Mailing List Archive

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 1d6424a6ff94633c221297ae8f42d54e12a20912
Author: djm@openbsd.org <djm@openbsd.org>
Date: Tue Jan 20 08:02:33 2015 +0000

upstream commit

this test would accidentally delete agent.sh if run without
obj/
---
regress/hostkey-agent.sh | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/regress/hostkey-agent.sh b/regress/hostkey-agent.sh
index 84fb2c2..fddb041 100644
--- a/regress/hostkey-agent.sh
+++ b/regress/hostkey-agent.sh
@@ -1,9 +1,9 @@
-# $OpenBSD: hostkey-agent.sh,v 1.2 2015/01/19 06:01:32 djm Exp $
+# $OpenBSD: hostkey-agent.sh,v 1.3 2015/01/20 08:02:33 djm Exp $
# Placed in the Public Domain.

tid="hostkey agent"

-rm -f $OBJ/agent.* $OBJ/ssh_proxy.orig $OBJ/known_hosts.orig
+rm -f $OBJ/agent-key.* $OBJ/ssh_proxy.orig $OBJ/known_hosts.orig

trace "start agent"
eval `${SSHAGENT} -s` > /dev/null
@@ -15,16 +15,16 @@ echo "HostKeyAgent $SSH_AUTH_SOCK" >> $OBJ/sshd_proxy.orig

trace "load hostkeys"
for k in `${SSH} -Q key-plain` ; do
- ${SSHKEYGEN} -qt $k -f $OBJ/agent.$k -N '' || fatal "ssh-keygen $k"
+ ${SSHKEYGEN} -qt $k -f $OBJ/agent-key.$k -N '' || fatal "ssh-keygen $k"
(
echo -n 'localhost-with-alias,127.0.0.1,::1 '
- cat $OBJ/agent.$k.pub
+ cat $OBJ/agent-key.$k.pub
) >> $OBJ/known_hosts.orig
- ${SSHADD} $OBJ/agent.$k >/dev/null 2>&1 || \
- fatal "couldn't load key $OBJ/agent.$k"
- echo "Hostkey $OBJ/agent.${k}" >> sshd_proxy.orig
+ ${SSHADD} $OBJ/agent-key.$k >/dev/null 2>&1 || \
+ fatal "couldn't load key $OBJ/agent-key.$k"
+ echo "Hostkey $OBJ/agent-key.${k}" >> sshd_proxy.orig
# Remove private key so the server can't use it.
- rm $OBJ/agent.$k || fatal "couldn't rm $OBJ/agent.$k"
+ rm $OBJ/agent-key.$k || fatal "couldn't rm $OBJ/agent-key.$k"
done
cp $OBJ/known_hosts.orig $OBJ/known_hosts


--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 3076ee7d530d5b16842fac7a6229706c7e5acd26
Author: djm@openbsd.org <djm@openbsd.org>
Date: Mon Jan 26 13:36:53 2015 +0000

upstream commit

properly restore umask
---
hostfile.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hostfile.c b/hostfile.c
index 9de1b38..ea6bc6f 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.62 2015/01/26 03:04:45 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.63 2015/01/26 13:36:53 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -551,6 +551,8 @@ hostfile_replace_entries(const char *filename, const char *host,
mode_t omask;
size_t i;

+ omask = umask(077);
+
memset(&ctx, 0, sizeof(ctx));
ctx.host = host;
ctx.quiet = quiet;
@@ -568,7 +570,6 @@ hostfile_replace_entries(const char *filename, const char *host,
goto fail;
}

- omask = umask(077);
if ((fd = mkstemp(temp)) == -1) {
oerrno = errno;
error("%s: mkstemp: %s", __func__, strerror(oerrno));
@@ -636,6 +637,7 @@ hostfile_replace_entries(const char *filename, const char *host,
if (ctx.out != NULL)
fclose(ctx.out);
free(ctx.skip_keys);
+ umask(omask);
if (r == SSH_ERR_SYSTEM_ERROR)
errno = oerrno;
return r;

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 9ce86c926dfa6e0635161b035e3944e611cbccf0
Author: djm@openbsd.org <djm@openbsd.org>
Date: Wed Jan 28 22:36:00 2015 +0000

upstream commit

update to new API (key_fingerprint => sshkey_fingerprint)
check sshkey_fingerprint return values; ok markus
---
auth-rsa.c | 7 ++++---
auth2-hostbased.c | 12 +++++++-----
auth2-pubkey.c | 29 +++++++++++++++++------------
dns.c | 6 +++---
key.c | 19 +------------------
key.h | 5 +----
ssh-add.c | 5 +++--
ssh-agent.c | 5 +++--
ssh-keygen.c | 18 ++++++++++++++----
ssh-keysign.c | 7 ++++---
sshconnect.c | 26 +++++++++++++++++---------
sshconnect2.c | 10 +++++++---
12 files changed, 81 insertions(+), 68 deletions(-)

diff --git a/auth-rsa.c b/auth-rsa.c
index 422c196..cbd971b 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rsa.c,v 1.89 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: auth-rsa.c,v 1.90 2015/01/28 22:36:00 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -238,8 +238,9 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
"actual %d vs. announced %d.",
file, linenum, BN_num_bits(key->rsa->n), bits);

