Commit Graph

12168 Commits

Author SHA1 Message Date
djm@openbsd.org
c6011129ca
upstream: remove redundant test
OpenBSD-Commit-ID: 6a0b719f9b1ae9d42ad8c5b144c7962c93792f7c
2023-03-31 15:06:20 +11:00
djm@openbsd.org
4fb29eeafb
upstream: don't attempt to decode a ridiculous number of
attributes; harmless because of bounds elsewhere, but better to be explicit

OpenBSD-Commit-ID: 1a34f4b6896155b80327d15dc7ccf294b538a9f2
2023-03-31 15:06:20 +11:00
djm@openbsd.org
fc437c154e
upstream: remove unused variable; prompted by Coverity CID 291879
OpenBSD-Commit-ID: 4c7d20ef776887b0ba1aabcfc1b14690e4ad0a40
2023-03-31 15:06:19 +11:00
dtucker@openbsd.org
0eb8131e4a
upstream: Check fd against >=0 instead of >0 in error path. The
dup could in theory return fd 0 although currently it doesn't in practice.
From Dmitry Belyavskiy vi github PR#238.

OpenBSD-Commit-ID: 4a95f3f7330394dffee5c749d52713cbf3b54846
2023-03-31 15:06:19 +11:00
dtucker@openbsd.org
7174ba6f8a
upstream: Ignore return value from muxclient(). It normally loops
without returning, but it if returns on failure we immediately exit.
Coverity CID 405050.

OpenBSD-Commit-ID: ab3fde6da384ea588226037c38635a6b2e015295
2023-03-31 15:06:18 +11:00
Damien Miller
a4c1c2513e
don't call connect() on negative socket
Coverity CID 405037
2023-03-31 14:17:22 +11:00
djm@openbsd.org
34ee842cdd
upstream: return SSH_ERR_KEY_NOT_FOUND if the allowed_signers file
is empty, not SSH_ERR_INTERNAL_ERROR. Also remove some dead code spotted
by Coverity; with/ok dtucker@

OpenBSD-Commit-ID: 898a1e817cda9869554b1f586a434f67bcc3b650
2023-03-30 14:09:51 +11:00
dtucker@openbsd.org
f108e77a9d
upstream: Remove dead code from inside if block.
The only way the if statement can be true is if both dup()s fail, and
in that case the tmp2 can never be set. Coverity CID 291805, ok djm@

OpenBSD-Commit-ID: c0d6089b3fb725015462040cd94e23237449f0c8
2023-03-30 14:09:37 +11:00
Darren Tucker
05b8e88ebe
child_set_eng: verify both env pointer and count.
If child_set env was called with a NULL env pointer and a non-zero count
it would end up in a null deref, although we don't currently do this.
Prompted by Coverity CID 291850, tweak & ok djm@
2023-03-30 14:08:35 +11:00
dtucker@openbsd.org
28f1b8ef9b
upstream: Ignore return from sshpkt_disconnect
since we set our own return value for the function.  Coverity CID 291797,
ok djm@

OpenBSD-Commit-ID: 710b57ba954c139240895e23feea41f203201f04
2023-03-29 12:33:32 +11:00
dtucker@openbsd.org
c3da05d959
upstream: Plug potential mem leak in process_put.
It allocates abs_dst inside a loop but only frees it on exit, so free
inside the loop if necessary.  Coverity CID 291837, ok djm@

OpenBSD-Commit-ID: a01616503a185519b16f00dde25d34ceaf4ae1a3
2023-03-29 12:22:33 +11:00
djm@openbsd.org
13ae327eae
upstream: fix memory leak; Coverity CID 291848
with/ok dtucker@

OpenBSD-Commit-ID: 37f80cb5d075ead5a00ad1b74175684ab1156ff8
2023-03-29 12:22:23 +11:00
dtucker@openbsd.org
9ffa76e128
upstream: Plug more mem leaks in sftp by making
make_absolute_pwd_glob work in the same way as make_absolute: you
pass it a dynamically allocated string and it either returns it, or
frees it and allocates a new one. Patch from emaste at freebsd.org and
https://reviews.freebsd.org/D37253 ok djm@

OpenBSD-Commit-ID: 85f7404e9d47fd28b222fbc412678f3361d2dffc
2023-03-28 19:03:54 +11:00
dtucker@openbsd.org
82b2b83269
upstream: Remove compat code for OpenSSL < 1.1.*
since -portable no longer supports them.

