Fix CI for dbclient/dropbear only

Regressed when -Wundef was added

Fixes #210

.github/workflows/build.yml

@@ -32,6 +32,14 @@ jobs:
             multi: 1
             multiwrapper: 1
 
+          - name: client only
+            runcheck: 'no'
+            make_target: PROGRAMS=dbclient
+
+          - name: server only
+            runcheck: 'no'
+            make_target: PROGRAMS=dropbear
+
           - name: bundled libtom, bionic , no writev()
             # test can use an older distro with bundled libtommath
             os: ubuntu-18.04
@@ -80,6 +88,42 @@ jobs:
             nondefault: 1
             configure_flags: --enable-pam
 
+          - name: most options disabled
+            configure_flags: --disable-harden --disable-zlib --disable-openpty --disable-lastlog
+            runcheck: 'no'
+            localoptions: |
+              #define DROPBEAR_RSA 0
+              #define INETD_MODE 0
+              #define DROPBEAR_REEXEC 0
+              #define DROPBEAR_SMALL_CODE 0
+              #define DROPBEAR_CLI_LOCALTCPFWD 0
+              #define DROPBEAR_CLI_REMOTETCPFWD 0
+              #define DROPBEAR_SVR_LOCALTCPFWD 0
+              #define DROPBEAR_SVR_REMOTETCPFWD 0
+              #define DROPBEAR_SVR_AGENTFWD 0
+              #define DROPBEAR_CLI_AGENTFWD 0
+              #define DROPBEAR_CLI_PROXYCMD 0
+              #define DROPBEAR_USER_ALGO_LIST 0
+              #define DROPBEAR_AES128 0
+              #define DROPBEAR_AES256 0
+              #define DROPBEAR_ENABLE_CTR_MODE 0
+              #define DROPBEAR_SHA1_HMAC 0
+              #define DROPBEAR_SHA2_256_HMAC 0
+              #define DROPBEAR_RSA 0
+              #define DROPBEAR_ECDSA 0
+              #define DROPBEAR_SK_KEYS 0
+              #define DROPBEAR_DELAY_HOSTKEY 0
+              #define DROPBEAR_DH_GROUP14_SHA1 0
+              #define DROPBEAR_DH_GROUP14_SHA256 0
+              #define DROPBEAR_ECDH 0
+              #define DROPBEAR_DH_GROUP1_CLIENTONLY 0
+              #define DO_MOTD 0
+              #define DROPBEAR_SVR_PUBKEY_AUTH 0
+              #define DROPBEAR_CLI_PASSWORD_AUTH 0
+              #define DROPBEAR_CLI_PUBKEY_AUTH 0
+              #define DROPBEAR_USE_PASSWORD_ENV 0
+              #define DROPBEAR_SFTPSERVER 0
+
           # # Fuzzers run standalone. A bit superfluous with cifuzz, but
           # # good to run the whole corpus to keep it working.
           # - name: fuzzing with address sanitizer
@@ -107,6 +151,7 @@ jobs:
       LDFLAGS: ${{ matrix.ldflags }}
       EXTRACFLAGS: ${{ matrix.extracflags }}
       CONFIGURE_FLAGS: ${{ matrix.configure_flags || '--enable-werror' }}
+      MAKE_TARGET: ${{ matrix.make_target }}
       # for fuzzing
       CXX: clang++
       RANLIB: ${{ matrix.ranlib || 'ranlib' }}
@@ -149,7 +194,7 @@ jobs:
           sed -i "s/DEFAULT_IDLE_TIMEOUT 1/DEFAULT_IDLE_TIMEOUT 99/" localoptions.h
 
       - name: make
-        run: make -j3
+        run: make -j3 $MAKE_TARGET
 
       - name: multilink
         if: ${{ matrix.multilink }}
@@ -172,6 +217,7 @@ jobs:
         run: make install
 
       - name: keys
+        if: ${{ matrix.runcheck != 'no' }}
         run: |
           mkdir -p ~/.ssh
           # remove old files so we can rerun in-place with "act -r" during test development
@@ -199,16 +245,22 @@ jobs:
 
       # Sanity check that the binary runs
       - name: genrsa
+        if: ${{ matrix.runcheck != 'no' }}
         run: ~/inst/bin/dropbearkey -t rsa -f testrsa
       - name: gendss
+        if: ${{ matrix.runcheck != 'no' }}
         run: ~/inst/bin/dropbearkey -t dss -f testdss
       - name: genecdsa256
+        if: ${{ matrix.runcheck != 'no' }}
         run: ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256
       - name: genecdsa384
+        if: ${{ matrix.runcheck != 'no' }}
         run: ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384
       - name: genecdsa521
+        if: ${{ matrix.runcheck != 'no' }}
         run: ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521
       - name: gened25519
+        if: ${{ matrix.runcheck != 'no' }}
         run: ~/inst/bin/dropbearkey -t ed25519 -f tested25519
 
