Commit Graph

419 Commits

Author SHA1 Message Date
djm@openbsd.org
d6556de1db upstream: fix poll() spin when a channel's output fd closes without
data in the channel buffer. Introduce more exact packing of channel fds into
the pollfd array. fixes bz3405 and bz3411; ok deraadt@ markus@

OpenBSD-Commit-ID: 06740737849c9047785622ad5d472cb6a3907d10
2022-03-31 08:16:38 +11:00
djm@openbsd.org
5a252d54a6 upstream: improve DEBUG_CHANNEL_POLL debugging message
OpenBSD-Commit-ID: 2275eb7bc4707d019b1a0194b9c92c0b78da848f
2022-03-18 13:33:36 +11:00
djm@openbsd.org
667fec5d4f upstream: check for EINTR/EAGAIN failures in the rfd fast-path; caught
by dtucker's minix3 vm :) ok dtucker@

OpenBSD-Commit-ID: 2e2c895a3e82ef347aa6694394a76a438be91361
2022-02-17 22:17:36 +11:00
Darren Tucker
9fa63a19f6 Put poll.h inside ifdef. 2022-02-10 23:51:02 +11:00
djm@openbsd.org
a1a8efeaaa upstream: Use sshbuf_read() to read directly into the channel input
buffer rather than into a stack buffer that needs to be copied again;
Improves performance by about 1% on cipher-speed.sh feedback dtucker@ ok
markus@

OpenBSD-Commit-ID: bf5e6e3c821ac3546dc8241d8a94e70d47716572
2022-01-25 12:13:05 +11:00
Damien Miller
e204b34337 restore tty force-read hack
This portable-specific hack fixes a hang on exit for ttyful sessions
on Linux and some SysVish Unix variants. It was accidentally disabled
in commit 5c79952dfe (a precursor to the mainloop poll(2) conversion).

Spotted by John in bz3383
2022-01-22 11:38:21 +11:00
djm@openbsd.org
17877bc81d upstream: convert ssh, sshd mainloops from select() to poll();
feedback & ok deraadt@ and markus@ has been in snaps for a few months

OpenBSD-Commit-ID: a77e16a667d5b194dcdb3b76308b8bba7fa7239c
2022-01-07 09:21:38 +11:00
djm@openbsd.org
5c79952dfe upstream: prepare for conversion of ssh, sshd mainloop from
select() to poll() by moving FD_SET construction out of channel handlers into
separate functions. ok markus

OpenBSD-Commit-ID: 937fbf2a4de12b19fb9d5168424e206124807027
2022-01-07 09:11:58 +11:00
jsg@openbsd.org
cb885178f3 upstream: spelling ok dtucker@
OpenBSD-Commit-ID: bfc7ba74c22c928de2e257328b3f1274a3dfdf19
2022-01-01 15:19:48 +11:00
Damien Miller
715c892f0a remove sys/param.h in -portable, after upstream 2021-12-22 09:02:50 +11:00
mbuhl@openbsd.org
d0fffc88c8 upstream: put back the mux_ctx memleak fix for SSH_CHANNEL_MUX_CLIENT
OK mfriedl@

OpenBSD-Commit-ID: 1aba1da828956cacaadb81a637338734697d9798
2021-09-15 15:58:18 +10:00
Darren Tucker
9d5e31f55d Remove duplicate error on error path.
There's an extra error() call on the listen error path, it looks like
its removal was missed during an upstream sync.
2021-07-03 20:34:19 +10:00
Darren Tucker
888c459925 Remove some whitespace not in upstream.
Reduces diff vs OpenBSD by a small amount.
2021-07-03 20:32:46 +10:00
djm@openbsd.org
7be4ac8136 upstream: restore blocking status on stdio fds before close
ssh(1) needs to set file descriptors to non-blocking mode to operate
but it was not restoring the original state on exit. This could cause
problems with fds shared with other programs via the shell, e.g.

> $ cat > test.sh << _EOF
> #!/bin/sh
> {
>         ssh -Fnone -oLogLevel=verbose ::1 hostname
>         cat /usr/share/dict/words
> } | sleep 10
> _EOF
> $ ./test.sh
> Authenticated to ::1 ([::1]:22).
> Transferred: sent 2352, received 2928 bytes, in 0.1 seconds
> Bytes per second: sent 44338.9, received 55197.4
> cat: stdout: Resource temporarily unavailable

This restores the blocking status for fds 0,1,2 (stdio) before ssh(1)
abandons/closes them.

