Update config.guess and config.sub

Updated to 2022-09-17 with
wget -O config.guess 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD'
wget -O config.sub 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD'

.github/workflows/autoconf.yml

@@ -8,7 +8,7 @@ on:
       - master
 jobs:
   autoconf:
-    runs-on: 'ubuntu-20.04'
+    runs-on: 'ubuntu-22.04'
 
     steps:
       - name: deps

.github/workflows/build.yml

@@ -9,7 +9,7 @@ on:
       - master
 jobs:
   build:
-    runs-on: ${{ matrix.os || 'ubuntu-20.04' }}
+    runs-on: ${{ matrix.os || 'ubuntu-22.04' }}
     strategy:
       matrix:
         # XXX uncomment the line below to work with act, see https://github.com/nektos/act/issues/996
@@ -50,11 +50,12 @@ jobs:
           - name: c89
             extracflags: -std=c89 -Wdeclaration-after-statement
 
-          - name: macos 10.15
-            os: macos-10.15
+          - name: macos 12
+            os: macos-12
             cc: clang
-            # OS X says daemon() and utmp are deprecated
-            extracflags: -Wno-deprecated-declarations
+            # OS X says daemon() and utmp are deprecated.
+            # OS X tests for undefined TARGET_OS_EMBEDDED in libc headers
+            extracflags: -Wno-deprecated-declarations -Wno-undef
             runcheck: 'no'
             apt: 'no'
             # fails with:
@@ -64,7 +65,7 @@ jobs:
           - name: macos 11
             os: macos-11
             cc: clang
-            extracflags: -Wno-deprecated-declarations
+            extracflags: -Wno-deprecated-declarations -Wno-undef
             runcheck: 'no'
             apt: 'no'
             ranlib: ranlib -no_warning_for_no_symbols
@@ -74,6 +75,11 @@ jobs:
             localoptions: |
               #define DEBUG_TRACE 5
 
+          # Check off-by-default options don't bitrot
+          - name: nondefault options
+            nondefault: 1
+            configure_flags: --enable-pam
+
           # # Fuzzers run standalone. A bit superfluous with cifuzz, but
           # # good to run the whole corpus to keep it working.
           # - name: fuzzing with address sanitizer
@@ -115,7 +121,7 @@ jobs:
         if: ${{ matrix.apt != 'no' }}
         run: |
           sudo apt-get -y update
-          sudo apt-get -y install zlib1g-dev libtomcrypt-dev libtommath-dev mercurial python3-venv $CC
+          sudo apt-get -y install zlib1g-dev libtomcrypt-dev libtommath-dev mercurial python3-venv libpam0g-dev $CC
 
       - uses: actions/checkout@v2
 
@@ -129,8 +135,19 @@ jobs:
       - name: localoptions
         run: |
           echo "$LOCALOPTIONS" > localoptions.h
+          echo "#define DROPBEAR_DSS 1" >> localoptions.h
           cat localoptions.h
 
+      - name: nondefault
+        if: ${{ matrix.nondefault }}
+        run: |
+          # Turn on anything that's off by default. Rough but seems sufficient
+          grep ' 0$' default_options.h | sed 's/0$/1/' > localoptions.h
+          # PAM clashes with password
+          echo "#define DROPBEAR_SVR_PASSWORD_AUTH 0" >> localoptions.h
+          # 1 second timeout is too short
+          sed -i "s/DEFAULT_IDLE_TIMEOUT 1/DEFAULT_IDLE_TIMEOUT 99/" localoptions.h
+
       - name: make
         run: make -j3
 

.github/workflows/tarball.yml

@@ -5,7 +5,7 @@ on:
       - master
 jobs:
   tarball:
-    runs-on: 'ubuntu-20.04'
+    runs-on: 'ubuntu-22.04'
 
     steps:
       - uses: actions/checkout@v2

CHANGES

@@ -1,3 +1,108 @@
+2022.83 - 14 November 2022
+
+Features and Changes:
+  Note >> for compatibility/configuration changes
+
+- >> Disable DROPBEAR_DSS by default
+  It is only 1024 bit and uses sha1, most distros disable it by default already.
+
+- Added DROPBEAR_RSA_SHA1 option to allow disabling sha1 rsa signatures.
+  >> RSA with sha1 will be disabled in a future release (rsa keys will continue
+  to work OK, with sha256 signatures used instead).
+
+- Add option for requiring both password and pubkey (-t)
+  Patch from Jackkal
+
+- Add 'no-touch-required' and 'verify-required' options for sk keys
+  Patch from Egor Duda
+
+  - >> DROPBEAR_SK_KEYS config option now replaces separate DROPBEAR_SK_ECDSA
+  and DROPBEAR_SK_ED25519 options.
+
+- Add 'permitopen' option for authorized_keys to restrict forwarded ports
+  Patch from Tuomas Haikarainen
+
+- >> Added LTM_CFLAGS configure argument to set flags for building
+  bundled libtommath. This also restores the previous arguments used
+  in 2020.81 (-O3 -funroll-loops). That gives a big speedup for RSA
+  key generation, which regressed in 2022.82.
+  There is a tradeoff with code size, so -Os can be used if required.
+  https://github.com/mkj/dropbear/issues/174
+  Reported by David Bernard
+
+- Add '-z' flag to disable setting QoS traffic class. This may be necessary
+  to work with broken networks or network drivers, exposed after changes to use
+  AF21 in 2022.82
+  https://github.com/mkj/dropbear/issues/193
+  Reported by yuhongwei380, patch from Petr Štetiar
+
+- Allow overriding user shells with COMPAT_USER_SHELLS
+  Based on a patch from Matt Robinson
+
+- Improve permission error message
+  Patch from k-kurematsu
+
+- >> Remove HMAC_MD5 entirely
+
+Regression fixes from 2022.82:
+
+- Fix X11 build
+
+- Fix build warning
+
+- Fix compilation when disabling pubkey authentication
+  Patch from MaxMougg
+
+- Fix MAX_UNAUTH_CLIENTS regression
+  Reported by ptpt52
+
+- Avoid using slower prime testing in bundled libtomcrypt when DSS is disabled
+  https://github.com/mkj/dropbear/issues/174
+  Suggested by Steffen Jaeckel
+
+- Fix Dropbear plugin support
+  https://github.com/mkj/dropbear/issues/194
+  Reported by Struan Bartlett
+
+Other fixes:
+
+- Fix long standing incorrect compression size check. Dropbear
+  (client or server) would erroneously exit with
+  "bad packet, oversized decompressed"
+  when receiving a compressed packet of exactly the maximum size.
+
+- Fix missing setsid() removed in 2020.79
+  https://github.com/mkj/dropbear/issues/180
+  Reported and debugged by m5jt and David Bernard
+
+- Try keyboard-interactive auth before password, in dbclient.
+  This was unintentionally changed back in 2013
+  https://github.com/mkj/dropbear/pull/190
+  Patch from Michele Giacomoli
+
+- Drain the terminal when reading the fingerprint confirmation response
+  https://github.com/mkj/dropbear/pull/191
+  Patch from Michele Giacomoli
+
+- Fix utx wtmp variable typo. This has been wrong for a long time but
+  only recently became a problem when wtmp was detected.
+  https://github.com/mkj/dropbear/pull/189
+  Patch from Michele Giacomoli
+
+- Improve configure test for hardening options.
+  Fixes building on AIX
+  https://github.com/mkj/dropbear/issues/158
+
+- Fix debian/dropbear.init newline
+  From wulei-student
+
+Infrastructure:
+
+- Test off-by-default compile options
+
+- Set -Wundef to catch typos in #if statements
+
+
 2022.82 - 1 April 2022
 
 Features and Changes:
@@ -54,10 +159,13 @@ Features and Changes:
   Patch from Raphaël Hertzog
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403
 
-- Added client option "-o DisableTrivialAuth". This can be used to prevent
-  the server immediately accepting successful authentication (before any auth
-  request) which could cause UI confusion and security issues with agent
-  forwarding - it isn't clear which host is prompting to use a key.
+- Added client option "-o DisableTrivialAuth". It disallows a server immediately
+  giving successful authentication (without presenting any password/pubkey prompt).
+  This avoids a UI confusion issue where it may appear that the user is accepting
+  a SSH agent prompt from their local machine, but are actually accepting a prompt
+  sent immediately by the remote server. 
+  CVE-2021-36369 though the description there is a bit confused. It only applies
+  to Dropbear as a client.
   Thanks to Manfred Kaiser from Austrian MilCERT
 
 - Add -q client option to hide remote banner, from Hans Harder

INSTALL

@@ -58,7 +58,7 @@ Compiling for uClibc should be the same as normal, just set CC to the magic
 uClibc toolchain compiler (ie export CC=i386-uclibc-gcc or whatever).
 You can use "make STATIC=1" to make statically linked binaries, and it is
 advisable to strip the binaries too. If you're looking to make a small binary,
-you should remove unneeded ciphers and MD5, by editing localoptions.h
+you should remove unneeded ciphers and algorithms, by editing localoptions.h
 
 It is possible to compile zlib in, by copying zlib.h and zconf.h into a
 subdirectory (ie zlibincludes), and 

README

@@ -8,6 +8,8 @@ which performs multiple tasks, to save disk space)
 
 SMALL has some tips on creating small binaries.
 
+A mirror of the Dropbear website and tarballs is available at https://dropbear.nl/mirror/
+
 Please contact me if you have any questions/bugs found/features/ideas/comments etc :)
 There is also a mailing list http://lists.ucc.gu.uwa.edu.au/mailman/listinfo/dropbear
 

SMALL

@@ -47,4 +47,10 @@ deciding.
 
 Of course using small C libraries such as uClibc and dietlibc can also help.
 