       - name: fuzz

bignum.c

@@ -93,7 +93,7 @@ void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len) {
 
 /* hash the ssh representation of the mp_int mp */
 void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, 
-				hash_state *hs, mp_int *mp) {
+				hash_state *hs, const mp_int *mp) {
 	buffer * buf;
 
 	buf = buf_new(512 + 20); /* max buffer is a 4096 bit key, 

bignum.h

@@ -33,6 +33,6 @@ void m_mp_alloc_init_multi(mp_int **mp, ...) ATTRIB_SENTINEL;
 void m_mp_free_multi(mp_int **mp, ...)  ATTRIB_SENTINEL;
 void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len);
 void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, 
-				hash_state *hs, mp_int *mp);
+				hash_state *hs, const mp_int *mp);
 
 #endif /* DROPBEAR_BIGNUM_H_ */

buffer.c

@@ -299,7 +299,7 @@ void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len) {
 
 /* for our purposes we only need positive (or 0) numbers, so will
  * fail if we get negative numbers */
-void buf_putmpint(buffer* buf, mp_int * mp) {
+void buf_putmpint(buffer* buf, const mp_int * mp) {
 	size_t written;
 	unsigned int len, pad = 0;
 	TRACE2(("enter buf_putmpint"))

buffer.h

@@ -65,7 +65,7 @@ void buf_putint(buffer* buf, unsigned int val);
 void buf_putstring(buffer* buf, const char* str, unsigned int len);
 void buf_putbufstring(buffer *buf, const buffer* buf_str);
 void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len);
-void buf_putmpint(buffer* buf, mp_int * mp);
+void buf_putmpint(buffer* buf, const mp_int * mp);
 int buf_getmpint(buffer* buf, mp_int* mp);
 unsigned int buf_getint(buffer* buf);
 

common-session.c

@@ -519,15 +519,24 @@ static void send_msg_keepalive() {
 	ses.last_packet_time_idle = old_time_idle;
 }
 
+/* Returns the difference in seconds, clamped to LONG_MAX */
+static long elapsed(time_t now, time_t prev) {
+	time_t del = now - prev;
+	if (del > LONG_MAX) {
+		return LONG_MAX;
+	}
+	return (long)del;
+}
+
 /* Check all timeouts which are required. Currently these are the time for
  * user authentication, and the automatic rekeying. */
 static void checktimeouts() {
 
 	time_t now;
 	now = monotonic_now();
-	
+
 	if (IS_DROPBEAR_SERVER && ses.connect_time != 0
-		&& now - ses.connect_time >= AUTH_TIMEOUT) {
+		&& elapsed(now, ses.connect_time) >= AUTH_TIMEOUT) {
 			dropbear_close("Timeout before auth");
 	}
 
@@ -537,45 +546,47 @@ static void checktimeouts() {
 	}
 
 	if (!ses.kexstate.sentkexinit
-			&& (now - ses.kexstate.lastkextime >= KEX_REKEY_TIMEOUT
+			&& (elapsed(now, ses.kexstate.lastkextime) >= KEX_REKEY_TIMEOUT
 			|| ses.kexstate.datarecv+ses.kexstate.datatrans >= KEX_REKEY_DATA)) {
 		TRACE(("rekeying after timeout or max data reached"))
 		send_msg_kexinit();
 	}
-	
+
 	if (opts.keepalive_secs > 0 && ses.authstate.authdone) {
 		/* Avoid sending keepalives prior to auth - those are
 		not valid pre-auth packet types */
 
 		/* Send keepalives if we've been idle */
-		if (now - ses.last_packet_time_any_sent >= opts.keepalive_secs) {
+		if (elapsed(now, ses.last_packet_time_any_sent) >= opts.keepalive_secs) {
 			send_msg_keepalive();
 		}
 
 		/* Also send an explicit keepalive message to trigger a response
 		if the remote end hasn't sent us anything */
-		if (now - ses.last_packet_time_keepalive_recv >= opts.keepalive_secs
-			&& now - ses.last_packet_time_keepalive_sent >= opts.keepalive_secs) {
+		if (elapsed(now, ses.last_packet_time_keepalive_recv) >= opts.keepalive_secs
+			&& elapsed(now, ses.last_packet_time_keepalive_sent) >= opts.keepalive_secs) {
 			send_msg_keepalive();
 		}
 