- fp = key_fingerprint(key, options.fingerprint_hash,
- SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
+ SSH_FP_DEFAULT)) == NULL)
+ continue;
debug("matching key found: file %s, line %lu %s %s",
file, linenum, key_type(key), fp);
free(fp);
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 6f69e89..eebfe8f 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.23 2015/01/28 11:07:25 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.24 2015/01/28 22:36:00 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -224,15 +224,17 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,

if (host_status == HOST_OK) {
if (key_is_cert(key)) {
- fp = key_fingerprint(key->cert->signature_key,
- options.fingerprint_hash, SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(key->cert->signature_key,
+ options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
verbose("Accepted certificate ID \"%s\" signed by "
"%s CA %s from %s@%s", key->cert->key_id,
key_type(key->cert->signature_key), fp,
cuser, lookup);
} else {
- fp = key_fingerprint(key, options.fingerprint_hash,
- SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(key,
+ options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
verbose("Accepted %s public key %s from %s@%s",
key_type(key), fp, cuser, lookup);
}
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index d922eea..d8f0aa3 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.45 2015/01/13 07:39:19 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.46 2015/01/28 22:36:00 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -228,18 +228,20 @@ pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
}

if (key_is_cert(key)) {
- fp = key_fingerprint(key->cert->signature_key,
+ fp = sshkey_fingerprint(key->cert->signature_key,
options.fingerprint_hash, SSH_FP_DEFAULT);
auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s",
key_type(key), key->cert->key_id,
(unsigned long long)key->cert->serial,
- key_type(key->cert->signature_key), fp,
+ key_type(key->cert->signature_key),
+ fp == NULL ? "(null)" : "",
extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
free(fp);
} else {
- fp = key_fingerprint(key, options.fingerprint_hash,
+ fp = sshkey_fingerprint(key, options.fingerprint_hash,
SSH_FP_DEFAULT);
- auth_info(authctxt, "%s %s%s%s", key_type(key), fp,
+ auth_info(authctxt, "%s %s%s%s", key_type(key),
+ fp == NULL ? "(null)" : "",
extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
free(fp);
}
@@ -382,8 +384,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
continue;
if (!key_is_cert_authority)
continue;
- fp = key_fingerprint(found, options.fingerprint_hash,
- SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(found,
+ options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ continue;
debug("matching CA found: file %s, line %lu, %s %s",
file, linenum, key_type(found), fp);
/*
@@ -422,12 +425,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
continue;
if (key_is_cert_authority)
continue;
- found_key = 1;
- fp = key_fingerprint(found, options.fingerprint_hash,
- SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(found,
+ options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ continue;
debug("matching key found: file %s, line %lu %s %s",
file, linenum, key_type(found), fp);
free(fp);
+ found_key = 1;
break;
}
}
@@ -449,8 +453,9 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL)
return 0;

- ca_fp = key_fingerprint(key->cert->signature_key,
- options.fingerprint_hash, SSH_FP_DEFAULT);
+ if ((ca_fp = sshkey_fingerprint(key->cert->signature_key,
+ options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ return 0;

if (sshkey_in_file(key->cert->signature_key,
options.trusted_user_ca_keys, 1, 0) != 0) {
diff --git a/dns.c b/dns.c
index f45bec0..f201b60 100644
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.33 2015/01/15 09:40:00 djm Exp $ */
+/* $OpenBSD: dns.c,v 1.34 2015/01/28 22:36:00 djm Exp $ */

/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -294,7 +294,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
free(dnskey_digest);
}

- free(hostkey_digest); /* from key_fingerprint_raw() */
+ free(hostkey_digest); /* from sshkey_fingerprint_raw() */
freerrset(fingerprints);

if (*flags & DNS_VERIFY_FOUND)
@@ -337,7 +337,7 @@ export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic)
for (i = 0; i < rdata_digest_len; i++)
fprintf(f, "%02x", rdata_digest[i]);
fprintf(f, "\n");
- free(rdata_digest); /* from key_fingerprint_raw() */
+ free(rdata_digest); /* from sshkey_fingerprint_raw() */
success = 1;
}
}
diff --git a/key.c b/key.c
index c2b696a..bbe027b 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.126 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: key.c,v 1.127 2015/01/28 22:36:00 djm Exp $ */
/*
* placed in the public domain
*/
@@ -39,23 +39,6 @@ key_new_private(int type)
return ret;
}

-u_char*
-key_fingerprint_raw(const Key *k, int dgst_alg, u_int *dgst_raw_length)
-{
- u_char *ret = NULL;
- size_t dlen;
- int r;
-
- if (dgst_raw_length != NULL)
- *dgst_raw_length = 0;
- if ((r = sshkey_fingerprint_raw(k, dgst_alg, &ret, &dlen)) != 0)
- fatal("%s: %s", __func__, ssh_err(r));
- if (dlen > INT_MAX)
- fatal("%s: giant len %zu", __func__, dlen);
- *dgst_raw_length = dlen;
- return ret;
-}
-
int
key_read(Key *ret, char **cpp)
{
diff --git a/key.h b/key.h
index bf88497..89fd5cf 100644
--- a/key.h
+++ b/key.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.h,v 1.46 2015/01/13 07:39:19 djm Exp $ */
+/* $OpenBSD: key.h,v 1.47 2015/01/28 22:36:00 djm Exp $ */

