1. 30 Sep, 2017 3 commits
  2. 28 Sep, 2017 2 commits
  3. 26 Sep, 2017 3 commits
  4. 24 Sep, 2017 4 commits
    • Darren Tucker's avatar
    • djm@openbsd.org's avatar
      upstream commit · 218e6f98
      djm@openbsd.org authored
      fix inverted test on channel open failure path that
      "upgraded" a transient failure into a fatal error; reported by sthen and also
      seen by benno@; ok sthen@
      Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472
    • djm@openbsd.org's avatar
      upstream commit · c704f641
      djm@openbsd.org authored
      write the correct buffer when tunnel forwarding; doesn't
      matter on OpenBSD (they are the same) but does matter on portable where we
      use an output filter to translate os-specific tun/tap headers
      Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284
    • djm@openbsd.org's avatar
      upstream commit · 55486f5c
      djm@openbsd.org authored
      fix tunnel forwarding problem introduced in refactor;
      reported by stsp@ ok markus@
      Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04
  5. 21 Sep, 2017 3 commits
    • markus@openbsd.org's avatar
      upstream commit · 609d7a66
      markus@openbsd.org authored
      Add 'reverse' dynamic forwarding which combines dynamic
      forwarding (-D) with remote forwarding (-R) where the remote-forwarded port
      expects SOCKS-requests.
      The SSH server code is unchanged and the parsing happens at the SSH
      clients side. Thus the full SOCKS-request is sent over the forwarded
      channel and the client parses c->output. Parsing happens in
      channel_before_prepare_select(), _before_ the select bitmask is
      computed in the pre[] handlers, but after network input processing
      in the post[] handlers.
      help and ok djm@
      Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
    • dtucker@openbsd.org's avatar
      upstream commit · 36945fa1
      dtucker@openbsd.org authored
      Use strsignal in debug message instead of casting for the
      benefit of portable where sig_atomic_t might not be int.  "much nicer"
      Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79
    • millert@openbsd.org's avatar
      upstream commit · 3e8d185a
      millert@openbsd.org authored
      Use explicit_bzero() instead of bzero() before free() to
      prevent the compiler from optimizing away the bzero() call.  OK djm@
      Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d
  6. 19 Sep, 2017 5 commits
    • djm@openbsd.org's avatar
      upstream commit · 5b8da1f5
      djm@openbsd.org authored
      fix use-after-free in ~^Z escape handler path, introduced
      in channels.c refactor; spotted by millert@ "makes sense" deraadt@
      Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22
    • dtucker@openbsd.org's avatar
      upstream commit · a3839d8d
      dtucker@openbsd.org authored
      Prevent type mismatch warning in debug on platforms where
      sig_atomic_t != int.  ok djm@
      Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed
    • dtucker@openbsd.org's avatar
      upstream commit · 30484e5e
      dtucker@openbsd.org authored
      Add braces missing after channels refactor.  ok markus@
      Upstream-ID: 72ab325c84e010680dbc88f226e2aa96b11a3980
    • Damien Miller's avatar
      add freezero(3) replacement · b7956919
      Damien Miller authored
      ok dtucker@
    • Damien Miller's avatar
      move FORTIFY_SOURCE into hardening options group · 161af8f5
      Damien Miller authored
      It's still on by default, but now it's possible to turn it off using
      --without-hardening. This is useful since it's known to cause problems
      with some -fsanitize options. ok dtucker@
  7. 18 Sep, 2017 4 commits
    • bluhm@openbsd.org's avatar
      upstream commit · 09eacf85
      bluhm@openbsd.org authored
      Print SKIPPED if sudo and doas configuration is missing.
      Prevents that running the regression test with wrong environment is reported
      as failure.  Keep the fatal there to avoid interfering with other setups for
      portable ssh. OK dtucker@
      Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e
    • dtucker@openbsd.org's avatar
      upstream commit · cdede108
      dtucker@openbsd.org authored
      Remove obsolete privsep=no fallback test.
      Upstream-Regress-ID: 7d6e1baa1678ac6be50c2a1555662eb1047638df
    • dtucker@openbsd.org's avatar
      upstream commit · ec218c10
      dtucker@openbsd.org authored
      Remove non-privsep test since disabling privsep is now
      Upstream-Regress-ID: 77ad3f3d8d52e87f514a80f285c6c1229b108ce8
    • dtucker@openbsd.org's avatar
      upstream commit · 239c57d5
      dtucker@openbsd.org authored
      Don't call fatal from stop_sshd since it calls cleanup
      which calls stop_sshd which will probably fail in the same way.  Instead,
      just bail. Differentiate between sshd dying without cleanup and not shutting
      Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4
  8. 14 Sep, 2017 1 commit
    • djm@openbsd.org's avatar
      upstream commit · aea59a0d
      djm@openbsd.org authored
      Revert commitid: gJtIN6rRTS3CHy9b.