+---
+
+Libtommath has its own default CFLAGS to improve speed. You can use
+./configure LTM_CFLAGS=-Os
+to reduce size at the expense of speed.
+
 If you have any queries, mail me and I'll see if I can help.

auth.h

@@ -28,6 +28,7 @@
 #include "includes.h"
 #include "signkey.h"
 #include "chansession.h"
+#include "list.h"
 
 void svr_authinitialise(void);
 
@@ -45,6 +46,7 @@ int svr_pubkey_allows_agentfwd(void);
 int svr_pubkey_allows_tcpfwd(void);
 int svr_pubkey_allows_x11fwd(void);
 int svr_pubkey_allows_pty(void);
+int svr_pubkey_allows_local_tcpfwd(const char *host, unsigned int port);
 void svr_pubkey_set_forced_command(struct ChanSess *chansess);
 void svr_pubkey_options_cleanup(void);
 int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filename);
@@ -54,6 +56,9 @@ int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filena
 #define svr_pubkey_allows_tcpfwd() 1
 #define svr_pubkey_allows_x11fwd() 1
 #define svr_pubkey_allows_pty() 1
+static inline int svr_pubkey_allows_local_tcpfwd(const char *host, unsigned int port)
+	{ (void)host; (void)port; return 1; }
+
 static inline void svr_pubkey_set_forced_command(struct ChanSess *chansess) { }
 static inline void svr_pubkey_options_cleanup(void) { }
 #define svr_add_pubkey_options(x,y,z) DROPBEAR_SUCCESS
@@ -93,6 +98,7 @@ void cli_auth_pubkey_cleanup(void);
 #define AUTH_METHOD_INTERACT "keyboard-interactive"
 #define AUTH_METHOD_INTERACT_LEN 20
 
+#define PUBKEY_OPTIONS_ANY_PORT UINT_MAX
 
 
 /* This structure is shared between server and client - it contains
@@ -139,6 +145,18 @@ struct PubKeyOptions {
 	int no_pty_flag;
 	/* "command=" option. */
 	char * forced_command;
+	/* "permitopen=" option */
+	m_list *permit_open_destinations;
+	
+#if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519
+	int no_touch_required_flag;
+	int verify_required_flag;
+#endif
+};
+
+struct PermitTCPFwdEntry {
+	char *host;
+	unsigned int port;
 };
 #endif
 

cli-auth.c

@@ -296,18 +296,6 @@ int cli_auth_try() {
 	}
 #endif
 
-#if DROPBEAR_CLI_PASSWORD_AUTH
-	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) {
-		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
-			fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
-		} else {
-			cli_auth_password();
-			finished = 1;
-			cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
-		}
-	}
-#endif
-
 #if DROPBEAR_CLI_INTERACT_AUTH
 	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) {
 		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
@@ -322,6 +310,18 @@ int cli_auth_try() {
 	}
 #endif
 
+#if DROPBEAR_CLI_PASSWORD_AUTH
+	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) {
+		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
+			fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
+		} else {
+			cli_auth_password();
+			finished = 1;
+			cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
+		}
+	}
+#endif
+
 	TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype))
 
 	if (finished) {

cli-kex.c

@@ -229,6 +229,8 @@ static void ask_to_confirm(const unsigned char* keyblob, unsigned int keybloblen
 		fclose(tty);
 	} else {
 		response = getc(stdin);
+		/* flush stdin buffer */
+		while ((getchar()) != '\n');
 	}
 
 	if (response == 'y') {

cli-runopts.c

@@ -83,6 +83,7 @@ static void printhelp() {
 					"-W <receive_window_buffer> (default %d, larger may be faster, max 10MB)\n"
 					"-K <keepalive>  (0 is never, default %d)\n"
 					"-I <idle_timeout>  (0 is never, default %d)\n"
+					"-z    disable QoS\n"
 #if DROPBEAR_CLI_NETCAT
 					"-B <endhost:endport> Netcat-alike forwarding\n"
 #endif				
@@ -325,6 +326,9 @@ void cli_getopts(int argc, char ** argv) {
 				case 'b':
 					next = &bind_arg;
 					break;
+				case 'z':
+					opts.disable_ip_tos = 1;
+					break;
 				default:
 					fprintf(stderr,
 						"WARNING: Ignoring unknown option -%c\n", c);

common-algo.c

@@ -114,10 +114,6 @@ static const struct dropbear_hash dropbear_sha2_256 =
 static const struct dropbear_hash dropbear_sha2_512 =
 	{&sha512_desc, 64, 64};
 #endif
-#if DROPBEAR_MD5_HMAC
-static const struct dropbear_hash dropbear_md5 = 
-	{&md5_desc, 16, 16};
-#endif
 
 const struct dropbear_hash dropbear_nohash =
 	{NULL, 16, 0}; /* used initially */
@@ -185,9 +181,6 @@ algo_type sshhashes[] = {
 #endif
 #if DROPBEAR_SHA2_512_HMAC
 	{"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL},
-#endif
-#if DROPBEAR_MD5_HMAC
-	{"hmac-md5", 0, (void*)&dropbear_md5, 1, NULL},
 #endif
 	{NULL, 0, NULL, 0, NULL}
 };

compat.c

@@ -231,8 +231,7 @@ void setusershell() {
 }
 
 static char **initshells() {
-	/* don't touch this list. */
-	static const char *okshells[] = { "/bin/sh", "/bin/csh", NULL };
+	static const char *okshells[] = { COMPAT_USER_SHELLS, NULL };
 	register char **sp, *cp;
 	register FILE *fp;
 	struct stat statb;

config.guess

@@ -4,7 +4,7 @@
 
 # shellcheck disable=SC2006,SC2268 # see below for rationale
 
-timestamp='2022-01-09'
+timestamp='2022-09-17'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -966,6 +966,12 @@ EOF
 	GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
 	GUESS=$UNAME_MACHINE-unknown-$GNU_SYS$GNU_REL-$LIBC
 	;;
+    x86_64:[Mm]anagarm:*:*|i?86:[Mm]anagarm:*:*)
+	GUESS="$UNAME_MACHINE-pc-managarm-mlibc"
+	;;
+    *:[Mm]anagarm:*:*)
+	GUESS="$UNAME_MACHINE-unknown-managarm-mlibc"
+	;;
     *:Minix:*:*)
 	GUESS=$UNAME_MACHINE-unknown-minix
 	;;
@@ -1036,7 +1042,7 @@ EOF
     k1om:Linux:*:*)
 	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
 	;;
-    loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*)
+    loongarch32:Linux:*:* | loongarch64:Linux:*:*)
 	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
 	;;
     m32r*:Linux:*:*)
@@ -1151,16 +1157,27 @@ EOF
 	;;
     x86_64:Linux:*:*)
 	set_cc_for_build
+	CPU=$UNAME_MACHINE
 	LIBCABI=$LIBC
 	if test "$CC_FOR_BUILD" != no_compiler_found; then
-	    if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \
-		(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
-		grep IS_X32 >/dev/null
-	    then
-		LIBCABI=${LIBC}x32
-	    fi
+	    ABI=64
+	    sed 's/^	    //' << EOF > "$dummy.c"
+	    #ifdef __i386__
+	    ABI=x86
+	    #else
+	    #ifdef __ILP32__
+	    ABI=x32
+	    #endif
+	    #endif
+EOF
+	    cc_set_abi=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^ABI' | sed 's, ,,g'`
+	    eval "$cc_set_abi"
+	    case $ABI in
+		x86) CPU=i686 ;;
+		x32) LIBCABI=${LIBC}x32 ;;
+	    esac
 	fi
-	GUESS=$UNAME_MACHINE-pc-linux-$LIBCABI
+	GUESS=$CPU-pc-linux-$LIBCABI
 	;;
     xtensa*:Linux:*:*)
 	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
@@ -1367,8 +1384,11 @@ EOF
     BePC:Haiku:*:*)	# Haiku running on Intel PC compatible.
 	GUESS=i586-pc-haiku
 	;;
-    x86_64:Haiku:*:*)
-	GUESS=x86_64-unknown-haiku
+    ppc:Haiku:*:*)	# Haiku running on Apple PowerPC
+	GUESS=powerpc-apple-haiku
+	;;
+    *:Haiku:*:*)	# Haiku modern gcc (not bound by BeOS compat)
+	GUESS=$UNAME_MACHINE-unknown-haiku
 	;;
     SX-4:SUPER-UX:*:*)
 	GUESS=sx4-nec-superux$UNAME_RELEASE

config.h.in

@@ -180,9 +180,6 @@
 /* Define to 1 if you have the <mach/mach_time.h> header file. */
 #undef HAVE_MACH_MACH_TIME_H
 
-/* Define to 1 if you have the <memory.h> header file. */
-#undef HAVE_MEMORY_H
-
 /* Define to 1 if you have the `memset_s' function. */
 #undef HAVE_MEMSET_S
 
@@ -237,6 +234,9 @@
 /* Define to 1 if you have the <stdint.h> header file. */
 #undef HAVE_STDINT_H
 
+/* Define to 1 if you have the <stdio.h> header file. */
+#undef HAVE_STDIO_H
+
 /* Define to 1 if you have the <stdlib.h> header file. */
 #undef HAVE_STDLIB_H
 
@@ -417,17 +417,14 @@
 /* Define to the type of arg 5 for `select'. */
 #undef SELECT_TYPE_ARG5
 
-/* Define to 1 if you have the ANSI C header files. */
+/* Define to 1 if all of the C90 standard headers exist (not just the ones
+   required in a freestanding environment). This macro is provided for
+   backward compatibility; new code need not use it. */
 #undef STDC_HEADERS
 
 /* Use /dev/ptmx */
 #undef USE_DEV_PTMX
 
-/* Enable large inode numbers on Mac OS X 10.5.  */
-#ifndef _DARWIN_USE_64_BIT_INODE
-# define _DARWIN_USE_64_BIT_INODE 1
-#endif
-
 /* Number of bits in a file offset, on hosts where this is settable. */
 #undef _FILE_OFFSET_BITS
 
@@ -446,7 +443,7 @@
 /* Define to `int' if <sys/types.h> does not define. */
 #undef mode_t
 
-/* Define to `int' if <sys/types.h> does not define. */
+/* Define as a signed integer type capable of holding a process identifier. */
 #undef pid_t
 