/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -39,7 +39,6 @@ typedef struct sshkey Key;
#define key_free sshkey_free
#define key_equal_public sshkey_equal_public
#define key_equal sshkey_equal
-#define key_fingerprint sshkey_fingerprint
#define key_type sshkey_type
#define key_cert_type sshkey_cert_type
#define key_ssh_name sshkey_ssh_name
@@ -59,14 +58,12 @@ typedef struct sshkey Key;
#define key_ec_nid_to_hash_alg sshkey_ec_nid_to_hash_alg
#define key_dump_ec_point sshkey_dump_ec_point
#define key_dump_ec_key sshkey_dump_ec_key
-#define key_fingerprint sshkey_fingerprint
#endif

void key_add_private(Key *);
Key *key_new_private(int);
void key_free(Key *);
Key *key_demote(const Key *);
-u_char *key_fingerprint_raw(const Key *, int, u_int *);
int key_write(const Key *, FILE *);
int key_read(Key *, char **);

diff --git a/ssh-add.c b/ssh-add.c
index 5ac5108..676e65d 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.117 2015/01/16 06:40:12 deraadt Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.118 2015/01/28 22:36:00 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -375,7 +375,8 @@ list_identities(int agent_fd, int do_fp)
fp = sshkey_fingerprint(idlist->keys[i],
fingerprint_hash, SSH_FP_DEFAULT);
printf("%d %s %s (%s)\n",
- sshkey_size(idlist->keys[i]), fp,
+ sshkey_size(idlist->keys[i]),
+ fp == NULL ? "(null)" : fp,
idlist->comments[i],
sshkey_type(idlist->keys[i]));
free(fp);
diff --git a/ssh-agent.c b/ssh-agent.c
index ba8d020..41e12ac 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.196 2015/01/16 06:40:12 deraadt Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.197 2015/01/28 22:36:00 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -212,7 +212,8 @@ confirm_key(Identity *id)
int ret = -1;

p = sshkey_fingerprint(id->key, fingerprint_hash, SSH_FP_DEFAULT);
- if (ask_permission("Allow use of key %s?\nKey fingerprint %s.",
+ if (p != NULL &&
+ ask_permission("Allow use of key %s?\nKey fingerprint %s.",
id->comment, p))
ret = 0;
free(p);
diff --git a/ssh-keygen.c b/ssh-keygen.c
index ac20723..b8489dc 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.258 2015/01/19 00:32:54 deraadt Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.259 2015/01/28 22:36:00 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -800,6 +800,8 @@ do_download(struct passwd *pw)
fp = sshkey_fingerprint(keys[i], fptype, rep);
ra = sshkey_fingerprint(keys[i], fingerprint_hash,
SSH_FP_RANDOMART);
+ if (fp == NULL || ra == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]),
fp, sshkey_type(keys[i]));
if (log_level >= SYSLOG_LEVEL_VERBOSE)
@@ -846,6 +848,8 @@ do_fingerprint(struct passwd *pw)
fp = sshkey_fingerprint(public, fptype, rep);
ra = sshkey_fingerprint(public, fingerprint_hash,
SSH_FP_RANDOMART);
+ if (fp == NULL || ra == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
printf("%u %s %s (%s)\n", sshkey_size(public), fp, comment,
sshkey_type(public));
if (log_level >= SYSLOG_LEVEL_VERBOSE)
@@ -915,6 +919,8 @@ do_fingerprint(struct passwd *pw)
fp = sshkey_fingerprint(public, fptype, rep);
ra = sshkey_fingerprint(public, fingerprint_hash,
SSH_FP_RANDOMART);
+ if (fp == NULL || ra == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
printf("%u %s %s (%s)\n", sshkey_size(public), fp,
comment ? comment : "no comment", sshkey_type(public));
if (log_level >= SYSLOG_LEVEL_VERBOSE)
@@ -1902,6 +1908,8 @@ do_show_cert(struct passwd *pw)
key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT);
ca_fp = sshkey_fingerprint(key->cert->signature_key,
fingerprint_hash, SSH_FP_DEFAULT);
+ if (key_fp == NULL || ca_fp == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);

printf("%s:\n", identity_file);
printf(" Type: %s %s certificate\n", sshkey_ssh_name(key),
@@ -2216,7 +2224,7 @@ main(int argc, char **argv)
{
char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;
char *checkpoint = NULL;
- char out_file[PATH_MAX], *rr_hostname = NULL, *ep;
+ char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra;
struct sshkey *private, *public;
struct passwd *pw;
struct stat st;
@@ -2709,10 +2717,12 @@ passphrase_again:
fclose(f);

