Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
158,537 Commits 606 Branches 0 Tags 3.1 GiB
6ffefad6ef
Commit Graph

1071 Commits

Author SHA1 Message Date
wiz
710cf70831 Use more macros. 2006-12-23 09:29:01 +00:00
wiz
fc51d9d324 Serial comma, and bump date for previous. 2006-12-23 09:22:52 +00:00
vanhu
1a38b96eff From Joy Latten: fix a memory leak 2006-12-18 10:15:30 +00:00
vanhu
591299b29f fixed a memory leak in crypto_openssl 2006-12-18 10:15:29 +00:00
manu
fcdf5459d0 branch 0.7 created 2006-12-10 22:36:06 +00:00
manu
7c683c0b23 Bring back API and ABI backward compatibility with previous libipsec before 
recent interface change. Bump libipsec minor version. Remove ifdefs in
struct pfkey_send_sa_args to avoid ABI compatibility lossage.
Add a capability flags to detect missing optional feature in libipsec
 2006-12-10 18:46:39 +00:00
manu
78f5cfece3 From Joy Latten: README.plainrsa documenting plain RSA auth 2006-12-10 05:51:14 +00:00
manu
99a403e274 From Joy Latten: Add support for SELinux security contexts. Also cleanup the 
libipsec interface for adding and updating security associations.
 2006-12-09 05:52:57 +00:00
manu
10cadc281e From Simon Chang: More hints about plain RSA authentication 2006-12-09 05:44:34 +00:00
vanhu
3db7f7800e Check keys length regarding proposal_check level 2006-12-05 13:38:40 +00:00
mgrooms
8ceadc3208 Correct issues associated with anonymous sainfo selection in racoon. 2006-11-16 00:30:55 +00:00
dogcow
ea8336c632 As uwe points out, it looks like the L on the version constant was 
accidentally removed. Add it back, especially as the documentation still
claims that the constant is a long.
 2006-11-14 22:30:33 +00:00
adrianp
1be366570b From http://www.openssh.org/txt/release-4.5: (CVE-2006-5794) 
* Fix a bug in the sshd privilege separation monitor that weakened its
  verification of successful authentication. This bug is not known to
  be exploitable in the absence of additional vulnerabilities.

Bump __NETBSDSSH_VERSION
 2006-11-14 21:52:09 +00:00
christos
600680c6c3 merge conflicts. 2006-11-13 21:55:36 +00:00
christos
4a5ea8ca2f import 0.9.8d 2006-11-13 21:16:04 +00:00
christos
9f3fa7dc87 eliminate the only variable stack array allocation. 2006-11-09 20:22:18 +00:00
christos
94eb6e9da8 fix typo 2006-11-09 19:51:06 +00:00
christos
f06f014bee use malloc when ssp 2006-11-09 19:50:03 +00:00
cbiere
577883a31d Don't define the deprecated IPV6_RECVDSTADDR if the "advanced IPv6 API" is 
used because IPV6_RECVPKTINFO and IPV6_PKTINFO are used to prevent
potential bugs in the future just in case that the numeric value of the
socket option is ever recycled.
 2006-10-31 00:17:21 +00:00
agc
05ad853be0 one more to catch up with the new location for sha2.h 2006-10-28 23:07:23 +00:00
vanhu
b0d7d1da89 From Michal Ruzicka: fix typos 2006-10-22 15:10:31 +00:00
vanhu
df130f3c13 fixed typos 2006-10-22 15:10:30 +00:00
vanhu
5328e8c78b Added ipsecdoi_chkcmpids() function 2006-10-19 09:36:22 +00:00
vanhu
3835b0b6a5 From Matthew Grooms: use ipsecdoi_chkcmpids() and changed src/dst to loc/rmt in getsainfo(). 2006-10-19 09:35:51 +00:00
vanhu
b0f2fc5ddb From Matthew Grooms: Added ipsecdoi_chkcmpids() function. 2006-10-19 09:35:44 +00:00
adrianp
9480ff5303 Change the default sshd configuration file so that only protocol version 2 
is enabled by default.  Users can manually add back support for protocol
version 1 in their sshd_config if they have a specific need for it.