 /* Define to `unsigned int' if <sys/types.h> does not define. */

config.sub

@@ -4,7 +4,7 @@
 
 # shellcheck disable=SC2006,SC2268 # see below for rationale
 
-timestamp='2022-01-03'
+timestamp='2022-09-17'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -145,7 +145,7 @@ case $1 in
 			nto-qnx* | linux-* | uclinux-uclibc* \
 			| uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \
 			| netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \
-			| storm-chaos* | os2-emx* | rtmk-nova*)
+			| storm-chaos* | os2-emx* | rtmk-nova* | managarm-*)
 				basic_machine=$field1
 				basic_os=$maybe_os
 				;;
@@ -1207,7 +1207,7 @@ case $cpu-$vendor in
 			| k1om \
 			| le32 | le64 \
 			| lm32 \
-			| loongarch32 | loongarch64 | loongarchx32 \
+			| loongarch32 | loongarch64 \
 			| m32c | m32r | m32rle \
 			| m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \
 			| m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \
@@ -1341,6 +1341,10 @@ EOF
 		kernel=linux
 		os=`echo "$basic_os" | sed -e 's|linux|gnu|'`
 		;;
+	managarm*)
+		kernel=managarm
+		os=`echo "$basic_os" | sed -e 's|managarm|mlibc|'`
+		;;
 	*)
 		kernel=
 		os=$basic_os
@@ -1754,7 +1758,7 @@ case $os in
 	     | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \
 	     | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \
 	     | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \
-	     | fiwix* )
+	     | fiwix* | mlibc* )
 		;;
 	# This one is extra strict with allowed versions
 	sco3.2v2 | sco3.2v[4-9]* | sco5v6*)
@@ -1762,6 +1766,9 @@ case $os in
 		;;
 	none)
 		;;
+	kernel* )
+		# Restricted further below
+		;;
 	*)
 		echo Invalid configuration \`"$1"\': OS \`"$os"\' not recognized 1>&2
 		exit 1
@@ -1772,16 +1779,26 @@ esac
 # (given a valid OS), if there is a kernel.
 case $kernel-$os in
 	linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* \
-		   | linux-musl* | linux-relibc* | linux-uclibc* )
+		   | linux-musl* | linux-relibc* | linux-uclibc* | linux-mlibc* )
 		;;
 	uclinux-uclibc* )
 		;;
-	-dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* )
+	managarm-mlibc* | managarm-kernel* )
+		;;
+	-dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* | -mlibc* )
 		# These are just libc implementations, not actual OSes, and thus
 		# require a kernel.
 		echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2
 		exit 1
 		;;
+	-kernel* )
+		echo "Invalid configuration \`$1': \`$os' needs explicit kernel." 1>&2
+		exit 1
+		;;
+	*-kernel* )
+		echo "Invalid configuration \`$1': \`$kernel' does not support \`$os'." 1>&2
+		exit 1
+		;;
 	kfreebsd*-gnu* | kopensolaris*-gnu*)
 		;;
 	vxworks-simlinux | vxworks-simwindows | vxworks-spe)

configure.ac

@@ -23,15 +23,15 @@ AC_PROG_CC
 if test -z "$LD" ; then
 	LD=$CC
 fi
-AC_SUBST(LD)	
+AC_SUBST(LD)
 
-AC_DEFUN(DB_TRYADDCFLAGS, 
+AC_DEFUN(DB_TRYADDCFLAGS,
 [{
 		OLDFLAGS="$CFLAGS"
 		TESTFLAGS="$1"
-		CFLAGS="$CFLAGS $TESTFLAGS"
-		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
-			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		CFLAGS="$TESTFLAGS $CFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
 			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDFLAGS" ]
 			)
 }])
@@ -42,12 +42,25 @@ if test -z "$ORIGCFLAGS" && test "$GCC" = "yes"; then
 	CFLAGS="-Os -W -Wall"
 fi
 
+# LTM_CFLAGS is given to ./configure by the user, 
+# DROPBEAR_LTM_CFLAGS is substituted in the LTM Makefile.in
+DROPBEAR_LTM_CFLAGS="$LTM_CFLAGS"
+if test -z "$DROPBEAR_LTM_CFLAGS"; then
+	DROPBEAR_LTM_CFLAGS="-O3 -funroll-loops -fomit-frame-pointer"
+fi
+AC_MSG_NOTICE(Setting LTM_CFLAGS to $DROPBEAR_LTM_CFLAGS)
+AC_ARG_VAR(LTM_CFLAGS, CFLAGS for bundled libtommath. Default -O3 -funroll-loops -fomit-frame-pointer)
+AC_SUBST(DROPBEAR_LTM_CFLAGS)
+
 AC_MSG_NOTICE([Checking if compiler '$CC' supports -Wno-pointer-sign])
 DB_TRYADDCFLAGS([-Wno-pointer-sign])
 
 AC_MSG_NOTICE([Checking if compiler '$CC' supports -fno-strict-overflow])
 DB_TRYADDCFLAGS([-fno-strict-overflow])
 
+AC_MSG_NOTICE([Checking if compiler '$CC' supports -Wundef])
+DB_TRYADDCFLAGS([-Wundef])
+
 # needed for various extensions. define early before autoconf tests
 AC_DEFINE([_GNU_SOURCE], [], [Use GNU extensions if glibc])
 
@@ -81,15 +94,15 @@ if test "$hardenbuild" -eq 1; then
 
 		OLDLDFLAGS="$LDFLAGS"
 		TESTFLAGS="-Wl,-pie"
-		LDFLAGS="$LDFLAGS $TESTFLAGS"
-		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
-			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		LDFLAGS="$TESTFLAGS $LDFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
 			[
 				LDFLAGS="$OLDLDFLAGS"
 				TESTFLAGS="-pie"
-				LDFLAGS="$LDFLAGS $TESTFLAGS"
-				AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
-					[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+				LDFLAGS="$TESTFLAGS $LDFLAGS"
+				AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+					[AC_MSG_NOTICE([Setting $TESTFLAGS])],
 					[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
 					)
 			]
@@ -97,24 +110,24 @@ if test "$hardenbuild" -eq 1; then
 		# readonly elf relocation sections (relro)
 		OLDLDFLAGS="$LDFLAGS"
 		TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
-		LDFLAGS="$LDFLAGS $TESTFLAGS"
-		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
-			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		LDFLAGS="$TESTFLAGS $LDFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
 			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
 			)
 	fi # non-static
 	# stack protector. -strong is good but only in gcc 4.9 or later
 	OLDCFLAGS="$CFLAGS"
 	TESTFLAGS="-fstack-protector-strong"
-	CFLAGS="$CFLAGS $TESTFLAGS"
-	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
-	    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+	CFLAGS="$TESTFLAGS $CFLAGS"
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+	    [AC_MSG_NOTICE([Setting $TESTFLAGS])],
 	    [
 			CFLAGS="$OLDCFLAGS"
 			TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
-			CFLAGS="$CFLAGS $TESTFLAGS"
-			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
-			    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+			CFLAGS="$TESTFLAGS $CFLAGS"
+			AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			    [AC_MSG_NOTICE([Setting $TESTFLAGS])],
 			    [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
 			    )
 	    ]
@@ -174,7 +187,7 @@ case "$host" in
 	# OpenSSH thinks it's broken. If it isn't, let me know.
 	AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo)
 	;;
-	
+
 *-*-hpux*)
 	LIBS="$LIBS -lsec"
 	# It's probably broken.
@@ -191,7 +204,7 @@ AC_CHECK_TOOL(STRIP, strip, :)
 AC_CHECK_TOOL(INSTALL, install, :)
 
 dnl Can't use login() or logout() with uclibc
-AC_CHECK_DECL(__UCLIBC__, 
+AC_CHECK_DECL(__UCLIBC__,
 	[
 	no_loginfunc_check=1
 	AC_MSG_NOTICE([Using uClibc - login() and logout() probably don't work, so we won't use them.])
@@ -199,14 +212,14 @@ AC_CHECK_DECL(__UCLIBC__,
 
 dnl We test for crypt() specially. On Linux (and others?) it resides in libcrypt
 dnl but we don't want link all binaries to -lcrypt, just dropbear server.
-dnl OS X doesn't need -lcrypt 
+dnl OS X doesn't need -lcrypt
 AC_CHECK_FUNC(crypt, found_crypt_func=here)
-AC_CHECK_LIB(crypt, crypt, 
+AC_CHECK_LIB(crypt, crypt,
 	[
 	CRYPTLIB="-lcrypt"
 	found_crypt_func=here
 	])
-AC_SUBST(CRYPTLIB)	
+AC_SUBST(CRYPTLIB)
 if test "t$found_crypt_func" = there; then
 AC_DEFINE(HAVE_CRYPT, 1, [crypt() function])
 fi
@@ -568,7 +581,7 @@ AC_ARG_ENABLE(bundled-libtom,
 )
 
 if test $BUNDLED_LIBTOM = 1 ; then
-	AC_DEFINE(BUNDLED_LIBTOM,1,Use bundled libtom) 
+	AC_DEFINE(BUNDLED_LIBTOM,1,Use bundled libtom)
 fi
 
 AC_SUBST(LIBTOM_LIBS)
@@ -641,7 +654,7 @@ AC_ARG_ENABLE(pututxline,
 AC_ARG_WITH(lastlog,
   [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
 	[
-		if test "x$withval" = "xno" ; then	
+		if test "x$withval" = "xno" ; then
 			AC_DEFINE(DISABLE_LASTLOG)
 		else
 			conf_lastlog_location=$withval
@@ -716,7 +729,7 @@ fi
 
 if test -n "$conf_lastlog_location"; then
 	AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location", lastlog file location)
-fi	
+fi
 
 dnl utmp detection
 AC_MSG_CHECKING([if your system defines UTMP_FILE])
@@ -746,7 +759,7 @@ if test -z "$conf_utmp_location"; then
 fi
 if test -n "$conf_utmp_location"; then
 	AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location", utmp file location)
-fi	
+fi
 
 dnl wtmp detection
 AC_MSG_CHECKING([if your system defines WTMP_FILE])
@@ -778,7 +791,7 @@ if test -z "$conf_wtmp_location"; then
 fi
 if test -n "$conf_wtmp_location"; then
 	AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location", wtmp file location)
-fi	
+fi
 
 
 dnl utmpx detection - I don't know any system so perverse as to require
@@ -806,7 +819,7 @@ if test -z "$conf_utmpx_location"; then
 	fi
 else
 	AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location", utmpx file location)
-fi	
+fi
 
 dnl wtmpx detection
 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
@@ -833,7 +846,7 @@ if test -z "$conf_wtmpx_location"; then
 	fi
 else
 	AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location", wtmpx file location)
-fi	
+fi
 