This was reported as bz3280 and GHPR246; ok dtucker@

OpenBSD-Commit-ID: 8cc67346f05aa85a598bddf2383fcfcc3aae61ce
2021-05-19 11:52:14 +10:00
Damien Miller
57ed647ee0 polish whitespace for portable files 2021-04-03 17:47:37 +11:00
djm@openbsd.org
31d8d231eb upstream: highly polished whitespace, mostly fixing spaces-for-tab
and bad indentation on continuation lines. Prompted by GHPR#185

OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
2021-04-03 17:23:02 +11:00
markus@openbsd.org
da0a9afcc4 upstream: ssh: add PermitRemoteOpen for remote dynamic forwarding
with SOCKS ok djm@, dtucker@

OpenBSD-Commit-ID: 64fe7b6360acc4ea56aa61b66498b5ecc0a96a7c
2021-02-17 15:03:41 +11:00
djm@openbsd.org
4ca6a1fac3 upstream: remove global variable used to stash compat flags and use the
purpose-built ssh->compat variable instead; feedback/ok markus@

OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
2021-01-27 20:28:25 +11:00
djm@openbsd.org
816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
djm@openbsd.org
107eb3eeaf upstream: cap channel input buffer size at 16MB; avoids high memory use
when peer advertises a large window but is slow to consume the data we send
(e.g. because of a slow network)

reported by Pierre-Yves David

fix with & ok markus@

OpenBSD-Commit-ID: 1452771f5e5e768876d3bfe2544e3866d6ade216
2020-09-20 16:16:46 +10:00
djm@openbsd.org
aa6fa4bf30 upstream: put back the mux_ctx memleak fix, but only for channels of
type SSH_CHANNEL_MUX_LISTENER; Specifically SSH_CHANNEL_MUX_PROXY channels
should not have this structure freed.

OpenBSD-Commit-ID: f3b213ae60405f77439e2b06262f054760c9d325
2020-07-03 17:26:23 +10:00
djm@openbsd.org
d8195914eb upstream: revert r1.399 - the lifetime of c->mux_ctx is more complex;
simply freeing it here causes other problems

OpenBSD-Commit-ID: c6fee8ca94e2485faa783839541962be2834c5ed
2020-07-03 17:22:28 +10:00
djm@openbsd.org
1b90ddde49 upstream: fix memory leak of mux_ctx; patch from Sergiy Lozovsky
via bz3189 ok dtucker

OpenBSD-Commit-ID: db249bd4526fd42d0f4f43f72f7b8b7705253bde
2020-07-03 15:12:31 +10:00
dtucker@openbsd.org
4d2c87b4d1 upstream: We've standardized on memset over bzero, replace a couple
that had slipped in.  ok deraadt markus djm.

OpenBSD-Commit-ID: f5be055554ee93e6cc66b0053b590bef3728dbd6
2020-05-01 13:13:28 +10:00
markus@openbsd.org
a6134b02b5 upstream: fix uninitialized pointers for forward_cancel; ok djm
OpenBSD-Commit-ID: 612778e6d87ee865d0ba97d0a335f141cee1aa37
2020-03-13 13:13:30 +11:00
jsg@openbsd.org
d5ba1c0327 upstream: change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.

ok deraadt@ djm@

OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
2020-02-28 12:26:28 +11:00
djm@openbsd.org
846446bf3e upstream: the GatewayPorts vs -R listen address selection logic is
still confusing people, so add another comment explaining the special
handling of "localhost"; bz#3258

OpenBSD-Commit-ID: e6bf0f0fbf1c7092bf0dbd9c6eab105970b5b53a
2020-01-25 18:20:01 +11:00
Damien Miller
cfc1897a20 wrap stdint.h include in HAVE_STDINT_H
make the indenting a little more consistent too..

Fixes Solaris 2.6; reported by Tom G. Christensen
2019-10-09 09:06:35 +11:00
dtucker@openbsd.org
696fb4298e upstream: Remove some set but never used variables. ok daraadt@
OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7
2019-07-08 11:45:51 +10:00
deraadt@openbsd.org
4d28fa78ab upstream: When system calls indicate an error they return -1, not
some arbitrary value < 0.  errno is only updated in this case.  Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-07-05 11:10:39 +10:00
dtucker@openbsd.org
4b7dd22b02 upstream: Typo and spelling fixes in comments and error messages.
Patch from knweiss at gmail.com via -portable.

OpenBSD-Commit-ID: 2577465442f761a39703762c4f87a8dfcb918b4b
2019-06-08 00:49:26 +10:00
florian@openbsd.org
cb4accb123 upstream: For PermitOpen violations add the remote host and port to
be able to find out from where the request was comming.

Add the same logging for PermitListen violations which where not
logged at all.