Suggested by perry@ and ghen@. Ok'ed security-officer@ and christos@
 2006-10-15 14:01:53 +00:00
manu
966e3f130f Fix memory leak (Coverity 3438 and 3437) 2006-10-09 06:32:59 +00:00
manu
331d3b1287 List modified files for last commit 2006-10-09 06:21:11 +00:00
manu
6eca4f09f3 Correctly check read() return value: it's signed (Coverity 1251) 2006-10-09 06:17:20 +00:00
kardel
f34e7857d3 keep len correct when substituting variables - fixes PR/24458 2006-10-08 22:21:14 +00:00
manu
56f4977415 Camelia cipher support as in RFC 4312, from Tomoyuki Okazaki 
<okazaki@kick.gr.jp>
 2006-10-06 12:02:26 +00:00
christos
ee4546d741 unbreak gcc-3 builds. 2006-10-04 14:31:55 +00:00
christos
a9fc92da63 PR/34681: Scott Ellis: Explicitly include <sys/socket.h> 2006-10-04 14:30:35 +00:00
christos
1eafb02344 put back ignorerootrhosts 2006-10-04 14:26:31 +00:00
manu
20d3dfdcfa fix endianness issue introduced yesterday 2006-10-03 20:43:10 +00:00
vanhu
2b72a4f236 remoteid/ph1id support 2006-10-03 08:04:31 +00:00
vanhu
b45c893ef4 Added remoteid/ph1id syntax 2006-10-03 08:03:59 +00:00
vanhu
7d2c6acefd Parses remoteid/ph1id values 2006-10-03 08:03:33 +00:00
vanhu
dd3c365568 Uses remoteid/ph1id values 2006-10-03 08:02:51 +00:00
vanhu
80d5a8a518 Added remoteid/ph1id values 2006-10-03 08:01:56 +00:00
manu
9547d0f260 avoid reusing free'd pointer (Coverity 2613) 2006-10-02 21:51:33 +00:00
manu
1966cc3311 Check for NULL pointer (COverity 4175) 2006-10-02 21:47:32 +00:00
manu
e1ade705e1 Remove dead code (Coverity 3451) 2006-10-02 21:41:59 +00:00
manu
520ec462f7 Fix array overrun (Coverity 4172) 2006-10-02 21:33:14 +00:00
manu
e5d24ec446 Fix memory leak (Coverity 2002) 2006-10-02 21:27:08 +00:00
manu
cdb1e64a8c Fix memory leak (Coverity 2001), refactor the code to use port get/set 
functions
 2006-10-02 21:19:43 +00:00
manu
cd350eaf6d Avoid reusing free'd pointer (Coverity 4200) 2006-10-02 20:52:17 +00:00
manu
d564be9350 Don't use NULL pointer (Coverity 3443), reformat to 80 char/line 2006-10-02 18:54:46 +00:00
dogcow
f54a9b4797 If you're going to initialize a pointer, you have to init it with a pointer 
type, not an int.
 2006-10-02 12:44:40 +00:00
manu
68e9583818 Don't use NULL pointer (coverity 3439) 2006-10-02 12:04:53 +00:00
manu
5227e9475b Don't use NULL pointer (Coverity 1334) 2006-10-02 11:59:40 +00:00
manu
41042afaf6 Don't use NULL pointer (Coverity 944) 2006-10-02 07:17:57 +00:00
manu
01d5ad642c Don't use NULL pointer (Coverity 941) 2006-10-02 07:15:09 +00:00
manu
9a55720f5c Don't use NULL pointer (Coverity 942) 2006-10-02 07:12:26 +00:00
manu
bfd607cda0 Don't use null pointer (Coverity 863) 2006-10-02 07:08:25 +00:00
manu
626d146a75 FIx memory leak (Coverity 4181) 2006-10-01 22:04:03 +00:00
manu
7be862b0db Check that iph1->remote is not NULL before using it (Coverity 3436) 2006-10-01 19:23:57 +00:00
manu
c7242e7e9f emove dead code (Coverity 4165) 2006-09-30 21:49:37 +00:00
manu
07b750b745 Fix memory leak (Coverity 4179) 2006-09-30 21:38:39 +00:00
manu
df69765a89 update the scripts for wrorking around routing problems on NetBSD 2006-09-30 21:22:21 +00:00
manu
172675f3db Reuse existing code for closing IKE sockets, and avoid screwing things by 
setting p->sock = -1, which is not expected (Coverity 4173).
 2006-09-30 16:14:18 +00:00
manu
d5f44674f8 Do not free id and key, as they are used later 2006-09-30 15:51:42 +00:00
cube
55269b80c3 Grab a couple of lines from OpenSSH-portable that allow PAM authentication 
to succeed.  I guess the default configuration of NetBSD wasn't tested
before the import...
 2006-09-29 22:47:21 +00:00
manu
efb59e1b32 Fix the fix: handle_recv closes the socket, so we must call com_init before 
sending any data.
 2006-09-29 21:39:35 +00:00
christos
8da6ea8890 Check for cert being NULL too. 2006-09-29 17:07:32 +00:00
christos
897b34d36d http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows
    remote attackers to cause a denial of service (inifnite loop
    and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier
    versions allows attackers to cause a denial of service (CPU
    consumption) via certain public keys that require extra time
    to process.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
    Buffer overflow in the SSL_get_shared_ciphers function in
    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier
    versions has unspecified impact and remote attack vectors
    involving a long list of ciphers.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
    Unspecified vulnerability in the SSLv2 client code in OpenSSL
    0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions
    allows remote servers to cause a denial of service (client
    crash) via unknown vectors.
