDROPBEAR_XXX Makefile CFLAGS
+Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS
 IMPORTANT: Many options will require "make clean" after changes */
@ -198,6 +198,13 @@ If you test it please contact the Dropbear author */
 #define DROPBEAR_ECDSA 1
 #endif
 /* RSA must be >=1024 */
 #ifndef DROPBEAR_DEFAULT_RSA_SIZE
 #define DROPBEAR_DEFAULT_RSA_SIZE 2048
 #endif
 /* DSS is always 1024 */
 /* ECDSA defaults to largest size configured, usually 521 */
 /* Add runtime flag "-R" to generate hostkeys as-needed when the first 
   connection using that key type occurs.
   This avoids the need to otherwise run "dropbearkey" and avoids some problems
@ -373,7 +380,8 @@ Homedir is prepended unless path begins with / */
 #define MAX_UNAUTH_CLIENTS 30
 #endif
-/* Maximum number of failed authentication tries (server option) */
+/* Default maximum number of failed authentication tries (server option) */
 /* -T runtime option overrides */
 #ifndef MAX_AUTH_TRIES
 #define MAX_AUTH_TRIES 10
 #endif
--- a/default_options.h.in
+++ b/default_options.h.in
@ -10,7 +10,7 @@ Local customisation should be added to localoptions.h which is
 used if it exists. Options defined there will override any options in this
 file (#ifndef guards added by ifndef_wrapper.sh).
-Options can also be defined with -DDROPBEAR_XXX Makefile CFLAGS
+Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS
 IMPORTANT: Many options will require "make clean" after changes */
@ -130,6 +130,11 @@ If you test it please contact the Dropbear author */
 * on x86-64 */
 #define DROPBEAR_ECDSA 1
 /* RSA must be >=1024 */
 #define DROPBEAR_DEFAULT_RSA_SIZE 2048
 /* DSS is always 1024 */
 /* ECDSA defaults to largest size configured, usually 521 */
 /* Add runtime flag "-R" to generate hostkeys as-needed when the first 
   connection using that key type occurs.
   This avoids the need to otherwise run "dropbearkey" and avoids some problems
@ -253,7 +258,8 @@ Homedir is prepended unless path begins with / */
 * come from many IPs */
 #define MAX_UNAUTH_CLIENTS 30
-/* Maximum number of failed authentication tries (server option) */
+/* Default maximum number of failed authentication tries (server option) */
 /* -T server option overrides */
 #define MAX_AUTH_TRIES 10
 /* The default file to store the daemon's process ID, for shutdown
--- a/dropbear.8
+++ b/dropbear.8
@ -91,6 +91,9 @@ if 0 disables keepalives. If no response is received for 3 consecutive keepalive
 .B \-I \fIidle_timeout
 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
 .TP
 .B \-T \fImax_authentication_attempts
 Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES)
 .TP
 .B \-c \fIforced_command
 Disregard the command provided by the user and always run \fIforced_command\fR. This also
 overrides any authorized_keys command= option.
--- a/dropbearkey.c
+++ b/dropbearkey.c
@ -139,7 +139,7 @@ int main(int argc, char ** argv) {
 	enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE;
 	char * typetext = NULL;
 	char * sizetext = NULL;
-	unsigned int bits = 0;
+	unsigned int bits = 0, genbits;
 	int printpub = 0;
 	crypto_init();
@ -240,7 +240,8 @@ int main(int argc, char ** argv) {
