ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-12 23:45:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,697 Commits 5 Branches 63 Tags 14 MiB
742e296115
Commit Graph

1697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matt Johnston
cf2c4f44a2 fuzzers disable logging by default 
--HG--
branch : fuzz
 2017-05-25 00:12:07 +08:00
Matt Johnston
2bc55ff428 don't exit encountering short lines 
--HG--
branch : fuzz
 2017-05-25 00:10:18 +08:00
Matt Johnston
ee5769f31f avoid NULL argument to base64 decode 
--HG--
branch : fuzz
 2017-05-25 00:09:40 +08:00
Matt Johnston
3a8517b06f create fuzzer .options files 
--HG--
branch : fuzz
 2017-05-23 22:43:52 +08:00
Matt Johnston
0363d3c32e fuzzer-pubkey 
--HG--
branch : fuzz
 2017-05-23 22:43:34 +08:00
Matt Johnston
a582c4cdb6 split out checkpubkey_line() separately 
--HG--
branch : fuzz
 2017-05-23 22:29:21 +08:00
Matt Johnston
a43b6b0323 define SIZE_T_MAX 
--HG--
branch : fuzz
 2017-05-22 22:09:46 +08:00
Matt Johnston
84a143a605 remove unneeded check 
--HG--
branch : fuzz
 2017-05-22 22:09:38 +08:00
Matt Johnston
114438e669 zlib can use m_malloc/m_free too 
--HG--
branch : fuzz
 2017-05-22 22:09:26 +08:00
Matt Johnston
50bde9976b seed_fuzz() prototype 
--HG--
branch : fuzz
 2017-05-21 18:53:44 +08:00
Matt Johnston
18ea116827 -v for debug_trace 
--HG--
branch : fuzz
 2017-05-21 18:53:33 +08:00
Matt Johnston
0ab0687a3a Fix null pointer dereference found by libfuzzer 2017-05-21 18:53:09 +08:00
Matt Johnston
72f85ad90f limit input size 2017-05-25 22:21:23 +08:00
Matt Johnston
fb4e07f7a8 don't exit encountering short lines 2017-05-25 00:10:18 +08:00
Matt Johnston
6e0b539e9c split out checkpubkey_line() separately 2017-05-23 22:29:21 +08:00
Matt Johnston
83b2c899f5 increase min DSS and RSA lengths 2017-06-16 22:35:32 +08:00
Matt Johnston
eb7ca20379 check p and q lengths 2017-06-16 22:35:18 +08:00
Matt Johnston
30d3ccd419 Fix null pointer dereference found by libfuzzer 
--HG--
branch : fuzz
 2017-05-21 18:53:09 +08:00
Matt Johnston
fb8fb7fed0 add dbmalloc epoch cleanup 
--HG--
branch : fuzz
 2017-05-21 10:54:11 +08:00
Matt Johnston
1abd239b9d ignore wrapfd_close for unknown 
--HG--
branch : fuzz
 2017-05-21 10:48:18 +08:00
Matt Johnston
9f1c8b2f8f make buf_getstring fail prior to malloc if the buffer is short 
--HG--
branch : fuzz
 2017-05-20 23:39:01 +08:00
Matt Johnston
c169423051 glaring wrapfd problems fixed 
--HG--
branch : fuzz
 2017-05-20 22:47:19 +08:00
Matt Johnston
fdc6f32392 closer to working 
--HG--
branch : fuzz
 2017-05-20 13:23:16 +08:00
Matt Johnston
ea984cfb95 add cve and patch link 2017-05-20 10:27:29 +08:00
Matt Johnston
e7cdb2ebe5 add wrapfd. improve fuzzer in makefile 
--HG--
branch : fuzz
 2017-05-19 00:48:46 +08:00
Matt Johnston
4dae8edb76 merge main to fuzz 
--HG--
branch : fuzz
 2017-05-18 23:45:10 +08:00
Matt Johnston
a3e01b8884 better harness 
--HG--
branch : fuzz
 2017-05-18 23:38:30 +08:00
Matt Johnston
6d33a2b0bb setup svr_dropbear_exit 
--HG--
branch : fuzz
 2017-05-18 23:36:54 +08:00
Matt Johnston
f7d38a1b9c merge main 2017-05-18 23:00:12 +08:00
Matt Johnston
45b27b0194 merge 2017.75 2017-05-18 22:59:38 +08:00
Matt Johnston
2a921c2c25 Added signature for changeset 5c9207ceedae 2017-05-18 22:58:18 +08:00
Matt Johnston
4c759cde1f Added tag DROPBEAR_2017.75 for changeset c31276613181 2017-05-18 22:58:14 +08:00
Matt Johnston
c3984c89f7 fix changelog for atomic dropbearkey 2017-05-18 21:31:13 +08:00
Matt Johnston
96dfbc882d bump version to 2017.75 2017-05-17 23:57:58 +08:00
Matt Johnston
d3883e54b8 changes for 2017.75 2017-05-17 23:57:18 +08:00
Matt Johnston
beaff53a79 rename fuzzer -> fuzz-target, add list-fuzz-targets 
--HG--
branch : fuzz
 2017-05-14 00:00:21 +08:00
Matt Johnston
b9b308f2fe Use CXX to link fuzzer, also link with $FUZZLIB 
--HG--
branch : fuzz
 2017-05-13 23:46:01 +08:00
Matt Johnston
a7bfd792f7 crypto_init() 
--HG--
branch : fuzz
 2017-05-13 23:45:51 +08:00
Matt Johnston
06fd9e3771 fix buf->pos when shrinking 
--HG--
branch : fuzz
 2017-05-13 23:44:12 +08:00
Matt Johnston
fb719e3d0b fuzz harness 
--HG--
branch : fuzz
 2017-05-13 22:50:54 +08:00
Matt Johnston
9f24cdf74c copy over some fuzzing code from AFL branch 
--HG--
branch : fuzz
 2017-05-12 23:14:54 +08:00
Matt Johnston
d7471c4f87 notsocket changes from afl branch 
--HG--
branch : fuzz
 2017-05-12 22:14:49 +08:00
Thomas De Schampheleire
49177312fb Introduce extra delay before closing unauthenticated sessions 
To make it harder for attackers, introduce a delay to keep an
unauthenticated session open a bit longer, thus blocking a connection
slot until after the delay.

Without this, while there is a limit on the amount of attempts an attacker
can make at the same time (MAX_UNAUTH_PER_IP), the time taken by dropbear to
handle one attempt is still short and thus for each of the allowed parallel
attempts many attempts can be chained one after the other. The attempt rate
is then:
    "MAX_UNAUTH_PER_IP / <process time of one attempt>".

With the delay, this rate becomes:
    "MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".
 2017-02-15 13:53:04 +01:00
Matt Johnston
5d2cb48f46 Use atomic key generation in all cases 2016-11-19 00:31:21 +08:00
Matt Johnston
597f12c44a Use atomic key generation in all cases 2016-11-19 00:31:21 +08:00
Matt Johnston
9f674382d5 Merge pull request #27 from fperrad/20160325_lint 
more linting
 2016-11-18 23:56:22 +08:00
Matt Johnston
6830a65923 Merge pull request #26 from fperrad/kill_kr 
remove K&R old style code
 2016-11-18 22:48:50 +08:00
Francois Perrad
0d9c3fe70b initialize variable and protect against NULL dereferencement 2016-11-15 15:36:05 +01:00
Francois Perrad
2e38ac7504 initialize variable 2016-11-15 15:33:27 +01:00
Francois Perrad
f208d7920c remove duplicated include 2016-11-15 15:31:50 +01:00