summaryrefslogtreecommitdiffhomepage
path: root/cli-session.c
AgeCommit message (Collapse)Author
2020-12-10Use buf_eatstring insteadMatt Johnston
2020-12-10Fix handling of replies to global requests (#112)Dirkjan Bussink
The current code assumes that all global requests want / need a reply. This isn't always true and the request itself indicates if it wants a reply or not. It causes a specific problem with hostkeys-00@openssh.com messages. These are sent by OpenSSH after authentication to inform the client of potential other host keys for the host. This can be used to add a new type of host key or to rotate host keys. The initial information message from the server is sent as a global request, but with want_reply set to false. This means that the server doesn't expect an answer to this message. Instead the client needs to send a prove request as a reply if it wants to receive proof of ownership for the host keys. The bug doesn't cause any current problems with due to how OpenSSH treats receiving the failure message. It instead treats it as a keepalive message and further ignores it. Arguably this is a protocol violation though of Dropbear and it is only accidental that it doesn't cause a problem with OpenSSH. The bug was found when adding host keys support to libssh, which is more strict protocol wise and treats the unexpected failure message an error, also see https://gitlab.com/libssh/libssh-mirror/-/merge_requests/145 for more information. The fix here is to honor the want_reply flag in the global request and to only send a reply if the other side expects a reply.
2020-10-18Add fuzzer-client_nomaths, fix client fuzzerMatt Johnston
--HG-- branch : fuzz
2020-10-18Get client fuzzer building and starting (fails straight away)Matt Johnston
--HG-- branch : fuzz
2020-05-26fix typoMatt Johnston
2020-05-19ext-info handling for server-sig-algsMatt Johnston
only client side is handled
2018-11-14Split ChanType closehandler() and cleanup() so that dbclient doesn'tMatt Johnston
lose exit status messages
2018-02-26more linting (#58)François Perrad
* const parameter * fix indentation
2018-02-14make signal flags volatile, simplify handlingMatt Johnston
2018-02-09missed saving a file removing none cipherMatt Johnston
2017-06-02when pointer, use NULL instead of 0Francois Perrad
2016-05-25Use DROPBEAR_PATH_DEVNULL instead of undefined _PATH_DEVNULLBen Gardner
2016-05-04Convert #ifdef to #if, other build changesMatt Johnston
2016-03-16mergeMatt Johnston
2016-03-16fix empty C prototypesFrancois Perrad
2016-03-15ignore return value from fcntl()Matt Johnston
2015-12-15Support syslog logging in dbclient.Konstantin Tokarev
2015-12-03Client: kill proxy command when exiting application.Konstantin Tokarev
2015-06-04buf_getstring and buf_putstring now use non-unsigned char*Matt Johnston
2015-06-04Merge pull request #13 from gazoo74/fix-warningsMatt Johnston
Fix warnings
2015-05-05Turn cleantext()'s dirtytext argument into char *Gaël PORTAY
2015-05-05Fix pointer differ in signess warnings [-Werror=pointer-sign]Gaël PORTAY
2015-05-03Make sure kexfirstinitialise is called early enoughMatt Johnston
2015-02-28merge from defaultMatt Johnston
--HG-- branch : fastopen
2015-02-24Add more ATTRIB_NORETURN annotations, from Thorsten HorstmannMatt Johnston
2015-02-20Move generic network routines to netio.cMatt Johnston
--HG-- branch : fastopen
2015-02-20Update priority once the socket is openMatt Johnston
--HG-- branch : fastopen
2015-02-19In theory TFO should work. Needs platform cleanup and testingMatt Johnston
--HG-- branch : fastopen
2015-02-18async connections workingMatt Johnston
--HG-- branch : fastopen
2014-08-19Make keepalive handling more robust, this should now match what OpenSSH doesMatt Johnston
2014-08-13Don't send SSH_MSG_UNIMPLEMENTED for keepalive responsesMatt Johnston
2014-07-08Send a failure response if a client receives a global requestMatt Johnston
2014-01-17DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by defaultMatt Johnston
2013-11-14rename random.h to dbrandom.h since some OSes have a system random.hMatt Johnston
--HG-- rename : random.c => dbrandom.c rename : random.h => dbrandom.h
2013-11-14use oldstyle commentsMatt Johnston
2013-05-21merge in HEADMatt Johnston
--HG-- branch : ecc
2013-05-03ecdsa is workingMatt Johnston
--HG-- branch : ecc
2013-04-09start on ecdsa keysMatt Johnston
--HG-- branch : ecc
2013-04-04setup tcp after requesting a channel - might hide some DNS latencyMatt Johnston
2013-04-04Take transmit and receive keys into use separatelyMatt Johnston
2013-04-03fix leftover kexguess debuggingMatt Johnston
2013-04-03merge kexguess branchMatt Johnston
2013-04-03Put some #ifdef options around first-follows options in case theyMatt Johnston
need to be disabled --HG-- branch : kexguess
2013-04-03Don't usually need to recalculate dh_e for the repeated kexdh_init packetMatt Johnston
--HG-- branch : kexguess
2013-04-02Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATEMatt Johnston
Only use it if we have pubkeys to try, or we have $DROPBEAR_PASSWORD set
2013-04-01Run the cleanup handler also when we close due to TCP connection being closedMatt Johnston
2013-04-01merge from head roundtrip changesMatt Johnston
--HG-- branch : kexguess
2013-04-01Move the more verbose TRACE() statements into TRACE2()Matt Johnston
2013-03-31Don't bother waiting for a ssh-connection service reply - the serverMatt Johnston
will disconnect if it wasn't accepted
2013-03-31mergeMatt Johnston
--HG-- branch : kexguess
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-23 13:02:36 +0000