 # Checks for library functions.
 AC_PROG_GCC_TRADITIONAL
@@ -869,7 +882,7 @@ fi
 AC_EXEEXT
 
 if test $BUNDLED_LIBTOM = 1 ; then
-(cd $srcdir; find libtomcrypt -type d) | xargs mkdir -pv 
+(cd $srcdir; find libtomcrypt -type d) | xargs mkdir -pv
 LIBTOM_FILES="libtomcrypt/Makefile libtommath/Makefile"
 fi
 

crypto_desc.c

@@ -34,9 +34,6 @@ void crypto_init() {
 #if DROPBEAR_SHA1_HMAC
 		&sha1_desc,
 #endif
-#if DROPBEAR_MD5_HMAC
-		&md5_desc,
-#endif
 #if DROPBEAR_SHA256
 		&sha256_desc,
 #endif

dbclient.1

@@ -94,7 +94,18 @@ is performed at all, this is usually undesirable.
 .B \-A
 Forward agent connections to the remote host. dbclient will use any
 OpenSSH-style agent program if available ($SSH_AUTH_SOCK will be set) for
-public key authentication.  Forwarding is only enabled if -A is specified.
+public key authentication.  Forwarding is only enabled if \fI-A\fR is specified.
+
+Beware that a forwarded agent connection will allow the remote server to have
+the same authentication credentials as you have used locally. A compromised
+remote server could use that to log in to other servers. 
+
+In many situations Dropbear's multi-hop mode is a better and more secure alternative
+to agent forwarding, avoiding having to trust the intermediate server.
+
+If the SSH agent program is set to prompt when a key is used, the 
+\fI-o DisableTrivialAuth\fR option can prevent UI confusion.
+
 .TP
 .B \-W \fIwindowsize
 Specify the per-channel receive window buffer size. Increasing this 
@@ -111,6 +122,9 @@ if 0 disables keepalives. If no response is received for 3 consecutive keepalive
 .B \-I \fIidle_timeout
 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
 .TP
+.B \-z
+By default Dropbear will send network traffic with the \fBAF21\fR setting for QoS, letting network devices give it higher priority. Some devices may have problems with that, \fI-z\fR can be used to disable it.
+.TP
 
 .\" TODO: how to avoid a line break between these two -J arguments?
 .B \-J \fIproxy_command
@@ -156,6 +170,13 @@ Send dbclient log messages to syslog in addition to stderr.
 .TP
 .B Port
 Specify a listening port, like the \fI-p\fR argument.
+.TP
+.B DisableTrivialAuth
+Disallow a server immediately
+giving successful authentication (without presenting any password/pubkey prompt).
+This avoids a UI confusion issue where it may appear that the user is accepting
+a SSH agent prompt from their local machine, but are actually accepting a prompt
+sent immediately by the remote server. 
 .RE
 .TP
 .B \-s 

debian/changelog

@@ -1,3 +1,9 @@
+dropbear (2022.83-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Mon, 14 Nov 2022 22:51:57 +0800
+
 dropbear (2022.82-0.1) unstable; urgency=low
 
   * New upstream release.

debian/dropbear.init

@@ -25,7 +25,7 @@ set -e
 cancel() { echo "$1" >&2; exit 0; };
 test ! -r /etc/default/dropbear || . /etc/default/dropbear
 test -x "$DAEMON" || cancel "$DAEMON does not exist or is not executable."
-test ! -x /usr/sbin/update-service || ! update-service --check dropbear ||
+test ! -x /usr/sbin/update-service || ! update-service --check dropbear || \
   cancel 'The dropbear service is controlled through runit, use the sv(8) program'
 
 test -z "$DROPBEAR_BANNER" || \

default_options.h

@@ -122,30 +122,43 @@ IMPORTANT: Some options will require "make clean" after changes */
    sha1 for compatibility */
 #define DROPBEAR_SHA1_HMAC 1
 #define DROPBEAR_SHA2_256_HMAC 1
+#define DROPBEAR_SHA2_512_HMAC 0
 #define DROPBEAR_SHA1_96_HMAC 0
 
 /* Hostkey/public key algorithms - at least one required, these are used
  * for hostkey as well as for verifying signatures with pubkey auth.
- * Removing either of these won't save very much space.
  * RSA is recommended.
- * DSS may be necessary to connect to some systems though
- * is not recommended for new keys.
+ *
  * See: RSA_PRIV_FILENAME and DSS_PRIV_FILENAME */
 #define DROPBEAR_RSA 1
-#define DROPBEAR_DSS 1
+/* Newer SSH implementations use SHA256 for RSA signatures. SHA1
+ * support is required to communicate with some older implementations.
+ * It will be removed in future due to SHA1 insecurity, it can be
+ * disabled with DROPBEAR_RSA_SHA1 set to 0 */
+#define DROPBEAR_RSA_SHA1 1
+
+/* DSS may be necessary to connect to some systems but is not
+ * recommended for new keys (1024 bits is small, and it uses SHA1).
+ * RSA key generation will be faster with bundled libtommath
+ * if DROPBEAR_DSS is disabled.
+ * https://github.com/mkj/dropbear/issues/174#issuecomment-1267374858 */
+#define DROPBEAR_DSS 0
 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
  * code (either ECDSA or ECDH) increases binary size - around 30kB
  * on x86-64.
  * See: ECDSA_PRIV_FILENAME  */
 #define DROPBEAR_ECDSA 1
+
 /* Ed25519 is faster than ECDSA. Compiling in Ed25519 code increases
  * binary size - around 7,5kB on x86-64.
  * See: ED25519_PRIV_FILENAME  */
 #define DROPBEAR_ED25519 1
-/* SK_ECDSA/SK_ED25519 allows u2f security keys for public key auth.
+
+/* Allow U2F security keys for public key auth, with
+ * sk-ecdsa-sha2-nistp256@openssh.com or sk-ssh-ed25519@openssh.com keys.
+ * The corresponding DROPBEAR_ECDSA or DROPBEAR_ED25519 also needs to be set.
  * This is currently server-only. */
-#define DROPBEAR_SK_ECDSA 1
-#define DROPBEAR_SK_ED25519 1
+#define DROPBEAR_SK_KEYS 1
 
 /* RSA must be >=1024 */
 #define DROPBEAR_DEFAULT_RSA_SIZE 2048

dropbear.8

@@ -53,6 +53,10 @@ Disable password logins.
 .B \-g
 Disable password logins for root.
 .TP
+.B \-t
+Enable two-factor authentication. Both password login and public key authentication are
+required. Should not be used with the '-s' option.
+.TP
 .B \-j
 Disable local port forwarding.
 .TP
@@ -97,6 +101,9 @@ of 0 disables keepalives. If no response is received for 3 consecutive keepalive
 .B \-I \fIidle_timeout
 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
 .TP
+.B \-z
+By default Dropbear will send network traffic with the \fBAF21\fR setting for QoS, letting network devices give it higher priority. Some devices may have problems with that, \fI-z\fR can be used to disable it.
+.TP
 .B \-T \fImax_authentication_attempts
 Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES)
 .TP
@@ -144,6 +151,14 @@ same functionality with other means even if no-pty is set.
 .B restrict
 Applies all the no- restrictions listed above.
 
+.TP
+.B permitopen=\fR"\fIhost:port\fR"
+Restrict local port forwarding so that connection is allowed only to the
+specified host and port. Multiple permitopen options separated by commas
+can be set in authorized_keys. Wildcard character ('*') may be used in
+port specification for matching any port. Hosts must be literal domain names or
+IP addresses.
+
 .TP
 .B command=\fR"\fIforced_command\fR"
 Disregard the command provided by the user and always run \fIforced_command\fR.

dropbear_lint.sh

@@ -3,6 +3,6 @@
 EXITCODE=0
 
 # #ifdef instead of #if
-grep '#ifdef DROPBEAR' -I *.c *.h && EXITCODE=1
+grep '#ifdef DROPBEAR' -I -- *.c *.h && EXITCODE=1
 
 exit $EXITCODE

dropbearkey.c

@@ -127,13 +127,13 @@ static void check_signkey_bits(enum signkey_type type, int bits)
 #endif
 #if DROPBEAR_RSA
 		case DROPBEAR_SIGNKEY_RSA:
-			if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
-				dropbear_exit("Bits must satisfy 512 <= bits <= 4096, and be a"
+			if (bits < 1024 || bits > 4096 || (bits % 8 != 0)) {
+				dropbear_exit("Bits must satisfy 1024 <= bits <= 4096, and be a"
 				              " multiple of 8\n");
 			}
 			break;
 #endif
-#if DROPEAR_DSS
+#if DROPBEAR_DSS
 		case DROPBEAR_SIGNKEY_DSS:
 			if (bits != 1024) {
 				dropbear_exit("DSS keys have a fixed size of 1024 bits\n");

fuzz/fuzzer-verify.c

@@ -3,6 +3,7 @@
 #include "fuzz-wrapfd.h"
 #include "debug.h"
 #include "dss.h"
+#include "ed25519.h"
 
 static void setup_fuzzer(void) {
 	fuzz_common_setup();
@@ -59,6 +60,21 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 					/* Could also check g**q mod p == 1 */
 				}
 
+				if (keytype == DROPBEAR_SIGNKEY_SK_ED25519 || keytype == DROPBEAR_SIGNKEY_ED25519) {
+					dropbear_ed25519_key **eck = (dropbear_ed25519_key**)signkey_key_ptr(key, keytype);
+					if (eck && *eck) {
+						int i;
+						/* we've seen all-zero keys validate */
+						boguskey = 1;
+						for (i = 0; i < CURVE25519_LEN; i++) {
+							if ((*eck)->priv[i] != 0x00 || (*eck)->pub[i] != 0x00) {
+								boguskey = 0;
+							}
+						}
+
+					}
+				}
+
 				if (!boguskey) {
 					printf("Random key/signature managed to verify!\n");
 					abort();

keyimport.c

@@ -302,6 +302,7 @@ static int ber_read_id_len(void *source, int sourcelen,
  * Will avoid writing anything if dest is NULL, but still return
  * amount of space required.
  */
+#if DROPBEAR_DSS
 static int ber_write_id_len(void *dest, int id, int length, int flags)
 {
 	unsigned char *d = (unsigned char *)dest;
@@ -356,6 +357,7 @@ static int ber_write_id_len(void *dest, int id, int length, int flags)
 
 	return len;
 }
+#endif /* DROPBEAR_DSS */
 
 
 /* Simple structure to point to an mp-int within a blob. */
@@ -899,15 +901,16 @@ static int openssh_write(const char *filename, sign_key *key,
 	buffer * extrablob = NULL; /* used for calculated values to write */
 	unsigned char *outblob = NULL;
 	int outlen = -9999;
-	struct mpint_pos numbers[9];
-	int nnumbers = -1, pos = 0, len = 0, seqlen, i;
+	int pos = 0, len = 0, i;
 	char *header = NULL, *footer = NULL;
-	char zero[1];
 	int ret = 0;
 	FILE *fp;
 