if (!quiet) {
- char *fp = sshkey_fingerprint(public, fingerprint_hash,
+ fp = sshkey_fingerprint(public, fingerprint_hash,
SSH_FP_DEFAULT);
- char *ra = sshkey_fingerprint(public, fingerprint_hash,
+ ra = sshkey_fingerprint(public, fingerprint_hash,
SSH_FP_RANDOMART);
+ if (fp == NULL || ra == NULL)
+ fatal("sshkey_fingerprint failed");
printf("Your public key has been saved in %s.\n",
identity_file);
printf("The key fingerprint is:\n");
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 222327e..bcf897a 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.46 2015/01/15 09:40:00 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.47 2015/01/28 22:36:00 djm Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
@@ -274,8 +274,9 @@ main(int argc, char **argv)
}
}
if (!found) {
- fp = sshkey_fingerprint(key, options.fingerprint_hash,
- SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
+ SSH_FP_DEFAULT)) == NULL)
+ fatal("%s: sshkey_fingerprint failed", __func__);
fatal("no matching hostkey found for key %s %s",
sshkey_type(key), fp ? fp : "");
}
diff --git a/sshconnect.c b/sshconnect.c
index df921be..9e51506 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.258 2015/01/26 06:10:03 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.259 2015/01/28 22:36:00 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -770,7 +770,7 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr,
if (options.proxy_command == NULL) {
if (getnameinfo(hostaddr, addrlen,
ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0)
- fatal("check_host_key: getnameinfo failed");
+ fatal("%s: getnameinfo failed", __func__);
*hostfile_ipaddr = put_host_port(ntop, port);
} else {
*hostfile_ipaddr = xstrdup("<no hostip for proxy "
@@ -919,10 +919,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
"key for IP address '%.128s' to the list "
"of known hosts.", type, ip);
} else if (options.visual_host_key) {
- fp = key_fingerprint(host_key,
+ fp = sshkey_fingerprint(host_key,
options.fingerprint_hash, SSH_FP_DEFAULT);
- ra = key_fingerprint(host_key,
+ ra = sshkey_fingerprint(host_key,
options.fingerprint_hash, SSH_FP_RANDOMART);
+ if (fp == NULL || ra == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
logit("Host key fingerprint is %s\n%s\n", fp, ra);
free(ra);
free(fp);
@@ -962,10 +964,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
else
snprintf(msg1, sizeof(msg1), ".");
/* The default */
- fp = key_fingerprint(host_key,
+ fp = sshkey_fingerprint(host_key,
options.fingerprint_hash, SSH_FP_DEFAULT);
- ra = key_fingerprint(host_key,
+ ra = sshkey_fingerprint(host_key,
options.fingerprint_hash, SSH_FP_RANDOMART);
+ if (fp == NULL || ra == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
msg2[0] = '\0';
if (options.verify_host_key_dns) {
if (matching_host_key_dns)
@@ -1399,10 +1403,12 @@ show_other_keys(struct hostkeys *hostkeys, Key *key)
continue;
if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
continue;
- fp = key_fingerprint(found->key,
+ fp = sshkey_fingerprint(found->key,
options.fingerprint_hash, SSH_FP_DEFAULT);
- ra = key_fingerprint(found->key,
+ ra = sshkey_fingerprint(found->key,
options.fingerprint_hash, SSH_FP_RANDOMART);
+ if (fp == NULL || ra == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
logit("WARNING: %s key found for host %s\n"
"in %s:%lu\n"
"%s key fingerprint %s.",
@@ -1423,8 +1429,10 @@ warn_changed_key(Key *host_key)
{
char *fp;

- fp = key_fingerprint(host_key, options.fingerprint_hash,
+ fp = sshkey_fingerprint(host_key, options.fingerprint_hash,
SSH_FP_DEFAULT);
+ if (fp == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);

error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
diff --git a/sshconnect2.c b/sshconnect2.c
index 8da4d70..48882e3 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.221 2015/01/20 20:16:21 markus Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.222 2015/01/28 22:36:00 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -591,7 +591,9 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
key->type, pktype);
goto done;
}
- fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
+ SSH_FP_DEFAULT)) == NULL)
+ goto done;
debug2("input_userauth_pk_ok: fp %s", fp);
free(fp);

@@ -1009,7 +1011,9 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
int have_sig = 1;
char *fp;

- fp = key_fingerprint(id->key, options.fingerprint_hash, SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
+ SSH_FP_DEFAULT)) == NULL)
+ return 0;
debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
free(fp);


--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 6049a548a8a68ff0bbe581ab1748ea6a59ecdc38
Author: djm@openbsd.org <djm@openbsd.org>
Date: Sat Jan 31 20:30:05 2015 +0000

upstream commit

Let sshd load public host keys even when private keys are
missing. Allows sshd to advertise additional keys for future key rotation.
Also log fingerprint of hostkeys loaded; ok markus@
---
sshd.c | 27 +++++++++++++++++----------
1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/sshd.c b/sshd.c
index 004ddd4..4282bdc 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.440 2015/01/26 06:10:03 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.441 2015/01/31 20:30:05 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -795,7 +795,7 @@ list_hostkey_types(void)
buffer_init(&b);
for (i = 0; i < options.num_host_key_files; i++) {
key = sensitive_data.host_keys[i];
- if (key == NULL)
+ if (key == NULL && have_agent)
key = sensitive_data.host_pubkeys[i];
if (key == NULL)
continue;
@@ -1442,7 +1442,7 @@ main(int ac, char **av)
int sock_in = -1, sock_out = -1, newsock = -1;
const char *remote_ip;
int remote_port;
- char *line, *logfile = NULL;
+ char *fp, *line, *logfile = NULL;
int config_s[2] = { -1 , -1 };
u_int n;
u_int64_t ibytes, obytes;
@@ -1764,10 +1764,11 @@ main(int ac, char **av)
sensitive_data.host_keys[i] = key;
sensitive_data.host_pubkeys[i] = pubkey;

