Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
156,453 Commits 606 Branches 0 Tags 3.1 GiB
1cb0c229b8
Commit Graph

1028 Commits

Author SHA1 Message Date
kardel
f34e7857d3 keep len correct when substituting variables - fixes PR/24458 2006-10-08 22:21:14 +00:00
manu
56f4977415 Camelia cipher support as in RFC 4312, from Tomoyuki Okazaki 
<okazaki@kick.gr.jp>
 2006-10-06 12:02:26 +00:00
christos
ee4546d741 unbreak gcc-3 builds. 2006-10-04 14:31:55 +00:00
christos
a9fc92da63 PR/34681: Scott Ellis: Explicitly include <sys/socket.h> 2006-10-04 14:30:35 +00:00
christos
1eafb02344 put back ignorerootrhosts 2006-10-04 14:26:31 +00:00
manu
20d3dfdcfa fix endianness issue introduced yesterday 2006-10-03 20:43:10 +00:00
vanhu
2b72a4f236 remoteid/ph1id support 2006-10-03 08:04:31 +00:00
vanhu
b45c893ef4 Added remoteid/ph1id syntax 2006-10-03 08:03:59 +00:00
vanhu
7d2c6acefd Parses remoteid/ph1id values 2006-10-03 08:03:33 +00:00
vanhu
dd3c365568 Uses remoteid/ph1id values 2006-10-03 08:02:51 +00:00
vanhu
80d5a8a518 Added remoteid/ph1id values 2006-10-03 08:01:56 +00:00
manu
9547d0f260 avoid reusing free'd pointer (Coverity 2613) 2006-10-02 21:51:33 +00:00
manu
1966cc3311 Check for NULL pointer (COverity 4175) 2006-10-02 21:47:32 +00:00
manu
e1ade705e1 Remove dead code (Coverity 3451) 2006-10-02 21:41:59 +00:00
manu
520ec462f7 Fix array overrun (Coverity 4172) 2006-10-02 21:33:14 +00:00
manu
e5d24ec446 Fix memory leak (Coverity 2002) 2006-10-02 21:27:08 +00:00
manu
cdb1e64a8c Fix memory leak (Coverity 2001), refactor the code to use port get/set 
functions
 2006-10-02 21:19:43 +00:00
manu
cd350eaf6d Avoid reusing free'd pointer (Coverity 4200) 2006-10-02 20:52:17 +00:00
manu
d564be9350 Don't use NULL pointer (Coverity 3443), reformat to 80 char/line 2006-10-02 18:54:46 +00:00
dogcow
f54a9b4797 If you're going to initialize a pointer, you have to init it with a pointer 
type, not an int.
 2006-10-02 12:44:40 +00:00
manu
68e9583818 Don't use NULL pointer (coverity 3439) 2006-10-02 12:04:53 +00:00
manu
5227e9475b Don't use NULL pointer (Coverity 1334) 2006-10-02 11:59:40 +00:00
manu
41042afaf6 Don't use NULL pointer (Coverity 944) 2006-10-02 07:17:57 +00:00
manu
01d5ad642c Don't use NULL pointer (Coverity 941) 2006-10-02 07:15:09 +00:00
manu
9a55720f5c Don't use NULL pointer (Coverity 942) 2006-10-02 07:12:26 +00:00
manu
bfd607cda0 Don't use null pointer (Coverity 863) 2006-10-02 07:08:25 +00:00
manu
626d146a75 FIx memory leak (Coverity 4181) 2006-10-01 22:04:03 +00:00
manu
7be862b0db Check that iph1->remote is not NULL before using it (Coverity 3436) 2006-10-01 19:23:57 +00:00
manu
c7242e7e9f emove dead code (Coverity 4165) 2006-09-30 21:49:37 +00:00
manu
07b750b745 Fix memory leak (Coverity 4179) 2006-09-30 21:38:39 +00:00
manu
df69765a89 update the scripts for wrorking around routing problems on NetBSD 2006-09-30 21:22:21 +00:00
manu
172675f3db Reuse existing code for closing IKE sockets, and avoid screwing things by 
setting p->sock = -1, which is not expected (Coverity 4173).
 2006-09-30 16:14:18 +00:00
manu
d5f44674f8 Do not free id and key, as they are used later 2006-09-30 15:51:42 +00:00
cube
55269b80c3 Grab a couple of lines from OpenSSH-portable that allow PAM authentication 
to succeed.  I guess the default configuration of NetBSD wasn't tested
before the import...
 2006-09-29 22:47:21 +00:00
manu
efb59e1b32 Fix the fix: handle_recv closes the socket, so we must call com_init before 
sending any data.
 2006-09-29 21:39:35 +00:00
christos
8da6ea8890 Check for cert being NULL too. 2006-09-29 17:07:32 +00:00
christos
897b34d36d http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows
    remote attackers to cause a denial of service (inifnite loop
    and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier
    versions allows attackers to cause a denial of service (CPU
    consumption) via certain public keys that require extra time
    to process.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
    Buffer overflow in the SSL_get_shared_ciphers function in