OpenBSD-Commit-ID: ea2893783331947cd29a67612b4e56f818f185ff
2023-03-28 19:03:29 +11:00
dtucker@openbsd.org
b500afcf00
upstream: Remove compat code for OpenSSL 1.0.*
versions now that -portable has dropped support for those versions.

OpenBSD-Regress-ID: 82a8eacd87aec28e4aa19f17246ddde9d5ce7fe7
2023-03-28 19:03:10 +11:00
Darren Tucker
727560e601
Prevent conflicts between Solaris SHA2 and OpenSSL.
We used to prevent conflicts between native SHA2 headers and OpenSSL's
by setting OPENSSL_NO_SHA but that was removed prior to OpenSSL 1.1.0
2023-03-28 19:03:03 +11:00
Darren Tucker
46db8e14b7
Remove HEADER_SHA_H from previous...
since it causes more problems than it solves.
2023-03-28 12:44:03 +11:00
Darren Tucker
72bd68d373
Replace OPENSSL_NO_SHA with HEADER_SHA_H.
Since this test doesn't use OpenSSL's SHA2 and may cause conflicts we
don't want to include it, but OPENSSL_NO_SHA was removed beginning in
OpenSSL's 1.1 series.
2023-03-28 10:35:18 +11:00
Darren Tucker
99668f2e6e
Configure with --target instead of deprecated form. 2023-03-28 09:50:06 +11:00
Darren Tucker
f751d9306c
Pass rpath when building 64bit Solaris. 2023-03-27 22:18:49 +11:00
Darren Tucker
a64b935cd4
Explicitly disable OpenSSL on AIX test VM. 2023-03-27 22:18:46 +11:00
dtucker@openbsd.org
7ebc6f060f
upstream: Add RevokedHostKeys to percent expansion test.
OpenBSD-Regress-ID: c077fd12a38005dd53d878c5b944154dec88d2ff
2023-03-27 15:04:36 +11:00
dtucker@openbsd.org
f1a17de150
upstream: Add tilde and environment variable expansion to
RevokedHostKeys. bz#3552, ok djm@

OpenBSD-Commit-ID: ce5d8e0219b63cded594c17d4c2958c06918ec0d
2023-03-27 15:03:53 +11:00
djm@openbsd.org
009eb4cb48
upstream: fix test: getnameinfo returns a non-zero value on error, not
(neccessarily) -1. From GHPR#384

OpenBSD-Commit-ID: d35e2b71268f66f5543a7ea68751972b3ae22b25
2023-03-27 14:31:57 +11:00
djm@openbsd.org
4f0a676486
upstream: scp: when copying local->remote, check that source file
exists before opening SFTP connection to the server. Based on GHPR#370 ok
dtucker, markus

OpenBSD-Commit-ID: b4dd68e15bfe22ce4fac9960a1066a2b721e54fb
2023-03-27 14:28:00 +11:00
Darren Tucker
154d8baf63
Also look for gdb error message from OpenIndiana. 2023-03-27 12:22:30 +11:00
Darren Tucker
fbd3811ddb
Explicitly disable security key test on aix51 VM.
We don't know how to build the shared objects required for the security
key tests so skip them.
2023-03-27 11:08:00 +11:00
Darren Tucker
4922ac3be8
Split libcrypto and other config flags.
This should allow the automatic OpenSSL version selection in the tests
to work better.
2023-03-26 14:49:43 +11:00
Darren Tucker
4a948b1469
Specify test target if we build without OpenSSL.
When we decide we can't use the versions of OpenSSL available, also
restrict the tests we run to avoid the ones that need OpenSSL.
2023-03-26 14:39:45 +11:00
Darren Tucker
b308c636f5
Find suitable OpenSSL version.
Check the installed OpenSSL versions for a suitable one, and if there
isn't (and we don't have a specific version configured) then build
without OpenSSL.
2023-03-26 14:22:53 +11:00
Damien Miller
021ea5c286
Github testing support for BoringSSL 2023-03-24 15:39:48 +11:00
Damien Miller
9a97cd1064
BoringSSL doesn't support EC_POINT_point2bn()
so don't invoke it in unittest
2023-03-24 15:39:48 +11:00
Damien Miller
cc5969c033
another ERR_load_CRYPTO_strings() vestige 2023-03-24 15:39:47 +11:00
Damien Miller
4974293899
don't use obsolete ERR_load_CRYPTO_strings()
OpenSSL (and elsewhere in OpenSSH) uses ERR_load_crypto_strings()
2023-03-24 15:26:27 +11:00
Damien Miller
3c527d55f9
Allow building with BoringSSL 2023-03-24 15:26:26 +11:00
Damien Miller
b7e27cfd7f
put back SSLeay_version compat in configure test
Needed to detect old versions and give good "your version is bad"
messages at configure time; spotted by dtucker@
2023-03-24 15:26:26 +11:00
Damien Miller
7280401bdd
remove support for old libcrypto
OpenSSH now requires LibreSSL 3.1.0 or greater or
OpenSSL 1.1.1 or greater