 #if DROPBEAR_DSS
 	if (key->type == DROPBEAR_SIGNKEY_DSS) {
+		char zero[1];
+		struct mpint_pos numbers[9];
+		int nnumbers = -1, seqlen;
 		/*
 		 * Fetch the key blobs.
 		 */
@@ -924,7 +927,6 @@ static int openssh_write(const char *filename, sign_key *key,
 		 */
 		numbers[0].start = zero; numbers[0].bytes = 1; zero[0] = '\0';
 
-	#if DROPBEAR_DSS
 		if (key->type == DROPBEAR_SIGNKEY_DSS) {
 
 			/* p */
@@ -956,7 +958,6 @@ static int openssh_write(const char *filename, sign_key *key,
 			header = "-----BEGIN DSA PRIVATE KEY-----\n";
 			footer = "-----END DSA PRIVATE KEY-----\n";
 		}
-	#endif /* DROPBEAR_DSS */
 
 		/*
 		 * Now count up the total size of the ASN.1 encoded integers,

libtomcrypt/src/headers/tomcrypt_dropbear.h

@@ -54,10 +54,6 @@
 #define LTC_SHA1
 #endif
 
-#if DROPBEAR_MD5
-#define LTC_MD5
-#endif
-
 /* ECC */
 #if DROPBEAR_ECC
 #define LTC_MECC

libtommath/Makefile.in

@@ -25,8 +25,14 @@ endif
 
 coverage: LIBNAME:=-Wl,--whole-archive $(LIBNAME)  -Wl,--no-whole-archive
 
+# Dropbear sets its own flags below
+IGNORE_SPEED=1
+
 include $(srcdir)/makefile_include.mk
 
+# override makefile_include.mk flags
+LTM_CFLAGS += @DROPBEAR_LTM_CFLAGS@
+
 %.o: %.c $(HEADERS)
 ifneq ($V,1)
 	@echo "   * ${CC} $@"

libtommath/makefile_include.mk

@@ -104,7 +104,7 @@ LIBTOOLFLAGS += -no-undefined
 endif
 
 # add in the standard FLAGS
-LTM_CFLAGS += $(CFLAGS)
+LTM_CFLAGS := $(CFLAGS) $(LTM_CFLAGS)
 LTM_LFLAGS += $(LFLAGS)
 LTM_LDFLAGS += $(LDFLAGS)
 LTM_LIBTOOLFLAGS += $(LIBTOOLFLAGS)

loginrec.c

@@ -829,7 +829,7 @@ utmpx_perform_login(struct logininfo *li)
 		return 0;
 	}
 # else
-	if (!utmpx_write_direct(li, &ut)) {
+	if (!utmpx_write_direct(li, &utx)) {
 		dropbear_log(LOG_WARNING, "utmpx_perform_login: utmp_write_direct() failed");
 		return 0;
 	}

netio.c

@@ -3,6 +3,7 @@
 #include "dbutil.h"
 #include "session.h"
 #include "debug.h"
+#include "runopts.h"
 
 struct dropbear_progress_connection {
 	struct addrinfo *res;
@@ -377,6 +378,7 @@ void set_sock_priority(int sock, enum dropbear_prio prio) {
 	/* Don't log ENOTSOCK errors so that this can harmlessly be called
 	 * on a client '-J' proxy pipe */
 
+	if (opts.disable_ip_tos == 0) {
 #ifdef IP_TOS
 	/* Set the DSCP field for outbound IP packet priority.
 	rfc4594 has some guidance to meanings.
@@ -409,6 +411,7 @@ void set_sock_priority(int sock, enum dropbear_prio prio) {
 		TRACE(("Couldn't set IP_TOS (%s)", strerror(errno)));
 	}
 #endif /* IP_TOS */
+	}
 
 #ifdef HAVE_LINUX_PKT_SCHED_H
 	/* Set scheduling priority within the local Linux network stack */

packet.c

@@ -430,44 +430,32 @@ static buffer* buf_decompress(const buffer* buf, unsigned int len) {
 	z_streamp zstream;
 
 	zstream = ses.keys->recv.zstream;
-	ret = buf_new(len);
+	/* We use RECV_MAX_PAYLOAD_LEN+1 here to ensure that
+	   we can detect an oversized payload after inflate() */
+	ret = buf_new(RECV_MAX_PAYLOAD_LEN+1);
 
 	zstream->avail_in = len;
 	zstream->next_in = buf_getptr(buf, len);
+	zstream->avail_out = ret->size;
+	zstream->next_out = ret->data;
 
-	/* decompress the payload, incrementally resizing the output buffer */
-	while (1) {
-
-		zstream->avail_out = ret->size - ret->pos;
-		zstream->next_out = buf_getwriteptr(ret, zstream->avail_out);
-
-		result = inflate(zstream, Z_SYNC_FLUSH);
-
-		buf_setlen(ret, ret->size - zstream->avail_out);
-		buf_setpos(ret, ret->len);
-
-		if (result != Z_BUF_ERROR && result != Z_OK) {
-			dropbear_exit("zlib error");
-		}
-
-		if (zstream->avail_in == 0 &&
-		   		(zstream->avail_out != 0 || result == Z_BUF_ERROR)) {
-			/* we can only exit if avail_out hasn't all been used,
-			 * and there's no remaining input */
-			return ret;
-		}
-
-		if (zstream->avail_out == 0) {
-			int new_size = 0;
-			if (ret->size >= RECV_MAX_PAYLOAD_LEN) {
-				/* Already been increased as large as it can go,
-				 * yet didn't finish up the decompression */
-				dropbear_exit("bad packet, oversized decompressed");
-			}
-			new_size = MIN(RECV_MAX_PAYLOAD_LEN, ret->size + ZLIB_DECOMPRESS_INCR);
-			ret = buf_resize(ret, new_size);
-		}
+	result = inflate(zstream, Z_SYNC_FLUSH);
+	if (result != Z_OK) {
+		dropbear_exit("zlib error");
 	}
+
+	buf_setlen(ret, ret->size - zstream->avail_out);
+
+	if (zstream->avail_in > 0 || ret->len > RECV_MAX_PAYLOAD_LEN) {
+		/* The remote side sent larger than a payload size
+		 * of uncompressed data.
+		 */
+		dropbear_exit("bad packet, oversized decompressed");
+	}
+
+	/* Success. All input was consumed and avail_out > 0 */
+	return ret;
+
 }
 #endif
 

runopts.h

@@ -33,6 +33,7 @@
 
 typedef struct runopts {
 
+	int disable_ip_tos;
 #if DROPBEAR_SVR_REMOTETCPFWD || DROPBEAR_CLI_LOCALTCPFWD \
     || DROPBEAR_CLI_REMOTETCPFWD
 	int listen_fwd_all;
@@ -79,8 +80,9 @@ typedef struct svr_runopts {
 	char *addresses[DROPBEAR_MAX_PORTS];
 
 	int inetdmode;
-	/* Hidden "-2" flag indicates it's re-executing itself */
-	int reexec_child;
+	/* Hidden "-2 childpipe_fd" flag indicates it's re-executing itself,
+	   stores the childpipe preauth file descriptor. Set to -1 otherwise. */
+	int reexec_childpipe;
 
 	/* Flags indicating whether to use ipv4 and ipv6 */
 	/* not used yet
@@ -105,6 +107,7 @@ typedef struct svr_runopts {
 	int noauthpass;
 	int norootpass;
 	int allowblankpass;
+	int multiauthmethod;
 	unsigned int maxauthtries;
 
 #if DROPBEAR_SVR_REMOTETCPFWD
@@ -127,8 +130,10 @@ typedef struct svr_runopts {
 	char * forced_command;
 
 #if DROPBEAR_PLUGIN 
-        char *pubkey_plugin;
-        char *pubkey_plugin_options;
+	/* malloced */
+	char *pubkey_plugin;
+	/* points into pubkey_plugin */
+	char *pubkey_plugin_options;
 #endif
 
 	int pass_on_env;

signkey.c

@@ -587,7 +587,7 @@ void buf_put_sign(buffer* buf, sign_key *key, enum signature_type sigtype,
 	buffer *sigblob = buf_new(MAX_PUBKEY_SIZE);
 	enum signkey_type keytype = signkey_type_from_signature(sigtype);
 
-#if DEBUG_TRACE
+#if DEBUG_TRACE > DROPBEAR_VERBOSE_LEVEL
 	{
 		const char* signame = signature_name_from_type(sigtype, NULL);
 		TRACE(("buf_put_sign type %d %s", sigtype, signame));
@@ -688,7 +688,7 @@ int buf_verify(buffer * buf, sign_key *key, enum signature_type expect_sigtype,
 	if (keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256) {
 		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
 		if (eck && *eck) {
-			return buf_sk_ecdsa_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen);
+			return buf_sk_ecdsa_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen, key->sk_flags_mask);
 		}
 	}
 #endif
@@ -696,7 +696,7 @@ int buf_verify(buffer * buf, sign_key *key, enum signature_type expect_sigtype,
 	if (keytype == DROPBEAR_SIGNKEY_SK_ED25519) {
 		dropbear_ed25519_key **eck = (dropbear_ed25519_key**)signkey_key_ptr(key, keytype);
 		if (eck && *eck) {
-			return buf_sk_ed25519_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen);
+			return buf_sk_ed25519_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen, key->sk_flags_mask);
 		}
 	}
 #endif

signkey.h

@@ -127,6 +127,7 @@ struct SIGN_key {
 	/* application ID for U2F/FIDO key types, a malloced string */
 	char * sk_app;
 	unsigned int sk_applen;
+	unsigned char sk_flags_mask;
 #endif
 };
 

sk-ecdsa.c

@@ -8,7 +8,9 @@
 #include "sk-ecdsa.h"
 #include "ssh.h"
 