-		if (now - ses.last_packet_time_keepalive_recv 
+		if (elapsed(now, ses.last_packet_time_keepalive_recv)
 			>= opts.keepalive_secs * DEFAULT_KEEPALIVE_LIMIT) {
 			dropbear_exit("Keepalive timeout");
 		}
 	}
 
-	if (opts.idle_timeout_secs > 0 
-			&& now - ses.last_packet_time_idle >= opts.idle_timeout_secs) {
+	if (opts.idle_timeout_secs > 0
+			&& elapsed(now, ses.last_packet_time_idle) >= opts.idle_timeout_secs) {
 		dropbear_close("Idle timeout");
 	}
 }
 
-static void update_timeout(long limit, long now, long last_event, long * timeout) {
-	TRACE2(("update_timeout limit %ld, now %ld, last %ld, timeout %ld",
-		limit, now, last_event, *timeout))
+static void update_timeout(long limit, time_t now, time_t last_event, long * timeout) {
+	TRACE2(("update_timeout limit %ld, now %llu, last %llu, timeout %ld",
+		limit,
+		(unsigned long long)now,
+		(unsigned long long)last_event, *timeout))
 	if (last_event > 0 && limit > 0) {
-		*timeout = MIN(*timeout, last_event+limit-now);
+		*timeout = MIN(*timeout, elapsed(now, last_event) + limit);
 		TRACE2(("new timeout %ld", *timeout))
 	}
 }
@@ -584,7 +595,7 @@ static long select_timeout() {
 	/* determine the minimum timeout that might be required, so
 	as to avoid waking when unneccessary */
 	long timeout = KEX_REKEY_TIMEOUT;
-	long now = monotonic_now();
+	time_t now = monotonic_now();
 
 	if (!ses.kexstate.sentkexinit) {
 		update_timeout(KEX_REKEY_TIMEOUT, now, ses.kexstate.lastkextime, &timeout);
@@ -596,7 +607,7 @@ static long select_timeout() {
 	}
 
 	if (ses.authstate.authdone) {
-		update_timeout(opts.keepalive_secs, now, 
+		update_timeout(opts.keepalive_secs, now,
 			MAX(ses.last_packet_time_keepalive_recv, ses.last_packet_time_keepalive_sent),
 			&timeout);
 	}

dbrandom.c

@@ -347,7 +347,7 @@ void genrandom(unsigned char* buf, unsigned int len) {
  * rand must be an initialised *mp_int for the result.
  * the result rand satisfies:  0 < rand < max 
  * */
-void gen_random_mpint(mp_int *max, mp_int *rand) {
+void gen_random_mpint(const mp_int *max, mp_int *rand) {
 
 	unsigned char *randbuf = NULL;
 	unsigned int len = 0;

dbrandom.h

@@ -30,6 +30,6 @@
 void seedrandom(void);
 void genrandom(unsigned char* buf, unsigned int len);
 void addrandom(const unsigned char * buf, unsigned int len);
-void gen_random_mpint(mp_int *max, mp_int *rand);
+void gen_random_mpint(const mp_int *max, mp_int *rand);
 
 #endif /* DROPBEAR_RANDOM_H_ */

dbutil.c

@@ -442,7 +442,7 @@ void printhex(const char * label, const unsigned char * buf, int len) {
 	}
 }
 
-void printmpint(const char *label, mp_int *mp) {
+void printmpint(const char *label, const mp_int *mp) {
 	buffer *buf = buf_new(1000);
 	buf_putmpint(buf, mp);
 	fprintf(stderr, "%d bits ", mp_count_bits(mp));
@@ -724,7 +724,7 @@ void gettime_wrapper(struct timespec *now) {
 	/* Fallback for everything else - this will sometimes go backwards */
 	gettimeofday(&tv, NULL);
 	now->tv_sec = tv.tv_sec;
-	now->tv_nsec = 1000*tv.tv_usec;
+	now->tv_nsec = 1000*(long)tv.tv_usec;
 }
 
 /* second-resolution monotonic timestamp */

dbutil.h

@@ -53,7 +53,7 @@ void dropbear_trace3(const char* format, ...) ATTRIB_PRINTF(1,2);
 void dropbear_trace4(const char* format, ...) ATTRIB_PRINTF(1,2);
 void dropbear_trace5(const char* format, ...) ATTRIB_PRINTF(1,2);
 void printhex(const char * label, const unsigned char * buf, int len);
-void printmpint(const char *label, mp_int *mp);
+void printmpint(const char *label, const mp_int *mp);
 void debug_start_net(void);
 extern int debug_trace;
 #endif

dropbearkey.c

@@ -139,6 +139,7 @@ static void check_signkey_bits(enum signkey_type type, int bits)
 				dropbear_exit("DSS keys have a fixed size of 1024 bits\n");
 				exit(EXIT_FAILURE);
 			}
+			break;
 #endif
 		default:
 			(void)0; /* quiet, compiler. ecdsa handles checks itself */

genrsa.c

@@ -34,7 +34,7 @@
 #if DROPBEAR_RSA
 
 static void getrsaprime(mp_int* prime, mp_int *primeminus, 
-		mp_int* rsa_e, unsigned int size_bytes);
+		const mp_int* rsa_e, unsigned int size_bytes);
 