with/ok dtucker@
2023-03-24 13:56:25 +11:00
Darren Tucker
abda22fb48
Test latest OpenSSL 1.1, 3.0 and LibreSSL 3.7. 2023-03-19 15:36:13 +11:00
Darren Tucker
610ac1cb07
Show 9.3 branch instead of 9.2. 2023-03-16 21:38:04 +11:00
Damien Miller
cb30fbdbee
depend 2023-03-16 08:28:19 +11:00
Damien Miller
1dba63eb10
crank version 2023-03-16 08:27:54 +11:00
djm@openbsd.org
ba7532d0da
upstream: openssh-9.3
OpenBSD-Commit-ID: 8011495f2449c1029bb316bd015eab2e00509848
2023-03-16 08:21:56 +11:00
dtucker@openbsd.org
6fd4daafb9
upstream: Free KRL ptr in addition to its contents.
From Coverity CID 291841, ok djm@

OpenBSD-Commit-ID: f146ba08b1b43af4e0d7ad8c4dae3748b4fa31b6
2023-03-14 18:35:50 +11:00
dtucker@openbsd.org
1d270bd303
upstream: Check pointer for NULL before deref.
None of the existing callers seem to do that, but it's worth checking.
From Coverity CID 291834, ok djm@

OpenBSD-Commit-ID: a0a97113f192a7cb1a2c97b932f677f573cda7a4
2023-03-14 18:35:31 +11:00
dtucker@openbsd.org
d95af508e7
upstream: Limit number of entries in SSH2_MSG_EXT_INFO
request. This is already constrained by the maximum SSH packet size but this
makes it explicit.  Prompted by Coverity CID 291868, ok djm@ markus@

OpenBSD-Commit-ID: aea023819aa44a2dcb9dd0fbec10561896fc3a09
2023-03-12 22:02:18 +11:00
dtucker@openbsd.org
8f287ba60d
upstream: calloc can return NULL but xcalloc can't.
From Coverity CID 291881, ok djm@

OpenBSD-Commit-ID: 50204b755f66b2ec7ac3cfe379d07d85ca161d2b
2023-03-12 22:01:57 +11:00
dtucker@openbsd.org
83a56a49fd
upstream: Explicitly ignore return from fcntl
(... FD_CLOEXEC) here too.  Coverity CID 291853.

OpenBSD-Commit-ID: 99d8b3da9d0be1d07ca8dd8e98800a890349e9b5
2023-03-12 22:01:44 +11:00
Damien Miller
0fda9d704d
bounds checking for getrrsetbyname() replacement;
Spotted by Coverity in CID 405033; ok millert@
2023-03-10 15:59:46 +11:00
dtucker@openbsd.org
89b8df518f
upstream: Plug mem leak on error path. Coverity CID 405026, ok djm@.
OpenBSD-Commit-ID: 8212ca05d01966fb5e72205c592b2257708a2aac
2023-03-10 15:42:37 +11:00
Darren Tucker
bf4dae0ad1
Add prototypes for mkstemp replacements.
Should prevent warnings due to our wrapper function.
2023-03-10 14:46:57 +11:00