summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-03-08fuzz: don't push wrapfd descriptors larger than neededMatt Johnston
2021-03-07fuzz: add -q quiet argument for standalone fuzzers.Matt Johnston
travis has a log length limit
2021-03-07fuzz: split long argument list with xargsMatt Johnston
2021-03-06fuzz: cifuzz fix syntaxMatt Johnston
2021-03-06fuzz: try run cifuzz on push as wellMatt Johnston
2021-03-06fuzz: add cifuzz for github pull requestsMatt Johnston
2021-03-06Prevent multiple shells being spawnedMatt Johnston
Existing shells would be leaked. The old check only caught multiple commands, not shells.
2021-03-06small tidy of "signal" while loopMatt Johnston
2021-03-06fuzz: handle errors from wrapfd_new_dummy()Matt Johnston
2021-03-05fuzz: fix crash in newtcpdirect(), don't close the channel too earlyMatt Johnston
2021-03-05Return errstring on connect failureMatt Johnston
2021-03-04fuzz: avoid extraneous printingMatt Johnston
2021-03-04Define _GNU_SOURCE properly, other header fixesMatt Johnston
This lets -std=c89 build for gcc 8.4.0
2021-03-04Small cleanups of netio allocated portMatt Johnston
2021-03-04Update netio.c (#115)Guillaume Picquet
Moved allocated_lport_p and allocated_lport at begin of block to buld in C89
2021-03-04Update cli-main.c (#114)Guillaume Picquet
Moved pid_t proxy_cmd_pid declaration at begin of block to allow build in c89 (gcc-2.95)
2021-03-02Disable UNAUTH_CLOSE_DELAY by defaultMatt Johnston
2021-01-29mergeMatt Johnston
2021-01-29fuzz: wrap kill()Matt Johnston
2020-12-17Update INSTALL (#113)Xenhat
Make Git/Mercurial instructions easier to understand
2020-12-10Use buf_eatstring insteadMatt Johnston
2020-12-10Fix handling of replies to global requests (#112)Dirkjan Bussink
The current code assumes that all global requests want / need a reply. This isn't always true and the request itself indicates if it wants a reply or not. It causes a specific problem with hostkeys-00@openssh.com messages. These are sent by OpenSSH after authentication to inform the client of potential other host keys for the host. This can be used to add a new type of host key or to rotate host keys. The initial information message from the server is sent as a global request, but with want_reply set to false. This means that the server doesn't expect an answer to this message. Instead the client needs to send a prove request as a reply if it wants to receive proof of ownership for the host keys. The bug doesn't cause any current problems with due to how OpenSSH treats receiving the failure message. It instead treats it as a keepalive message and further ignores it. Arguably this is a protocol violation though of Dropbear and it is only accidental that it doesn't cause a problem with OpenSSH. The bug was found when adding host keys support to libssh, which is more strict protocol wise and treats the unexpected failure message an error, also see https://gitlab.com/libssh/libssh-mirror/-/merge_requests/145 for more information. The fix here is to honor the want_reply flag in the global request and to only send a reply if the other side expects a reply.
2020-12-07Fix null pointer dereference removing listenersMatt Johnston
2020-12-06fuzz: add an always-failing dropbear_listen() replacementMatt Johnston
2020-12-06fuzz: work around fuzz_connect_remote() limitationsMatt Johnston
2020-12-05Some minor manpage improvementsMatt Johnston
2020-12-05fuzz: skip custom mutators with -fsanitize=memoryMatt Johnston
2020-12-03fuzz: make postauth set authdone properlyMatt Johnston
2020-12-03Remove unused cli_authinitialiseMatt Johnston
2020-11-17fuzzing - Set postauth user to root since that's what it runs asMatt Johnston
2020-11-16fuzzing: add workaround getpwuid/getpwnamMatt Johnston
2020-11-15Fix fuzzing buildMatt Johnston
2020-11-13Add server postauth fuzzer, wrap connect_remote()Matt Johnston
2020-11-13Remove accidentally committed abort()Matt Johnston
2020-11-02fuzzing - fix some wrong types and -lcrypt on macosMatt Johnston
2020-11-01Fuzzing - get rid of "prefix" for streamsMatt Johnston
Improved packet generation with sshpacketmutator
2020-11-01fuzzing - avoid sha1 for random seed every iterationMatt Johnston
2020-10-29Move fuzzer-kex initialisation into a constructor functionMatt Johnston
Hopefully this can avoid hitting AFL timeouts https://github.com/google/oss-fuzz/pull/2474
2020-10-29Use SSH packet mutator for preauth tooMatt Johnston
Get rid of separate client mutator. Have 0.1% chance of llvm random mutation Add comments
2020-10-29Fix FUZZ_NO_REPLACE_STDERR for fuzz.cMatt Johnston
2020-10-29Merge from mainMatt Johnston
2020-10-29Added signature for changeset 5879c5829e85Matt Johnston
2020-10-29Added tag DROPBEAR_2020.81 for changeset 4b984c42372dMatt Johnston
2020-10-29Changelog for 2020.81Matt Johnston
2020-10-26Fix fuzzing stderr override on os xMatt Johnston
2020-10-26Preallocate memory for sshpacketmutator. Add fuzzer-client_mutator_nomathsMatt Johnston
2020-10-26crossover worksMatt Johnston
2020-10-26Fix fuzz-sshpacketmutator to workMatt Johnston
2020-10-26Print ascii in printhex tooMatt Johnston
2020-10-25Add first try at fuzzing custom mutatorMatt Johnston