ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-07 13:21:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
887 Commits 5 Branches 63 Tags 14 MiB
9174de47a9
Commit Graph

887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matt Johnston
9174de47a9 Fix bad multi-statement define for m_free(), detected by Coverity 2015-01-28 22:43:01 +08:00
Christian Engelmayer
d857faf18e When clearing the memory of 'key' in function openssh_read(), only the size 
of the pointer to the data instead of the whole size of struct openssh_key
is cleared. Correct the size calculation as detected by Coverity CID 1191543.
 2015-01-28 22:42:29 +08:00
Matt Johnston
d5c8ba1690 Initialise sa_mask 2015-01-28 22:33:34 +08:00
Matt Johnston
9bb9b4829d Fix memory leak of ecdsa structure, found by Coverity 2015-01-28 22:29:18 +08:00
Matt Johnston
e25c297c3c Document ~/.ssh/id_dropbear 2015-01-28 22:22:32 +08:00
Matt Johnston
a7a79d569a Disable non-delayed zlib for server 2015-01-28 21:38:27 +08:00
Matt Johnston
6165f53fcd Default client key path ~/.ssh/id_dropbear 2015-01-24 00:05:26 +08:00
Fedor Brunner
4122cac66b Prefer stronger algorithms in algorithm negotiation. 
Prefer diffie-hellman-group14-sha1 (2048 bit) over
diffie-hellman-group1-sha1 (1024 bit).

Due to meet-in-the-middle attacks the effective key length of
three key 3DES is 112 bits. AES is stronger and faster then 3DES.

Prefer to delay the start of compression until after authentication
has completed. This avoids exposing compression code to attacks
from unauthenticated users.

