summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* 2019.77DROPBEAR_2019.77Matt Johnston2019-03-233-1/+47
|
* use "openssl sha256"Matt Johnston2019-03-231-1/+1
|
* Update config.sub to 2019-01-05 and config.guess to 2019-03-04Matt Johnston2019-03-232-1678/+1767
|
* fix constness build errorMatt Johnston2019-03-212-2/+2
|
* limit password length to 100Matt Johnston2019-03-212-1/+12
|
* Increase MAX_USERNAME_LEN to 100Matt Johnston2019-03-201-1/+1
|
* dropbearconvert: keyimport.c: fix BER encoding of secp521r1 keys (#69)Christian Hohnst?dt2019-03-201-1/+3
| | | | | | | | | | | | | | | | | | | keysizes >= 128 octets will be encoded with a 3 byte header which must be accounted by the optional-header Reproduce: master:~/build/dropbear$ ./dropbearkey -t ecdsa -s 521 -f K Generating 521 bit ecdsa key, this may take a while... master:~/build/dropbear$ ./dropbearconvert d o K L Key is a ecdsa-sha2-nistp521 key Wrote key to 'L' master:~/build/dropbear$ openssl ec < L read EC key unable to load Key 139769806448384:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:crypto/asn1/asn1_lib.c:91:
* support openssh long option -o Port=XXXX (#68)xcko2019-03-201-0/+6
|
* cygwin competibility fix (#64)karel-m2019-03-201-1/+5
|
* drop obsolete definition for MAX_KEXHASHBUF (#65)Andre McCurdy2019-03-201-3/+0
| | | | | | | | The last code to make use of MAX_KEXHASHBUF was removed in 2005: https://github.com/mkj/dropbear/commit/736f370dce614b717193f45d084e9e009de723ce Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
* Add a sanity check for DROPBEAR_SVR_MULTIUSER==0 modeMatt Johnston2019-03-202-1/+13
|
* Support servers without multiple user support (#76)Patrick Stewart2019-03-205-1/+18
|
* packet: remove stale comment about "packet_type" (#63)Konstantin Demin2019-03-201-2/+0
| | | | | | clean up after 7f15910541 Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* fix some gcc warnings (#73)Fran?ois Perrad2019-03-202-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tweak string size fix gcc8 warnings ``` svr-agentfwd.c: In function 'bindagent': svr-agentfwd.c:254:53: warning: '%s' directive output may be truncated writing up to 107 bytes into a region of size between 0 and 107 [-Wformat-truncation=] snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/%s", path, sockfile); ^~ ~~~~~~~~ svr-agentfwd.c:254:2: note: 'snprintf' output between 2 and 216 bytes into a destination of size 108 snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/%s", path, sockfile); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``` * cleanup signed/unsigned comparison fix gcc8 warnings ``` scp.c: In function 'do_local_cmd': scp.c:132:17: warning: comparison of integer expressions of different signedness: 'u_int' {aka 'unsigned int'} and 'int' [-Wsign-compare] for (i = 0; i < a->num; i++) ^ scpmisc.c: In function 'addargs': scpmisc.c:161:25: warning: comparison of integer expressions of different signedness: 'int' and 'u_int' {aka 'unsigned int'} [-Wsign-compare] } else if (args->num+2 >= nalloc) ^~ scpmisc.c: In function 'replacearg': scpmisc.c:183:12: warning: comparison of integer expressions of different signedness: 'u_int' {aka 'unsigned int'} and 'int' [-Wsign-compare] if (which >= args->num) ^~ scpmisc.c: In function 'freeargs': scpmisc.c:196:17: warning: comparison of integer expressions of different signedness: 'u_int' {aka 'unsigned int'} and 'int' [-Wsign-compare] for (i = 0; i < args->num; i++) ^ ``` see https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/misc.h.diff?r1=1.16&r2=1.17
* use strlcpy & strlcat (#74)Fran?ois Perrad2019-03-202-5/+6
