ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-01 03:16:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,699 Commits 5 Branches 63 Tags 14 MiB
483b427335
Commit Graph

1699 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matt Johnston
6c571c54e5 small tidy of "signal" while loop 2021-03-06 23:05:17 +08:00
Matt Johnston
d2bfa6aedc fuzz: handle errors from wrapfd_new_dummy() 2021-03-06 22:58:57 +08:00
Matt Johnston
d0d1ede191 fuzz: fix crash in newtcpdirect(), don't close the channel too early 2021-03-05 22:51:11 +08:00
Matt Johnston
3c2f113a78 Return errstring on connect failure 2021-03-05 21:13:20 +08:00
Matt Johnston
f193e95a3e fuzz: avoid extraneous printing 2021-03-04 23:57:12 +08:00
Matt Johnston
03481aba06 Define _GNU_SOURCE properly, other header fixes 
This lets -std=c89 build for gcc 8.4.0
 2021-03-04 21:03:02 +08:00
Matt Johnston
8b0fdf8010 Small cleanups of netio allocated port 2021-03-04 21:02:16 +08:00
Guillaume Picquet
934cc87db3
Update netio.c (#115) 
Moved allocated_lport_p and allocated_lport at begin of block to buld in C89
 2021-03-04 20:50:13 +08:00
Guillaume Picquet
ae94f64145
Update cli-main.c (#114) 
Moved pid_t proxy_cmd_pid declaration at begin of block to allow build in c89 (gcc-2.95)
 2021-03-04 20:46:46 +08:00
Matt Johnston
8552a0e9eb Disable UNAUTH_CLOSE_DELAY by default 2021-03-02 22:20:14 +08:00
Matt Johnston
d20420e709 merge 2021-01-29 21:59:12 +08:00
Matt Johnston
e8640bdca3 fuzz: wrap kill() 2021-01-29 21:47:56 +08:00
Xenhat
e4edbf2e57
Update INSTALL (#113) 
Make Git/Mercurial instructions easier to understand
 2020-12-17 17:35:48 +08:00
Matt Johnston
5d60e5f312 Use buf_eatstring instead 2020-12-10 23:18:48 +08:00
Dirkjan Bussink
38d7da5fe5
Fix handling of replies to global requests (#112) 
The current code assumes that all global requests want / need a reply.
This isn't always true and the request itself indicates if it wants a
reply or not.

It causes a specific problem with hostkeys-00@openssh.com messages.
These are sent by OpenSSH after authentication to inform the client of
potential other host keys for the host. This can be used to add a new
type of host key or to rotate host keys.

The initial information message from the server is sent as a global
request, but with want_reply set to false. This means that the server
doesn't expect an answer to this message. Instead the client needs to
send a prove request as a reply if it wants to receive proof of
ownership for the host keys.

The bug doesn't cause any current problems with due to how OpenSSH
treats receiving the failure message. It instead treats it as a
keepalive message and further ignores it.

Arguably this is a protocol violation though of Dropbear and it is only
accidental that it doesn't cause a problem with OpenSSH.

The bug was found when adding host keys support to libssh, which is more
strict protocol wise and treats the unexpected failure message an error,
also see https://gitlab.com/libssh/libssh-mirror/-/merge_requests/145
for more information.