    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier
    versions has unspecified impact and remote attack vectors
    involving a long list of ciphers.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
    Unspecified vulnerability in the SSLv2 client code in OpenSSL
    0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions
    allows remote servers to cause a denial of service (client
    crash) via unknown vectors.
 2006-09-29 15:41:08 +00:00
he
f1afbc1ee7 Use PRIu64 instead of llu when printing an u_int64_t. 
Fixes a build problem for our LP64 ports, where u_int64_t is
typically an unsigned long.
 2006-09-29 14:36:34 +00:00
he
a4970f4ee7 The "success" field in Authctxt needs to be a sig_atomic_t, not an int, 
so that we don't get a type conflict on dispatch_run() invocation.  Found
while building for alpha and amd64.
 2006-09-29 14:34:25 +00:00
christos
229f040cb9 We need this again. 2006-09-28 21:23:13 +00:00
christos
c5a8b87f73 Resolve conflicts 2006-09-28 21:22:14 +00:00
christos
49b7694919 from www.openssh.org 2006-09-28 21:14:57 +00:00
manu
ca09533497 Fix unchecked mallocs (Coverity 4176, 4174) 2006-09-28 20:30:13 +00:00
manu
87b827ea10 Fix access after free (Coverity 4178) 2006-09-28 20:09:35 +00:00
manu
eb5be25aad Fix memory leak (Coverity) 2006-09-26 21:42:55 +00:00
manu
8b9e0af1db Fix memory leak (Coverity) 2006-09-26 21:25:52 +00:00
manu
1d587602b5 Remove dead code (Coverity) 2006-09-26 21:10:55 +00:00
manu
75ada6df8d Fix memory leak (Coverity) 2006-09-26 21:06:54 +00:00
manu
ab1354320a One more memory leak 2006-09-26 20:58:03 +00:00
manu
ea585e8293 Fix memory leak in racoonctl (coverity) 2006-09-26 20:51:43 +00:00
manu
f693deda72 Fix buffer overflow 
Also fix credits: SA bundle fix was contributed by Jeff Bailey, not
Matthew Grooms. Matthew updated the patch for current code, though.
 2006-09-26 04:44:41 +00:00
manu
e63f95d0e9 fix SA bundle (e.g.: for negotiating ESP+IPcomp) 2006-09-26 04:41:26 +00:00
vanhu
e2a943b3df From Yves-Alexis Perez: struct ip -> struct iphdr for Linux 2006-09-25 17:42:08 +00:00
vanhu
0fa07a8062 struct ip -> struct iphdr for Linux 2006-09-25 17:42:07 +00:00
manu
1127a06ee3 style (mostly for testing ipsec-tools-commits@netbsd.org) 2006-09-25 05:08:52 +00:00
manu
22ddfb23b1 Fix double free, from Matthew Grooms 2006-09-25 04:49:39 +00:00
vanhu
542839bac0 credit 2006-09-21 09:43:47 +00:00
vanhu
3c6750b831 use sysdep_sa_len to make it compile on Linux 2006-09-21 09:42:08 +00:00
wiz
a7c4d7d4ac Bump date for ike_frag force. 2006-09-19 18:55:11 +00:00
wiz
a5dc6b2e53 New sentence, new line. 2006-09-19 18:54:39 +00:00
wiz
5f831f347b Remove trailing whitespace. 2006-09-19 18:53:12 +00:00
vanhu
efd02bc82c From Yves-Alexis Perez: fixes default value for encmodesv in set_proposal_from_policy() 2006-09-19 16:02:10 +00:00
vanhu
60cd4fed98 fixed default value for encmodesv in set_proposal_from_policy() 2006-09-19 16:02:09 +00:00
vanhu
51065440a5 various commits 2006-09-19 07:51:44 +00:00
vanhu
7ea7300ed8 always include some headers, as they are required even without NAT-T 2006-09-19 07:51:37 +00:00
vanhu
a2afb48bcf From Larry Baird: define SADB_X_EALG_AESCBC as SADB_X_EALG_AES if needed 2006-09-19 07:51:31 +00:00
vanhu
478aed1af7 From Larry Baird: some printf() -> plog() 2006-09-19 07:51:27 +00:00
manu
c18d9daa6a From Matthew Grooms: 
ike_frag force option to force the use of IKE on first packet exchange
(prior to peer consent)
 2006-09-18 20:32:40 +00:00
vanhu
504b73aa2f removed generated files from the CVS 2006-09-18 09:11:06 +00:00
vanhu
3992c65302 removed generated files from the CVS 2006-09-18 08:43:00 +00:00
vanhu
90cc2f12b1 removed generated files from the CVS 2006-09-18 08:13:46 +00:00
manu
f291901204 From Matthew Grooms: 
handle IKE frag used in the first packet. That should not normally happen,
as the initiator does not know yet if the responder can handle IKE frag.
However, in some setups, the first packet is too big to get through, and
assuming the peer supports IKE frag is the only way to go.