| | | | | | | | | | | | | | | | | | | | | * refactor checkpubkeyperms() with safe BSD functions fix gcc8 warnings ``` svr-authpubkey.c: In function 'checkpubkeyperms': svr-authpubkey.c:427:2: warning: 'strncat' specified bound 5 equals source length [-Wstringop-overflow=] strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ svr-authpubkey.c:433:2: warning: 'strncat' specified bound 16 equals source length [-Wstringop-overflow=] strncat(filename, "/authorized_keys", 16); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``` see https://www.sudo.ws/todd/papers/strlcpy.html * restore strlcpy in xstrdup see original https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/xmalloc.c?rev=1.16
* Fix for issue successfull login of disabled user (#78)vincentto132019-03-201-0/+1
| | | | | | | | | | | | | This commit introduces fix for scenario: 1. Root login disabled on dropbear 2. PAM authentication model enabled While login as root user, after prompt for password user is being notified about login failrue, but after second attempt of prompt for password within same session, login becames succesfull. Signed-off-by: Pawel Rapkiewicz <pawel.rapkiewicz@gmail.com>
* Add missing word to readme (#77)Michael Jones2019-03-201-1/+1
|
* add missing initializer (#71)Fran?ois Perrad2019-01-071-0/+1
|
* mergeMatt Johnston2018-11-1411-35/+58
|\
| * Split ChanType closehandler() and cleanup() so that dbclient doesn'tMatt Johnston2018-11-1410-31/+58
| | | | | | | | lose exit status messages
| * Remove some cluttering TRACE printoutsMatt Johnston2018-11-141-4/+0
| |
* | Remove incorrect _POSIX_C_SOURCEMatt Johnston2018-11-062-8/+0
|/
* - Add adaptive authentication failure delayMatt Johnston2018-11-056-48/+95
| | | | - Rework monotonic_now/gettime_wrapper and use clock_gettime on more platforms
* merge remote forward fixMatt Johnston2018-09-074-6/+12
|\
| * FIx remote forward listenersMatt Johnston2018-09-074-6/+12
| |
* | Merge writev #include fixMatt Johnston2018-08-2648-133/+1756
|\ \ | |/ |/|
| * Merge bugfix delay invalid usersMatt Johnston2018-08-2348-133/+1756
| |\
| | * avoid extended regex features to avoid caring about sed -r vs -EMatt Johnston2018-07-241-1/+1
| | |
| | * Fix leaks in kex fuzzersMatt Johnston2018-03-092-2/+10
| | |
| | * move dictionaries to corpus repoMatt Johnston2018-03-093-78/+0
| | |
| | * avoid leak of ecdh public keyMatt Johnston2018-03-081-0/+3
| | |
| | * kexhashbuf was much to small in kex fuzzersMatt Johnston2018-03-082-4/+2
| | |
| | * Disable wrapfds outside of fuzzed codeMatt Johnston2018-03-081-0/+6
| | |
| | * It turns out you can't have a single-quote in an #errorMatt Johnston2018-03-081-1/+1
| | |
| | * Only advertise a single server ecdsa key when -R (generate as required) isMatt Johnston2018-03-081-24/+35
| | | | | | | | | | | | specified. Fixes -R now that default ecdsa key size has changed.
| | * #error if no ecc size is chosenMatt Johnston2018-03-081-1/+1
| | |
| | * reduce fuzzer-kexdh params count again, still hitting timeoutMatt Johnston2018-03-071-2/+4
| | |
| | * don't allow null characters in authorized_keysMatt Johnston2018-03-071-1/+6
| | |
| | * fix leak in option handlingMatt Johnston2018-03-071-0/+6
| | |
| | * avoid leak of pubkey_optionsMatt Johnston2018-03-063-2/+11
| | |
| | * fix uninitialised memory in fuzzer codepathMatt Johnston2018-03-061-3/+5
| | |
| | * workaround memory sanitizer FD_ZERO false positivesMatt Johnston2018-03-066-9/+30
| | |
| | * reduce number of dh parameters so fuzzer doesn't timeoutMatt Johnston2018-03-062-2/+2
| | |
| | * ciphers/hashes/kex algorithms won't have string lengths, also useMatt Johnston2018-03-052-21/+54
| | | | | | | | | | | | dictionary for fuzzer-preauth_nomaths
| | * Don't read uninitialised value.Matt Johnston2018-03-051-1/+1
| | | | | | | | | | | | From https://github.com/libtom/libtommath/commit/1d03522625f46214733e8e143a4765c01fc146f9
| | * reduce number of params so it doesn't hit a timeoutMatt Johnston2018-03-052-2/+4
| | |
| | * fix some linksMatt Johnston2018-03-052-9/+11
| | |
| | * notes on the fuzzerMatt Johnston2018-03-051-0/+72
| | |
| | * Add kexdh and kexecdh fuzzersMatt Johnston2018-03-056-2/+168
| | |
| | * dictionary for fuzzer-preauthMatt Johnston2018-03-051-0/+33
| | |
View Lorry Controller Status