Commit Graph

366 Commits

Author SHA1 Message Date
Brian Feldman
27e5f9f620 Fix a coredump bug occurring if ssh-keygen attempts to change the password
on a DSA key.

Submitted by:	ian j hart <ianjhart@ntlworld.com>
2002-01-07 15:55:20 +00:00
Ruslan Ermilov
3f36940560 mdoc(7) police: remove -r from SYNOPSIS, sort -p in DESCRIPTION. 2001-12-14 14:41:07 +00:00
Jordan K. Hubbard
d1f21093cd Don't assume that the number of fds to select on is known quantity (in
this case 16).  Use dynamic FD_SETs and calculated high-water marks
throughout.  There are also too many versions of telnet in the tree.

Obtained from:  OpenBSD and Apple's Radar database
MFC after:      2 days
2001-12-09 09:53:27 +00:00
Ruslan Ermilov
5c5c92aff0 Fixed bugs from previous revision.
Removed -s from SYNOPSIS and restored -S in DESCRIPTION.
2001-12-04 16:02:36 +00:00
Jacques Vidrine
eb5bc300e8 Update version string since we applied a fix for the UseLogin issue. 2001-12-03 22:47:51 +00:00
John Hay
de0dff907e Protect variables and function prototypes that are only used in the INET6
case with an ifdef INET6.

This make the fixit floppy compile again.

Reviewed by:	markm
2001-12-03 17:42:02 +00:00
Mark Murray
5eb2b33ad8 More help for alpha WARNS=2. This code is, erm, unusual. Anyone who
feels like rewriting it will meet no objection from me.
2001-12-03 12:16:40 +00:00
Mark Murray
54ab3ed82b help the alphas out with the WARNS=2 stuff. 2001-12-03 12:13:18 +00:00
Jacques Vidrine
1c5093bbbc Do not pass user-defined environmental variables to /usr/bin/login.
Obtained from:	OpenBSD
Approved by:	green
2001-12-03 00:51:47 +00:00
Mark Murray
5a12e441eb Protect names that are used elsewhere. This fixes WARNS=2 breakage
in crypto telnet.
2001-12-01 18:48:36 +00:00
Mark Murray
3138440a79 Damn. The previous mega-commit was incomplete WRT ANSIfication. This
fixes that.
2001-11-30 22:28:07 +00:00
Mark Murray
8fa113e5fc Very large style makeover.
1) ANSIfy.
2) Clean up ifdefs so that
   a) ones that never/always apply are appropriately either
      fully removed, or just the #if junk is removed.
   b) change #if defined(FOO) for appropiate values of FOO.
      (currently AUTHENTICATION and ENCRYPTION)
3) WARNS=2 fixing
4) GC other unused stuff

This code can now be unifdef(1)ed to make non-crypto telnet.
2001-11-30 21:06:38 +00:00
David Malone
46fdbb8ad4 In the "UseLogin yes" case we need env to be NULL to make sure it
will be correctly initialised.

PR:		32065
Tested by:	The Anarcat <anarcat@anarcat.dyndns.org>
MFC after:	3 days
2001-11-19 19:40:14 +00:00
John Baldwin
4091481652 Fix world by trimming an extra comment terminator. 2001-10-29 19:22:38 +00:00
Nick Sayer
3737d6dfe3 Add Berkeley copyright to SRA.
This is by the kind permission of Dave Safford, formerly of TAMU who wrote the
original code. Here is an excerpt of the e-mail exchange concerning this
issue:

Dave Safford wrote:
>Nick Sayer wrote:
>> Some time ago we spoke about SRA and importing it into FreeBSD. I forgot to
>> ask if you had a prefered license boilerplate for the top of the files. It
>> has come up recently, and the SRA code in FreeBSD doesn't have one.

>I really have no preference - use whatever is most convenient in the
>FreeBSD environment.

>dave safford

This is the standard BSD license with clause 3 removed and clause 4
suitably renumbered.

MFC after:	1 day
2001-10-29 16:12:16 +00:00
Mark Murray
6fdd5473af Diff-reduce these two.
Really, one of them needs to disappear. I'll figure out which
later.