-int buf_sk_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf, const char* app, unsigned int applen) {
+int buf_sk_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf,
+			const char* app, unsigned int applen,
+			unsigned char sk_flags_mask) {
 	hash_state hs;
 	unsigned char subhash[SHA256_HASH_SIZE];
 	buffer *sk_buffer = NULL, *sig_buffer = NULL;
@@ -41,13 +43,18 @@ int buf_sk_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf,
 	buf_free(sk_buffer);
 	buf_free(sig_buffer);
 
-	/* TODO: allow "no-touch-required" or "verify-required" authorized_keys options */
-	if (!(flags & SSH_SK_USER_PRESENCE_REQD)) {
+	if (~flags & sk_flags_mask & SSH_SK_USER_PRESENCE_REQD) {
 		if (ret == DROPBEAR_SUCCESS) {
 			dropbear_log(LOG_WARNING, "Rejecting, user-presence not set");
 		}
 		ret = DROPBEAR_FAILURE;
 	}
+	if (~flags & sk_flags_mask & SSH_SK_USER_VERIFICATION_REQD) {
+		if (ret == DROPBEAR_SUCCESS) {
+			dropbear_log(LOG_WARNING, "Rejecting, user-verification not set");
+		}
+		ret = DROPBEAR_FAILURE;
+	}
 
 	TRACE(("leave buf_sk_ecdsa_verify, ret=%d", ret))
 	return ret;

sk-ecdsa.h

@@ -8,7 +8,9 @@
 #include "buffer.h"
 #include "signkey.h"
 
-int buf_sk_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf, const char* app, unsigned int applen);
+int buf_sk_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf,
+			const char* app, unsigned int applen,
+			unsigned char sk_flags_mask);
 
 #endif
 

sk-ed25519.c

@@ -8,7 +8,9 @@
 #include "ed25519.h"
 #include "ssh.h"
 
-int buf_sk_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const buffer *data_buf, const char* app, unsigned int applen) {
+int buf_sk_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const buffer *data_buf,
+			const char* app, unsigned int applen,
+			unsigned char sk_flags_mask) {
 
 	int ret = DROPBEAR_FAILURE;
 	unsigned char *s;
@@ -52,13 +54,18 @@ int buf_sk_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const bu
 		ret = DROPBEAR_SUCCESS;
 	}
 
-	/* TODO: allow "no-touch-required" or "verify-required" authorized_keys options */
-	if (!(flags & SSH_SK_USER_PRESENCE_REQD)) {
+	if (~flags & sk_flags_mask & SSH_SK_USER_PRESENCE_REQD) {
 		if (ret == DROPBEAR_SUCCESS) {
 			dropbear_log(LOG_WARNING, "Rejecting, user-presence not set");
 		}
 		ret = DROPBEAR_FAILURE;
 	}
+	if (~flags & sk_flags_mask & SSH_SK_USER_VERIFICATION_REQD) {
+		if (ret == DROPBEAR_SUCCESS) {
+			dropbear_log(LOG_WARNING, "Rejecting, user-verification not set");
+		}
+		ret = DROPBEAR_FAILURE;
+	}
 out:
 	buf_free(sk_buffer);
 	TRACE(("leave buf_sk_ed25519_verify: ret %d", ret))

sk-ed25519.h

@@ -8,7 +8,9 @@
 #include "buffer.h"
 #include "ed25519.h"
 
-int buf_sk_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const buffer *data_buf, const char* app, unsigned int applen);
+int buf_sk_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const buffer *data_buf,
+			const char* app, unsigned int applen,
+			unsigned char sk_flags_mask);
 
 #endif
 

svr-authpam.c

@@ -30,6 +30,7 @@
 #include "buffer.h"
 #include "dbutil.h"
 #include "auth.h"
+#include "runopts.h"
 
 #if DROPBEAR_SVR_PAM_AUTH
 
@@ -278,12 +279,22 @@ void svr_auth_pam(int valid_user) {
 		goto cleanup;
 	}
 
-	/* successful authentication */
-	dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s' from %s",
-			ses.authstate.pw_name,
-			svr_ses.addrstring);
-	send_msg_userauth_success();
-
+	if (svr_opts.multiauthmethod && (ses.authstate.authtypes & ~AUTH_TYPE_PASSWORD)) {
+			/* successful PAM password authentication, but extra auth required */
+			dropbear_log(LOG_NOTICE,
+					"PAM password auth succeeded for '%s' from %s, extra auth required",
+					ses.authstate.pw_name,
+					svr_ses.addrstring);
+			ses.authstate.authtypes &= ~AUTH_TYPE_PASSWORD; /* PAM password auth ok, delete the method flag */
+			send_msg_userauth_failure(1, 0);  /* Send partial success */
+		} else {
+			/* successful authentication */
+			dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s' from %s",
+				ses.authstate.pw_name,
+				svr_ses.addrstring);
+			send_msg_userauth_success();
+		}
+		
 cleanup:
 	if (password != NULL) {
 		m_burn(password, passwordlen);

svr-authpasswd.c

@@ -106,12 +106,22 @@ void svr_auth_password(int valid_user) {
 	}
 
 	if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) {
-		/* successful authentication */
-		dropbear_log(LOG_NOTICE, 
-				"Password auth succeeded for '%s' from %s",
-				ses.authstate.pw_name,
-				svr_ses.addrstring);
-		send_msg_userauth_success();
+		if (svr_opts.multiauthmethod && (ses.authstate.authtypes & ~AUTH_TYPE_PASSWORD)) {
+			/* successful password authentication, but extra auth required */
+			dropbear_log(LOG_NOTICE,
+					"Password auth succeeded for '%s' from %s, extra auth required",
+					ses.authstate.pw_name,
+					svr_ses.addrstring);
+			ses.authstate.authtypes &= ~AUTH_TYPE_PASSWORD; /* password auth ok, delete the method flag */
+			send_msg_userauth_failure(1, 0);  /* Send partial success */
+		} else {
+			/* successful authentication */
+			dropbear_log(LOG_NOTICE, 
+					"Password auth succeeded for '%s' from %s",
+					ses.authstate.pw_name,
+					svr_ses.addrstring);
+			send_msg_userauth_success();
+		}
 	} else {
 		dropbear_log(LOG_WARNING,
 				"Bad password attempt for '%s' from %s",

svr-authpubkey.c

@@ -64,6 +64,7 @@
 #include "ssh.h"
 #include "packet.h"
 #include "algo.h"
+#include "runopts.h"
 
 #if DROPBEAR_SVR_PUBKEY_AUTH
 
@@ -182,6 +183,16 @@ void svr_auth_pubkey(int valid_user) {
 		goto out;
 	}
 
+#if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519
+	key->sk_flags_mask = SSH_SK_USER_PRESENCE_REQD;
+	if (ses.authstate.pubkey_options && ses.authstate.pubkey_options->no_touch_required_flag) {
+		key->sk_flags_mask &= ~SSH_SK_USER_PRESENCE_REQD;
+	}
+	if (ses.authstate.pubkey_options && ses.authstate.pubkey_options->verify_required_flag) {
+		key->sk_flags_mask |= SSH_SK_USER_VERIFICATION_REQD;
+	}
+#endif
+
 	/* create the data which has been signed - this a string containing
 	 * session_id, concatenated with the payload packet up to the signature */
 	assert(ses.payload_beginning <= ses.payload->pos);
@@ -201,12 +212,24 @@ void svr_auth_pubkey(int valid_user) {
 	/* ... and finally verify the signature */
 	fp = sign_key_fingerprint(keyblob, keybloblen);
 	if (buf_verify(ses.payload, key, sigtype, signbuf) == DROPBEAR_SUCCESS) {
-		dropbear_log(LOG_NOTICE,
-				"Pubkey auth succeeded for '%s' with %s key %s from %s",
-				ses.authstate.pw_name,
-				signkey_name_from_type(keytype, NULL), fp,
-				svr_ses.addrstring);
-		send_msg_userauth_success();
+		if (svr_opts.multiauthmethod && (ses.authstate.authtypes & ~AUTH_TYPE_PUBKEY)) {
+			/* successful pubkey authentication, but extra auth required */
+			dropbear_log(LOG_NOTICE,
+					"Pubkey auth succeeded for '%s' with %s key %s from %s, extra auth required",
+					ses.authstate.pw_name,
+					signkey_name_from_type(keytype, NULL), fp,
+					svr_ses.addrstring);
+			ses.authstate.authtypes &= ~AUTH_TYPE_PUBKEY; /* pubkey auth ok, delete the method flag */
+			send_msg_userauth_failure(1, 0); /* Send partial success */
+		} else {
+			/* successful authentication */
+			dropbear_log(LOG_NOTICE,
+					"Pubkey auth succeeded for '%s' with %s key %s from %s",
+					ses.authstate.pw_name,
+					signkey_name_from_type(keytype, NULL), fp,
+					svr_ses.addrstring);
+			send_msg_userauth_success();
+		}
 #if DROPBEAR_PLUGIN
                 if ((ses.plugin_session != NULL) && (svr_ses.plugin_instance->auth_success != NULL)) {
                     /* Was authenticated through the external plugin. tell plugin that signature verification was ok */
@@ -580,7 +603,7 @@ static int checkfileperm(char * filename) {
 	if (badperm) {
 		if (!ses.authstate.perm_warn) {
 			ses.authstate.perm_warn = 1;
-			dropbear_log(LOG_INFO, "%s must be owned by user or root, and not writable by others", filename);
+			dropbear_log(LOG_INFO, "%s must be owned by user or root, and not writable by group or others", filename);
 		}
 		TRACE(("leave checkfileperm: failure perms/owner"))
 		return DROPBEAR_FAILURE;

svr-authpubkeyoptions.c

@@ -46,6 +46,7 @@
 #include "dbutil.h"
 #include "signkey.h"
 #include "auth.h"
+#include "runopts.h"
 