 /* mostly taken from libtomcrypt's rsa key generation routine */
 dropbear_rsa_key * gen_rsa_priv_key(unsigned int size) {
@@ -89,7 +89,7 @@ dropbear_rsa_key * gen_rsa_priv_key(unsigned int size) {
 
 /* return a prime suitable for p or q */
 static void getrsaprime(mp_int* prime, mp_int *primeminus, 
-		mp_int* rsa_e, unsigned int size_bytes) {
+		const mp_int* rsa_e, unsigned int size_bytes) {
 
 	unsigned char *buf;
 	int trials;

loginrec.c

@@ -459,6 +459,7 @@ line_abbrevname(char *dst, const char *src, size_t dstsize)
 void
 set_utmp_time(struct logininfo *li, struct utmp *ut)
 {
+	/* struct utmp in glibc isn't y2038 safe yet */
 # ifdef HAVE_STRUCT_UTMP_UT_TV
 	ut->ut_tv.tv_sec = li->tv_sec;
 	ut->ut_tv.tv_usec = li->tv_usec;
@@ -1272,6 +1273,7 @@ lastlog_construct(struct logininfo *li, struct lastlog *last)
 	(void)line_stripname(last->ll_line, li->line, sizeof(last->ll_line));
 	strlcpy(last->ll_host, li->hostname,
 		MIN_SIZEOF(last->ll_host, li->hostname));
+	/* struct lastlog in glibc isn't y2038 safe yet */
 	last->ll_time = li->tv_sec;
 }
 

loginrec.h

@@ -139,8 +139,8 @@ struct logininfo {
 	/* struct timeval (sys/time.h) isn't always available, if it isn't we'll
 	 * use time_t's value as tv_sec and set tv_usec to 0
 	 */
-	unsigned int tv_sec;
-	unsigned int tv_usec;
+	time_t tv_sec;
+	suseconds_t tv_usec;
 	union login_netinfo hostaddr;       /* caller's host address(es) */
 }; /* struct logininfo */
 

runopts.h

@@ -39,8 +39,8 @@ typedef struct runopts {
 	int listen_fwd_all;
 #endif
 	unsigned int recv_window;
-	time_t keepalive_secs; /* Time between sending keepalives. 0 is off */
-	time_t idle_timeout_secs; /* Exit if no traffic is sent/received in this time */
+	long keepalive_secs; /* Time between sending keepalives. 0 is off */
+	long idle_timeout_secs; /* Exit if no traffic is sent/received in this time */
 	int usingsyslog;
 
 #ifndef DISABLE_ZLIB

signkey.c

@@ -120,6 +120,7 @@ enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen)
 /* Special case for rsa-sha2-256. This could be generalised if more 
    signature names are added that aren't 1-1 with public key names */
 const char* signature_name_from_type(enum signature_type type, unsigned int *namelen) {
+#if DROPBEAR_RSA
 #if DROPBEAR_RSA_SHA256
 	if (type == DROPBEAR_SIGNATURE_RSA_SHA256) {
 		if (namelen) {
@@ -136,11 +137,13 @@ const char* signature_name_from_type(enum signature_type type, unsigned int *nam
 		return SSH_SIGNKEY_RSA;
 	}
 #endif
+#endif /* DROPBEAR_RSA */
 	return signkey_name_from_type((enum signkey_type)type, namelen);
 }
 
 /* Returns DROPBEAR_SIGNATURE_NONE if none match */
 enum signature_type signature_type_from_name(const char* name, unsigned int namelen) {
+#if DROPBEAR_RSA
 #if DROPBEAR_RSA_SHA256
 	if (namelen == strlen(SSH_SIGNATURE_RSA_SHA256) 
 		&& memcmp(name, SSH_SIGNATURE_RSA_SHA256, namelen) == 0) {
@@ -153,10 +156,11 @@ enum signature_type signature_type_from_name(const char* name, unsigned int name
 		return DROPBEAR_SIGNATURE_RSA_SHA1;
 	}
 #endif
+#endif /* DROPBEAR_RSA */
 	return (enum signature_type)signkey_type_from_name(name, namelen);
 }
 
