Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / da108ece6843f1268aa36d7c8ed0030dc53acd15
commitda108ece6843f1268aa36d7c8ed0030dc53acd15[log] [tgz]
authorDamien Miller <djm@mindrot.org>Tue Aug 31 22:36:39 2010 +1000
committerDamien Miller <djm@mindrot.org>Tue Aug 31 22:36:39 2010 +1000
tree66638a1716374a8d1ac8ece95dceea56ce231a5c
parentd96546f5b0f7c57395a338dbb9ac3ac5a48b77fa [diff]
   - djm@cvs.openbsd.org 2010/08/31 09:58:37
     [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
     [packet.h ssh-dss.c ssh-rsa.c]
     Add buffer_get_cstring() and related functions that verify that the
     string extracted from the buffer contains no embedded \0 characters*
     This prevents random (possibly malicious) crap from being appended to
     strings where it would not be noticed if the string is used with
     a string(3) function.

     Use the new API in a few sensitive places.

     * actually, we allow a single one at the end of the string for now because
     we don't know how many deployed implementations get this wrong, but don't
     count on this to remain indefinitely.
12 files changed
tree: 66638a1716374a8d1ac8ece95dceea56ce231a5c
  1. contrib/
  2. openbsd-compat/
  3. regress/
  4. scard/
  5. .cvsignore
  6. aclocal.m4
  7. acss.c
  8. acss.h
  9. addrmatch.c
  10. atomicio.c
  11. atomicio.h
  12. audit-bsm.c
  13. audit.c
  14. audit.h
  15. auth-bsdauth.c
  16. auth-chall.c
  17. auth-krb5.c
  18. auth-options.c
  19. auth-options.h
  20. auth-pam.c
  21. auth-pam.h
  22. auth-passwd.c
  23. auth-rh-rsa.c
  24. auth-rhosts.c
  25. auth-rsa.c
  26. auth-shadow.c
  27. auth-sia.c
  28. auth-sia.h
  29. auth-skey.c
  30. auth.c
  31. auth.h
  32. auth1.c
  33. auth2-chall.c
  34. auth2-gss.c
  35. auth2-hostbased.c
  36. auth2-jpake.c
  37. auth2-kbdint.c
  38. auth2-none.c
  39. auth2-passwd.c
  40. auth2-pubkey.c
  41. auth2.c
  42. authfd.c
  43. authfd.h
  44. authfile.c
  45. authfile.h
  46. bufaux.c
  47. bufbn.c
  48. buffer.c
  49. buffer.h
  50. buildpkg.sh.in
  51. canohost.c
  52. canohost.h
  53. ChangeLog
  54. channels.c
  55. channels.h
  56. cipher-3des1.c
  57. cipher-acss.c
  58. cipher-aes.c
  59. cipher-bf1.c
  60. cipher-ctr.c
  61. cipher.c
  62. cipher.h
  63. cleanup.c
  64. clientloop.c
  65. clientloop.h
  66. compat.c
  67. compat.h
  68. compress.c
  69. compress.h
  70. config.guess
  71. config.sub
  72. configure.ac
  73. crc32.c
  74. crc32.h
  75. CREDITS
  76. deattack.c
  77. deattack.h
  78. defines.h
  79. dh.c
  80. dh.h
  81. dispatch.c
  82. dispatch.h
  83. dns.c
  84. dns.h
  85. entropy.c
  86. entropy.h
  87. fatal.c
  88. fixpaths
  89. fixprogs
  90. groupaccess.c
  91. groupaccess.h
  92. gss-genr.c
  93. gss-serv-krb5.c
  94. gss-serv.c
  95. hostfile.c
  96. hostfile.h
  97. includes.h
  98. INSTALL
