ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-19 02:28:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,725 Commits 5 Branches 63 Tags 14 MiB
f030618543
Commit Graph

1725 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matt Johnston
fdc6f32392 closer to working 
--HG--
branch : fuzz
 2017-05-20 13:23:16 +08:00
Matt Johnston
ea984cfb95 add cve and patch link 2017-05-20 10:27:29 +08:00
Matt Johnston
e7cdb2ebe5 add wrapfd. improve fuzzer in makefile 
--HG--
branch : fuzz
 2017-05-19 00:48:46 +08:00
Matt Johnston
4dae8edb76 merge main to fuzz 
--HG--
branch : fuzz
 2017-05-18 23:45:10 +08:00
Matt Johnston
a3e01b8884 better harness 
--HG--
branch : fuzz
 2017-05-18 23:38:30 +08:00
Matt Johnston
6d33a2b0bb setup svr_dropbear_exit 
--HG--
branch : fuzz
 2017-05-18 23:36:54 +08:00
Matt Johnston
f7d38a1b9c merge main 2017-05-18 23:00:12 +08:00
Matt Johnston
45b27b0194 merge 2017.75 2017-05-18 22:59:38 +08:00
Matt Johnston
2a921c2c25 Added signature for changeset 5c9207ceedae 2017-05-18 22:58:18 +08:00
Matt Johnston
4c759cde1f Added tag DROPBEAR_2017.75 for changeset c31276613181 2017-05-18 22:58:14 +08:00
Matt Johnston
c3984c89f7 fix changelog for atomic dropbearkey 2017-05-18 21:31:13 +08:00
Matt Johnston
96dfbc882d bump version to 2017.75 2017-05-17 23:57:58 +08:00
Matt Johnston
d3883e54b8 changes for 2017.75 2017-05-17 23:57:18 +08:00
Matt Johnston
beaff53a79 rename fuzzer -> fuzz-target, add list-fuzz-targets 
--HG--
branch : fuzz
 2017-05-14 00:00:21 +08:00
Matt Johnston
b9b308f2fe Use CXX to link fuzzer, also link with $FUZZLIB 
--HG--
branch : fuzz
 2017-05-13 23:46:01 +08:00
Matt Johnston
a7bfd792f7 crypto_init() 
--HG--
branch : fuzz
 2017-05-13 23:45:51 +08:00
Matt Johnston
06fd9e3771 fix buf->pos when shrinking 
--HG--
branch : fuzz
 2017-05-13 23:44:12 +08:00
Matt Johnston
fb719e3d0b fuzz harness 
--HG--
branch : fuzz
 2017-05-13 22:50:54 +08:00
Matt Johnston
9f24cdf74c copy over some fuzzing code from AFL branch 
--HG--
branch : fuzz
 2017-05-12 23:14:54 +08:00
Matt Johnston
d7471c4f87 notsocket changes from afl branch 
--HG--
branch : fuzz
 2017-05-12 22:14:49 +08:00
Thomas De Schampheleire
49177312fb Introduce extra delay before closing unauthenticated sessions 
To make it harder for attackers, introduce a delay to keep an
unauthenticated session open a bit longer, thus blocking a connection
slot until after the delay.

Without this, while there is a limit on the amount of attempts an attacker
can make at the same time (MAX_UNAUTH_PER_IP), the time taken by dropbear to
handle one attempt is still short and thus for each of the allowed parallel
attempts many attempts can be chained one after the other. The attempt rate
is then:
    "MAX_UNAUTH_PER_IP / <process time of one attempt>".

With the delay, this rate becomes:
    "MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".
 2017-02-15 13:53:04 +01:00
Matt Johnston
5d2cb48f46 Use atomic key generation in all cases 2016-11-19 00:31:21 +08:00
Matt Johnston
597f12c44a Use atomic key generation in all cases 2016-11-19 00:31:21 +08:00
Matt Johnston
9f674382d5 Merge pull request #27 from fperrad/20160325_lint 
more linting
 2016-11-18 23:56:22 +08:00
Matt Johnston
6830a65923 Merge pull request #26 from fperrad/kill_kr 
remove K&R old style code
 2016-11-18 22:48:50 +08:00
Francois Perrad
0d9c3fe70b initialize variable and protect against NULL dereferencement 2016-11-15 15:36:05 +01:00
Francois Perrad
2e38ac7504 initialize variable 2016-11-15 15:33:27 +01:00
Francois Perrad
f208d7920c remove duplicated include 2016-11-15 15:31:50 +01:00
Francois Perrad
ecb4a6173d upgrade atomicio 
in order to remove K&R code in atomicio.c