-/* Returns the signature type from a key type. Must not be called 
+/* Returns the signature type from a key type. Must not be called
    with RSA keytype */
 enum signature_type signature_type_from_signkey(enum signkey_type keytype) {
 #if DROPBEAR_RSA
@@ -167,6 +171,7 @@ enum signature_type signature_type_from_signkey(enum signkey_type keytype) {
 }
 
 enum signkey_type signkey_type_from_signature(enum signature_type sigtype) {
+#if DROPBEAR_RSA
 #if DROPBEAR_RSA_SHA256
 	if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA256) {
 		return DROPBEAR_SIGNKEY_RSA;
@@ -177,6 +182,7 @@ enum signkey_type signkey_type_from_signature(enum signature_type sigtype) {
 		return DROPBEAR_SIGNKEY_RSA;
 	}
 #endif
+#endif /* DROPBEAR_RSA */
 	assert((int)sigtype < (int)DROPBEAR_SIGNKEY_NUM_NAMED);
 	return (enum signkey_type)sigtype;
 }

signkey.h

@@ -79,12 +79,14 @@ enum signature_type {
 	DROPBEAR_SIGNATURE_SK_ED25519 = DROPBEAR_SIGNKEY_SK_ED25519,
 #endif
 #endif
+#if DROPBEAR_RSA
 #if DROPBEAR_RSA_SHA1
 	DROPBEAR_SIGNATURE_RSA_SHA1 = 100, /* ssh-rsa signature (sha1) */
 #endif
 #if DROPBEAR_RSA_SHA256
 	DROPBEAR_SIGNATURE_RSA_SHA256 = 101, /* rsa-sha2-256 signature. has a ssh-rsa key */
 #endif
+#endif /* DROPBEAR_RSA */
 	DROPBEAR_SIGNATURE_NONE = DROPBEAR_SIGNKEY_NONE,
 };
 

sshpty.c

@@ -380,7 +380,9 @@ pty_setowner(struct passwd *pw, const char *tty_name)
 				tty_name, strerror(errno));
 	}
 
-	if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
+	/* Allow either "tty" gid or user's own gid. On Linux with openpty()
+	 * this varies depending on the devpts mount options */
+	if (st.st_uid != pw->pw_uid || !(st.st_gid == gid || st.st_gid == pw->pw_gid)) {
 		if (chown(tty_name, pw->pw_uid, gid) < 0) {
 			if (errno == EROFS &&
 			    (st.st_uid == pw->pw_uid || st.st_uid == 0)) {

svr-auth.c

@@ -389,7 +389,7 @@ void send_msg_userauth_failure(int partial, int incrfail) {
 		Beware of integer overflow if increasing these values */
 		const unsigned int mindelay = 250000000;
 		const unsigned int vardelay = 100000000;
-		unsigned int rand_delay;
+		suseconds_t rand_delay;
 		struct timespec delay;
 
 		gettime_wrapper(&delay);

sysoptions.h

@@ -10,6 +10,14 @@
 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
 #define PROGNAME "dropbear"
 
+#ifndef DROPBEAR_CLIENT
+#define DROPBEAR_CLIENT 0
+#endif
+
+#ifndef DROPBEAR_SERVER
+#define DROPBEAR_SERVER 0
+#endif
+
 /* Spec recommends after one hour or 1 gigabyte of data. One hour
  * is a bit too verbose, so we try 8 hours */
 #ifndef KEX_REKEY_TIMEOUT
@@ -137,7 +145,7 @@
 
 /* Debian doesn't define this in system headers */
 #if !defined(LTM_DESC) && (DROPBEAR_ECC)
-#define LTM_DESC 
+#define LTM_DESC
 #endif
 
 #define DROPBEAR_ECC_256 (DROPBEAR_ECC)
@@ -151,9 +159,6 @@
  * signing operations slightly slower. */
 #define DROPBEAR_RSA_BLINDING 1
 
-#ifndef DROPBEAR_RSA_SHA1
-#define DROPBEAR_RSA_SHA1 DROPBEAR_RSA
-#endif
 #ifndef DROPBEAR_RSA_SHA256
 #define DROPBEAR_RSA_SHA256 DROPBEAR_RSA
 #endif
@@ -383,9 +388,11 @@
 #endif
 
 /* Fuzzing expects all key types to be enabled */
+#if DROPBEAR_FUZZ
 #if defined(DROPBEAR_DSS)
 #undef DROPBEAR_DSS
 #endif
 #define DROPBEAR_DSS 1
+#endif
 
 /* no include guard for this file */