  99. install-sh
  100. jpake.c
  101. jpake.h
  102. kex.c
  103. kex.h
  104. kexdh.c
  105. kexdhc.c
  106. kexdhs.c
  107. kexgex.c
  108. kexgexc.c
  109. kexgexs.c
  110. key.c
  111. key.h
  112. LICENCE
  113. log.c
  114. log.h
  115. loginrec.c
  116. loginrec.h
  117. logintest.c
  118. mac.c
  119. mac.h
  120. Makefile.in
  121. match.c
  122. match.h
  123. md-sha256.c
  124. md5crypt.c
  125. md5crypt.h
  126. mdoc2man.awk
  127. misc.c
  128. misc.h
  129. mkinstalldirs
  130. moduli
  131. moduli.5
  132. moduli.c
  133. monitor.c
  134. monitor.h
  135. monitor_fdpass.c
  136. monitor_fdpass.h
  137. monitor_mm.c
  138. monitor_mm.h
  139. monitor_wrap.c
  140. monitor_wrap.h
  141. msg.c
  142. msg.h
  143. mux.c
  144. myproposal.h
  145. nchan.c
  146. nchan.ms
  147. nchan2.ms
  148. openssh.xml.in
  149. opensshd.init.in
  150. OVERVIEW
  151. packet.c
  152. packet.h
  153. pathnames.h
  154. pkcs11.h
  155. platform.c
  156. platform.h
  157. progressmeter.c
  158. progressmeter.h
  159. PROTOCOL
  160. PROTOCOL.agent
  161. PROTOCOL.certkeys
  162. PROTOCOL.mux
  163. readconf.c
  164. readconf.h
  165. README
  166. README.dns
  167. README.platform
  168. README.privsep
  169. README.tun
  170. readpass.c
  171. rijndael.c
  172. rijndael.h
  173. roaming.h
  174. roaming_client.c
  175. roaming_common.c
  176. roaming_dummy.c
  177. roaming_serv.c
  178. rsa.c
  179. rsa.h
  180. schnorr.c
  181. schnorr.h
  182. scp.1
  183. scp.c
  184. servconf.c
  185. servconf.h
  186. serverloop.c
  187. serverloop.h
  188. session.c
  189. session.h
  190. sftp-client.c
  191. sftp-client.h
  192. sftp-common.c
  193. sftp-common.h
  194. sftp-glob.c
  195. sftp-server-main.c
  196. sftp-server.8
  197. sftp-server.c
  198. sftp.1
  199. sftp.c
  200. sftp.h
  201. ssh-add.1
  202. ssh-add.c
  203. ssh-agent.1
  204. ssh-agent.c
  205. ssh-dss.c
  206. ssh-gss.h
  207. ssh-keygen.1
  208. ssh-keygen.c
  209. ssh-keyscan.1
  210. ssh-keyscan.c
  211. ssh-keysign.8
  212. ssh-keysign.c
  213. ssh-pkcs11-client.c
  214. ssh-pkcs11-helper.8
  215. ssh-pkcs11-helper.c
  216. ssh-pkcs11.c
  217. ssh-pkcs11.h
  218. ssh-rand-helper.8
  219. ssh-rand-helper.c
  220. ssh-rsa.c
  221. ssh.1
  222. ssh.c
  223. ssh.h
  224. ssh1.h
  225. ssh2.h
  226. ssh_config
  227. ssh_config.5
  228. ssh_prng_cmds.in
  229. sshconnect.c
  230. sshconnect.h
  231. sshconnect1.c
  232. sshconnect2.c
  233. sshd.8
  234. sshd.c
  235. sshd_config
  236. sshd_config.5
  237. sshlogin.c
  238. sshlogin.h
  239. sshpty.c
  240. sshpty.h
  241. sshtty.c
  242. survey.sh.in
  243. TODO
  244. ttymodes.c
  245. ttymodes.h
  246. uidswap.c
  247. uidswap.h
  248. umac.c
  249. umac.h
  250. uuencode.c
  251. uuencode.h
  252. version.h
  253. WARNING.RNG
  254. xmalloc.c
  255. xmalloc.h