dropbear

mirror of https://github.com/clearml/dropbear synced 2025-02-14 16:35:05 +00:00

Author	SHA1	Message	Date
xcko	553087b7a6	support openssh long option -o Port=XXXX (#68 )	2019-03-20 23:08:25 +08:00
karel-m	16fb0b0d53	cygwin competibility fix (#64 )	2019-03-20 23:05:37 +08:00
Andre McCurdy	493ab8fd81	drop obsolete definition for MAX_KEXHASHBUF (#65 ) The last code to make use of MAX_KEXHASHBUF was removed in 2005: `736f370dce` Signed-off-by: Andre McCurdy <armccurdy@gmail.com>	2019-03-20 23:01:41 +08:00
Matt Johnston	0afcfafbb9	Add a sanity check for DROPBEAR_SVR_MULTIUSER==0 mode	2019-03-20 22:57:06 +08:00
Patrick Stewart	0af22aa8e4	Support servers without multiple user support (#76 )	2019-03-20 22:44:49 +08:00
Konstantin Demin	2fd3b9f560	packet: remove stale comment about "packet_type" (#63 ) clean up after `7f15910541` Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>	2019-03-20 22:33:15 +08:00
François Perrad	2de3bc9353	fix some gcc warnings (#73 ) * tweak string size fix gcc8 warnings ``` svr-agentfwd.c: In function 'bindagent': svr-agentfwd.c:254:53: warning: '%s' directive output may be truncated writing up to 107 bytes into a region of size between 0 and 107 [-Wformat-truncation=] snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/%s", path, sockfile); ^~ ~~~~~~~~ svr-agentfwd.c:254:2: note: 'snprintf' output between 2 and 216 bytes into a destination of size 108 snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/%s", path, sockfile); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``` * cleanup signed/unsigned comparison fix gcc8 warnings ``` scp.c: In function 'do_local_cmd': scp.c:132:17: warning: comparison of integer expressions of different signedness: 'u_int' {aka 'unsigned int'} and 'int' [-Wsign-compare] for (i = 0; i < a->num; i++) ^ scpmisc.c: In function 'addargs': scpmisc.c:161:25: warning: comparison of integer expressions of different signedness: 'int' and 'u_int' {aka 'unsigned int'} [-Wsign-compare] } else if (args->num+2 >= nalloc) ^~ scpmisc.c: In function 'replacearg': scpmisc.c:183:12: warning: comparison of integer expressions of different signedness: 'u_int' {aka 'unsigned int'} and 'int' [-Wsign-compare] if (which >= args->num) ^~ scpmisc.c: In function 'freeargs': scpmisc.c:196:17: warning: comparison of integer expressions of different signedness: 'u_int' {aka 'unsigned int'} and 'int' [-Wsign-compare] for (i = 0; i < args->num; i++) ^ ``` see https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/misc.h.diff?r1=1.16&r2=1.17	2019-03-20 22:25:15 +08:00
François Perrad	28b6111db0	use strlcpy & strlcat (#74 ) * refactor checkpubkeyperms() with safe BSD functions fix gcc8 warnings ``` svr-authpubkey.c: In function 'checkpubkeyperms': svr-authpubkey.c:427:2: warning: 'strncat' specified bound 5 equals source length [-Wstringop-overflow=] strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 / ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ svr-authpubkey.c:433:2: warning: 'strncat' specified bound 16 equals source length [-Wstringop-overflow=] strncat(filename, "/authorized_keys", 16); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``` see https://www.sudo.ws/todd/papers/strlcpy.html restore strlcpy in xstrdup see original https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/xmalloc.c?rev=1.16	2019-03-20 22:09:19 +08:00
vincentto13	a0aa274981	Fix for issue successfull login of disabled user (#78 ) This commit introduces fix for scenario: 1. Root login disabled on dropbear 2. PAM authentication model enabled While login as root user, after prompt for password user is being notified about login failrue, but after second attempt of prompt for password within same session, login becames succesfull. Signed-off-by: Pawel Rapkiewicz <pawel.rapkiewicz@gmail.com>	2019-03-20 22:03:40 +08:00
Michael Jones	b016ebedfd	Add missing word to readme (#77 )	2019-03-20 21:56:19 +08:00