 		check_signkey_bits(keytype, bits);;
 	}
-	fprintf(stderr, "Generating key, this may take a while...\n");
+	genbits = signkey_generate_get_bits(keytype, bits);
 	fprintf(stderr, "Generating %d bit %s key, this may take a while...\n", genbits, typetext);
 	if (signkey_generate(keytype, bits, filename, 0) == DROPBEAR_FAILURE)
 	{
 		dropbear_exit("Failed to generate key.\n");
--- a/gensignkey.c
+++ b/gensignkey.c
@ -7,9 +7,6 @@
 #include "signkey.h"
 #include "dbrandom.h"
 #define RSA_DEFAULT_SIZE 2048
 #define DSS_DEFAULT_SIZE 1024
 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
 static int buf_writefile(buffer * buf, const char * filename) {
 	int ret = DROPBEAR_FAILURE;
@ -55,11 +52,12 @@ static int get_default_bits(enum signkey_type keytype)
 	switch (keytype) {
 #if DROPBEAR_RSA
 		case DROPBEAR_SIGNKEY_RSA:
-			return RSA_DEFAULT_SIZE;
+			return DROPBEAR_DEFAULT_RSA_SIZE;
 #endif
 #if DROPBEAR_DSS
 		case DROPBEAR_SIGNKEY_DSS:
-			return DSS_DEFAULT_SIZE;
+			/* DSS for SSH only defines 1024 bits */
 			return 1024;
 #endif
 #if DROPBEAR_ECDSA
 		case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
@ -76,6 +74,14 @@ static int get_default_bits(enum signkey_type keytype)
 	}
 }
 int signkey_generate_get_bits(enum signkey_type keytype, int bits) {
 	if (bits == 0)
 	{
 		bits = get_default_bits(keytype);
 	}
 	return bits;
 }
 /* if skip_exist is set it will silently return if the key file exists */
 int signkey_generate(enum signkey_type keytype, int bits, const char* filename, int skip_exist)
 {
@ -83,10 +89,7 @@ int signkey_generate(enum signkey_type keytype, int bits, const char* filename,
 	buffer *buf = NULL;
 	char *fn_temp = NULL;
 	int ret = DROPBEAR_FAILURE;
-	if (bits == 0)
+	bits = signkey_generate_get_bits(keytype, bits);
 	{
 		bits = get_default_bits(keytype);
 	}
 	/* now we can generate the key */
 	key = new_sign_key();
--- a/gensignkey.h
+++ b/gensignkey.h
@ -4,5 +4,6 @@
 #include "signkey.h"
 int signkey_generate(enum signkey_type type, int bits, const char* filename, int skip_exist);
 int signkey_generate_get_bits(enum signkey_type keytype, int bits);
 #endif
--- a/libtomcrypt/Makefile.in
+++ b/libtomcrypt/Makefile.in
@ -9,7 +9,8 @@ VERSION=1.17
 PLATFORM := $(shell uname | sed -e 's/_.*//')
-srcdir=.
+VPATH=@srcdir@
 srcdir=@srcdir@
 # Compiler and Linker Names
 #CC=gcc
--- a/libtommath/Makefile.in
+++ b/libtommath/Makefile.in
@ -2,7 +2,8 @@
 #
 #Tom St Denis
-srcdir=.
+VPATH=@srcdir@
 srcdir=@srcdir@
 # So that libtommath can include Dropbear headers for options and m_burn()
 CFLAGS += -I$(srcdir) -I../libtomcrypt/src/headers/ -I$(srcdir)/../libtomcrypt/src/headers/ -I../ -I$(srcdir)/../
@ -26,8 +27,6 @@ endif
 coverage: LIBNAME:=-Wl,--whole-archive $(LIBNAME)  -Wl,--no-whole-archive
 include makefile.include
 LCOV_ARGS=--directory .
 #START_INS
--- a/options.h
+++ b/options.h
@ -2,6 +2,8 @@
 #define DROPBEAR_OPTIONS_H
 /* 
            > > > Don't edit this file any more! < < <
 Local compile-time configuration should be defined in localoptions.h
 See default_options.h.in for a description of the available options.