- if (key == NULL && pubkey != NULL && pubkey->type != KEY_RSA1 &&
- have_agent) {
- debug("will rely on agent for hostkey %s",
- options.host_key_files[i]);
+ if (key == NULL && pubkey != NULL && pubkey->type != KEY_RSA1) {
+ if (have_agent) {
+ debug("will rely on agent for hostkey %s",
+ options.host_key_files[i]);
+ }
keytype = pubkey->type;
} else if (key != NULL) {
keytype = key->type;
@@ -1788,11 +1789,17 @@ main(int ac, char **av)
case KEY_DSA:
case KEY_ECDSA:
case KEY_ED25519:
- sensitive_data.have_ssh2_key = 1;
+ if (have_agent || key != NULL)
+ sensitive_data.have_ssh2_key = 1;
break;
}
- debug("private host key: #%d type %d %s", i, keytype,
- key_type(key ? key : pubkey));
+ if ((fp = sshkey_fingerprint(pubkey, options.fingerprint_hash,
+ SSH_FP_DEFAULT)) == NULL)
+ fatal("sshkey_fingerprint failed");
+ debug("%s host key #%d: %s %s",
+ key ? "private" : "public", i, keytype == KEY_RSA1 ?
+ sshkey_type(pubkey) : sshkey_ssh_name(pubkey), fp);
+ free(fp);
}
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
logit("Disabling protocol version 1. Could not load host key");

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 1910a286d7771eab84c0b047f31c0a17505236fa
Author: millert@openbsd.org <millert@openbsd.org>
Date: Thu Feb 5 12:59:57 2015 +0000

upstream commit

Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@
---
sshbuf-misc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sshbuf-misc.c b/sshbuf-misc.c
index bfeffe6..e07e34a 100644
--- a/sshbuf-misc.c
+++ b/sshbuf-misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshbuf-misc.c,v 1.2 2014/06/24 01:13:21 djm Exp $ */
+/* $OpenBSD: sshbuf-misc.c,v 1.3 2015/02/05 12:59:57 millert Exp $ */
/*
* Copyright (c) 2011 Damien Miller
*
@@ -22,6 +22,7 @@
#include <netinet/in.h>
#include <errno.h>
#include <stdlib.h>
+#include <stdint.h>
#include <stdio.h>
#include <limits.h>
#include <string.h>

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit fd36834871d06a03e1ff8d69e41992efa1bbf85f
Author: millert@openbsd.org <millert@openbsd.org>
Date: Fri Feb 6 23:21:59 2015 +0000

upstream commit

SIZE_MAX is standard, we should be using it in preference to
the obsolete SIZE_T_MAX. OK miod@ beck@
---
channels.c | 6 +++---
monitor.c | 6 +++---
monitor_mm.c | 6 +++---
xmalloc.c | 12 ++++++------
4 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/channels.c b/channels.c
index 2fedaf8..86c454a 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.340 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: channels.c,v 1.341 2015/02/06 23:21:59 millert Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -57,12 +57,12 @@
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
+#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <unistd.h>
-#include <limits.h>
#include <stdarg.h>

#include "openbsd-compat/sys-queue.h"
@@ -2184,7 +2184,7 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp,

nfdset = howmany(n+1, NFDBITS);
/* Explicitly test here, because xrealloc isn't always called */
- if (nfdset && SIZE_T_MAX / nfdset < sizeof(fd_mask))
+ if (nfdset && SIZE_MAX / nfdset < sizeof(fd_mask))
fatal("channel_prepare_select: max_fd (%d) is too large", n);
sz = nfdset * sizeof(fd_mask);

diff --git a/monitor.c b/monitor.c
index 90db980..689586c 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.141 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: monitor.c,v 1.142 2015/02/06 23:21:59 millert Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -39,9 +39,9 @@
#endif
#include <pwd.h>
#include <signal.h>
+#include <stdint.h>
#include <stdlib.h>
#include <string.h>
-#include <limits.h>
#include <stdarg.h>
#include <stdio.h>
#include <unistd.h>
@@ -488,7 +488,7 @@ mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
size_t len = (size_t) size * ncount;
void *address;

- if (len == 0 || ncount > SIZE_T_MAX / size)
+ if (len == 0 || ncount > SIZE_MAX / size)
fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);

address = mm_malloc(mm, len);
diff --git a/monitor_mm.c b/monitor_mm.c
index f224fb6..5073152 100644
--- a/monitor_mm.c
+++ b/monitor_mm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_mm.c,v 1.20 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: monitor_mm.c,v 1.21 2015/02/06 23:21:59 millert Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@@ -35,9 +35,9 @@
#include <errno.h>
#include <stdarg.h>
#include <stddef.h>
+#include <stdint.h>
#include <stdlib.h>
#include <string.h>
-#include <limits.h>

