summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/packet.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* highly polished whitespace, mostly fixing spaces-for-tab and baddjm2021-04-031-8/+8
| | | | indentation on continuation lines. Prompted by GHPR#185
* make ssh->kex->session_id a sshbuf instead of u_char*/size_t anddjm2021-01-271-6/+5
| | | | | use that instead of global variables containing copies of it. feedback/ok markus@
* Set the specified TOS/DSCP for interactive use prior to TCP connect.djm2020-11-271-27/+4
| | | | | | | | | The connection phase of the SSH session is time-sensitive (due to server side login grace periods) and is frequently interactive (e.g. entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after authentication completes. ok dtucker@
* use the new variant log macros instead of prepending __func__ anddjm2020-10-181-27/+24
| | | | appending ssh_err(r) manually; ok markus@
* some language improvements; ok markusdjm2020-07-051-2/+2
|
* free kex in ssh_packet_close; ok djm semariemarkus2020-07-011-1/+3
|
* backout 1.293 fix kex mem-leak in ssh_packet_close at markus requestsemarie2020-06-261-3/+1
| | | | | the change introduced a NULL deref in sshpkt_vfatal() (uses of ssh->kex after calling ssh_packet_clear_keys())
* fix kex mem-leak in ssh_packet_close; ok djmmarkus2020-06-241-1/+3
|
* fix ssh -O proxy w/mux which got broken by no longermarkus2020-06-241-2/+5
| | | | | making ssh->kex optional in packet.c revision 1.278 ok djm@
* consistently check packet_timeout_ms against 0; ok djmmarkus2020-03-061-5/+5
|
* have sshpkt_fatal() save/restore errno before we potentiallydjm2020-01-301-1/+4
| | | | call strerror() (via ssh_err()); ok dtucker
* Fix typo in comment.dtucker2020-01-231-2/+2
|
* Make zlib optional. This adds a "ZLIB" build time option that allowsdtucker2020-01-231-1/+35
| | | | | building without zlib compression and associated options. With feedback from markus@, ok djm@
* strdup may return NULL if memory allocation fails. Use the safer xstrduptobhe2019-12-161-3/+3
| | | | | | which fatals on allocation failures. ok markus@
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-7/+7
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Typo and spelling fixes in comments and error messages. Patch fromdtucker2019-06-071-2/+2
| | | | knweiss at gmail.com via -portable.
* Remove crc32.{c,h} which were only used by the now-gone SSH1 protocol.dtucker2019-04-181-2/+1
| | | | Patch from yumkam at gmail.com, ok deraadt.
* in ssh_set_newkeys(), mention the direction that we're keying in debugdjm2019-03-011-5/+7
| | | | | messages. Previously it would be difficult to tell which direction it was talking about
* pass values used in KEX hash computation as sshbuf rather thandjm2019-01-211-1/+7
| | | | | | pointer+len suggested by me; implemented by markus@ ok me
* Make sshpkt_get_bignum2() allocate the bignum it is parsing ratherdjm2019-01-211-4/+3
| | | | | | than make the caller do it. Saves a lot of boilerplate code. from markus@ ok djm@
* allow sshpkt_fatal() to take a varargs format; we'll use this to givedjm2019-01-191-6/+23
| | | | | packet-related fatal error messages more context (esp. the remote endpoint) ok markus@
* fix memory leak of ciphercontext when rekeying; bz#2942djm2019-01-041-3/+3
| | | | Patch from Markus Schmidt; ok markus@
* move client/server SSH-* banners to buffers under ssh->kex and factordjm2018-12-271-22/+20
| | | | | | | | | | | out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@
* memleaks; found by valgrinddjm2018-07-161-1/+3
|
* client: switch to sshbuf API; ok djm@markus2018-07-091-4/+1
|
* Revert previous two commitssf2018-07-091-5/+6
| | | | | | | | | | | | | | | | | | | | It turns out we still support pre-auth compression on the client. Therefore revert the previous two commits: date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE; Rename COMP_DELAYED to COMP_ZLIB Only delayed compression is supported nowadays. ok markus@ date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP; Remove leftovers from pre-authentication compression Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@
* Rename COMP_DELAYED to COMP_ZLIBsf2018-07-061-4/+4
| | | | | | Only delayed compression is supported nowadays. ok markus@
* Remove leftovers from pre-authentication compressionsf2018-07-061-4/+3
| | | | | | | Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@
* Remove unused ssh_packet_start_compression()sf2018-07-061-22/+1
| | | | ok markus@
* make ssh_remote_ipaddr() capable of being called after the ssh->statedjm2018-06-011-4/+8
| | | | has been torn down; bz#2773
* If select() fails in ssh_packet_read_seqnr go directly to the error pathdtucker2018-05-251-3/+5
| | | | | instead of trying to read from the socket on the way out, which resets errno and causes the true error to be misreported. ok djm@
* pass kex->hostkey_alg and kex->hostkey_nid from pre-auth to post-authdjm2017-12-181-1/+5
| | | | unpriviledged child processes; ok markus@
* Put remote client info back into the ClientAlive connection terminationdtucker2017-12-101-5/+5
| | | | message. Based in part on diff from lars.nooden at gmail, ok djm
* Add monotime_ts and monotime_tv that return monotonic timespec anddtucker2017-11-251-3/+3
| | | | | | | timeval respectively. Replace calls to gettimeofday() in packet timing with monotime_tv so that the callers will work over a clock step. Should prevent integer overflow during clock steps reported by wangle6 at huawei.com. "I like" markus@
* add sshd_config RDomain keyword to place sshd and the subsequentdjm2017-10-251-1/+13
| | | | | | | user session (including the shell and any TCP/IP forwardings) into the specified rdomain(4) ok markus@
* log debug messages sent to peer; ok deraadt markusdjm2017-10-131-1/+3
|
* refactor channels.cdjm2017-09-121-30/+38
| | | | | | | | | | | | | | | | | | Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@
* Allow IPQoS=none in ssh/sshd to not set an explicit ToS/DSCP valuedjm2017-07-231-2/+2
| | | | and just use the operating system default; ok dtucker@
* don't pass pointer to struct sshcipher between privsep processes,djm2017-06-241-9/+5
| | | | | just redo the lookup in each using the already-passed cipher name. bz#2704 based on patch from Brooks Davis; ok markus dtucker
* Add comments referring to the relevant RFC sections for rekeyingdtucker2017-06-091-2/+6
| | | | behaviour.
* Fix compression output stats broken in rev 1.201. Patch originally bydtucker2017-06-061-2/+2
| | | | Russell Coker via Debian bug #797964 and Christoph Biedl. ok djm@
* some warnings spotted by clang; ok markus@djm2017-06-011-5/+3
|
* These shutdown() SHUT_RDWR are not needed before close()deraadt2017-05-311-2/+1
| | | | ok djm markus claudio
* clear session keys from memory; ok djm@markus2017-05-311-35/+61
|
* helps if I commit the correct version of the file. fix missingdjm2017-05-081-1/+2
| | | | return statement.
* I was too aggressive with the scalpel in the last commit;djm2017-05-081-3/+4
| | | | unbreak sshd, spotted quickly by naddy@
* As promised in last release announcement: remove support fordjm2017-05-071-31/+4
| | | | Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
* remove miscellaneous SSH1 leftovers; ok markus@naddy2017-05-031-19/+2
|
* obliterate ssh1.h and some dead code that used itdjm2017-04-301-2/+1
| | | | ok markus@
* remove the (in)famous SSHv1 CRC compensation attack detector.djm2017-04-301-6/+1
| | | | | | Despite your cameo in The Matrix movies, you will not be missed. ok markus
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.