dtucker [Sun, 20 May 2007 05:10:16 +0000 (05:10 +0000)]
- djm@cvs.openbsd.org 2007/05/17 20:52:13
[monitor.c]
pass received SIGINT from monitor to postauth child so it can clean
up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com;
ok markus@
dtucker [Sun, 20 May 2007 05:09:42 +0000 (05:09 +0000)]
- djm@cvs.openbsd.org 2007/05/17 20:48:13
[sshconnect2.c]
fall back to gethostname() when the outgoing connection is not
on a socket, such as is the case when ProxyCommand is used.
Gives hostbased auth an opportunity to work; bz#616, report
and feedback stuart AT kaloram.com; ok markus@
dtucker [Sun, 20 May 2007 05:09:04 +0000 (05:09 +0000)]
- djm@cvs.openbsd.org 2007/05/17 07:55:29
[sftp-server.c]
bz#1286 stop reading and processing commands when input or output buffer
is nearly full, otherwise sftp-server would happily try to grow the
input/output buffers past the maximum supported by the buffer API and
promptly fatal()
based on patch from Thue Janus Kristensen; feedback & ok dtucker@
dtucker [Sun, 20 May 2007 04:59:32 +0000 (04:59 +0000)]
- stevesk@cvs.openbsd.org 2007/04/18 01:12:43
[sftp-server.c]
cast "%llu" format spec to (unsigned long long); do not assume a
u_int64_t arg is the same as 'unsigned long long'.
from Dmitry V. Levin <ldv@altlinux.org>
ok markus@ 'Yes, that looks correct' millert@
- (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use the
platform's _res if it has one. Should fix problem of DNSSEC record lookups
on NetBSD as reported by Curt Sampson.
tim [Mon, 26 Mar 2007 16:35:28 +0000 (16:35 +0000)]
20070326
- (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
dtucker [Sun, 25 Mar 2007 08:26:01 +0000 (08:26 +0000)]
- (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
LIBWRAP and LIBPAM variables in Makefile with the general-purpose
SSHDLIBS. "I like" djm@
dtucker [Wed, 21 Mar 2007 10:39:57 +0000 (10:39 +0000)]
- (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
getpeerucred to implement getpeereid (currently only Solaris 10 and up).
Patch by Jan.Pechanec at Sun.
dtucker [Wed, 21 Mar 2007 09:45:06 +0000 (09:45 +0000)]
- dtucker@cvs.openbsd.org 2007/03/19 12:16:42
[ssh-agent.c]
Remove the signal handler that checks if the agent's parent process
has gone away, instead check when the select loop returns. Record when
the next key will expire when scanning for expired keys. Set the select
timeout to whichever of these two things happens next. With djm@, with &
ok deraadt@ markus@
dtucker [Wed, 21 Mar 2007 09:42:24 +0000 (09:42 +0000)]
- djm@cvs.openbsd.org 2007/03/19 01:01:29
[sshd_config]
Disable the legacy SSH protocol 1 for new installations via
a configuration override. In the future, we will change the
server's default itself so users who need the legacy protocol
will need to turn it on explicitly
dtucker [Wed, 21 Mar 2007 09:38:53 +0000 (09:38 +0000)]
- dtucker@cvs.openbsd.org 2007/03/09 05:20:06
[servconf.c sshd.c]
Move C/R -> kbdint special case to after the defaults have been
loaded, which makes ChallengeResponse default to yes again. This
was broken by the Match changes and not fixed properly subsequently.
Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
dtucker [Tue, 13 Mar 2007 07:50:04 +0000 (07:50 +0000)]
- (dtucker) [cipher-3des1.c cipher-bf1.c] The OpenSSL 0.9.8e problem in
bug #1291 also affects Protocol 1 3des. While at it, use compat-openssl.h
in cipher-bf1.c. Patch from Juan Gallego.
dtucker [Mon, 5 Mar 2007 07:25:20 +0000 (07:25 +0000)]
- (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
ciphers from working correctly (disconnects with "Bad packet length"
errors) as found by Ben Harris. ok djm@
djm [Mon, 5 Mar 2007 00:51:27 +0000 (00:51 +0000)]
- (djm) [configure.ac] add a --without-openssl-header-check option to
configure, as some platforms (OS X) ship OpenSSL headers whose version
does not match that of the shipping library. ok dtucker@
dtucker [Fri, 2 Mar 2007 06:50:03 +0000 (06:50 +0000)]
- (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
CRLF as well as LF lineendings) and write in binary mode. Patch from
vinschen at redhat.com.