#include "xmalloc.h"
#include "ssh.h"
@@ -176,7 +176,7 @@ mm_malloc(struct mm_master *mm, size_t size)

if (size == 0)
fatal("mm_malloc: try to allocate 0 space");
- if (size > SIZE_T_MAX - MM_MINSIZE + 1)
+ if (size > SIZE_MAX - MM_MINSIZE + 1)
fatal("mm_malloc: size too big");

size = ((size + (MM_MINSIZE - 1)) / MM_MINSIZE) * MM_MINSIZE;
diff --git a/xmalloc.c b/xmalloc.c
index 0a9f282..fe266cc 100644
--- a/xmalloc.c
+++ b/xmalloc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: xmalloc.c,v 1.30 2015/01/16 06:40:12 deraadt Exp $ */
+/* $OpenBSD: xmalloc.c,v 1.31 2015/02/06 23:21:59 millert Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -16,10 +16,10 @@
#include "includes.h"

#include <stdarg.h>
+#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <limits.h>

#include "xmalloc.h"
#include "log.h"
@@ -44,8 +44,8 @@ xcalloc(size_t nmemb, size_t size)

if (size == 0 || nmemb == 0)
fatal("xcalloc: zero size");
- if (SIZE_T_MAX / nmemb < size)
- fatal("xcalloc: nmemb * size > SIZE_T_MAX");
+ if (SIZE_MAX / nmemb < size)
+ fatal("xcalloc: nmemb * size > SIZE_MAX");
ptr = calloc(nmemb, size);
if (ptr == NULL)
fatal("xcalloc: out of memory (allocating %zu bytes)",
@@ -61,8 +61,8 @@ xrealloc(void *ptr, size_t nmemb, size_t size)

if (new_size == 0)
fatal("xrealloc: zero size");
- if (SIZE_T_MAX / nmemb < size)
- fatal("xrealloc: nmemb * size > SIZE_T_MAX");
+ if (SIZE_MAX / nmemb < size)
+ fatal("xrealloc: nmemb * size > SIZE_MAX");
if (ptr == NULL)
new_ptr = malloc(new_size);
else

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 18a208d6a460d707a45916db63a571e805f5db46
Author: djm@openbsd.org <djm@openbsd.org>
Date: Fri Feb 20 22:40:32 2015 +0000

upstream commit

more options that are available under Match; bz#2353 reported
by calestyo AT scientia.net
---
sshd_config.5 | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/sshd_config.5 b/sshd_config.5
index cf57c60..5cf72f1 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.192 2015/02/02 01:57:44 deraadt Exp $
-.Dd $Mdocdate: February 2 2015 $
+.\" $OpenBSD: sshd_config.5,v 1.193 2015/02/20 22:40:32 djm Exp $
+.Dd $Mdocdate: February 20 2015 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -968,6 +968,7 @@ Available keywords are
.Cm AcceptEnv ,
.Cm AllowAgentForwarding ,
.Cm AllowGroups ,
+.Cm AllowStreamLocalForwarding ,
.Cm AllowTcpForwarding ,
.Cm AllowUsers ,
.Cm AuthenticationMethods ,
@@ -980,11 +981,12 @@ Available keywords are
.Cm DenyGroups ,
.Cm DenyUsers ,
.Cm ForceCommand ,
-.Cm GatewayPorts ,
.Cm GSSAPIAuthentication ,
+.Cm GatewayPorts ,
.Cm HostbasedAcceptedKeyTypes ,
.Cm HostbasedAuthentication ,
.Cm HostbasedUsesNameFromPacketOnly ,
+.Cm IPQoS ,
.Cm KbdInteractiveAuthentication ,
.Cm KerberosAuthentication ,
.Cm MaxAuthTries ,
@@ -998,9 +1000,13 @@ Available keywords are
.Cm PermitUserRC ,
.Cm PubkeyAcceptedKeyTypes ,
.Cm PubkeyAuthentication ,
+.Cm RSAAuthentication ,
.Cm RekeyLimit ,
+.Cm RevokedKeys ,
.Cm RhostsRSAAuthentication ,
-.Cm RSAAuthentication ,
+.Cm StreamLocalBindMask ,
+.Cm StreamLocalBindUnlink ,
+.Cm TrustedUserCAKeys ,
.Cm X11DisplayOffset ,
.Cm X11Forwarding
and

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 1797f49b1ba31e8700231cd6b1d512d80bb50d2c
Author: halex@openbsd.org <halex@openbsd.org>
Date: Sat Feb 21 21:46:57 2015 +0000

upstream commit

make "ssh-add -d" properly remove a corresponding
certificate, and also not whine and fail if there is none

ok djm@
---
ssh-add.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/ssh-add.c b/ssh-add.c
index d160713..98d46d3 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.119 2015/02/03 00:34:14 halex Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.120 2015/02/21 21:46:57 halex Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -128,18 +128,24 @@ delete_file(int agent_fd, const char *filename, int key_only)
free(comment);
comment = NULL;
xasprintf(&certpath, "%s-cert.pub", filename);
- if ((r = sshkey_load_public(certpath, &cert, &comment)) == 0)
+ if ((r = sshkey_load_public(certpath, &cert, &comment)) != 0) {
+ if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT)
+ error("Failed to load certificate \"%s\": %s",
+ certpath, ssh_err(r));
goto out;
+ }
+
if (!sshkey_equal_public(cert, public))
fatal("Certificate %s does not match private key %s",
certpath, filename);