now, vwrite comes from atomicio.h
 2016-11-15 14:56:25 +01:00
Francois Perrad
37a66fa5b6 upgrade strlcat 
in order to remove K&R code
 2016-11-15 14:56:25 +01:00
Andre McCurdy
f9e6bc2aec Fix libtomcrypt/libtommath linking order 
To prevent build failures when using system libtom libraries and
linking with --as-needed, LIBTOM_LIBS should be in the order
-ltomcrypt -ltommath, not the other way around, ie libs should be
prepended to LIBTOM_LIBS as they are found, not appended.

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
 2016-09-16 16:29:28 -07:00
Matt Johnston
81a0240491 add CVEs and patch urls 2016-09-15 21:43:57 +08:00
Matt Johnston
b4d31b492c merge 2016-09-09 21:08:32 +08:00
Matt Johnston
32df924d02 ses.debug_trace is wrong 2016-09-01 23:08:56 +08:00
Stefan Hauser
c60a65bc93 Fix configure options using AC_ARG_ENABLE 
Configure options to disable some features, which are checked using
AC_ARG_ENABLE can be invoked with --enable-<option> as well.
The current configure script always generates a #define for such options
even though the --enable-<option> case should not generate a #define.
Fix this by properly checking if the feature should be enabled, in which
case no #define is being generated.

Signed-off-by: Stefan Hauser <stefan@shauser.net>
 2016-07-27 20:08:57 +02:00
Matt Johnston
4222251d6f merge github 2016-07-22 00:04:47 +08:00
Matt Johnston
c6e912f9e2 merge 2016.74 2016-07-21 23:38:42 +08:00
Matt Johnston
1df5c97144 Added signature for changeset 9030ffdbe562 2016-07-21 23:20:25 +08:00
Matt Johnston
b840a0f500 Added tag DROPBEAR_2016.74 for changeset 0ed3d2bbf956 2016-07-21 23:19:41 +08:00
Matt Johnston
9f40bbba29 mention regression release 2016-07-21 23:16:57 +08:00
Matt Johnston
0086e1d7ca bump version 2016-07-21 23:04:47 +08:00
Matt Johnston
4732de71c6 changelogs 2016-07-21 23:04:24 +08:00
Matt Johnston
8db9415f2a merge 2016-06-21 22:04:30 +08:00
Matt Johnston
dd19d73db4 make sure socket is of the right domain 2016-06-19 20:38:38 +08:00
Ben Gardner
91450c7a95 Add .gitignore file 
Ignored are all files created when building from a git checkout as well as
anything deleted by 'make clean'.

Signed-off-by: Ben Gardner <gardner.ben@gmail.com>
 2016-05-25 10:17:50 -05:00
Ben Gardner
1d20df627d termcodes: make VEOL2, VWERASE, VLNEXT, ECHOCTL, and ECHOKE optional 
My POSIX-like platform is missing some basic termcodes.
Make them optional.

Signed-off-by: Ben Gardner <gardner.ben@gmail.com>
 2016-05-25 10:03:53 -05:00
Ben Gardner
4a10b1961c Change label name _ERR to LBL_ERR 
_ERR is defined in stdio.h on my platform.

Signed-off-by: Ben Gardner <gardner.ben@gmail.com>
 2016-05-25 09:57:53 -05:00
Ben Gardner
100cbc5f3f Use DROPBEAR_PATH_DEVNULL instead of undefined _PATH_DEVNULL 2016-05-25 09:52:23 -05:00
Matt Johnston
e0c6e819c2 Merge pull request #29 from hno/patch-out-of-tree 
Support out-of-tree builds usign bundled libtom
 2016-05-12 23:47:35 +08:00
Henrik Nordström
9025cd9b72 Support out-of-tree builds usign bundled libtom 
When building out-of-tree we need both source and generated
folders in include paths to find both distributed and generated
headers.
 2016-05-11 12:35:06 +02:00