ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-21 19:47:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,761 Commits 5 Branches 63 Tags 14 MiB
cb9a00951f
Commit Graph

1761 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matt Johnston
b9b308f2fe Use CXX to link fuzzer, also link with $FUZZLIB 
--HG--
branch : fuzz
 2017-05-13 23:46:01 +08:00
Matt Johnston
a7bfd792f7 crypto_init() 
--HG--
branch : fuzz
 2017-05-13 23:45:51 +08:00
Matt Johnston
06fd9e3771 fix buf->pos when shrinking 
--HG--
branch : fuzz
 2017-05-13 23:44:12 +08:00
Matt Johnston
fb719e3d0b fuzz harness 
--HG--
branch : fuzz
 2017-05-13 22:50:54 +08:00
Matt Johnston
9f24cdf74c copy over some fuzzing code from AFL branch 
--HG--
branch : fuzz
 2017-05-12 23:14:54 +08:00
Matt Johnston
d7471c4f87 notsocket changes from afl branch 
--HG--
branch : fuzz
 2017-05-12 22:14:49 +08:00
Thomas De Schampheleire
49177312fb Introduce extra delay before closing unauthenticated sessions 
To make it harder for attackers, introduce a delay to keep an
unauthenticated session open a bit longer, thus blocking a connection
slot until after the delay.

Without this, while there is a limit on the amount of attempts an attacker
can make at the same time (MAX_UNAUTH_PER_IP), the time taken by dropbear to
handle one attempt is still short and thus for each of the allowed parallel
attempts many attempts can be chained one after the other. The attempt rate
is then:
    "MAX_UNAUTH_PER_IP / <process time of one attempt>".

With the delay, this rate becomes:
    "MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".
 2017-02-15 13:53:04 +01:00
Matt Johnston
5d2cb48f46 Use atomic key generation in all cases 2016-11-19 00:31:21 +08:00
Matt Johnston
597f12c44a Use atomic key generation in all cases 2016-11-19 00:31:21 +08:00
Matt Johnston
9f674382d5 Merge pull request #27 from fperrad/20160325_lint 
more linting
 2016-11-18 23:56:22 +08:00
Matt Johnston
6830a65923 Merge pull request #26 from fperrad/kill_kr 
remove K&R old style code
 2016-11-18 22:48:50 +08:00
Francois Perrad
0d9c3fe70b initialize variable and protect against NULL dereferencement 2016-11-15 15:36:05 +01:00
Francois Perrad
2e38ac7504 initialize variable 2016-11-15 15:33:27 +01:00
Francois Perrad
f208d7920c remove duplicated include 2016-11-15 15:31:50 +01:00
Francois Perrad
ecb4a6173d upgrade atomicio 
in order to remove K&R code in atomicio.c

now, vwrite comes from atomicio.h
 2016-11-15 14:56:25 +01:00
Francois Perrad
37a66fa5b6 upgrade strlcat 
in order to remove K&R code
 2016-11-15 14:56:25 +01:00
Andre McCurdy
f9e6bc2aec Fix libtomcrypt/libtommath linking order 
To prevent build failures when using system libtom libraries and
linking with --as-needed, LIBTOM_LIBS should be in the order
-ltomcrypt -ltommath, not the other way around, ie libs should be
prepended to LIBTOM_LIBS as they are found, not appended.

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
 2016-09-16 16:29:28 -07:00
Matt Johnston
81a0240491 add CVEs and patch urls 2016-09-15 21:43:57 +08:00
Matt Johnston
b4d31b492c merge 2016-09-09 21:08:32 +08:00
Matt Johnston
32df924d02 ses.debug_trace is wrong 2016-09-01 23:08:56 +08:00
Stefan Hauser
c60a65bc93 Fix configure options using AC_ARG_ENABLE 
Configure options to disable some features, which are checked using
AC_ARG_ENABLE can be invoked with --enable-<option> as well.
The current configure script always generates a #define for such options
even though the --enable-<option> case should not generate a #define.
Fix this by properly checking if the feature should be enabled, in which
case no #define is being generated.