(github pull request #9)
 2015-01-23 23:00:25 +08:00
Like Ma
a1dcebe4f4 Fix installing dropbear.8 error when building in a separate directory. 
(fix pull request #6)
 2015-01-23 22:59:30 +08:00
Matt Johnston
6cbb23a819 Add config option to disable cbc. Disable twofish by default 2015-01-23 22:37:14 +08:00
Like Ma
5c57a31184 Fix variables may be uninitialized. 
(fixup of pull request #7)
 2015-01-23 22:23:23 +08:00
Fedor Brunner
7b2c42aa75 Integrity error (bad packet size %u) negative length 
When corrupted packet is received negative length of packet is
    displayed.
    (re-apply of pull request #8)
 2015-01-23 22:21:06 +08:00
Matt Johnston
1ed8d3938e Enable sha2 HMACs by default, they're required for ecdsa already 2015-01-13 20:55:04 +08:00
Matt Johnston
b24984deb3 clear hash state memory after use 2015-01-04 23:10:59 +08:00
Matt Johnston
eabd9f5e60 clarify bad/unknown 2015-01-04 22:32:38 +08:00
Catalin Patulea
d4609682af Handle invalid agent keys by skipping rather than exiting. 
My agent exposes both conventional keys and certs (ecdsa-sha2-nistp256-cert-v01@openssh.com) and I want dropbear to be able to use the former.
 2015-01-01 17:47:46 -05:00
Matt Johnston
634415f79e Open directories O_RDONLY for fsync, add debugging if it fails 2015-01-04 22:22:43 +08:00
Matt Johnston
4ba830fc31 Make sure hostkeys are flushed to disk to avoid empty files if the power 
fails. Based on patch from Peter Korsgaard
 2014-11-08 22:15:16 +08:00
Matt Johnston
3022a46039 Added signature for changeset 2d421bc0545d 2014-10-23 22:09:46 +08:00
Matt Johnston
d9a868ff60 Added tag DROPBEAR_2014.66 for changeset 735511a4c761 2014-10-23 22:09:22 +08:00
Matt Johnston
c890a0c133 changelog, version number bump 2014-10-23 21:43:00 +08:00
Matt Johnston
9ec934a94a Remove -o from scp help 2014-10-23 20:52:10 +08:00
Matt Johnston
5e606a964b increae MAX_STRING_LEN for sun ssh 2014-10-23 20:50:06 +08:00
Steven Honeyman
d88034434c Don't print "Failed loading hostkey" when -R delayed hostkey option is enabled 2014-10-22 07:12:52 +08:00
Matt Johnston
776d908703 Combine code for SSH_CONNECTION and SSH_CLIENT 2014-10-21 22:33:49 +08:00
Matt Johnston
444b15889f Merge pull request #5 from rcleere/ssh_client 
Add SSH_CLIENT environment variable
 2014-10-21 21:43:20 +08:00
Ryan Cleere
957450582f Add SSH_CLIENT environment variable 2014-10-20 12:59:47 -05:00
Matt Johnston
6d2d3669f3 Make keepalive handling more robust, this should now match what OpenSSH does 2014-08-19 23:08:56 +08:00
Whoopie
1387654cc8 Fix wtmp, testing for wtmp.h and wtmpx.h doesn't make sense 2014-08-13 22:07:43 +08:00
Matt Johnston
10eb218fb0 Don't send SSH_MSG_UNIMPLEMENTED for keepalive responses 2014-08-13 21:48:47 +08:00
Matt Johnston
bfb2b30de6 Added signature for changeset caac692b366c 2014-08-08 21:53:47 +08:00
Matt Johnston
426d4d72c6 Added tag DROPBEAR_2014.65 for changeset e9579816f20e 2014-08-08 21:53:42 +08:00
Matt Johnston
cce29ba38c 2014.64 2014-08-08 21:40:42 +08:00
Mike Frysinger
ed2e276b3a use xauth in /usr/bin 
Since the x.org rework, X has been installed into standard paths and not
its own random prefixes.  I think it's time we update the default paths
accordingly.
 2014-08-01 06:14:19 -04:00
Matt Johnston
12a020aa62 Don't warn about ENOTSOCK when setting priority 2014-08-06 22:16:38 +08:00
Matt Johnston
b969101b33 Be a bit safer in case pw_name doesn't exist 2014-08-06 22:10:57 +08:00
Matt Johnston
86a742f635 merge 2014-08-06 22:08:16 +08:00
Matt Johnston
9468f7f6d6 Merge pull request #2 from iquaba/patch-1 
Try without identifying current user
 2014-08-06 22:04:49 +08:00
Matt Johnston
628a3f5cca Test for EAGAIN too 2014-08-06 21:55:43 +08:00
iquaba
e815e97440 Try without identifying current user 
Small change that warns the user if the current user cannot be identified rather than aborting.  This came in handy when I put dropbear on a dlink that did not have a true user environment.  Falling back on the "-l" option and user@ options works just fine as a client.  The only implication I found is that the -J option will fail ungracefully without a known own_user.
 2014-08-06 08:48:43 -05:00
Matt Johnston
0e7409c7ff Make sure the check_close() handler runs when a server child process exits 2014-07-28 23:23:49 +08:00
Matt Johnston
393ca2a290 Fix some format string warnings 2014-07-28 22:59:16 +08:00
Matt Johnston
ad1d48e07b Fix clock_gettime handling 2014-07-28 22:48:48 +08:00
Matt Johnston
ac98aae160 Added signature for changeset 96584b934d04 2014-07-27 23:11:52 +08:00
Matt Johnston
c1267398a2 Added tag DROPBEAR_2014.64 for changeset 0d2d39957c02 2014-07-27 23:11:47 +08:00
Matt Johnston
8c3a2bb63e Archive should be bz2 nor gz 2014-07-27 22:56:35 +08:00
Matt Johnston
923fc9087c - Don't use multichar constants since recent gcc complains 
- Add release script
- Simplify print_version
 2014-07-27 22:55:29 +08:00
Matt Johnston
83511fecc0 Version 2014.64 2014-07-27 22:25:18 +08:00
Matt Johnston
ed0552f214 Add '-V' for version 
-h should exit with success
Update manpages
 2014-07-27 22:06:26 +08:00
Matt Johnston
5cf83a7212 Avoid use-after-free when channel inithandler fails. Thanks to Coverity 2014-07-26 10:18:55 +08:00