- if (ssh_remove_identity(agent_fd, cert)) {
+ if ((r = ssh_remove_identity(agent_fd, cert)) == 0) {
fprintf(stderr, "Identity removed: %s (%s)\n", certpath,
comment);
ret = 0;
} else
- fprintf(stderr, "Could not remove identity: %s\n", certpath);
+ fprintf(stderr, "Could not remove identity \"%s\": %s\n",
+ certpath, ssh_err(r));

out:
if (cert != NULL)

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit f2293a65392b54ac721f66bc0b44462e8d1d81f8
Author: djm@openbsd.org <djm@openbsd.org>
Date: Mon Feb 23 16:33:25 2015 +0000

upstream commit

fix setting/clearing of TTY raw mode around
UpdateHostKeys=ask confirmation question; reported by Herb Goldman
---
clientloop.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/clientloop.c b/clientloop.c
index ca3a459..8969869 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.270 2015/02/20 22:17:21 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.271 2015/02/23 16:33:25 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2170,7 +2170,8 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx)
static void
update_known_hosts(struct hostkeys_update_ctx *ctx)
{
- int r, loglevel = options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK ?
+ int r, was_raw = 0;
+ int loglevel = options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK ?
SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_VERBOSE;
char *fp, *response;
size_t i;
@@ -2194,7 +2195,10 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
free(fp);
}
if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) {
- leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
+ if (get_saved_tio() != NULL) {
+ leave_raw_mode(1);
+ was_raw = 1;
+ }
response = NULL;
for (i = 0; !quit_pending && i < 3; i++) {
free(response);
@@ -2214,7 +2218,8 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
if (quit_pending || i >= 3 || response == NULL)
options.update_hostkeys = 0;
free(response);
- enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
+ if (was_raw)
+ enter_raw_mode(1);
}

/*

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit b3c19151cba2c0ed01b27f55de0d723ad07ca98f
Author: djm@openbsd.org <djm@openbsd.org>
Date: Mon Feb 23 20:32:15 2015 +0000

upstream commit

fix a race condition by using a mux socket rather than an
ineffectual wait statement
---
regress/forwarding.sh | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/regress/forwarding.sh b/regress/forwarding.sh
index 42d9f65..0eee317 100644
--- a/regress/forwarding.sh
+++ b/regress/forwarding.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: forwarding.sh,v 1.13 2015/02/21 20:51:02 djm Exp $
+# $OpenBSD: forwarding.sh,v 1.14 2015/02/23 20:32:15 djm Exp $
# Placed in the Public Domain.

tid="local and remote forwarding"
@@ -10,6 +10,9 @@ start_sshd
base=33
last=$PORT
fwd=""
+CTL=$OBJ/ctl-sock
+rm -f $CTL
+
for j in 0 1 2; do
for i in 0 1 2; do
a=$base$j$i
@@ -109,7 +112,7 @@ echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config
echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config
for p in 1 2; do
trace "config file: start forwarding, fork to background"
- ${SSH} -$p -F $OBJ/ssh_config -f somehost sleep 10
+ ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f somehost sleep 10

trace "config file: transfer over forwarded channels and check result"
${SSH} -F $OBJ/ssh_config -p${base}02 -o 'ConnectionAttempts=4' \
@@ -117,7 +120,7 @@ for p in 1 2; do
test -s ${COPY} || fail "failed copy of ${DATA}"
cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"

- wait
+ ${SSH} -S $CTL -O exit somehost
done

for p in 2; do

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 2285c30d51b7e2052c6526445abe7e7cc7e170a1
Author: djm@openbsd.org <djm@openbsd.org>
Date: Mon Feb 23 22:21:21 2015 +0000

upstream commit

further silence spurious error message even when -v is
specified (e.g. to get visual host keys); reported by naddy@
---
ssh-keygen.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 1ae865a..b85fa49 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.263 2015/02/23 16:55:31 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.264 2015/02/23 22:21:21 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -843,7 +843,7 @@ do_fingerprint(struct passwd *pw)
exit(1);
}
if ((r = sshkey_load_public(identity_file, &public, &comment)) != 0)
- debug("Error loading public key \"%s\": %s",
+ debug2("Error loading public key \"%s\": %s",
identity_file, ssh_err(r));
else {
fp = sshkey_fingerprint(public, fptype, rep);

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit f43d17269194761eded9e89f17456332f4c83824
Author: djm@openbsd.org <djm@openbsd.org>
Date: Thu Feb 26 20:45:47 2015 +0000

upstream commit

don't printf NULL key comments; reported by Tom Christensen
---
ssh-keygen.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 4a5c402..a3c2362 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.265 2015/02/24 15:24:05 naddy Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.266 2015/02/26 20:45:47 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1276,7 +1276,8 @@ do_change_passphrase(struct passwd *pw)
identity_file, ssh_err(r));
exit(1);
}
- printf("Key has comment '%s'\n", comment);
+ if (comment)
+ printf("Key has comment '%s'\n", comment);

