John Safranek
3b61ea2ab8
Merge pull request #325 from JacobBarthelmeh/sftp
...
fix for handling rekey
2021-03-11 08:21:10 -08:00
Jacob Barthelmeh
6952d38246
client side needs to send Kex Dh on rekey
2021-03-03 18:21:09 +07:00
JacobBarthelmeh
35b8a50709
Merge pull request #326 from ejohnstown/sftp-sz
...
SFTP Size
2021-02-26 21:43:54 +07:00
John Safranek
c93a7418cf
SFTP
...
For SFTP messages, check both minimum bound and maximum bound of the length value.
2021-02-23 11:42:11 -08:00
Jacob Barthelmeh
4828cef216
fix for handling rekey
2021-02-19 01:27:24 +07:00
JacobBarthelmeh
4837dc03f6
Merge pull request #323 from ejohnstown/fuzz
...
Fuzz Fixes
2021-02-17 23:14:57 +07:00
John Safranek
49084a93f1
Fuzz Fixes
...
1. When processing public key user auth, use GetSize() instead of GetUint32(). (ZD 11654 and 11655)
2. When processing public key user auth, initialize the key earlier.
2021-02-09 16:24:34 -08:00
JacobBarthelmeh
c3aa7ec540
Merge pull request #320 from ejohnstown/get-size
...
Get Size
2021-02-05 01:10:33 +07:00
John Safranek
4a518018e0
Get Size
...
1. Revise the bounds check in GetString() to match the old bounds checks.
2. Replace the last few instances of getting the length of a SSH string and checking it by hand with calls to GetString().
2021-02-04 09:45:56 -08:00
JacobBarthelmeh
3326c4bd0d
Merge pull request #321 from ejohnstown/nobreak
...
Rename the FALL_THROUGH macro as NO_BREAK as a better descriptor.
2021-02-04 01:49:14 +07:00
John Safranek
0d841d2fa0
Merge pull request #322 from JacobBarthelmeh/release
...
prepare for release 1.4.6
2021-02-03 09:06:46 -08:00
Jacob Barthelmeh
5327a7f761
prepare for release 1.4.6
2021-02-03 22:43:46 +07:00
Jacob Barthelmeh
997bd8a0d0
fix for windows sftp build
2021-02-03 22:26:58 +07:00
JacobBarthelmeh
8a00381e0c
Merge pull request #319 from ejohnstown/agent
...
Agent Updates
2021-02-03 21:27:18 +07:00
John Safranek
c9bced2a2b
Rename the FALL_THROUGH macro as NO_BREAK as a better descriptor.
2021-02-02 14:38:55 -08:00
John Safranek
5285132db9
Get Size
...
1. Add a function GetSize() that calls GetUint32() then checks that the
value read in plus the data index is still less than the data length.
2. Replaced a few checks of the size of some data with calls to
GetSize(). Included are public key type length, public key length,
and the signature length in DoUserAuthPublicKey().
2021-02-02 14:19:19 -08:00
John Safranek
351bc7585e
SSH-AGENT
...
1. For the client agent command line option, add the flag to the flag string.
2. Update PostSignRequest() to support all flavors of ECDSA and to
switch out code for missing algorithms.
3. Hide function SendRequestIdentities().
2021-02-02 14:13:48 -08:00
John Safranek
2b2a30ca54
SSH-AGENT Update
...
1. Remove redundant include from agent.h.
2. Add global disable flags for SSH-RSA using SHA2-256 and SHA2-512.
These are possible signatures indications when using the ssh-agent.
2021-02-02 14:09:59 -08:00
John Safranek
c26f72cf98
Maintenance
...
1. If the public key user authentication fails, don't retry it.
2. Add some more specific logging about the type of a signature getting generated.
2021-02-02 14:03:32 -08:00
John Safranek
88e7919fbf
SSH-AGENT
...
Add command line option to the client to allow use of the agent.
2021-02-02 14:01:39 -08:00
JacobBarthelmeh
b81f577b6c
Merge pull request #318 from ejohnstown/release-cleanup
...
Release Cleanup
2021-02-03 04:40:45 +07:00
John Safranek
7ecff575c9
Remove redundant 'FALL_THROUGH' from a switch-case.
2021-02-02 13:35:44 -08:00
JacobBarthelmeh
52c60faa8c
Merge pull request #298 from ejohnstown/options
...
More Options
2021-02-03 04:13:34 +07:00
John Safranek
bbd3d76291
Add some option disables to the api test and the echoserver.
2021-02-02 11:45:21 -08:00
John Safranek
717ea6a050
Separate the ECC disable into ECDSA and ECDHE disables.