Pointed out by Robert Kisteleki (robert AT ripe.net)

input markus
OK deraadt

OpenBSD-Commit-ID: 8a7d0f1b7175504c0d1dca8d9aca1588b66448c8
2019-05-17 10:07:42 +10:00
dtucker@openbsd.org
62be1ffe5f upstream: Free channel objects on exit path. Patch from markus at
blueflash.cc, ok deraadt

OpenBSD-Commit-ID: dbe4db381603909482211ffdd2b48abd72169117
2019-05-08 18:42:43 +10:00
Damien Miller
03e92dd27d use same close logic for stderr as stdout
Avoids sending SIGPIPE to child processes after their parent exits
if they attempt to write to stderr.

Analysis and patch from JD Paul; patch reworked by Jakub Jelen and
myself. bz#2071; ok dtucker@
2019-02-08 14:50:36 +11:00
djm@openbsd.org
8cc7a679d2 upstream: convert channels.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 0b8279b56113cbd4011fc91315c0796b63dc862c
2019-01-20 09:02:37 +11:00
djm@openbsd.org
0fa174ebe1 upstream: begin landing remaining refactoring of packet parsing
API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-20 09:02:10 +11:00
djm@openbsd.org
285310b897 upstream: no need to allocate channels_pre/channels_post in
channel_init_channels() as we do it anyway in channel_handler_init() that we
call at the end of the function. Fix from Markus Schmidt via bz#2938

OpenBSD-Commit-ID: 74893638af49e3734f1e33a54af1b7ea533373ed
2018-12-07 13:58:49 +11:00
djm@openbsd.org
6f1aabb128 upstream: factor out channel status formatting from
channel_open_message() so we can use it in other debug messages

OpenBSD-Commit-ID: 9c3903ca28fcabad57f566c9d0045b41ab7d52ba
2018-10-04 17:50:22 +10:00
djm@openbsd.org
f1dd179e12 upstream: include a little more information about the status and
disposition of channel's extended (stderr) fd; makes debugging some things a
bit easier. No behaviour change.

OpenBSD-Commit-ID: 483eb6467dc7d5dbca8eb109c453e7a43075f7ce
2018-10-04 10:44:49 +10:00
markus@openbsd.org
5d14019ba2 upstream: avoid expensive channel_open_message() calls; ok djm@
OpenBSD-Commit-ID: aea3b5512ad681cd8710367d743e8a753d4425d9
2018-07-31 12:20:13 +10:00
markus@openbsd.org
5467fbcb09 upstream: remove legacy key emulation layer; ok djm@
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-12 13:18:25 +10:00
djm@openbsd.org
90e51d6727 upstream: fix NULL dereference in open_listen_match_tcpip()
OpenBSD-Commit-ID: c968c1d29e392352383c0f9681fcc1e93620c4a9
2018-06-26 08:30:43 +10:00
djm@openbsd.org
115063a664 upstream: Add a PermitListen directive to control which server-side
addresses may be listened on when the client requests remote forwarding (ssh
-R).

This is the converse of the existing PermitOpen directive and this
includes some refactoring to share much of its implementation.

feedback and ok markus@

OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
2018-06-07 04:27:20 +10:00
djm@openbsd.org
001aa55484 upstream: lots of typos in comments/docs. Patch from Karsten Weiss
after checking with codespell tool
(https://github.com/lucasdemarchi/codespell)

OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
2018-04-10 10:17:15 +10:00
tb@openbsd.org
5069320be9 upstream commit
The file descriptors for socket, stdin, stdout and stderr
aren't necessarily distinct, so check if they are the same to avoid closing
the same fd several times.

ok djm

OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1
2018-02-07 07:50:46 +11:00
djm@openbsd.org
14b5c635d1 upstream commit
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.

ok markus@

OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
2018-01-23 16:40:29 +11:00
djm@openbsd.org
927f8514ce upstream commit
include the addr:port in bind/listen failure messages

OpenBSD-Commit-ID: fdadb69fe1b38692608809cf0376b71c2c28e58e
2017-12-07 11:46:35 +11:00
djm@openbsd.org
acf559e1cf upstream commit
Add optional rdomain qualifier to sshd_config's
ListenAddress option to allow listening on a different rdomain(4), e.g.

ListenAddress 0.0.0.0 rdomain 4

Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
2017-10-25 12:26:06 +11:00
djm@openbsd.org
218e6f98df upstream commit
fix inverted test on channel open failure path that
"upgraded" a transient failure into a fatal error; reported by sthen and also
seen by benno@; ok sthen@

Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472
2017-09-24 23:46:12 +10:00
djm@openbsd.org
c704f641f7 upstream commit
write the correct buffer when tunnel forwarding; doesn't
matter on OpenBSD (they are the same) but does matter on portable where we
use an output filter to translate os-specific tun/tap headers

Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284
2017-09-24 19:51:01 +10:00