ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-07 05:17:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

merge from main

Browse Source 
--HG--
branch : fuzz
This commit is contained in:
Matt Johnston 2017-06-24 00:47:07 +08:00
commit 5ac4a71000
4 changed files with 77 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
configure.ac
View File

@ -19,6 +19,7 @@ if test -z "$LD" ; then
fi fi
AC_SUBST(LD) AC_SUBST(LD)
# set compile flags prior to other tests
if test -z "$OLDCFLAGS" && test "$GCC" = "yes"; then if test -z "$OLDCFLAGS" && test "$GCC" = "yes"; then
AC_MSG_NOTICE(No \$CFLAGS set... using "-Os -W -Wall" for GCC) AC_MSG_NOTICE(No \$CFLAGS set... using "-Os -W -Wall" for GCC)
CFLAGS="-Os -W -Wall -Wno-pointer-sign" CFLAGS="-Os -W -Wall -Wno-pointer-sign"
@ -29,12 +30,70 @@ OLDCFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -fno-strict-overflow" CFLAGS="$CFLAGS -fno-strict-overflow"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_RESULT(yes)], [AC_MSG_RESULT(yes)],
[ [AC_MSG_RESULT(no); CFLAGS="$OLDCFLAGS" ]
AC_MSG_RESULT(no)
CFLAGS=$OLDCFLAGS
]
) )
hardenbuild=1
AC_ARG_ENABLE(harden,
[ --disable-harden Don't set hardened build flags],
[
if test "x$enableval" = "xno"; then
hardenbuild=0
AC_MSG_NOTICE(Disabling hardened build flags)
fi
], [])
if test "$hardenbuild" -eq 1; then
AC_MSG_NOTICE(Checking for available hardened build flags:)
# pie
OLDCFLAGS="$CFLAGS"
TESTFLAGS="-fPIE"
CFLAGS="$CFLAGS $TESTFLAGS"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_NOTICE([Setting $TESTFLAGS])],
[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
)
OLDLDFLAGS="$LDFLAGS"
TESTFLAGS="-Wl,-pie"
LDFLAGS="$LDFLAGS $TESTFLAGS"
AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_NOTICE([Setting $TESTFLAGS])],
[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
)
# readonly elf relocation sections (relro)
OLDLDFLAGS="$LDFLAGS"
TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
LDFLAGS="$LDFLAGS $TESTFLAGS"
AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_NOTICE([Setting $TESTFLAGS])],
[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
)
# stack protector. -strong is good but only in gcc 4.9 or later
OLDCFLAGS="$CFLAGS"
TESTFLAGS="-fstack-protector-strong"
CFLAGS="$CFLAGS $TESTFLAGS"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_NOTICE([Setting $TESTFLAGS])],
[
CFLAGS="$OLDCFLAGS"
TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
CFLAGS="$CFLAGS $TESTFLAGS"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_NOTICE([Setting $TESTFLAGS])],
[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
)
]
)
# FORTIFY_SOURCE
OLDCFLAGS="$CFLAGS"
TESTFLAGS="-D_FORTIFY_SOURCE=2"
CFLAGS="$CFLAGS $TESTFLAGS"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_NOTICE([Setting $TESTFLAGS])],
[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
)
fi
# large file support is useful for scp # large file support is useful for scp
AC_SYS_LARGEFILE AC_SYS_LARGEFILE
@ -246,7 +305,11 @@ AC_SUBST(DROPBEAR_FUZZ)
# Checks for header files. # Checks for header files.
AC_HEADER_STDC AC_HEADER_STDC
AC_HEADER_SYS_WAIT AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS([fcntl.h limits.h netinet/in.h netinet/tcp.h stdlib.h string.h sys/socket.h sys/time.h termios.h unistd.h crypt.h pty.h ioctl.h libutil.h libgen.h inttypes.h stropts.h utmp.h utmpx.h lastlog.h paths.h util.h netdb.h security/pam_appl.h pam/pam_appl.h netinet/in_systm.h sys/uio.h]) AC_CHECK_HEADERS([fcntl.h limits.h netinet/in.h netinet/tcp.h stdlib.h \
string.h sys/socket.h sys/time.h termios.h unistd.h crypt.h \
pty.h ioctl.h libutil.h libgen.h inttypes.h stropts.h utmp.h \
utmpx.h lastlog.h paths.h util.h netdb.h security/pam_appl.h \
pam/pam_appl.h netinet/in_systm.h sys/uio.h linux/pkt_sched.h])
# Checks for typedefs, structures, and compiler characteristics. # Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST AC_C_CONST

2
includes.h
View File

@ -160,7 +160,7 @@ typedef u_int32_t uint32_t;
#define SIZE_T_MAX ULONG_MAX #define SIZE_T_MAX ULONG_MAX
#endif /* SIZE_T_MAX */ #endif /* SIZE_T_MAX */
#ifdef SO_PRIORITY #ifdef HAVE_LINUX_PKT_SCHED_H
#include <linux/types.h> #include <linux/types.h>
#include <linux/pkt_sched.h> #include <linux/pkt_sched.h>
#endif #endif

4
netio.c
View File

@ -307,7 +307,7 @@ void set_sock_priority(int sock, enum dropbear_prio prio) {
#ifdef IPTOS_LOWDELAY #ifdef IPTOS_LOWDELAY
int iptos_val = 0; int iptos_val = 0;
#endif #endif
#ifdef SO_PRIORITY #ifdef HAVE_LINUX_PKT_SCHED_H
int so_prio_val = 0; int so_prio_val = 0;
#endif #endif
@ -340,7 +340,7 @@ void set_sock_priority(int sock, enum dropbear_prio prio) {
} }
#endif #endif
#ifdef SO_PRIORITY #ifdef HAVE_LINUX_PKT_SCHED_H
if (prio == DROPBEAR_PRIO_LOWDELAY) { if (prio == DROPBEAR_PRIO_LOWDELAY) {
so_prio_val = TC_PRIO_INTERACTIVE; so_prio_val = TC_PRIO_INTERACTIVE;
} else if (prio == DROPBEAR_PRIO_BULK) { } else if (prio == DROPBEAR_PRIO_BULK) {

6
svr-authpam.c
View File

@ -224,6 +224,12 @@ void svr_auth_pam() {
goto cleanup; goto cleanup;
} }
if ((rc = pam_set_item(pamHandlep, PAM_RHOST, svr_ses.remotehost)) != PAM_SUCCESS) {
dropbear_log(LOG_WARNING, "pam_set_item() failed, rc=%d, %s",
rc, pam_strerror(pamHandlep, rc));
goto cleanup;
}
#ifdef HAVE_PAM_FAIL_DELAY #ifdef HAVE_PAM_FAIL_DELAY
/* We have our own random delay code already, disable PAM's */ /* We have our own random delay code already, disable PAM's */
(void) pam_fail_delay(pamHandlep, 0 /* musec_delay */); (void) pam_fail_delay(pamHandlep, 0 /* musec_delay */);