2021-02-02 10:58:04 -08:00
John Safranek
92fcd081c9
More Options
...
1. When setting the disable options, unset them first. Avoids duplicate definition warnings.
2. Regrouped some of the bulk disable options.
3. Detect when a complete set of an algorithm is disabled, and set the
bulk disable option for it.
2021-02-02 10:58:04 -08:00
John Safranek
b7f073faa3
More Options
...
1. Added general disable flags for RSA and ECDSA.
2. Replaced HAVE_ECC, NO_RSA, NO_DSA with the general disable flags.
2021-02-02 10:58:03 -08:00
John Safranek
ae0c5efb2f
Merge pull request #300 from dgarske/str_funcs
...
Use the internal version of `strdup `
2021-02-02 09:29:05 -08:00
JacobBarthelmeh
20bf416afd
Merge pull request #317 from guidovranken/zd11621
...
In ReceiveScpConfirmation reserve room for NULL-terminator.
2021-02-02 23:15:06 +07:00
Guido Vranken
2e6c670769
In ReceiveScpConfirmation reserve room for NULL-terminator.
...
ZD 11621
2021-02-02 13:24:07 +01:00
David Garske
f2498d869a
Use the internal version of `strdup`. For portability this is better. Keil libc doesn't have it. ZD 11320
2021-02-01 16:44:54 -08:00
John Safranek
3647697d46
Merge pull request #287 from JacobBarthelmeh/testing
...
close local file on error case
2021-02-01 16:41:45 -08:00
John Safranek
2c958b3e39
Merge pull request #316 from JacobBarthelmeh/fuzz
...
check ret of HighWaterCheck and adjust when to increase buffer amount
2021-02-01 13:55:43 -08:00
Jacob Barthelmeh
68e678c59c
check ret of HighWaterCheck and adjust when to increase buffer amount
2021-01-30 03:18:35 +07:00
John Safranek
6aba44e6dc
Merge pull request #315 from JacobBarthelmeh/sftp
...
adjust length for code standard
2021-01-28 09:25:11 -08:00
Jacob Barthelmeh
48aababf8b
fix for fall through use
2021-01-28 02:29:50 +07:00
Jacob Barthelmeh
982f3a7500
adjust length for code standard
2021-01-28 02:02:49 +07:00
John Safranek
322d7cd6f7
Merge pull request #314 from JacobBarthelmeh/static_analysis
...
sanity null check on localTime
2021-01-27 08:39:21 -08:00
John Safranek
37d1b5b4e9
Merge pull request #313 from JacobBarthelmeh/memory
...
potential memory leak cleanup
2021-01-27 08:37:01 -08:00
Jacob Barthelmeh
714a4f6ac6
sanity null check on localTime
2021-01-27 22:06:43 +07:00
JacobBarthelmeh
58d0b54ed8
potential memory leak cleanup
2021-01-27 21:42:37 +07:00
JacobBarthelmeh
49bac53e2f
Merge pull request #306 from guidovranken/oss-fuzz-26413
...
Call ParseBasePathHelper only after scpBasePath has been set
2021-01-27 19:02:29 +07:00
JacobBarthelmeh
3711e6a7ab
Merge pull request #312 from ejohnstown/fuzz
...
Fuzz
2021-01-27 18:48:46 +07:00
John Safranek
c7a392d351
if a handshake info has a stored kex init message already before trying to store a kex init message, free it
2021-01-26 17:36:15 -08:00
John Safranek
3653afac34
check that the generator and primeGroup are set before trying to flatten them into output
2021-01-26 16:59:42 -08:00
JacobBarthelmeh
e097c234fc
Merge pull request #304 from guidovranken/oss-fuzz-27298
...
Use WSTRNCMP for comparing session command string
2021-01-27 03:30:51 +07:00
JacobBarthelmeh
d7bffed780
Merge pull request #307 from guidovranken/fix-wsScpSendCallback-comments
...
Correct references to return values in comments around wsScpSendCallback
2021-01-27 03:25:43 +07:00
JacobBarthelmeh
34cfc52961
Merge pull request #305 from guidovranken/oss-fuzz-27436
...
Fix memmove length calculation in wolfSSH_CleanPath
2021-01-27 02:50:25 +07:00
David Garske
43d653867f
Merge pull request #303 from guidovranken/27666
...
Use overflow-safe bounds checking in DoKexDhReply
2021-01-13 07:13:29 -08:00
Guido Vranken
6452ea1366
Correct references to return values in comments around wsScpSendCallback
2021-01-08 23:30:22 +01:00