If PAM is configured to read user-specified environment variables
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have
the same effect without causing problems syncing patches with OpenBSD.
Resync the two affected functions with OpenBSD. ok djm, sanity checked
by Corinna.
We accidentally send an empty string and a zero uint32 with
every direct-streamlocal@openssh.com channel open, in contravention of our
own spec.
Fixing this is too hard wrt existing versions that expect these
fields to be present and fatal() if they aren't, so document them
as "reserved" fields in the PROTOCOL spec as though we always
intended this and let us never speak of it again.
bz#2529, reported by Ron Frederick
Upstream-ID: 34cd326a4d236ca6e39084c4ff796bd97ab833e7
don't record duplicate LocalForward and RemoteForward
entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation
where the same forwards are added on the second pass through the
configuration file. bz#2562; ok dtucker@
Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
Another use for fcntl() and thus of the superfluous 3rd
parameter is when sanitising standard fd's before calling daemon().
Use a tweaked version of the ssh(1) function in all three places
found using fcntl() this way.
ok jca@ beck@
Upstream-ID: f16811ffa19a1c5f4ef383c5f0fecb843c84e218
Remove fallback from moduli to "primes" file that was
deprecated in 2001 and fix log messages referring to primes file. Based on
patch from xnox at ubuntu.com via bz#2559. "kill it" deraadt@
Upstream-ID: 0d4f8c70e2fa7431a83b95f8ca81033147ba8713
UseDNS affects ssh hostname processing in authorized_keys,
not known_hosts; bz#2554 reported by jjelen AT redhat.com
Upstream-ID: c1c1bb895dde46095fc6d81d8653703928437591
unbreak authentication using lone certificate keys in
ssh-agent: when attempting pubkey auth with a certificate, if no separate
private key is found among the keys then try with the certificate key itself.
bz#2550 reported by Peter Moody
Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966
sanitise characters destined for xauth reported by
github.com/tintinweb feedback and ok deraadt and markus
Upstream-ID: 18ad8d0d74cbd2ea3306a16595a306ee356aa261
The variable $L_TMP_ID_FILE needs to be surrounded by quotes in order to
survive paths containing whitespace. bz#2551, from Corinna Vinschen via
Philip Hands.
refactor canohost.c: move functions that cache results closer
to the places that use them (authn and session code). After this, no state is
cached in canohost.c
feedback and ok markus@
Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
Filter debug messages out of log before picking the last
two lines. Should prevent problems if any more debug output is added late in
the connection.
Upstream-Regress-ID: 345d0a9589c381e7d640a4ead06cfaadf4db1363
Look back 3 lines for possible error messages. Changes
to the code mean that "Bad packet length" errors are 3 lines back instead of
the previous two, which meant we didn't skip some offsets that we intended
to.
Upstream-Regress-ID: 24f36912740a634d509a3144ebc8eb7c09b9c684
fix ClientAliveInterval when a time-based RekeyLimit is
set; previously keepalive packets were not being sent. bz#2252 report and
analysis by Christian Wittenhorst and Garrett Lee feedback and ok dtucker@
Upstream-ID: d48f9deadd35fdacdd5106b41bb07630ddd4aa81
Improve accuracy of reported transfer speeds by waiting
for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
Upstream-ID: 99f1cf15c9a8f161086b814d414d862795ae153d
Improve precision of progressmeter for sftp and scp by
storing sub-second timestamps. Pointed out by mmcc@, ok deraadt@ markus@
Upstream-ID: 38fd83a3d83dbf81c8ff7b5d1302382fe54970ab
rearrange DH public value tests to be a little more clear
rearrange DH private value generation to explain rationale more
clearly and include an extra sanity check.
ok deraadt
Upstream-ID: 9ad8a07e1a12684e1b329f9bd88941b249d4b2ad
Some tests have strict requirements on the filesystem permissions
for certain files and directories. This adds a regress/check-perm
tool that copies the relevant logic from sshd to exactly test
the paths in question. This lets us skip tests when the local
filesystem doesn't conform to our expectations rather than
continuing and failing the test run.
ok dtucker@
sshd was failing with:
ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261):cw
image not found [preauth]
caused by chroot before sandboxing. Avoid by explicitly linking libsandbox
to sshd. Spotted by Darren.