/* Ask the new passphrase (twice). */
if (identity_new_passphrase) {

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 39e2f1229562e1195169905607bc12290d21f021
Author: millert@openbsd.org <millert@openbsd.org>
Date: Sun Mar 1 15:44:40 2015 +0000

upstream commit

Make sure we only call getnameinfo() for AF_INET or AF_INET6
sockets. getpeername() of a Unix domain socket may return without error on
some systems without actually setting ss_family so getnameinfo() was getting
called with ss_family set to AF_UNSPEC. OK djm@
---
canohost.c | 35 ++++++++++++++++++++---------------
1 file changed, 20 insertions(+), 15 deletions(-)

diff --git a/canohost.c b/canohost.c
index a3e3bbf..223964e 100644
--- a/canohost.c
+++ b/canohost.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: canohost.c,v 1.71 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: canohost.c,v 1.72 2015/03/01 15:44:40 millert Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -260,24 +260,29 @@ get_socket_address(int sock, int remote, int flags)
}

/* Work around Linux IPv6 weirdness */
- if (addr.ss_family == AF_INET6)
+ if (addr.ss_family == AF_INET6) {
addrlen = sizeof(struct sockaddr_in6);
+ ipv64_normalise_mapped(&addr, &addrlen);
+ }

- if (addr.ss_family == AF_UNIX) {
+ switch (addr.ss_family) {
+ case AF_INET:
+ case AF_INET6:
+ /* Get the address in ascii. */
+ if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop,
+ sizeof(ntop), NULL, 0, flags)) != 0) {
+ error("get_socket_address: getnameinfo %d failed: %s",
+ flags, ssh_gai_strerror(r));
+ return NULL;
+ }
+ return xstrdup(ntop);
+ case AF_UNIX:
/* Get the Unix domain socket path. */
return xstrdup(((struct sockaddr_un *)&addr)->sun_path);
- }
-
- ipv64_normalise_mapped(&addr, &addrlen);
-
- /* Get the address in ascii. */
- if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop,
- sizeof(ntop), NULL, 0, flags)) != 0) {
- error("get_socket_address: getnameinfo %d failed: %s", flags,
- ssh_gai_strerror(r));
+ default:
+ /* We can't look up remote Unix domain sockets. */
return NULL;
}
- return xstrdup(ntop);
}

char *
@@ -390,8 +395,8 @@ get_sock_port(int sock, int local)
if (from.ss_family == AF_INET6)
fromlen = sizeof(struct sockaddr_in6);

- /* Unix domain sockets don't have a port number. */
- if (from.ss_family == AF_UNIX)
+ /* Non-inet sockets don't have a port number. */
+ if (from.ss_family != AF_INET && from.ss_family != AF_INET6)
return 0;

/* Return port number. */

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 111dfb225478a76f89ecbcd31e96eaf1311b59d3
Author: djm@openbsd.org <djm@openbsd.org>
Date: Tue Mar 3 21:21:13 2015 +0000

upstream commit

add SSH1 Makefile knob to make it easier to build without
SSH1 support; ok markus@
---
ssh-agent.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ssh-agent.c b/ssh-agent.c
index 41e12ac..cff859f 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.197 2015/01/28 22:36:00 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.198 2015/03/03 21:21:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -541,6 +541,7 @@ reaper(void)
* XXX this and the corresponding serialisation function probably belongs
* in key.c
*/
+#ifdef WITH_SSH1
static int
agent_decode_rsa1(struct sshbuf *m, struct sshkey **kp)
{
@@ -655,6 +656,7 @@ process_add_identity(SocketEntry *e, int version)
send:
send_status(e, success);
}
+#endif /* WITH_SSH1 */

/* XXX todo: encrypt sensitive data with passphrase */
static void

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 55e5bdeb519cb60cc18b7ba0545be581fb8598b4
Author: djm@openbsd.org <djm@openbsd.org>
Date: Fri Mar 6 01:40:56 2015 +0000

upstream commit

fix sshkey_certify() return value for unsupported key types;
ok markus@ deraadt@
---
sshkey.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sshkey.c b/sshkey.c
index 2c67809..4768790 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.14 2015/01/26 02:59:11 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.15 2015/03/06 01:40:56 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -2464,6 +2464,7 @@ sshkey_certify(struct sshkey *k, struct sshkey *ca)
break;
default:
ret = SSH_ERR_INVALID_ARGUMENT;
+ goto out;
}

/* -v01 certs have a serial number next */

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 307bb40277ca2c32e97e61d70d1ed74b571fd6ba
Author: djm@openbsd.org <djm@openbsd.org>
Date: Sat Mar 7 04:41:48 2015 +0000

upstream commit

unbreak for w/SSH1 (default) case; ok markus@ deraadt@
---
regress/unittests/hostkeys/test_iterate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c
index 5ea576c..7e5a130 100644
--- a/regress/unittests/hostkeys/test_iterate.c
+++ b/regress/unittests/hostkeys/test_iterate.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: test_iterate.c,v 1.2 2015/03/04 23:22:35 djm Exp $ */
+/* $OpenBSD: test_iterate.c,v 1.3 2015/03/07 04:41:48 djm Exp $ */
/*
* Regress test for hostfile.h hostkeys_foreach()
*

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits