Rivoreo Source Code Repositories
src.rivoreo.one / security / openssh-library / da108ece6843f1268aa36d7c8ed0030dc53acd15
commitda108ece6843f1268aa36d7c8ed0030dc53acd15[log] [download]
authorDamien Miller <djm@mindrot.org>Tue Aug 31 22:36:39 2010 +1000
committerDamien Miller <djm@mindrot.org>Tue Aug 31 22:36:39 2010 +1000
tree66638a1716374a8d1ac8ece95dceea56ce231a5c
parentd96546f5b0f7c57395a338dbb9ac3ac5a48b77fa [diff]
   - djm@cvs.openbsd.org 2010/08/31 09:58:37
     [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
     [packet.h ssh-dss.c ssh-rsa.c]
     Add buffer_get_cstring() and related functions that verify that the
     string extracted from the buffer contains no embedded \0 characters*
     This prevents random (possibly malicious) crap from being appended to
     strings where it would not be noticed if the string is used with
     a string(3) function.

     Use the new API in a few sensitive places.

     * actually, we allow a single one at the end of the string for now because
     we don't know how many deployed implementations get this wrong, but don't
     count on this to remain indefinitely.
12 files changed
tree: 66638a1716374a8d1ac8ece95dceea56ce231a5c
  1. .cvsignore
  2. CREDITS
  3. ChangeLog
  4. INSTALL
  5. LICENCE
  6. Makefile.in
  7. OVERVIEW
  8. PROTOCOL
  9. PROTOCOL.agent
  10. PROTOCOL.certkeys
  11. PROTOCOL.mux
  12. README
  13. README.dns
  14. README.platform
  15. README.privsep
  16. README.tun
  17. TODO
  18. WARNING.RNG
  19. aclocal.m4
  20. acss.c
  21. acss.h
  22. addrmatch.c
  23. atomicio.c
  24. atomicio.h
  25. audit-bsm.c
  26. audit.c
  27. audit.h
  28. auth-bsdauth.c
  29. auth-chall.c
  30. auth-krb5.c
  31. auth-options.c
  32. auth-options.h
  33. auth-pam.c
  34. auth-pam.h
  35. auth-passwd.c
  36. auth-rh-rsa.c
  37. auth-rhosts.c
  38. auth-rsa.c
  39. auth-shadow.c
  40. auth-sia.c
  41. auth-sia.h
  42. auth-skey.c
  43. auth.c
  44. auth.h
  45. auth1.c
  46. auth2-chall.c
  47. auth2-gss.c
  48. auth2-hostbased.c
  49. auth2-jpake.c
  50. auth2-kbdint.c
  51. auth2-none.c
  52. auth2-passwd.c
  53. auth2-pubkey.c
  54. auth2.c
  55. authfd.c
  56. authfd.h
  57. authfile.c
  58. authfile.h
  59. bufaux.c
  60. bufbn.c
  61. buffer.c
  62. buffer.h
  63. buildpkg.sh.in
  64. canohost.c
  65. canohost.h
  66. channels.c
  67. channels.h
  68. cipher-3des1.c
  69. cipher-acss.c
  70. cipher-aes.c
  71. cipher-bf1.c
  72. cipher-ctr.c
  73. cipher.c
  74. cipher.h
  75. cleanup.c
  76. clientloop.c
  77. clientloop.h
  78. compat.c
  79. compat.h
  80. compress.c
  81. compress.h
  82. config.guess
  83. config.sub
  84. configure.ac
  85. contrib/
  86. crc32.c
  87. crc32.h
  88. deattack.c
  89. deattack.h
  90. defines.h
  91. dh.c
  92. dh.h
  93. dispatch.c
  94. dispatch.h
  95. dns.c
  96. dns.h
  97. entropy.c
