Conversation
v0.0.4 tested/ok tb@ OpenBSD-Commit-ID: 525a62549efbf53492adcb2c57e4872cdbaeed62
portable unused on OpenBSD (nothing sets MISSING_BUILTIN_POPCOUNT), but it makes syncing much easier. OpenBSD-Commit-ID: 496446300d82615b24f83eca886b8fabdbee445b
and ERR_load_crypto_strings(). These are no-ops in LibreSSL, and in Portable have been mostly replaced by a call to OPENSSL_init_crypto() in the compat layer. ok tb@ OpenBSD-Commit-ID: 4c3e0af10fe276766054eda34428a37a5606d3ea
We already have OPENSSL_init_crypto() in the compat layer (now with a check of its return code, prompted by tb@). Prompted by github PR#606 from Dimitri John Ledkov. ok beck@
The uname(3) syscall is utilized by zlib-ng on RISC-V to decide whether the kernel handles VILL bit of V extension properly (by checking the kernel version against 6.5). Allow it in the seccomp sandbox. Signed-off-by: Icenowy Zheng <uwu@icenowy.me>
This prevents link errors with the openbsd-compat tests when the linker tries to bring in all the logging bits.
openssh-master will make it easier to do code reviews.
either. Coverity CID 443285. OpenBSD-Regress-ID: aa90e57b1bc8efce9e50734a07a8ffec0680059a
by sshd-auth via its parent sshd-session process, as the parent will also run them though strnvis(). Prevents double-escaping of non-printing characters in some log messages. bz3896 ok dtucker@ OpenBSD-Commit-ID: d78faad96a98af5269d66ddceee553cf7d396dfe
Currently setusercontext(LOGIN_SETALL) does create the directory in /tmp/run/user, since LOGIN_SETXDGENV is part of LOGIN_SETALL, but the env variable wasn't exported. ok djm@ OpenBSD-Commit-ID: 02b8433f72759b3a07b55cbc5a7cdb84391b0017
Prompted by github PR#609 from Edge-Seven.
515634, ok miod@ djm@ OpenBSD-Commit-ID: c7932eddecd47e5122e945246a40c56ffa42a546
469304, ok djm@ OpenBSD-Commit-ID: f9b79b86879a953ad034e6b92a398265b251bea7
this is a no-op, but it should placate Coverity CID 405064. OpenBSD-Regress-ID: 06789754de0741f26432c668fad8b9881c14c153
\0- terminated string from a sshbuf. Intended to be used to improve parsing of SOCKS headers for dynamic forwarding. ok deraadt; feedback Tim van der Molen OpenBSD-Commit-ID: cf93d6db4730f7518d5269c279e16b172b484b36
OpenBSD-Regress-ID: cb0af1e4d6dcc94e263942bc4dcf5f4466d1f086
In anticipation of davidben and beck making ASN1_STRING opaque in OpenSSL 4 with the aim of enabling surgery to make the X509 data structure less bad [1], we need to use dumb accessors to avoid build breakage. Fortunately only in one spot. This is OpenSSL 1.1 API and available in all members of the fork family. ok beck djm [1]: openssl/openssl#29117 OpenBSD-Commit-ID: 0bcaf691d20624ef43f3515c983cd5aa69547d4f
FIDO application string. This matches the behaviour of ssh-keygen -K From Arian van Putten via GHPR608 OpenBSD-Commit-ID: 3fda54b44ed6a8a6f94cd3e39e69c1e672095712
ssh-agent. Allows testing of PKCS11 modules outside system directories. From Morgan Jones via GHPR602 OpenBSD-Regress-ID: 548d6e0362a8d9f7d1cc01444b697a00811ff488
GHPR602 OpenBSD-Regress-ID: 7d771db2c1d4a422e83c3f632ba1e96f72a262b8
didn't decode it. From Mingjie Shen via GHPR598 OpenBSD-Commit-ID: c722014e735cbd87adb2fa968ce4c47b43cf98b0
GHPR611 OpenBSD-Commit-ID: 253f6f7d729d8636da23ac9925b60b494e85a810
Josh Brobst OpenBSD-Commit-ID: 4f36019a38074b2929335fbe9cb8d9801e3177af
form. GHPR568 from Santiago Vila OpenBSD-Commit-ID: 7e68771f3cad61ec67303607afb3b85639288b29
SSH connection. ok djm@, "I like/want" sthen@ florian@ OpenBSD-Commit-ID: 0483fc0188ec899077e4bc8e1e353f7dfa9f5c1d
option. OpenBSD-Commit-ID: 83424b71fc226ea6b3dc8dda39f993475fdbd775
only display peer information for TCP connections including source address and port This provides enough information to uniquely identify a connection on the host or network. OpenBSD-Commit-ID: aa18a4af2de41c298d1195d2566808585f8ce964
This fixes the build with --without-openssl on musl. glibc worked previously because it got stdio.h implicitly through resolv.h.
