d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
62,479 Commits 4 Branches 49 Tags 2 GiB
6ea84229c5
Commit Graph

340 Commits

Author SHA1 Message Date
ru
4b023c5a9f More potential buffer overflow fixes. 
o Fixed `nfrontp' calculations in output_data().  If `remaining' is
  initially zero, it was possible for `nfrontp' to be decremented.

Noticed by:	dillon

o Replaced leaking writenet() with output_datalen():

:  * writenet
:  *
:  * Just a handy little function to write a bit of raw data to the net.
:  * It will force a transmit of the buffer if necessary
:  *
:  * arguments
:  *    ptr - A pointer to a character string to write
:  *    len - How many bytes to write
:  */
: 	void
: writenet(ptr, len)
: 	register unsigned char *ptr;
: 	register int len;
: {
: 	/* flush buffer if no room for new data) */
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 	if ((&netobuf[BUFSIZ] - nfrontp) < len) {
: 		/* if this fails, don't worry, buffer is a little big */
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 		netflush();
: 	}
:
: 	memmove(nfrontp, ptr, len);
: 	nfrontp += len;
:
: }  /* end of writenet */

What an irony!  :-)

o Optimized output_datalen() a bit.
 2001-07-20 12:02:30 +00:00
kris
18cbcd5eff Resolve conflicts 2001-07-19 20:05:28 +00:00
kris
84fabcda92 This commit was generated by cvs2svn to compensate for changes in r79998, 
which included commits to RCS files with non-trunk default branches.
 2001-07-19 19:59:37 +00:00
kris
3b19ada1e8 Initial import of OpenSSL 0.9.6b 2001-07-19 19:59:37 +00:00
ru
5bfe15ad2f vsnprintf() can return a value larger than the buffer size. 
Submitted by:	assar
Obtained from:	OpenBSD
 2001-07-19 18:58:31 +00:00
ru
9cac33d71f Fixed the exploitable remote buffer overflow. 
Reported on:	bugtraq
Obtained from:	Heimdal, NetBSD
Reviewed by:	obrien, imp
 2001-07-19 17:48:57 +00:00
nectar
0e7f0df834 Bug fix: When the client connects to a server and Kerberos 
authentication is  enabled, the  client effectively ignores  any error
from krb5_rd_rep due to a missing branch.

In  theory  this could  result  in  an  ssh  client using  Kerberos  5
authentication accepting  a spoofed  AP-REP.  I doubt  this is  a real
possiblity, however, because  the AP-REP is passed from  the server to
the client via the SSH  encrypted channel.  Any tampering should cause
the decryption or MAC to fail.

Approved by:	green
MFC after:	1 week
 2001-07-13 18:12:13 +00:00
ru
d19961ab7f mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 10:42:19 +00:00
green
961721080a Fix an incorrect conflict resolution which prevented TISAuthentication 
from working right in 2.9.
 2001-07-07 14:19:53 +00:00
ru
9fe5b34c60 mdoc(7) police: merge all fixes from non-crypto version. 2001-07-05 14:08:12 +00:00
ru
30aad2eb2c MF non-crypto: 1.13: document -u in usage. 2001-07-05 14:06:27 +00:00
green
93a6a41112 Also add a colon to "Bad passphrase, please try again ". 2001-06-29 16:43:13 +00:00
green
5d06029221 Put in a missing colon in the "Enter passphrase" message. 2001-06-29 16:34:14 +00:00
green
fe0162ddb3 Back out the last change which is probably actually a red herring. Argh! 2001-06-26 15:15:22 +00:00
green
c3258d9fdd Don't pointlessly kill a channel because the first (forced) 
non-blocking read returns 0.

Now I can finally tunnel CVSUP again...
 2001-06-26 14:17:35 +00:00
assar
c05dadd832 fix merges from 0.3f 2001-06-21 02:21:57 +00:00
assar
7281f96821 This commit was generated by cvs2svn to compensate for changes in r78527, 
which included commits to RCS files with non-trunk default branches.
 2001-06-21 02:12:07 +00:00
assar
0c8fa35435 import of heimdal 0.3f 2001-06-21 02:12:07 +00:00
assar
116337ea17 (do_authloop): handle !KRB4 && KRB5 2001-06-16 07:44:17 +00:00
markm
5fa9d6f739 Unbreak OpenSSH for the KRB5-and-no-KRB4 case. Asking for KRB5 does 
not imply that you want, need or have kerberosIV headers.
 2001-06-15 08:12:31 +00:00
green
fdb0c1688a Enable Kerberos 5 support in sshd again. 2001-06-12 03:43:47 +00:00
green
45d207659b Switch to the user's uid before attempting to unlink the auth forwarding 
file, nullifying the effects of a race.

Obtained from:	OpenBSD
 2001-06-08 22:22:09 +00:00
obrien
a26134411c Fix $FreeBSD$ style committer messed up in rev 1.7 for some reason. 2001-05-24 07:22:08 +00:00
dillon
0c1af1bd68 Oops, forgot the 'u' in the getopt for the previous commit. 2001-05-24 00:14:19 +00:00
dillon
9ff666d52d A feature to allow one to telnet to a unix domain socket. (MFC from 
non-crypto version)

Also update the crypto telnet's man page to reflect other options
ported from the non-crypto version.

Obtained from:   Lyndon Nerenberg <lyndon@orthanc.ab.ca>
 2001-05-23 22:54:07 +00:00
kris
445c7928a1 Resolve conflicts 2001-05-20 03:17:35 +00:00
kris
12896e829e Initial import of OpenSSL 0.9.6a 2001-05-20 03:07:21 +00:00
kris
d8a086ad88 This commit was generated by cvs2svn to compensate for changes in r76866, 
which included commits to RCS files with non-trunk default branches.
 2001-05-20 03:07:21 +00:00
obrien
bac609c202 Restore the RSA host key to /etc/ssh/ssh_host_key. 
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
 2001-05-18 18:10:02 +00:00
nsayer
e25576d211 Make the PAM user-override actually override the correect thing. 2001-05-17 16:28:11 +00:00
peter
859d222e45 Back out last commit. This was already fixed. This should never have 
happened, this is why we have commit mail expressly delivered to
committers.
 2001-05-17 03:14:42 +00:00
peter
fdd845cf6b Fix the latest telnet breakage. Obviously this was never compiled. 2001-05-17 03:13:00 +00:00
nsayer
295844e3ff Since the root-on-insecure-tty code was added to telnetd, a dependency 
on char *line was added to libtelnet. Put a dummy one in to keep the
linker happy.
 2001-05-16 20:34:42 +00:00
nsayer
02a47b1303 Make sure the protocol actively rejects bad data rather than 
(potentially) not responding to an invalid SRA 'auth is' message.
 2001-05-16 20:24:58 +00:00
nsayer
280add2b35 srandomdev() affords us the opportunity to radically improve, and at the 
same time simplify, the random number selection code.
 2001-05-16 18:32:46 +00:00
nsayer
ca01fb27dc Catch any attempted buffer overflows. The magic numbers in this code 
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.

Submitted by:	kris
 2001-05-16 18:27:09 +00:00
nsayer
ce94eedfd7 Catch malloc return failures. This should help avoid dereferencing NULL on 
low-memory situations.

Submitted by:	kris
 2001-05-16 18:17:55 +00:00
peter
6125cb47e3 Hack to work around braindeath in libtelnet:sra.c. The sra.o file 
references global variables from telnetd, but is also linked into
telnet as well. I was tempted to back out the last sra.c change
as it is 100% bogus and should be taken out and shot, but for now
this bandaid should get world working again. :-(
 2001-05-15 09:52:03 +00:00
nsayer
2bdf180df8 If the uid of the attempted authentication is 0 and if the pty is 
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
 2001-05-15 04:47:14 +00:00
green
a407780211 If a host would exceed 16 characters in the utmp entry, record only 
it's IP address/base host instead.

Submitted by:	brian
 2001-05-15 01:50:40 +00:00
ru
3add9296c0 mdoc(7) police: finished fixing conflicts in revision 1.18. 2001-05-14 18:13:34 +00:00
markm
cdb0cb9ccd Fix make world in the kerberosIV case. 2001-05-11 09:36:17 +00:00
assar
afb22517a4 merge imported changes into HEAD 2001-05-11 00:14:02 +00:00
alfred
bd16bfd06f Fix some of the handling in the pam module, don't unregister things 
that were never registered.  At the same time handle a failure from
pam_setcreds with a bit more paranioa than the previous fix.

Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
 2001-05-09 03:40:37 +00:00
green
9c961719a9 Since PAM is broken, let pam_setcred() failure be non-fatal. 2001-05-08 22:30:18 +00:00
assar
06c859ecf5 mdoc(ng) fixes 
Submitted by:	ru
 2001-05-08 14:57:13 +00:00
assar
b9733926af This commit was generated by cvs2svn to compensate for changes in r76371, 
which included commits to RCS files with non-trunk default branches.
 2001-05-08 14:57:13 +00:00
assar
a4ee56e2bb mdoc(ng) fixes 
Submitted by:	ru
 2001-05-08 14:57:13 +00:00
nsayer
b47830be3e Pointy hat fix -- reapply the SRA PAM patch. To -current this time. 2001-05-07 20:42:02 +00:00
green
3f59c74031 sshd_config should still be keeping ssh host keys in /etc/ssh, not /etc. 2001-05-05 13:48:13 +00:00