dtucker [Thu, 1 Mar 2007 10:31:28 +0000 (10:31 +0000)]
- dtucker@cvs.openbsd.org 2007/03/01 10:28:02
[auth2.c sshd_config.5 servconf.c]
Remove ChallengeResponseAuthentication support inside a Match
block as its interaction with KbdInteractive makes it difficult to
support. Also, relocate the CR/kbdint option special-case code into
servconf. "please commit" djm@, ok markus@ for the relocation.
dtucker [Wed, 28 Feb 2007 10:19:58 +0000 (10:19 +0000)]
- dtucker@cvs.openbsd.org 2007/02/28 00:55:30
[ssh-agent.c]
Remove expired keys periodically so they don't remain in memory when
the agent is entirely idle, as noted by David R. Piegdon. This is the
simple fix, a more efficient one will be done later. With markus,
deraadt, with & ok djm.
dtucker [Sun, 25 Feb 2007 09:38:55 +0000 (09:38 +0000)]
- ray@cvs.openbsd.org 2007/02/24 03:30:11
[moduli.c]
- strlen returns size_t, not int.
- Pass full buffer size to fgets.
OK djm@, millert@, and moritz@.
dtucker [Sun, 25 Feb 2007 09:37:21 +0000 (09:37 +0000)]
- dtucker@cvs.openbsd.org 2007/02/21 11:00:05
[sshd.c]
Clear alarm() before restarting sshd on SIGHUP. Without this, if there's
a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
newly exec'ed sshd will get the SIGALRM and not have a handler for it,
and the default action will terminate the listening sshd. Analysis and
patch from andrew at gaul.org.
dtucker [Sun, 25 Feb 2007 09:36:49 +0000 (09:36 +0000)]
- djm@cvs.openbsd.org 2007/02/20 10:25:14
[clientloop.c]
set maximum packet and window sizes the same for multiplexed clients
as normal connections; ok markus@
dtucker [Mon, 19 Feb 2007 11:56:55 +0000 (11:56 +0000)]
- (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc
an array for signatures when there are none since "calloc(0, n) returns
NULL on some platforms (eg Tru64), which is explicitly permitted by
POSIX. Diagnosis and patch by svallet genoscope.cns.fr.
dtucker [Mon, 19 Feb 2007 11:25:37 +0000 (11:25 +0000)]
- dtucker@cvs.openbsd.org 2007/02/19 10:45:58
[monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
Teach Match how handle config directives that are used before
authentication. This allows configurations such as permitting password
authentication from the local net only while requiring pubkey from
offsite. ok djm@, man page bits ok jmc@
dtucker [Mon, 19 Feb 2007 11:14:11 +0000 (11:14 +0000)]
- djm@cvs.openbsd.org 2007/01/22 13:06:21
[scp.c]
fix detection of whether we should show progress meter or not: scp
tested isatty(stderr) but wrote the progress meter to stdout. This patch
makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com;
of dtucker@
dtucker [Mon, 19 Feb 2007 11:13:39 +0000 (11:13 +0000)]
- djm@cvs.openbsd.org 2007/01/22 11:32:50
[sftp-client.c]
return error from do_upload() when a write fails. fixes bz#1252: zero
exit status from sftp when uploading to a full device. report from
jirkat AT atlas.cz; ok dtucker@
dtucker [Mon, 19 Feb 2007 11:09:45 +0000 (11:09 +0000)]
- dtucker@cvs.openbsd.org 2007/01/17 23:22:52
[readconf.c]
Honour activep for times (eg ServerAliveInterval) while parsing
ssh_config and ~/.ssh/config so they work properly with Host directives.