François Perrad	cb945f9f67	add missing initializer (#71 )	2019-01-07 23:09:45 +08:00
Matt Johnston	df0f1297eb	merge	2018-11-14 22:58:35 +08:00
Matt Johnston	fe992bf4ea	Split ChanType closehandler() and cleanup() so that dbclient doesn't lose exit status messages	2018-11-14 22:57:56 +08:00
Matt Johnston	ffde4a524f	Remove some cluttering TRACE printouts	2018-11-14 22:52:04 +08:00
Matt Johnston	7e03e4d443	Remove incorrect _POSIX_C_SOURCE	2018-11-06 07:25:53 +08:00
Matt Johnston	02ffdd09dc	- Add adaptive authentication failure delay - Rework monotonic_now/gettime_wrapper and use clock_gettime on more platforms	2018-11-05 23:36:34 +08:00
Matt Johnston	6f6ef4834c	merge remote forward fix	2018-09-07 23:02:53 +08:00
Matt Johnston	d2e71ade72	FIx remote forward listeners	2018-09-07 23:02:20 +08:00
Matt Johnston	892c5fc1c8	Merge writev #include fix	2018-08-26 22:26:42 +08:00
Matt Johnston	e7504b3311	make writev #include consistent for variable declarations too	2018-08-23 23:59:24 +08:00
Matt Johnston	ad3eacf3d6	Merge bugfix delay invalid users	2018-08-23 23:43:45 +08:00
Matt Johnston	52adbb34c3	Wait to fail invalid usernames	2018-08-23 23:43:12 +08:00
Matt Johnston	90f04384ee	fix error message to say localoptions.h	2018-08-23 22:10:07 +08:00
Matt Johnston	195934be96	avoid extended regex features to avoid caring about sed -r vs -E	2018-07-24 20:19:05 +08:00
Matt Johnston	d740dc5489	Fix leaks in kex fuzzers	2018-03-09 23:16:37 +08:00
Matt Johnston	76933e6c0a	move dictionaries to corpus repo	2018-03-09 20:43:11 +08:00
Matt Johnston	38c9408cf8	avoid leak of ecdh public key	2018-03-08 23:51:33 +08:00
Matt Johnston	397af3e6a6	kexhashbuf was much to small in kex fuzzers	2018-03-08 23:23:19 +08:00
Matt Johnston	933bc5f8a7	Disable wrapfds outside of fuzzed code	2018-03-08 23:22:53 +08:00
Matt Johnston	ba94bcd2e8	It turns out you can't have a single-quote in an #error	2018-03-08 22:37:54 +08:00
Matt Johnston	56855744b8	Only advertise a single server ecdsa key when -R (generate as required) is specified. Fixes -R now that default ecdsa key size has changed.	2018-03-08 22:25:33 +08:00
Matt Johnston	b4b11c8155	#error if no ecc size is chosen	2018-03-08 22:22:11 +08:00
Matt Johnston	f82933108d	reduce fuzzer-kexdh params count again, still hitting timeout	2018-03-07 22:50:32 +08:00
Matt Johnston	27828c742c	don't allow null characters in authorized_keys	2018-03-07 22:16:21 +08:00
Matt Johnston	ed4c38ba46	fix leak in option handling	2018-03-07 22:14:36 +08:00
Matt Johnston	e9edbe8bb2	avoid leak of pubkey_options	2018-03-06 22:18:20 +08:00
Matt Johnston	4fd3160179	fix uninitialised memory in fuzzer codepath	2018-03-06 22:02:19 +08:00
Matt Johnston	a60725740b	workaround memory sanitizer FD_ZERO false positives	2018-03-06 21:51:51 +08:00
Matt Johnston	5d065258da	reduce number of dh parameters so fuzzer doesn't timeout	2018-03-06 21:00:09 +08:00
Matt Johnston	149b21d7cf	ciphers/hashes/kex algorithms won't have string lengths, also use dictionary for fuzzer-preauth_nomaths	2018-03-05 21:02:26 +08:00
Matt Johnston	145fb96989	Don't read uninitialised value. From `1d03522625`	2018-03-05 16:50:24 +08:00
Matt Johnston	084ff9b4c8	reduce number of params so it doesn't hit a timeout	2018-03-05 16:29:57 +08:00
Matt Johnston	6b05aa4275	fix some links	2018-03-05 14:14:26 +08:00
Matt Johnston	366fc8f335	notes on the fuzzer	2018-03-05 14:07:11 +08:00
Matt Johnston	35f479bd87	Add kexdh and kexecdh fuzzers	2018-03-05 11:50:31 +08:00
Matt Johnston	9d11cad5dc	dictionary for fuzzer-preauth	2018-03-05 00:59:17 +08:00
Matt Johnston	0233dcebb4	try and improve the odds of useful fuzzer activity	2018-03-04 22:11:23 +08:00
Matt Johnston	f7dedab4a7	- fuzzer-pubkey needs to free algoname, fix build - improve dictionary with lengths	2018-03-04 21:44:09 +08:00
Matt Johnston	129c440362	add a dictionary for fuzzer-pubkey	2018-03-04 19:38:34 +08:00
Matt Johnston	abee8093b3	use random keyblob from the fuzzer instead	2018-03-04 19:19:45 +08:00

1 2 3 4 5 ...

1536 Commits