Reported by:	bde
2001-10-27 12:49:19 +00:00
Mark Murray
f2ac7de925 Add __FBSDID() to diff-reduce with "base" telnet. 2001-10-01 16:04:55 +00:00
Brian Feldman
ccf35be189 Modify a "You don't exist" message, pretty rude for transient YP failures. 2001-09-27 18:54:42 +00:00
Assar Westerlund
1f131ac4bd fix renamed options in some of the code that was #ifdef AFS
also print an error if krb5 ticket passing is disabled

Submitted by:	Jonathan Chen <jon@spock.org>
2001-09-04 13:27:04 +00:00
Mark Murray
6b022d0047 Manually unifdef(1) CRAY, UNICOS, hpux and sun uselsess code. 2001-08-29 14:16:17 +00:00
Paul Saab
20a18c35f4 Backout last change. I didnt follow the thread and made a mistake
with this.  localisations is a valid spelling.  Oops
2001-08-27 10:37:50 +00:00
Paul Saab
95576c53ef Correctly spell localizations 2001-08-27 10:20:02 +00:00
Dima Dorfman
39b7ac5a89 Remove description of an option that only applies to UNICOS < 7.0.
That define may still be present in the source, but I don't think
anyone has plans to try to use it.

Obtained from:	NetBSD
2001-08-25 21:29:12 +00:00
Mark Murray
21f083c0a6 Code merge and diff reduce with "base" telnet. This is the "later"
telnet, so it was treated as the reference code, except where later
commits were made to "base" telnet.
2001-08-20 12:28:40 +00:00
Brian Feldman
0e513252b5 Update the OpenSSH minor-version string.
Requested by:	obrien
Reviewed by:	rwatson
2001-08-16 19:26:19 +00:00
Kazuo Horikawa
ba8140a6f6 Removal of following export controll related sentences:
o Because of export controls, TELNET ENCRYPT option is not supported outside
  of the United States and Canada.
o Because of export controls, data encryption
  is not supported outside of the United States and Canada.

src/crypto/README revision 1.5 commit log says:
> Crypto sources are no longer export controlled:
> Explain, why crypto sources are still in crypto/.
and actually telnet encryption is used outside of US and Canada now.

Pointed out by: OHSAWA Chitoshi <ohsawa@catv1.ccn-net.ne.jp>
Reviewed by: no objection on doc
2001-08-15 01:30:25 +00:00
Ruslan Ermilov
753d686d34 mdoc(7) police: s/BSD/.Bx/ where appropriate. 2001-08-14 10:01:54 +00:00
Kris Kennaway
a2a887b56a output_data(), output_datalen() and netflush() didn't actually guarantee
to do what they are supposed to: under some circumstances output data would
be truncated, or the buffer would not actually be flushed (possibly leading
to overflows when the caller assumes the operation succeeded).  Change the
semantics so that these functions ensure they complete the operation before
returning.

Comment out diagnostic code enabled by '-D reports' which causes an
infinite recursion and an eventual crash.

Patch developed with assistance from ru and assar.
2001-07-23 21:52:26 +00:00
Ruslan Ermilov
40e7fc1a20 More potential buffer overflow fixes.
o Fixed `nfrontp' calculations in output_data().  If `remaining' is
  initially zero, it was possible for `nfrontp' to be decremented.

Noticed by:	dillon

o Replaced leaking writenet() with output_datalen():

:  * writenet
:  *
:  * Just a handy little function to write a bit of raw data to the net.
:  * It will force a transmit of the buffer if necessary
:  *
:  * arguments
:  *    ptr - A pointer to a character string to write
:  *    len - How many bytes to write
:  */
: 	void
: writenet(ptr, len)
: 	register unsigned char *ptr;
: 	register int len;
: {
: 	/* flush buffer if no room for new data) */
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 	if ((&netobuf[BUFSIZ] - nfrontp) < len) {
: 		/* if this fails, don't worry, buffer is a little big */
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 		netflush();
: 	}
:
: 	memmove(nfrontp, ptr, len);
: 	nfrontp += len;
:
: }  /* end of writenet */