racoon should have a setting in the remote section to do taht (something
like ike_frag force)
 2006-09-18 08:05:47 +00:00
manu
5a85c00571 Trivial bugfix in RFC2407 4.6.2 conformance, from Matthew Grooms 2006-09-16 04:31:38 +00:00
manu
2b7658dc54 Fix build on Linux 2006-09-15 09:40:44 +00:00
manu
c8214a0a83 Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts. 
Since we previously had a release branch and we import here the HEAD of CVS,
let's assume all local changes are to be dumped. Local patches should have
been propagated upstream, anyway.
 2006-09-09 16:22:08 +00:00
manu
e3de131b63 Migrate ipsec-tools CVS to cvs.netbsd.org 2006-09-09 16:11:26 +00:00
adrianp
8d13789c5a Apply the third version of the patch from OpenSSL to address this issue. 
- Rollback the updates for rsa.h, rsa_eay.c and rsa_err.c as they were
  not necessary to address this vulnerability.
- Small update to the patch for rsa_sign.c for backward compatability so
  the same patch can be applied to 0.9.[6-9]
 2006-09-06 22:47:11 +00:00
christos
90f5d4a3e0 Apply patch-CVE-2006-4339.txt 
Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures. If an RSA key with exponent 3 is used it may be possible
to forge a PKCS #1 v1.5 signature signed by that key. Implementations
may incorrectly verify the certificate if they are not checking for
excess data in the RSA exponentiation result of the signature.

Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is
used in X.509 certificates, all software that uses OpenSSL to verify
X.509 certificates is potentially vulnerable, as well as any other use
of PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or
TLS.
 2006-09-05 12:24:08 +00:00
wiz
85f4c6eabf Pull over OpenBSD v1.97, forwarded by jmc@openbsd: 
avoid confusing wording in HashKnownHosts:

originally spotted by alan amesbury;
ok deraadt
 2006-08-10 00:34:32 +00:00
dogcow
444e690921 Remove various dotfiles that wandered their way in. 2006-06-18 08:59:39 +00:00
ginsbach
a697e6653a Adapt to new return value from socket(2) for an unsupported 
protocol/address family.
 2006-06-14 15:36:00 +00:00
christos
ed56312e8a resolve conflicts. 2006-06-03 01:50:19 +00:00
christos
387e0d89ab ftp www.openssl.org 2006-06-03 01:43:51 +00:00
christos
b8b11c345a ftp www.openssl.org 2006-06-03 01:39:48 +00:00
oster
4f500646a9 Add a missing ')' to fix the example code. Already fixed in openssl upstream. 2006-05-24 16:44:34 +00:00
christos
d46617757a XXX: GCC uninitialized variable 2006-05-14 02:40:03 +00:00
christos
b943fcf792 XXX: GCC uninitialized variables 2006-05-14 02:17:32 +00:00
mrg
f8418c0954 use socklen_t where appropriate. 2006-05-11 11:54:14 +00:00
mrg
54e9f4ccbc wait_until_can_do_something() wants u_int * for it's 4th argument. 2006-05-11 09:27:06 +00:00
mrg
965a873335 avoid lvalue casts. 2006-05-11 00:05:45 +00:00
mrg
4d2c417597 quell GCC 4.1 uninitialised variable warnings. 
XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..
 2006-05-11 00:04:07 +00:00
mrg
084c052803 quell GCC 4.1 uninitialised variable warnings. 
XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..
 2006-05-10 21:53:14 +00:00
mrg
0c37c63edc change (mostly) int to socklen_t. GCC 4 doesn't like that int and 
socklen_t are different signness.
 2006-05-09 20:18:05 +00:00
tsutsui
4cd8515cfc Add a NetBSD RCS ID. 2006-04-15 13:43:11 +00:00
elad
504a2dd02c Pull in from djm@OpenBSD: 
remove IV support from the CRC attack detector, OpenSSH has never used
it - it only applied to IDEA-CFB, which we don't support.

Thanks to deraadt@OpenBSD for looking into this one.
 2006-03-22 23:04:39 +00:00
christos
e13746b11b Fix krb4 compilation (although krb4 is removed, this leaves the code compiling) 2006-03-21 00:01:29 +00:00
elad
dc4926056e plug leak, coverity cid 2014. 2006-03-20 16:42:34 +00:00
elad
204152ace9 plug leak, coverity cid 2027. 2006-03-20 16:41:46 +00:00
elad
04b503af06 plug leaks, coverity cids 2030, 2031. 2006-03-20 16:40:25 +00:00
elad
3a008ccc30 plug leak, coverity cid 2019. 2006-03-20 16:39:05 +00:00