Signed-off-by: Stefan Hauser <stefan@shauser.net>
 2016-07-27 20:08:57 +02:00
Matt Johnston
4222251d6f merge github 2016-07-22 00:04:47 +08:00
Matt Johnston
c6e912f9e2 merge 2016.74 2016-07-21 23:38:42 +08:00
Matt Johnston
1df5c97144 Added signature for changeset 9030ffdbe562 2016-07-21 23:20:25 +08:00
Matt Johnston
b840a0f500 Added tag DROPBEAR_2016.74 for changeset 0ed3d2bbf956 2016-07-21 23:19:41 +08:00
Matt Johnston
9f40bbba29 mention regression release 2016-07-21 23:16:57 +08:00
Matt Johnston
0086e1d7ca bump version 2016-07-21 23:04:47 +08:00
Matt Johnston
4732de71c6 changelogs 2016-07-21 23:04:24 +08:00
Matt Johnston
8db9415f2a merge 2016-06-21 22:04:30 +08:00
Matt Johnston
dd19d73db4 make sure socket is of the right domain 2016-06-19 20:38:38 +08:00
Ben Gardner
91450c7a95 Add .gitignore file 
Ignored are all files created when building from a git checkout as well as
anything deleted by 'make clean'.

Signed-off-by: Ben Gardner <gardner.ben@gmail.com>
 2016-05-25 10:17:50 -05:00
Ben Gardner
1d20df627d termcodes: make VEOL2, VWERASE, VLNEXT, ECHOCTL, and ECHOKE optional 
My POSIX-like platform is missing some basic termcodes.
Make them optional.

Signed-off-by: Ben Gardner <gardner.ben@gmail.com>
 2016-05-25 10:03:53 -05:00
Ben Gardner
4a10b1961c Change label name _ERR to LBL_ERR 
_ERR is defined in stdio.h on my platform.

Signed-off-by: Ben Gardner <gardner.ben@gmail.com>
 2016-05-25 09:57:53 -05:00
Ben Gardner
100cbc5f3f Use DROPBEAR_PATH_DEVNULL instead of undefined _PATH_DEVNULL 2016-05-25 09:52:23 -05:00
Matt Johnston
e0c6e819c2 Merge pull request #29 from hno/patch-out-of-tree 
Support out-of-tree builds usign bundled libtom
 2016-05-12 23:47:35 +08:00
Henrik Nordström
9025cd9b72 Support out-of-tree builds usign bundled libtom 
When building out-of-tree we need both source and generated
folders in include paths to find both distributed and generated
headers.
 2016-05-11 12:35:06 +02:00
Matt Johnston
2b891f5eb3 listenaddr must be malloced 2017-05-16 23:04:57 +08:00
Matt Johnston
01bde8ff94 reduce buf->pos if shrinking 2017-05-13 23:43:09 +08:00
Matt Johnston
eed0e2e431 add CVEs and patch urls 2016-09-15 21:43:57 +08:00
Matt Johnston
bda3bc4c8d free forced_command 2017-05-10 00:20:33 +08:00
Matt Johnston
93f3c31807 switch user when opening authorized_keys 2017-05-10 00:20:21 +08:00
Henrik Nordström
3aeb557196 Support out-of-tree builds usign bundled libtom 
When building out-of-tree we need both source and generated
folders in include paths to find both distributed and generated
headers.
 2016-05-11 12:35:06 +02:00
Matt Johnston
8c7ebc02a0 Add generated header default_options.h to version control. 
This is a workaround since I cannot figure how to get dependencies
to work properly with "make -j"
 2016-05-04 17:59:34 +02:00
Matt Johnston
1152e47b52 message about truncated banner 2016-05-04 15:28:33 +02:00
Matt Johnston
32a28d0d9c Convert #ifdef to #if, other build changes 2016-05-04 15:33:40 +02:00
Matt Johnston
d6daad29fc options for disabling "normal" DH 2016-05-02 23:48:16 +02:00
Matt Johnston
4664ce2c35 move group14 and group16 to options.h, group14-sha256 on by default 2016-05-02 17:03:55 +02:00
Matt Johnston
171456c683 Avoid busy loop while waiting for rekey response 2016-04-29 23:04:10 +08:00
Matt Johnston
2c73fd6fbf make sure socket is of the right domain 2016-06-19 20:38:38 +08:00
Matt Johnston
0ee860a011 make indenting consistent 2016-07-12 23:33:15 +08:00