What an irony!  :-)

o Optimized output_datalen() a bit.
2001-07-20 12:02:30 +00:00
Kris Kennaway
37b8c2dbf3 Resolve conflicts 2001-07-19 20:05:28 +00:00
Kris Kennaway
3c738b5631 This commit was generated by cvs2svn to compensate for changes in r79998,
which included commits to RCS files with non-trunk default branches.
2001-07-19 19:59:37 +00:00
Kris Kennaway
26d191b459 Initial import of OpenSSL 0.9.6b 2001-07-19 19:59:37 +00:00
Ruslan Ermilov
1ee47d0673 vsnprintf() can return a value larger than the buffer size.
Submitted by:	assar
Obtained from:	OpenBSD
2001-07-19 18:58:31 +00:00
Ruslan Ermilov
5f10368c1d Fixed the exploitable remote buffer overflow.
Reported on:	bugtraq
Obtained from:	Heimdal, NetBSD
Reviewed by:	obrien, imp
2001-07-19 17:48:57 +00:00
Jacques Vidrine
b33edd3956 Bug fix: When the client connects to a server and Kerberos
authentication is  enabled, the  client effectively ignores  any error
from krb5_rd_rep due to a missing branch.

In  theory  this could  result  in  an  ssh  client using  Kerberos  5
authentication accepting  a spoofed  AP-REP.  I doubt  this is  a real
possiblity, however, because  the AP-REP is passed from  the server to
the client via the SSH  encrypted channel.  Any tampering should cause
the decryption or MAC to fail.

Approved by:	green
MFC after:	1 week
2001-07-13 18:12:13 +00:00
Ruslan Ermilov
63919764c2 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 10:42:19 +00:00
Brian Feldman
d9769eeead Fix an incorrect conflict resolution which prevented TISAuthentication
from working right in 2.9.
2001-07-07 14:19:53 +00:00
Ruslan Ermilov
df1cda58e4 mdoc(7) police: merge all fixes from non-crypto version. 2001-07-05 14:08:12 +00:00
Ruslan Ermilov
a5493c1b77 MF non-crypto: 1.13: document -u in usage. 2001-07-05 14:06:27 +00:00
Brian Feldman
a15906e7aa Also add a colon to "Bad passphrase, please try again ". 2001-06-29 16:43:13 +00:00
Brian Feldman
69b8e053cb Put in a missing colon in the "Enter passphrase" message. 2001-06-29 16:34:14 +00:00
Brian Feldman
0c82706bc0 Back out the last change which is probably actually a red herring. Argh! 2001-06-26 15:15:22 +00:00
Brian Feldman
c3e2f3baec Don't pointlessly kill a channel because the first (forced)
non-blocking read returns 0.

Now I can finally tunnel CVSUP again...
2001-06-26 14:17:35 +00:00
Assar Westerlund
c80b5a6353 fix merges from 0.3f 2001-06-21 02:21:57 +00:00
Assar Westerlund
362982da86 This commit was generated by cvs2svn to compensate for changes in r78527,
which included commits to RCS files with non-trunk default branches.
2001-06-21 02:12:07 +00:00
Assar Westerlund
adb0ddaeac import of heimdal 0.3f 2001-06-21 02:12:07 +00:00
Assar Westerlund
07de0e4353 (do_authloop): handle !KRB4 && KRB5 2001-06-16 07:44:17 +00:00
Mark Murray
7e40a391bc Unbreak OpenSSH for the KRB5-and-no-KRB4 case. Asking for KRB5 does
not imply that you want, need or have kerberosIV headers.
2001-06-15 08:12:31 +00:00
Brian Feldman
e7edf5a116 Enable Kerberos 5 support in sshd again. 2001-06-12 03:43:47 +00:00
Brian Feldman
e9fd63dfdd Switch to the user's uid before attempting to unlink the auth forwarding
file, nullifying the effects of a race.

Obtained from:	OpenBSD
2001-06-08 22:22:09 +00:00