From mario.lorenz@wincor-nixdorf.com via bz #1275. ok markus@
dtucker [Mon, 19 Feb 2007 11:08:17 +0000 (11:08 +0000)]
- jmc@cvs.openbsd.org 2007/01/10 13:23:22
[ssh_config.5]
do not use a list for SYNOPSIS;
this is actually part of a larger report sent by eric s. raymond
and forwarded by brad, but i only read half of it. spotted by brad.
djm [Sun, 28 Jan 2007 23:16:28 +0000 (23:16 +0000)]
- (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52)
when closing a tty session when a background process still holds tty
fds open. Great detective work and patch by Marc Aurele La France,
slightly tweaked by me; ok dtucker@
dtucker [Tue, 23 Jan 2007 13:07:29 +0000 (13:07 +0000)]
- (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public
library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro
so it works properly and modify its callers so that they don't pre or
post decrement arguments that are conditionally evaluated. While there,
put SNPRINTF_CONST back as it prevents build failures in some
configurations. ok djm@ (for most of it)
dtucker [Wed, 17 Jan 2007 00:00:13 +0000 (00:00 +0000)]
- (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h
and multiple including it causes problems on old IRIXes. (It snuck back
in during a sync.) Found (again) by Georg Schwarz.
djm [Sun, 14 Jan 2007 10:20:30 +0000 (10:20 +0000)]
- (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return
value of snprintf replacement, similar to bugs in various libc
implementations. This overflow is not exploitable in OpenSSH.
While I'm fiddling with it, make it a fair bit faster by inlining the
append-char routine; ok dtucker@
djm [Fri, 5 Jan 2007 05:29:02 +0000 (05:29 +0000)]
- dtucker@cvs.openbsd.org 2006/12/14 10:01:14
[servconf.c]
Make "PermitOpen all" first-match within a block to match the way other
options work. ok markus@ djm@
djm [Fri, 5 Jan 2007 05:28:36 +0000 (05:28 +0000)]
- dtucker@cvs.openbsd.org 2006/12/13 08:34:39
[servconf.c]
Make PermitOpen work with multiple values like the man pages says.
bz #1267 with details from peter at dmtz.com, with & ok djm@
djm [Fri, 5 Jan 2007 05:26:45 +0000 (05:26 +0000)]
- djm@cvs.openbsd.org 2006/12/12 03:58:42
[channels.c compat.c compat.h]
bz #1019: some ssh.com versions apparently can't cope with the
remote port forwarding bind_address being a hostname, so send
them an address for cases where they are not explicitly
specified (wildcard or localhost bind). reported by daveroth AT
acm.org; ok dtucker@ deraadt@
djm [Mon, 4 Dec 2006 22:08:54 +0000 (22:08 +0000)]
- (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would
occur if the server did not have the privsep user and an invalid user
tried to login and both privsep and krb5 auth are disabled.
dtucker [Tue, 7 Nov 2006 12:16:08 +0000 (12:16 +0000)]
- markus@cvs.openbsd.org 2006/11/07 10:31:31
[monitor.c version.h]
correctly check for bad signatures in the monitor, otherwise the monitor
and the unpriv process can get out of sync. with dtucker@, ok djm@,
dtucker@
djm [Sat, 4 Nov 2006 18:32:02 +0000 (18:32 +0000)]
- markus@cvs.openbsd.org 2006/10/31 16:33:12
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c]
check DH_compute_key() for -1 even if it should not happen because of
earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
dtucker [Tue, 31 Oct 2006 23:28:49 +0000 (23:28 +0000)]
- (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr
events fatal in Solaris process contract support and tell it to signal
only processes in the same process group when something happens.
Based on information from andrew.benham at thus.net and similar to
a patch from Chad Mynhier. ok djm@
djm [Mon, 23 Oct 2006 17:02:41 +0000 (17:02 +0000)]
- markus@cvs.openbsd.org 2006/10/11 12:38:03
[clientloop.c serverloop.c]
exit instead of doing a blocking tcp send if we detect a client/server
timeout, since the tcp sendqueue might be already full (of alive
requests); ok dtucker, report mpf
djm [Mon, 23 Oct 2006 17:01:56 +0000 (17:01 +0000)]
- djm@cvs.openbsd.org 2006/10/09 23:36:11
[session.c]
xmalloc -> xcalloc that was missed previously, from portable
(NB. Id sync only for portable, obviously)