      identify the case where SSHFP records are missing but other DNS RR
      types are present and display a more useful error message for this
      case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
      This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results
      are missing but the user already has the key in known_hosts
      Spotted by dtucker@
      Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920
  9. 12 Sep, 2017 7 commits
    • Damien Miller's avatar
      adapt portable to channels API changes · 871f1e43
      Damien Miller authored
    • djm@openbsd.org's avatar
      upstream commit · 4ec0bb9f
      djm@openbsd.org authored
      unused variable
      Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1
    • djm@openbsd.org's avatar
      upstream commit · 9145a73c
      djm@openbsd.org authored
      fix tun/tap forwarding case in previous
      Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53
    • djm@openbsd.org's avatar
      upstream commit · 9f53229c
      djm@openbsd.org authored
      Make remote channel ID a u_int
      Previously we tracked the remote channel IDs in an int, but this is
      strictly incorrect: the wire protocol uses uint32 and there is nothing
      in-principle stopping a SSH implementation from sending, say, 0xffff0000.
      In practice everyone numbers their channels sequentially, so this has
      never been a problem.
      ok markus@
      Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
    • djm@openbsd.org's avatar
      upstream commit · dbee4119
      djm@openbsd.org authored
      refactor channels.c
      Move static state to a "struct ssh_channels" that is allocated at
      runtime and tracked as a member of struct ssh.
      Explicitly pass "struct ssh" to all channels functions.
      Replace use of the legacy packet APIs in channels.c.
      Rework sshd_config PermitOpen handling: previously the configuration
      parser would call directly into the channels layer. After the refactor
      this is not possible, as the channels structures are allocated at
      connection time and aren't available when the configuration is parsed.
      The server config parser now tracks PermitOpen itself and explicitly
      configures the channels code later.
      ok markus@
      Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
    • djm@openbsd.org's avatar
      upstream commit · abd59663
      djm@openbsd.org authored
      typo in comment
      Upstream-ID: a93b1e6f30f1f9b854b5b964b9fd092d0c422c47
    • jmc@openbsd.org's avatar
      upstream commit · 149a8cd2
      jmc@openbsd.org authored
      tweak previous;
      Upstream-ID: bb8cc40b61b15f6a13d81da465ac5bfc65cbfc4b
  10. 08 Sep, 2017 2 commits
    • Damien Miller's avatar
      Fuzzer harnesses for sig verify and pubkey parsing · ec9d22cc
      Damien Miller authored
      These are some basic clang libfuzzer harnesses for signature
      verification and public key parsing. Some assembly (metaphorical)
    • Damien Miller's avatar
      Give configure ability to set CFLAGS/LDFLAGS later · de35c382
      Damien Miller authored
      Some CFLAGS/LDFLAGS may disrupt the configure script's operation,
      in particular santization and fuzzer options that break assumptions
      about memory and file descriptor dispositions.
      This adds two flags to configure --with-cflags-after and
      --with-ldflags-after that allow specifying additional compiler and
      linker options that are added to the resultant Makefiles but not
      used in the configure run itself.
      env CC=clang-3.9 ./configure \
        --with-cflags-after=-fsantize=address \
        --with-ldflags-after="-g -fsanitize=address"
  11. 03 Sep, 2017 6 commits
    • djm@openbsd.org's avatar
      upstream commit · 22376d27
      djm@openbsd.org authored
      Expand ssh_config's StrictModes option with two new
      StrictModes=accept-new will automatically accept hitherto-unseen keys
      but will refuse connections for changed or invalid hostkeys.
      StrictModes=off is the same as StrictModes=no
      StrictModes=no combines two behaviours for host key processing:
      automatically learning new hostkeys and continuing to connect to hosts
      with invalid/changed hostkeys. The latter behaviour is quite dangerous
      since it removes most of the protections the SSH protocol is supposed to
      Quite a few users want to automatically learn hostkeys however, so
      this makes that feature available with less danger.
      At some point in the future, StrictModes=no will change to be a synonym
      for accept-new, with its current behaviour remaining available via
      bz#2400, suggested by Michael Samuel; ok markus
      Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64
    • jmc@openbsd.org's avatar
      upstream commit · ff3c4238
      jmc@openbsd.org authored
      remove blank line;
      Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423
    • djm@openbsd.org's avatar
      upstream commit · b828605d
      djm@openbsd.org authored
      identify the case where SSHFP records are missing but
      other DNS RR types are present and display a more useful error message for
      this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
      Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244
    • djm@openbsd.org's avatar
      upstream commit · 8042bad9
      djm@openbsd.org authored
      document available AuthenticationMethods; bz#2453 ok
      Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0
    • djm@openbsd.org's avatar
      upstream commit · 71e5a536
      djm@openbsd.org authored
      pass packet state down to some of the channels function
      (more to come...); ok markus@
      Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b
    • jmc@openbsd.org's avatar
      upstream commit · 6227fe5b
      jmc@openbsd.org authored
      sort options;
      Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c