 #if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
 
@@ -88,6 +89,29 @@ int svr_pubkey_allows_pty() {
 	return 1;
 }
 
+/* Returns 1 if pubkey allows local tcp fowarding to the provided destination,
+ * 0 otherwise */
+int svr_pubkey_allows_local_tcpfwd(const char *host, unsigned int port) {
+	if (ses.authstate.pubkey_options
+		&& ses.authstate.pubkey_options->permit_open_destinations) {
+		m_list_elem *iter = ses.authstate.pubkey_options->permit_open_destinations->first;
+		while (iter) {
+			struct PermitTCPFwdEntry *entry = (struct PermitTCPFwdEntry*)iter->item;
+			if (strcmp(entry->host, host) == 0) {
+				if ((entry->port == PUBKEY_OPTIONS_ANY_PORT) || (entry->port == port)) {
+					return 1;
+				}
+			}
+
+			iter = iter->next;
+		}
+
+		return 0;
+	}
+
+	return 1;
+}
+
 /* Set chansession command to the one forced 
  * by any 'command' public key option. */
 void svr_pubkey_set_forced_command(struct ChanSess *chansess) {
@@ -113,6 +137,16 @@ void svr_pubkey_options_cleanup() {
 		if (ses.authstate.pubkey_options->forced_command) {
 			m_free(ses.authstate.pubkey_options->forced_command);
 		}
+		if (ses.authstate.pubkey_options->permit_open_destinations) {
+			m_list_elem *iter = ses.authstate.pubkey_options->permit_open_destinations->first;
+			while (iter) {
+				struct PermitTCPFwdEntry *entry = (struct PermitTCPFwdEntry*)list_remove(iter);
+				m_free(entry->host);
+				m_free(entry);
+				iter = ses.authstate.pubkey_options->permit_open_destinations->first;
+			}
+			m_free(ses.authstate.pubkey_options->permit_open_destinations);
+		}
 		m_free(ses.authstate.pubkey_options);
 	}
 	if (ses.authstate.pubkey_info) {
@@ -206,6 +240,69 @@ int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filena
 			goto bad_option;
 		}
 
+		if (match_option(options_buf, "permitopen=\"") == DROPBEAR_SUCCESS) {
+			int valid_option = 0;
+			const unsigned char* permitopen_start = buf_getptr(options_buf, 0);
+
+			if (!ses.authstate.pubkey_options->permit_open_destinations) {
+				ses.authstate.pubkey_options->permit_open_destinations = list_new();
+			}
+
+			while (options_buf->pos < options_buf->len) {
+				const char c = buf_getbyte(options_buf);
+				if (c == '"') {
+					char *spec = NULL;
+					char *portstring = NULL;
+					const int permitopen_len = buf_getptr(options_buf, 0) - permitopen_start;
+					struct PermitTCPFwdEntry *entry =
+							(struct PermitTCPFwdEntry*)m_malloc(sizeof(struct PermitTCPFwdEntry));
+
+					list_append(ses.authstate.pubkey_options->permit_open_destinations, entry);
+					spec = m_malloc(permitopen_len);
+					memcpy(spec, permitopen_start, permitopen_len - 1);
+					spec[permitopen_len - 1] = '\0';
+					if ((split_address_port(spec, &entry->host, &portstring) == DROPBEAR_SUCCESS)
+						&& entry->host && portstring) {
+						if (strcmp(portstring, "*") == 0) {
+							valid_option = 1;
+							entry->port = PUBKEY_OPTIONS_ANY_PORT;
+							TRACE(("local port forwarding allowed to host '%s'", entry->host));
+						} else if (m_str_to_uint(portstring, &entry->port) == DROPBEAR_SUCCESS) {
+							valid_option = 1;
+							TRACE(("local port forwarding allowed to host '%s' and port '%u'",
+									entry->host, entry->port));
+						}
+					}
+
+					m_free(spec);
+					m_free(portstring);
+					break;
+				}
+			}
+
+			if (valid_option) {
+				goto next_option;
+			} else {
+				dropbear_log(LOG_WARNING, "Badly formatted permitopen= authorized_keys option");
+				goto bad_option;
+			}
+		}
+
+		if (match_option(options_buf, "no-touch-required") == DROPBEAR_SUCCESS) {
+#if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519
+			dropbear_log(LOG_WARNING, "No user presence check required for U2F/FIDO key.");
+			ses.authstate.pubkey_options->no_touch_required_flag = 1;
+#endif
+			goto next_option;
+		}
+		if (match_option(options_buf, "verify-required") == DROPBEAR_SUCCESS) {
+#if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519
+			dropbear_log(LOG_WARNING, "User verification required for U2F/FIDO key.");
+			ses.authstate.pubkey_options->verify_required_flag = 1;
+#endif
+			goto next_option;
+		}
+
 next_option:
 		/*
 		 * Skip the comma, and move to the next option

svr-chansession.c

@@ -1040,9 +1040,11 @@ static void execchild(const void *user_data) {
 	if (chansess->original_command) {
 		addnewvar("SSH_ORIGINAL_COMMAND", chansess->original_command);
 	}
-        if (ses.authstate.pubkey_info != NULL) {
-                addnewvar("SSH_PUBKEYINFO", ses.authstate.pubkey_info);
-        }
+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
+	if (ses.authstate.pubkey_info != NULL) {
+		addnewvar("SSH_PUBKEYINFO", ses.authstate.pubkey_info);
+	}
+#endif
 
 	/* change directory */
 	if (chdir(ses.authstate.pw_dir) < 0) {

svr-main.c

@@ -71,7 +71,7 @@ int main(int argc, char ** argv)
 #endif
 
 #if DROPBEAR_DO_REEXEC
-	if (svr_opts.reexec_child) {
+	if (svr_opts.reexec_childpipe >= 0) {
 #ifdef PR_SET_NAME
 		/* Fix the "Name:" in /proc/pid/status, otherwise it's
 		a FD number from fexecve.
@@ -102,7 +102,7 @@ static void main_inetd() {
 
 	seedrandom();
 
-	if (!svr_opts.reexec_child) {
+	if (svr_opts.reexec_childpipe < 0) {
 		/* In case our inetd was lax in logging source addresses */
 		get_socket_address(0, NULL, NULL, &host, &port, 0);
 			dropbear_log(LOG_INFO, "Child connection from %s:%s", host, port);
@@ -115,10 +115,8 @@ static void main_inetd() {
 		setsid();
 	}
 
-	/* Start service program 
-	 * -1 is a dummy childpipe, just something we can close() without 
-	 * mattering. */
-	svr_session(0, -1);
+	/* -1 for childpipe in the inetd case is discarded */
+	svr_session(0, svr_opts.reexec_childpipe);
 
 	/* notreached */
 }
@@ -332,7 +330,7 @@ static void main_noinetd(int argc, char ** argv, const char* multipath) {
 				m_free(remote_host);
 				m_free(remote_port);
 
-#ifndef DEBUG_NOFORK
+#if !DEBUG_NOFORK
 				if (setsid() < 0) {
 					dropbear_exit("setsid: %s", strerror(errno));
 				}
@@ -347,9 +345,10 @@ static void main_noinetd(int argc, char ** argv, const char* multipath) {
 
 				if (execfd >= 0) {
 #if DROPBEAR_DO_REEXEC
-					/* Add "-2" to the args and re-execute ourself. */
-					char **new_argv = m_malloc(sizeof(char*) * (argc+3));
-					int pos0 = 0, new_argc = argc+1;
+					/* Add "-2 childpipe[1]" to the args and re-execute ourself. */
+					char **new_argv = m_malloc(sizeof(char*) * (argc+4));
+					char buf[10];
+					int pos0 = 0, new_argc = argc+2;
 
 					/* We need to specially handle "dropbearmulti dropbear". */
 					if (multipath) {
@@ -359,7 +358,9 @@ static void main_noinetd(int argc, char ** argv, const char* multipath) {
 					}
 
 					memcpy(&new_argv[pos0], argv, sizeof(char*) * argc);
-					new_argv[new_argc-1] = "-2";
+					new_argv[new_argc-2] = "-2";
+					snprintf(buf, sizeof(buf), "%d", childpipe[1]);
+					new_argv[new_argc-1] = buf;
 					new_argv[new_argc] = NULL;
 
 					if ((dup2(childsock, STDIN_FILENO) < 0)) {

svr-runopts.c

@@ -81,6 +81,7 @@ static void printhelp(const char * progname) {
 					"-s		Disable password logins\n"
 					"-g		Disable password logins for root\n"
 					"-B		Allow blank password logins\n"
+					"-t		Enable two-factor authentication (both password and public key required)\n"
 #endif
 					"-T		Maximum authentication tries (default %d)\n"
 #if DROPBEAR_SVR_LOCALTCPFWD
@@ -103,6 +104,7 @@ static void printhelp(const char * progname) {
 					"-W <receive_window_buffer> (default %d, larger may be faster, max 10MB)\n"
 					"-K <keepalive>  (0 is never, default %d, in seconds)\n"
 					"-I <idle_timeout>  (0 is never, default %d, in seconds)\n"
+					"-z    disable QoS\n"
 #if DROPBEAR_PLUGIN
                                         "-A <authplugin>[,<options>]\n"
                                         "               Enable external public key auth through <authplugin>\n"
@@ -138,6 +140,7 @@ void svr_getopts(int argc, char ** argv) {
 	char* keepalive_arg = NULL;
 	char* idle_timeout_arg = NULL;
 	char* maxauthtries_arg = NULL;
+	char* reexec_fd_arg = NULL;
 	char* keyfile = NULL;
 	char c;
 #if DROPBEAR_PLUGIN
@@ -158,6 +161,7 @@ void svr_getopts(int argc, char ** argv) {
 	svr_opts.noauthpass = 0;
 	svr_opts.norootpass = 0;
 	svr_opts.allowblankpass = 0;
+	svr_opts.multiauthmethod = 0;
 	svr_opts.maxauthtries = MAX_AUTH_TRIES;
 	svr_opts.inetdmode = 0;
 	svr_opts.portcount = 0;
@@ -175,6 +179,7 @@ void svr_getopts(int argc, char ** argv) {
         svr_opts.pubkey_plugin_options = NULL;
 #endif
 	svr_opts.pass_on_env = 0;
+	svr_opts.reexec_childpipe = -1;
 