  98. entropy.h
  99. fatal.c
  100. fixpaths
  101. fixprogs
  102. groupaccess.c
  103. groupaccess.h
  104. gss-genr.c
  105. gss-serv-krb5.c
  106. gss-serv.c
  107. hostfile.c
  108. hostfile.h
  109. includes.h
  110. install-sh
  111. jpake.c
  112. jpake.h
  113. kex.c
  114. kex.h
  115. kexdh.c
  116. kexdhc.c
  117. kexdhs.c
  118. kexgex.c
  119. kexgexc.c
  120. kexgexs.c
  121. key.c
  122. key.h
  123. log.c
  124. log.h
  125. loginrec.c
  126. loginrec.h
  127. logintest.c
  128. mac.c
  129. mac.h
  130. match.c
  131. match.h
  132. md-sha256.c
  133. md5crypt.c
  134. md5crypt.h
  135. mdoc2man.awk
  136. misc.c
  137. misc.h
  138. mkinstalldirs
  139. moduli
  140. moduli.5
  141. moduli.c
  142. monitor.c
  143. monitor.h
  144. monitor_fdpass.c
  145. monitor_fdpass.h
  146. monitor_mm.c
  147. monitor_mm.h
  148. monitor_wrap.c
  149. monitor_wrap.h
  150. msg.c
  151. msg.h
  152. mux.c
  153. myproposal.h
  154. nchan.c
  155. nchan.ms
  156. nchan2.ms
  157. openbsd-compat/
  158. openssh.xml.in
  159. opensshd.init.in
  160. packet.c
  161. packet.h
  162. pathnames.h
  163. pkcs11.h
  164. platform.c
  165. platform.h
  166. progressmeter.c
  167. progressmeter.h
  168. readconf.c
  169. readconf.h
  170. readpass.c
  171. regress/
  172. rijndael.c
  173. rijndael.h
  174. roaming.h
  175. roaming_client.c
  176. roaming_common.c
  177. roaming_dummy.c
  178. roaming_serv.c
  179. rsa.c
  180. rsa.h
  181. scard/
  182. schnorr.c
  183. schnorr.h
  184. scp.1
  185. scp.c
  186. servconf.c
  187. servconf.h
  188. serverloop.c
  189. serverloop.h
  190. session.c
  191. session.h
  192. sftp-client.c
  193. sftp-client.h
  194. sftp-common.c
  195. sftp-common.h
  196. sftp-glob.c
  197. sftp-server-main.c
  198. sftp-server.8
  199. sftp-server.c
  200. sftp.1
  201. sftp.c
  202. sftp.h
  203. ssh-add.1
  204. ssh-add.c
  205. ssh-agent.1
  206. ssh-agent.c
  207. ssh-dss.c
  208. ssh-gss.h
  209. ssh-keygen.1
  210. ssh-keygen.c
  211. ssh-keyscan.1
  212. ssh-keyscan.c
  213. ssh-keysign.8
  214. ssh-keysign.c
  215. ssh-pkcs11-client.c
  216. ssh-pkcs11-helper.8
  217. ssh-pkcs11-helper.c
  218. ssh-pkcs11.c
  219. ssh-pkcs11.h
  220. ssh-rand-helper.8
  221. ssh-rand-helper.c
  222. ssh-rsa.c
  223. ssh.1
  224. ssh.c
  225. ssh.h
  226. ssh1.h
  227. ssh2.h
  228. ssh_config
  229. ssh_config.5
  230. ssh_prng_cmds.in
  231. sshconnect.c
  232. sshconnect.h
  233. sshconnect1.c
  234. sshconnect2.c
  235. sshd.8
  236. sshd.c
  237. sshd_config
  238. sshd_config.5
  239. sshlogin.c
  240. sshlogin.h
  241. sshpty.c
  242. sshpty.h
  243. sshtty.c
  244. survey.sh.in
  245. ttymodes.c
  246. ttymodes.h
  247. uidswap.c
  248. uidswap.h
  249. umac.c
  250. umac.h
  251. uuencode.c
  252. uuencode.h
  253. version.h
  254. xmalloc.c
  255. xmalloc.h