 */
--- a/runopts.h
+++ b/runopts.h
@ -96,6 +96,7 @@ typedef struct svr_runopts {
 	int noauthpass;
 	int norootpass;
 	int allowblankpass;
 	unsigned int maxauthtries;
 #if DROPBEAR_SVR_REMOTETCPFWD
 	int noremotetcp;
--- a/svr-auth.c
+++ b/svr-auth.c
@ -368,7 +368,7 @@ void send_msg_userauth_failure(int partial, int incrfail) {
 		ses.authstate.failcount++;
 	}
-	if (ses.authstate.failcount >= MAX_AUTH_TRIES) {
+	if (ses.authstate.failcount >= svr_opts.maxauthtries) {
 		char * userstr;
 		/* XXX - send disconnect ? */
 		TRACE(("Max auth tries reached, exiting"))
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
@ -196,7 +196,7 @@ static int checkpubkey_line(buffer* line, int line_num, char* filename,
 	int ret = DROPBEAR_FAILURE;
 	if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) {
-		TRACE(("checkpubkey: bad line length %d", line->len))
+		TRACE(("checkpubkey_line: bad line length %d", line->len))
 		return DROPBEAR_FAILURE;
 	}
@ -261,7 +261,7 @@ static int checkpubkey_line(buffer* line, int line_num, char* filename,
 	/* check for space (' ') character */
 	if (buf_getbyte(line) != ' ') {
-		TRACE(("checkpubkey: space character expected, isn't there"))
+		TRACE(("checkpubkey_line: space character expected, isn't there"))
 		goto out;
 	}
@ -273,7 +273,7 @@ static int checkpubkey_line(buffer* line, int line_num, char* filename,
 	buf_setpos(line, pos);
 	buf_setlen(line, line->pos + len);
-	TRACE(("checkpubkey: line pos = %d len = %d", line->pos, line->len))
+	TRACE(("checkpubkey_line: line pos = %d len = %d", line->pos, line->len))
 	ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algo, algolen, line, NULL);
@ -361,8 +361,8 @@ static int checkpubkey(char* algo, unsigned int algolen,
 		}
 		line_num++;
-		if (checkpubkey_line(line, line_num, filename,
+		ret = checkpubkey_line(line, line_num, filename, algo, algolen, keyblob, keybloblen);
-				algo, algolen, keyblob, keybloblen) == DROPBEAR_SUCCESS) {
+		if (ret == DROPBEAR_SUCCESS) {
 			break;
 		}
--- a/svr-runopts.c
+++ b/svr-runopts.c
@ -73,6 +73,7 @@ static void printhelp(const char * progname) {
 					"-g		Disable password logins for root\n"
 					"-B		Allow blank password logins\n"
 #endif
 					"-T		Maximum authentication tries (default %d)\n"
 #if DROPBEAR_SVR_LOCALTCPFWD
 					"-j		Disable local port forwarding\n"
 #endif
@ -107,6 +108,7 @@ static void printhelp(const char * progname) {
 #if DROPBEAR_ECDSA
 					ECDSA_PRIV_FILENAME,
 #endif
 					MAX_AUTH_TRIES,
 					DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE,
 					DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
 }
@ -119,6 +121,7 @@ void svr_getopts(int argc, char ** argv) {
 	char* recv_window_arg = NULL;
 	char* keepalive_arg = NULL;
 	char* idle_timeout_arg = NULL;
 	char* maxauthtries_arg = NULL;
 	char* keyfile = NULL;
 	char c;
@ -132,6 +135,7 @@ void svr_getopts(int argc, char ** argv) {
 	svr_opts.noauthpass = 0;
 	svr_opts.norootpass = 0;
 	svr_opts.allowblankpass = 0;
 	svr_opts.maxauthtries = MAX_AUTH_TRIES;
 	svr_opts.inetdmode = 0;
 	svr_opts.portcount = 0;
 	svr_opts.hostkey = NULL;
@ -235,6 +239,9 @@ void svr_getopts(int argc, char ** argv) {
 				case 'I':
 					next = &idle_timeout_arg;
 					break;
 				case 'T':
 					next = &maxauthtries_arg;
 					break;
 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
 				case 's':
 					svr_opts.noauthpass = 1;
@ -331,6 +338,16 @@ void svr_getopts(int argc, char ** argv) {
 			dropbear_exit("Bad recv window '%s'", recv_window_arg);
 		}
 	}
 	if (maxauthtries_arg) {
 		unsigned int val = 0;
 		if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE 
 			|| val == 0) {
 			dropbear_exit("Bad maxauthtries '%s'", maxauthtries_arg);
 		}
 		svr_opts.maxauthtries = val;
 	}
 	if (keepalive_arg) {
 		unsigned int val;
--- a/sysoptions.h
+++ b/sysoptions.h
@ -235,11 +235,13 @@
 #define DROPBEAR_VFORK 1
 #endif
 #ifndef DROPBEAR_LISTEN_BACKLOG
 #if MAX_UNAUTH_CLIENTS > MAX_CHANNELS
 #define DROPBEAR_LISTEN_BACKLOG MAX_UNAUTH_CLIENTS
 #else
 #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS
 #endif
 #endif
 #ifndef DROPBEAR_NONE_CIPHER
 #define DROPBEAR_NONE_CIPHER 0