 #ifndef DISABLE_ZLIB
 	opts.compress_mode = DROPBEAR_COMPRESS_DELAYED;
@@ -197,6 +202,7 @@ void svr_getopts(int argc, char ** argv) {
 #if DROPBEAR_SVR_REMOTETCPFWD
 	opts.listen_fwd_all = 0;
 #endif
+	opts.disable_ip_tos = 0;
 
 	for (i = 1; i < (unsigned int)argc; i++) {
 		if (argv[i][0] != '-' || argv[i][1] == '\0')
@@ -250,12 +256,12 @@ void svr_getopts(int argc, char ** argv) {
 #if DROPBEAR_DO_REEXEC && NON_INETD_MODE
 				/* For internal use by re-exec */
 				case '2':
-					svr_opts.reexec_child = 1;
+					next = &reexec_fd_arg;
 					break;
 #endif
 				case 'p':
-				  nextisport = 1;
-				  break;
+					nextisport = 1;
+					break;
 				case 'P':
 					next = &svr_opts.pidfile;
 					break;
@@ -295,6 +301,9 @@ void svr_getopts(int argc, char ** argv) {
 				case 'B':
 					svr_opts.allowblankpass = 1;
 					break;
+				case 't':
+					svr_opts.multiauthmethod = 1;
+					break;
 #endif
 				case 'h':
 					printhelp(argv[0]);
@@ -317,6 +326,9 @@ void svr_getopts(int argc, char ** argv) {
 					print_version();
 					exit(EXIT_SUCCESS);
 					break;
+				case 'z':
+					opts.disable_ip_tos = 1;
+					break;
 				default:
 					fprintf(stderr, "Invalid option -%c\n", c);
 					printhelp(argv[0]);
@@ -426,6 +438,13 @@ void svr_getopts(int argc, char ** argv) {
 		dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command);
 	}
 
+	if (reexec_fd_arg) {
+		if (m_str_to_uint(reexec_fd_arg, &svr_opts.reexec_childpipe) == DROPBEAR_FAILURE
+			|| svr_opts.reexec_childpipe < 0) {
+			dropbear_exit("Bad -2");
+		}
+	}
+
 #if INETD_MODE
 	if (svr_opts.inetdmode && (
 		opts.usingsyslog == 0
@@ -438,16 +457,20 @@ void svr_getopts(int argc, char ** argv) {
 	}
 #endif
 
+	if (svr_opts.multiauthmethod && svr_opts.noauthpass) {
+		dropbear_exit("-t and -s are incompatible");
+	}
+
 #if DROPBEAR_PLUGIN
-        if (pubkey_plugin) {
-            char *args = strchr(pubkey_plugin, ',');
-            if (args) {
-                *args='\0';
-                ++args;
-            }
-            svr_opts.pubkey_plugin = pubkey_plugin;
-            svr_opts.pubkey_plugin_options = args;
-        }
+	if (pubkey_plugin) {
+		svr_opts.pubkey_plugin = m_strdup(pubkey_plugin);
+		char *args = strchr(svr_opts.pubkey_plugin, ',');
+		if (args) {
+			*args='\0';
+			++args;
+		}
+		svr_opts.pubkey_plugin_options = args;
+	}
 #endif
 }
 

svr-session.c

@@ -208,7 +208,7 @@ void svr_session(int sock, int childpipe) {
 
 }
 
-/* failure exit - format must be <= 100 chars */
+/* cleanup and exit - format must be <= 100 chars */
 void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
 	char exitmsg[150];
 	char fullmsg[300];
@@ -217,10 +217,12 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
 	int add_delay = 0;
 
 #if DROPBEAR_PLUGIN
-        if ((ses.plugin_session != NULL)) {
-            svr_ses.plugin_instance->delete_session(ses.plugin_session);
-        }
-        ses.plugin_session = NULL;
+	if ((ses.plugin_session != NULL)) {
+		svr_ses.plugin_instance->delete_session(ses.plugin_session);
+	}
+	ses.plugin_session = NULL;
+	svr_opts.pubkey_plugin_options = NULL;
+	m_free(svr_opts.pubkey_plugin);
 #endif
 
 	/* Render the formatted exit message */

svr-tcpfwd.c

@@ -289,6 +289,11 @@ static int newtcpdirect(struct Channel * channel) {
 		goto out;
 	}
 
+	if (!svr_pubkey_allows_local_tcpfwd(desthost, destport)) {
+		TRACE(("leave newtcpdirect: local tcp forwarding not permitted to requested destination"));
+		goto out;
+	}
+
 	snprintf(portstring, sizeof(portstring), "%u", destport);
 	channel->conn_pending = connect_remote(desthost, portstring, channel_connect_done,
 		channel, NULL, NULL, DROPBEAR_PRIO_NORMAL);

svr-x11fwd.c

@@ -206,7 +206,7 @@ void x11cleanup(struct ChanSess *chansess) {
 }
 
 static int x11_inithandler(struct Channel *channel) {
-	channel->prio = DROPBEAR_CHANNEL_PRIO_INTERACTIVE;
+	channel->prio = DROPBEAR_PRIO_LOWDELAY;
 	return 0;
 }
 

sysoptions.h

@@ -1,10 +1,10 @@
 /*******************************************************************
- * You shouldn't edit this file unless you know you need to. 
+ * You shouldn't edit this file unless you know you need to.
  * This file is only included from options.h
  *******************************************************************/
 
 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "2022.82"
+#define DROPBEAR_VERSION "2022.83"
 #endif
 
 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
@@ -68,7 +68,6 @@
 #define MAX_TERM_LEN 200 /* max length of TERM name */
 
 #define MAX_HOST_LEN 254 /* max hostname len for tcp fwding */
-#define MAX_IP_LEN 15 /* strlen("255.255.255.255") == 15 */
 
 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified,
 								 ipv4 and ipv6 don't count twice */
@@ -80,12 +79,21 @@
 
 #define _PATH_CP "/bin/cp"
 
+/* Default contents of /etc/shells if system getusershell() doesn't exist.
+ * Paths taken from getusershell(3) manpage. These can be customised
+ * on other platforms. One the commandline for CFLAGS it would look like eg
+  -DCOMPAT_USER_SHELLS='"/bin/sh","/apps/bin/sh","/data/bin/zsh"'
+ */
+#ifndef COMPAT_USER_SHELLS
+#define COMPAT_USER_SHELLS "/bin/sh","/bin/csh"
+#endif
+
 #define DROPBEAR_ESCAPE_CHAR '~'
 
 /* success/failure defines */
 #define DROPBEAR_SUCCESS 0
 #define DROPBEAR_FAILURE -1
- 
+
 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
 
 #define DROPBEAR_NGROUP_MAX 1024
@@ -103,7 +111,6 @@
 
 #define SHA1_HASH_SIZE 20
 #define SHA256_HASH_SIZE 32
-#define MD5_HASH_SIZE 16
 #define MAX_HASH_SIZE 64 /* sha512 */
 
 #if DROPBEAR_CHACHA20POLY1305
@@ -126,11 +133,6 @@
 #define DROPBEAR_SHA2_512_HMAC 0
 #endif
 
-/* might be needed for compatibility with very old implementations */
-#ifndef DROPBEAR_MD5_HMAC
-#define DROPBEAR_MD5_HMAC 0
-#endif
-
 #define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA))
 
 /* Debian doesn't define this in system headers */
@@ -156,6 +158,15 @@
 #define DROPBEAR_RSA_SHA256 DROPBEAR_RSA
 #endif
 
+/* Miller-Rabin primality testing is sufficient for RSA but not DSS.
+ * It's a compile-time setting for libtommath, we can get a speedup
+ * for key generation if DSS is disabled.
+ * https://github.com/mkj/dropbear/issues/174#issuecomment-1267374858
+ */
+#if !DROPBEAR_DSS
+#define LTM_USE_ONLY_MR 1
+#endif
+
 /* hashes which will be linked and registered */
 #define DROPBEAR_SHA1 (DROPBEAR_RSA_SHA1 || DROPBEAR_DSS \
 				|| DROPBEAR_SHA1_HMAC || DROPBEAR_SHA1_96_HMAC \
@@ -167,12 +178,18 @@
 #define DROPBEAR_SHA512 ((DROPBEAR_SHA2_512_HMAC) || (DROPBEAR_ECC_521) \
 			|| (DROPBEAR_SHA384) || (DROPBEAR_DH_GROUP16) \
 			|| (DROPBEAR_ED25519))
-#define DROPBEAR_MD5 (DROPBEAR_MD5_HMAC)
 
 #define DROPBEAR_DH_GROUP14 ((DROPBEAR_DH_GROUP14_SHA256) || (DROPBEAR_DH_GROUP14_SHA1))
 
 #define DROPBEAR_NORMAL_DH ((DROPBEAR_DH_GROUP1) || (DROPBEAR_DH_GROUP14) || (DROPBEAR_DH_GROUP16))
 
+#ifndef DROPBEAR_SK_ECDSA
+#define DROPBEAR_SK_ECDSA DROPBEAR_SK_KEYS
+#endif
+#ifndef DROPBEAR_SK_ED25519
+#define DROPBEAR_SK_ED25519 DROPBEAR_SK_KEYS
+#endif
+
 /* Dropbear only uses server-sig-algs, only needed if we have rsa-sha256 pubkey auth */
 #define DROPBEAR_EXT_INFO ((DROPBEAR_RSA_SHA256) \
 		&& ((DROPBEAR_CLI_PUBKEY_AUTH) || (DROPBEAR_SVR_PUBKEY_AUTH)))
@@ -357,5 +374,18 @@
 #define DROPBEAR_MSAN 0
 #endif
 
+#ifndef DEBUG_DSS_VERIFY
+#define DEBUG_DSS_VERIFY 0
+#endif
+
+#ifndef DROPBEAR_MULTI
+#define DROPBEAR_MULTI 0
+#endif
+
+/* Fuzzing expects all key types to be enabled */
+#if defined(DROPBEAR_DSS)
+#undef DROPBEAR_DSS
+#endif
+#define DROPBEAR_DSS 1
 
 /* no include guard for this file */