The fix here is to honor the want_reply flag in the global request and
to only send a reply if the other side expects a reply.
 2020-12-10 23:13:13 +08:00
Matt Johnston
a6b2eeb190 Fix null pointer dereference removing listeners 2020-12-07 20:03:24 +08:00
Matt Johnston
e12ff23e7d fuzz: add an always-failing dropbear_listen() replacement 2020-12-06 21:54:01 +08:00
Matt Johnston
007a5925dc fuzz: work around fuzz_connect_remote() limitations 2020-12-06 21:27:25 +08:00
Matt Johnston
d439ed26e4 Some minor manpage improvements 2020-12-05 14:56:53 +08:00
Matt Johnston
f9ff3fa23d fuzz: skip custom mutators with -fsanitize=memory 2020-12-05 11:54:53 +08:00
Matt Johnston
2c64335d9c fuzz: make postauth set authdone properly 2020-12-03 22:18:51 +08:00
Matt Johnston
286b6b9f80 Remove unused cli_authinitialise 2020-12-03 21:19:19 +08:00
Matt Johnston
220ba993a2 fuzzing - Set postauth user to root since that's what it runs as 2020-11-17 19:28:11 +08:00
Matt Johnston
3c88d6536a fuzzing: add workaround getpwuid/getpwnam 2020-11-16 22:44:30 +08:00
Matt Johnston
f49b576e93 Fix fuzzing build 2020-11-15 21:22:08 +08:00
Matt Johnston
8ec9016585 Add server postauth fuzzer, wrap connect_remote() 2020-11-13 23:18:05 +08:00
Matt Johnston
15ea6d1106 Remove accidentally committed abort() 2020-11-13 23:16:50 +08:00
Matt Johnston
24cfda9e3c fuzzing - fix some wrong types and -lcrypt on macos 2020-11-02 20:33:48 +08:00
Matt Johnston
121e6e6202 Fuzzing - get rid of "prefix" for streams 
Improved packet generation with sshpacketmutator
 2020-11-01 23:44:58 +08:00
Matt Johnston
1b6e16ae7c fuzzing - avoid sha1 for random seed every iteration 2020-11-01 14:01:37 +08:00
Matt Johnston
b8352f8164 Move fuzzer-kex initialisation into a constructor function 
Hopefully this can avoid hitting AFL timeouts
https://github.com/google/oss-fuzz/pull/2474
 2020-10-29 23:00:52 +08:00
Matt Johnston
6aa065b1b4 Use SSH packet mutator for preauth too 
Get rid of separate client mutator.
Have 0.1% chance of llvm random mutation
Add comments
 2020-10-29 22:41:37 +08:00
Matt Johnston
6cf29061c2 Fix FUZZ_NO_REPLACE_STDERR for fuzz.c 2020-10-29 22:14:38 +08:00
Matt Johnston
f92f0777de Merge from main 2020-10-29 21:51:41 +08:00
Matt Johnston
9c70e4bed1 Added signature for changeset 5879c5829e85 2020-10-29 21:40:34 +08:00
Matt Johnston
a51833c51a Added tag DROPBEAR_2020.81 for changeset 4b984c42372d 2020-10-29 21:40:27 +08:00
Matt Johnston
d852d69b50 Changelog for 2020.81 2020-10-29 21:35:50 +08:00
Matt Johnston
1b603069db Fix fuzzing stderr override on os x 2020-10-26 23:44:43 +08:00
Matt Johnston
bf4058d1df Preallocate memory for sshpacketmutator. Add fuzzer-client_mutator_nomaths 2020-10-26 23:31:24 +08:00
Matt Johnston
4d716b6302 crossover works 2020-10-26 23:06:41 +08:00
Matt Johnston
1260fbc5cd Fix fuzz-sshpacketmutator to work 2020-10-26 22:52:07 +08:00
Matt Johnston
acd6a22a0c Print ascii in printhex too 2020-10-26 22:51:44 +08:00
Matt Johnston
4e8a1da551 Add first try at fuzzing custom mutator 2020-10-25 22:52:36 +08:00
Matt Johnston
754dc50b93 merge from main 2020-10-25 21:47:42 +08:00
Matt Johnston
c7cfa75e92 Disable stderr output for fuzzer by default 2020-10-24 22:40:08 +08:00
Matt Johnston
b070bcd570 Make "Too many remote algorithms" exit rather than log 
It's fatal anyway, makes logs more concise.
 2020-10-24 19:28:29 +08:00
Matt Johnston
037d26f055 Add buf_decrpos() 2020-10-24 18:56:45 +08:00
Matt Johnston
cb252296c5 Add some more variation to fuzzer random number generation 2020-10-23 23:32:44 +08:00
Matt Johnston
f37def57b0 Move fuzzing code to fuzz/ subdirectory, improve Makefile.in 2020-10-23 23:10:20 +08:00
Matt Johnston
1a208c460b Increase MAX_PROPOSED_ALGO to 50, warn if exceeded 2020-10-23 20:53:58 +08:00