1. 30 Sep, 2017 3 commits
  2. 28 Sep, 2017 2 commits
  3. 26 Sep, 2017 3 commits
  4. 24 Sep, 2017 4 commits
    • Darren Tucker's avatar
      44fc334c
    • djm@openbsd.org's avatar
      upstream commit · 218e6f98
      djm@openbsd.org authored
      fix inverted test on channel open failure path that
      "upgraded" a transient failure into a fatal error; reported by sthen and also
      seen by benno@; ok sthen@
      
      Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472
      218e6f98
    • djm@openbsd.org's avatar
      upstream commit · c704f641
      djm@openbsd.org authored
      write the correct buffer when tunnel forwarding; doesn't
      matter on OpenBSD (they are the same) but does matter on portable where we
      use an output filter to translate os-specific tun/tap headers
      
      Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284
      c704f641
    • djm@openbsd.org's avatar
      upstream commit · 55486f5c
      djm@openbsd.org authored
      fix tunnel forwarding problem introduced in refactor;
      reported by stsp@ ok markus@
      
      Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04
      55486f5c
  5. 21 Sep, 2017 3 commits
    • markus@openbsd.org's avatar
      upstream commit · 609d7a66
      markus@openbsd.org authored
      Add 'reverse' dynamic forwarding which combines dynamic
      forwarding (-D) with remote forwarding (-R) where the remote-forwarded port
      expects SOCKS-requests.
      
      The SSH server code is unchanged and the parsing happens at the SSH
      clients side. Thus the full SOCKS-request is sent over the forwarded
      channel and the client parses c->output. Parsing happens in
      channel_before_prepare_select(), _before_ the select bitmask is
      computed in the pre[] handlers, but after network input processing
      in the post[] handlers.
      
      help and ok djm@
      
      Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
      609d7a66
    • dtucker@openbsd.org's avatar
      upstream commit · 36945fa1
      dtucker@openbsd.org authored
      Use strsignal in debug message instead of casting for the
      benefit of portable where sig_atomic_t might not be int.  "much nicer"
      deraadt@
      
      Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79
      36945fa1
    • millert@openbsd.org's avatar
      upstream commit · 3e8d185a
      millert@openbsd.org authored
      Use explicit_bzero() instead of bzero() before free() to
      prevent the compiler from optimizing away the bzero() call.  OK djm@
      
      Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d
      3e8d185a
  6. 19 Sep, 2017 5 commits
    • djm@openbsd.org's avatar
      upstream commit · 5b8da1f5
      djm@openbsd.org authored
      fix use-after-free in ~^Z escape handler path, introduced
      in channels.c refactor; spotted by millert@ "makes sense" deraadt@
      
      Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22
      5b8da1f5
    • dtucker@openbsd.org's avatar
      upstream commit · a3839d8d
      dtucker@openbsd.org authored
      Prevent type mismatch warning in debug on platforms where
      sig_atomic_t != int.  ok djm@
      
      Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed
      a3839d8d
    • dtucker@openbsd.org's avatar
      upstream commit · 30484e5e
      dtucker@openbsd.org authored
      Add braces missing after channels refactor.  ok markus@
      
      Upstream-ID: 72ab325c84e010680dbc88f226e2aa96b11a3980
      30484e5e
    • Damien Miller's avatar
      add freezero(3) replacement · b7956919
      Damien Miller authored
      ok dtucker@
      b7956919
    • Damien Miller's avatar
      move FORTIFY_SOURCE into hardening options group · 161af8f5
      Damien Miller authored
      It's still on by default, but now it's possible to turn it off using
      --without-hardening. This is useful since it's known to cause problems
      with some -fsanitize options. ok dtucker@
      161af8f5
  7. 18 Sep, 2017 4 commits
    • bluhm@openbsd.org's avatar
      upstream commit · 09eacf85
      bluhm@openbsd.org authored
      Print SKIPPED if sudo and doas configuration is missing.
      Prevents that running the regression test with wrong environment is reported
      as failure.  Keep the fatal there to avoid interfering with other setups for
      portable ssh. OK dtucker@
      
      Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e
      09eacf85
    • dtucker@openbsd.org's avatar
      upstream commit · cdede108
      dtucker@openbsd.org authored
      Remove obsolete privsep=no fallback test.
      
      Upstream-Regress-ID: 7d6e1baa1678ac6be50c2a1555662eb1047638df
      cdede108
    • dtucker@openbsd.org's avatar
      upstream commit · ec218c10
      dtucker@openbsd.org authored
      Remove non-privsep test since disabling privsep is now
      deprecated.
      
      Upstream-Regress-ID: 77ad3f3d8d52e87f514a80f285c6c1229b108ce8
      ec218c10
    • dtucker@openbsd.org's avatar
      upstream commit · 239c57d5
      dtucker@openbsd.org authored
      Don't call fatal from stop_sshd since it calls cleanup
      which calls stop_sshd which will probably fail in the same way.  Instead,
      just bail. Differentiate between sshd dying without cleanup and not shutting
      down.
      
      Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4
      239c57d5
  8. 14 Sep, 2017 1 commit
    • djm@openbsd.org's avatar
      upstream commit · aea59a0d
      djm@openbsd.org authored
      Revert commitid: gJtIN6rRTS3CHy9b.
      
