Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-03-05 | fuzz: fix crash in newtcpdirect(), don't close the channel too early | Matt Johnston | |
2021-03-05 | Return errstring on connect failure | Matt Johnston | |
2021-03-04 | fuzz: avoid extraneous printing | Matt Johnston | |
2021-03-04 | Define _GNU_SOURCE properly, other header fixes | Matt Johnston | |
This lets -std=c89 build for gcc 8.4.0 | |||
2021-03-04 | Small cleanups of netio allocated port | Matt Johnston | |
2021-03-04 | Update netio.c (#115) | Guillaume Picquet | |
Moved allocated_lport_p and allocated_lport at begin of block to buld in C89 | |||
2021-03-04 | Update cli-main.c (#114) | Guillaume Picquet | |
Moved pid_t proxy_cmd_pid declaration at begin of block to allow build in c89 (gcc-2.95) | |||
2021-03-02 | Disable UNAUTH_CLOSE_DELAY by default | Matt Johnston | |
2021-01-29 | merge | Matt Johnston | |
2021-01-29 | fuzz: wrap kill() | Matt Johnston | |
2020-12-17 | Update INSTALL (#113) | Xenhat | |
Make Git/Mercurial instructions easier to understand | |||
2020-12-10 | Use buf_eatstring instead | Matt Johnston | |
2020-12-10 | Fix handling of replies to global requests (#112) | Dirkjan Bussink | |
The current code assumes that all global requests want / need a reply. This isn't always true and the request itself indicates if it wants a reply or not. It causes a specific problem with hostkeys-00@openssh.com messages. These are sent by OpenSSH after authentication to inform the client of potential other host keys for the host. This can be used to add a new type of host key or to rotate host keys. The initial information message from the server is sent as a global request, but with want_reply set to false. This means that the server doesn't expect an answer to this message. Instead the client needs to send a prove request as a reply if it wants to receive proof of ownership for the host keys. The bug doesn't cause any current problems with due to how OpenSSH treats receiving the failure message. It instead treats it as a keepalive message and further ignores it. Arguably this is a protocol violation though of Dropbear and it is only accidental that it doesn't cause a problem with OpenSSH. The bug was found when adding host keys support to libssh, which is more strict protocol wise and treats the unexpected failure message an error, also see https://gitlab.com/libssh/libssh-mirror/-/merge_requests/145 for more information. The fix here is to honor the want_reply flag in the global request and to only send a reply if the other side expects a reply. | |||
2020-12-07 | Fix null pointer dereference removing listeners | Matt Johnston | |
2020-12-06 | fuzz: add an always-failing dropbear_listen() replacement | Matt Johnston | |
2020-12-06 | fuzz: work around fuzz_connect_remote() limitations | Matt Johnston | |
2020-12-05 | Some minor manpage improvements | Matt Johnston | |
2020-12-05 | fuzz: skip custom mutators with -fsanitize=memory | Matt Johnston | |
2020-12-03 | fuzz: make postauth set authdone properly | Matt Johnston | |
2020-12-03 | Remove unused cli_authinitialise | Matt Johnston | |
2020-11-17 | fuzzing - Set postauth user to root since that's what it runs as | Matt Johnston | |
2020-11-16 | fuzzing: add workaround getpwuid/getpwnam | Matt Johnston | |
2020-11-15 | Fix fuzzing build | Matt Johnston | |
2020-11-13 | Add server postauth fuzzer, wrap connect_remote() | Matt Johnston | |
2020-11-13 | Remove accidentally committed abort() | Matt Johnston | |
2020-11-02 | fuzzing - fix some wrong types and -lcrypt on macos | Matt Johnston | |
2020-11-01 | Fuzzing - get rid of "prefix" for streams | Matt Johnston | |
Improved packet generation with sshpacketmutator | |||
2020-11-01 | fuzzing - avoid sha1 for random seed every iteration | Matt Johnston | |
2020-10-29 | Move fuzzer-kex initialisation into a constructor function | Matt Johnston | |
Hopefully this can avoid hitting AFL timeouts https://github.com/google/oss-fuzz/pull/2474 | |||
2020-10-29 | Use SSH packet mutator for preauth too | Matt Johnston | |
Get rid of separate client mutator. Have 0.1% chance of llvm random mutation Add comments | |||
2020-10-29 | Fix FUZZ_NO_REPLACE_STDERR for fuzz.c | Matt Johnston | |
2020-10-29 | Merge from main | Matt Johnston | |
2020-10-29 | Added signature for changeset 5879c5829e85 | Matt Johnston | |
2020-10-29 | Added tag DROPBEAR_2020.81 for changeset 4b984c42372d | Matt Johnston | |
2020-10-29 | Changelog for 2020.81 | Matt Johnston | |
2020-10-26 | Fix fuzzing stderr override on os x | Matt Johnston | |
2020-10-26 | Preallocate memory for sshpacketmutator. Add fuzzer-client_mutator_nomaths | Matt Johnston | |
2020-10-26 | crossover works | Matt Johnston | |
2020-10-26 | Fix fuzz-sshpacketmutator to work | Matt Johnston | |
2020-10-26 | Print ascii in printhex too | Matt Johnston | |
2020-10-25 | Add first try at fuzzing custom mutator | Matt Johnston | |
2020-10-25 | merge from main | Matt Johnston | |
2020-10-24 | Disable stderr output for fuzzer by default | Matt Johnston | |
2020-10-24 | Make "Too many remote algorithms" exit rather than log | Matt Johnston | |
It's fatal anyway, makes logs more concise. | |||
2020-10-24 | Add buf_decrpos() | Matt Johnston | |
2020-10-23 | Add some more variation to fuzzer random number generation | Matt Johnston | |
2020-10-23 | Move fuzzing code to fuzz/ subdirectory, improve Makefile.in | Matt Johnston | |
2020-10-23 | Increase MAX_PROPOSED_ALGO to 50, warn if exceeded | Matt Johnston | |
2020-10-21 | Fix #ifdef DROPBEAR_FUZZ (caught by linter) | Matt Johnston | |
2020-10-20 | Load password and key for client fuzzer. | Matt Johnston | |
Add fuzz_dump() |