Not all dd implementations support this. POSIX only specifies suffixes for block size operands. Instead, just use 1024k to avoid the special case. This also removes an incorrect redirection operator that appeared in the 1m case.
OpenSSH doesn't support PAM changing its conception of the username via a module calling pam_set_item(h, PAM_USER, ...). We were supposed to bail out here, but I messed up while "fixing" this last time and dropped a return statement. Reported by Mike Damm
to a value <10 using the single-argument form of MaxStartups (e.g. MaxStartups=3). This doesn't affect the three-argument form of the directive (e.g. MaxStartups 3:20:5). Patch from Peter Kaestle via bz3941 OpenBSD-Commit-ID: 1ad093cae69f55ebfdea1ab24318aefd593d63b8
ControlMaster=ask/autoask and "ssh -O proxy ..."; reported by Michalis Vasileiadis OpenBSD-Commit-ID: 8dd7b9b96534e9a8726916b96d36bed466d3836a
without the -p (preserve modes) flag set, clear setuid/setgid bits from downloaded files as one might expect. AFAIK this bug dates back to the original Berkeley rcp program. Reported by Christos Papakonstantinou of Cantina and Spearbit. OpenBSD-Commit-ID: 49e902fca8dd933a92a9b547ab31f63e86729fa1
algorithm allowlists: HostKeyAlgorithms, PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms. Previously, if any ECDSA type (say "ecdsa-sha2-nistp521") was present in one of these lists, then all ECDSA algorithms would be permitted. Reported by Christos Papakonstantinou of Cantina and Spearbit. OpenBSD-Commit-ID: c790e2687c35989ae34a00e709be935c55b16a86
the commandline to earlier in main(), specifically before some contexts where a username with shell characters might be expanded by a %u directive in ssh_config. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We continue to recommend against using untrusted input on the SSH commandline. Mitigations like this are not 100% guarantees of safety because we can't control every combination of user shell and configuration where they are used. Reported by Florian Kohnhäuser OpenBSD-Commit-ID: 25ef72223f5ccf1c38d307ae77c23c03f59acc55
OpenBSD-Commit-ID: 05e22de74e090e5a174998fa5799317d70ad19c4
OpenBSD-Regress-ID: d22c66ca60f0d934a75e6ca752c4c11b9f4a5324
By increasing the multiplier from 3 to 8 we reduce the number of window adjust messages sent by only sending one when the buffer has consumed at least half of the available space.
The prior version worked only because I was making a mistake in dividing a integer by a float. This uses ints all the way through and is both clearer and more robust.
This was discovered using claude ai to analyze profile data during bulk data transport. Block termination/info signals for the duration of the main loop. ppoll() atomically restores the old mask (osigset) while waiting, so signals are still delivered promptly during the poll. Keeping them blocked during the data-processing phase avoids two sigprocmask syscalls per iteration (~76k/sec during bulk transfer, ~5.6% of CPU in profiles). Signal-flag checks (quit_pending, siginfo_received) still work because the handlers run inside ppoll's atomic unblock window.
Profiling (assited by claude) showed that the compiler was causing the applictaion to run memset on every local variable via -ftrivial-auto-var-init=zero. Thsi is good practice but not requried on all paths in channel_handle_rfd(). by moving char buf[CHAN_RBUF] into a different scope we can reduce the number of the memsets - which was consuming 10% of the client cpu time in bulk data tarnsfers. No know security implications as buf is still zeroed out when instantiated in the inner scope and the other path never calls on buf. So there is no uninitialized memory issue.
Basically, if we were sent an overly short version banner we'd end up reading garbage for the version number and this would lead to a 'SCARINESS: 20 (wild-addr-read)' result in the fuzz tests. This fix uses strtol starting at just after the match to find the next integer. This should fix the issue. Additionally, I had left the original fastXOR() function in the chacha20 code. This was causing an error on the CI tests when running with -werror. This will resolve that.
This one does a digit process which may be safe
It might be that the compiler used for the fuzz tests isn't including the string.h headers properly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
18 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Passes all expected CI tests. HPN-SSH specific changes are at the end of this commit set.