      -------------
      identify the case where SSHFP records are missing but other DNS RR
      types are present and display a more useful error message for this
      case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
      -------------
      
      This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results
      are missing but the user already has the key in known_hosts
      
      Spotted by dtucker@
      
      Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920
      aea59a0d
  9. 12 Sep, 2017 7 commits
    • Damien Miller's avatar
      adapt portable to channels API changes · 871f1e43
      Damien Miller authored
      871f1e43
    • djm@openbsd.org's avatar
      upstream commit · 4ec0bb9f
      djm@openbsd.org authored
      unused variable
      
      Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1
      4ec0bb9f
    • djm@openbsd.org's avatar
      upstream commit · 9145a73c
      djm@openbsd.org authored
      fix tun/tap forwarding case in previous
      
      Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53
      9145a73c
    • djm@openbsd.org's avatar
      upstream commit · 9f53229c
      djm@openbsd.org authored
      Make remote channel ID a u_int
      
      Previously we tracked the remote channel IDs in an int, but this is
      strictly incorrect: the wire protocol uses uint32 and there is nothing
      in-principle stopping a SSH implementation from sending, say, 0xffff0000.
      
      In practice everyone numbers their channels sequentially, so this has
      never been a problem.
      
      ok markus@
      
      Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
      9f53229c
    • djm@openbsd.org's avatar
      upstream commit · dbee4119
      djm@openbsd.org authored
      refactor channels.c
      
      Move static state to a "struct ssh_channels" that is allocated at
      runtime and tracked as a member of struct ssh.
      
      Explicitly pass "struct ssh" to all channels functions.
      
      Replace use of the legacy packet APIs in channels.c.
      
      Rework sshd_config PermitOpen handling: previously the configuration
      parser would call directly into the channels layer. After the refactor
      this is not possible, as the channels structures are allocated at
      connection time and aren't available when the configuration is parsed.
      The server config parser now tracks PermitOpen itself and explicitly
      configures the channels code later.
      
      ok markus@
      
      Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
      dbee4119
    • djm@openbsd.org's avatar
      upstream commit · abd59663
      djm@openbsd.org authored
      typo in comment
      
      Upstream-ID: a93b1e6f30f1f9b854b5b964b9fd092d0c422c47
      abd59663
    • jmc@openbsd.org's avatar
      upstream commit · 149a8cd2
      jmc@openbsd.org authored
      tweak previous;
      
      Upstream-ID: bb8cc40b61b15f6a13d81da465ac5bfc65cbfc4b
      149a8cd2
  10. 08 Sep, 2017 2 commits
    • Damien Miller's avatar
      Fuzzer harnesses for sig verify and pubkey parsing · ec9d22cc
      Damien Miller authored
      These are some basic clang libfuzzer harnesses for signature
      verification and public key parsing. Some assembly (metaphorical)
      required.
      ec9d22cc
    • Damien Miller's avatar
      Give configure ability to set CFLAGS/LDFLAGS later · de35c382
      Damien Miller authored
      Some CFLAGS/LDFLAGS may disrupt the configure script's operation,
      in particular santization and fuzzer options that break assumptions
      about memory and file descriptor dispositions.
      
      This adds two flags to configure --with-cflags-after and
      --with-ldflags-after that allow specifying additional compiler and
      linker options that are added to the resultant Makefiles but not
      used in the configure run itself.
      
      E.g.
      
      env CC=clang-3.9 ./configure \
        --with-cflags-after=-fsantize=address \
        --with-ldflags-after="-g -fsanitize=address"
      de35c382
  11. 03 Sep, 2017 6 commits
    • djm@openbsd.org's avatar
      upstream commit · 22376d27
      djm@openbsd.org authored
      Expand ssh_config's StrictModes option with two new
      settings:
      
      StrictModes=accept-new will automatically accept hitherto-unseen keys
      but will refuse connections for changed or invalid hostkeys.
      
      StrictModes=off is the same as StrictModes=no
      
      Motivation:
      
      StrictModes=no combines two behaviours for host key processing:
      automatically learning new hostkeys and continuing to connect to hosts
      with invalid/changed hostkeys. The latter behaviour is quite dangerous
      since it removes most of the protections the SSH protocol is supposed to
      provide.
      
      Quite a few users want to automatically learn hostkeys however, so
      this makes that feature available with less danger.
      
      At some point in the future, StrictModes=no will change to be a synonym
      for accept-new, with its current behaviour remaining available via
      StrictModes=off.
      
      bz#2400, suggested by Michael Samuel; ok markus
      
      Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64
      22376d27
    • jmc@openbsd.org's avatar
      upstream commit · ff3c4238
      jmc@openbsd.org authored
      remove blank line;
      
      Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423
      ff3c4238
    • djm@openbsd.org's avatar
      upstream commit · b828605d
      djm@openbsd.org authored
      identify the case where SSHFP records are missing but
      other DNS RR types are present and display a more useful error message for
      this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
      
      Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244
      b828605d
    • djm@openbsd.org's avatar
      upstream commit · 8042bad9
      djm@openbsd.org authored
      document available AuthenticationMethods; bz#2453 ok
      dtucker@
      
      Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0
      8042bad9
    • djm@openbsd.org's avatar
      upstream commit · 71e5a536
      djm@openbsd.org authored
      pass packet state down to some of the channels function
      (more to come...); ok markus@
      
      Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b
      71e5a536
    • jmc@openbsd.org's avatar
      upstream commit · 6227fe5b
      jmc@openbsd.org authored
      sort options;
      
      Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c
      6227fe5b