 2006-09-29 15:41:08 +00:00
he
f1afbc1ee7 Use PRIu64 instead of llu when printing an u_int64_t. 
Fixes a build problem for our LP64 ports, where u_int64_t is
typically an unsigned long.
 2006-09-29 14:36:34 +00:00
he
a4970f4ee7 The "success" field in Authctxt needs to be a sig_atomic_t, not an int, 
so that we don't get a type conflict on dispatch_run() invocation.  Found
while building for alpha and amd64.
 2006-09-29 14:34:25 +00:00
christos
229f040cb9 We need this again. 2006-09-28 21:23:13 +00:00
christos
c5a8b87f73 Resolve conflicts 2006-09-28 21:22:14 +00:00
christos
49b7694919 from www.openssh.org 2006-09-28 21:14:57 +00:00
manu
ca09533497 Fix unchecked mallocs (Coverity 4176, 4174) 2006-09-28 20:30:13 +00:00
manu
87b827ea10 Fix access after free (Coverity 4178) 2006-09-28 20:09:35 +00:00
manu
eb5be25aad Fix memory leak (Coverity) 2006-09-26 21:42:55 +00:00
manu
8b9e0af1db Fix memory leak (Coverity) 2006-09-26 21:25:52 +00:00
manu
1d587602b5 Remove dead code (Coverity) 2006-09-26 21:10:55 +00:00
manu
75ada6df8d Fix memory leak (Coverity) 2006-09-26 21:06:54 +00:00
manu
ab1354320a One more memory leak 2006-09-26 20:58:03 +00:00
manu
ea585e8293 Fix memory leak in racoonctl (coverity) 2006-09-26 20:51:43 +00:00
manu
f693deda72 Fix buffer overflow 
Also fix credits: SA bundle fix was contributed by Jeff Bailey, not
Matthew Grooms. Matthew updated the patch for current code, though.
 2006-09-26 04:44:41 +00:00
manu
e63f95d0e9 fix SA bundle (e.g.: for negotiating ESP+IPcomp) 2006-09-26 04:41:26 +00:00
vanhu
e2a943b3df From Yves-Alexis Perez: struct ip -> struct iphdr for Linux 2006-09-25 17:42:08 +00:00
vanhu
0fa07a8062 struct ip -> struct iphdr for Linux 2006-09-25 17:42:07 +00:00
manu
1127a06ee3 style (mostly for testing ipsec-tools-commits@netbsd.org) 2006-09-25 05:08:52 +00:00
manu
22ddfb23b1 Fix double free, from Matthew Grooms 2006-09-25 04:49:39 +00:00
vanhu
542839bac0 credit 2006-09-21 09:43:47 +00:00
vanhu
3c6750b831 use sysdep_sa_len to make it compile on Linux 2006-09-21 09:42:08 +00:00
wiz
a7c4d7d4ac Bump date for ike_frag force. 2006-09-19 18:55:11 +00:00
wiz
a5dc6b2e53 New sentence, new line. 2006-09-19 18:54:39 +00:00
wiz
5f831f347b Remove trailing whitespace. 2006-09-19 18:53:12 +00:00
vanhu
efd02bc82c From Yves-Alexis Perez: fixes default value for encmodesv in set_proposal_from_policy() 2006-09-19 16:02:10 +00:00
vanhu
60cd4fed98 fixed default value for encmodesv in set_proposal_from_policy() 2006-09-19 16:02:09 +00:00
vanhu
51065440a5 various commits 2006-09-19 07:51:44 +00:00
vanhu
7ea7300ed8 always include some headers, as they are required even without NAT-T 2006-09-19 07:51:37 +00:00
vanhu
a2afb48bcf From Larry Baird: define SADB_X_EALG_AESCBC as SADB_X_EALG_AES if needed 2006-09-19 07:51:31 +00:00
vanhu
478aed1af7 From Larry Baird: some printf() -> plog() 2006-09-19 07:51:27 +00:00
manu
c18d9daa6a From Matthew Grooms: 
ike_frag force option to force the use of IKE on first packet exchange
(prior to peer consent)
 2006-09-18 20:32:40 +00:00
vanhu
504b73aa2f removed generated files from the CVS 2006-09-18 09:11:06 +00:00
vanhu
3992c65302 removed generated files from the CVS 2006-09-18 08:43:00 +00:00
vanhu
90cc2f12b1 removed generated files from the CVS 2006-09-18 08:13:46 +00:00