Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
150,679 Commits 606 Branches 0 Tags 3.1 GiB
8d13789c5a
Commit Graph

916 Commits

Author SHA1 Message Date
adrianp
8d13789c5a Apply the third version of the patch from OpenSSL to address this issue. 
- Rollback the updates for rsa.h, rsa_eay.c and rsa_err.c as they were
  not necessary to address this vulnerability.
- Small update to the patch for rsa_sign.c for backward compatability so
  the same patch can be applied to 0.9.[6-9]
 2006-09-06 22:47:11 +00:00
christos
90f5d4a3e0 Apply patch-CVE-2006-4339.txt 
Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures. If an RSA key with exponent 3 is used it may be possible
to forge a PKCS #1 v1.5 signature signed by that key. Implementations
may incorrectly verify the certificate if they are not checking for
excess data in the RSA exponentiation result of the signature.

Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is
used in X.509 certificates, all software that uses OpenSSL to verify
X.509 certificates is potentially vulnerable, as well as any other use
of PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or
TLS.
 2006-09-05 12:24:08 +00:00
wiz
85f4c6eabf Pull over OpenBSD v1.97, forwarded by jmc@openbsd: 
avoid confusing wording in HashKnownHosts:

originally spotted by alan amesbury;
ok deraadt
 2006-08-10 00:34:32 +00:00
dogcow
444e690921 Remove various dotfiles that wandered their way in. 2006-06-18 08:59:39 +00:00
ginsbach
a697e6653a Adapt to new return value from socket(2) for an unsupported 
protocol/address family.
 2006-06-14 15:36:00 +00:00
christos
ed56312e8a resolve conflicts. 2006-06-03 01:50:19 +00:00
christos
387e0d89ab ftp www.openssl.org 2006-06-03 01:43:51 +00:00
christos
b8b11c345a ftp www.openssl.org 2006-06-03 01:39:48 +00:00
oster
4f500646a9 Add a missing ')' to fix the example code. Already fixed in openssl upstream. 2006-05-24 16:44:34 +00:00
christos
d46617757a XXX: GCC uninitialized variable 2006-05-14 02:40:03 +00:00
christos
b943fcf792 XXX: GCC uninitialized variables 2006-05-14 02:17:32 +00:00
mrg
f8418c0954 use socklen_t where appropriate. 2006-05-11 11:54:14 +00:00
mrg
54e9f4ccbc wait_until_can_do_something() wants u_int * for it's 4th argument. 2006-05-11 09:27:06 +00:00
mrg
965a873335 avoid lvalue casts. 2006-05-11 00:05:45 +00:00
mrg
4d2c417597 quell GCC 4.1 uninitialised variable warnings. 
XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..
 2006-05-11 00:04:07 +00:00
mrg
084c052803 quell GCC 4.1 uninitialised variable warnings. 
XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..
 2006-05-10 21:53:14 +00:00
mrg
0c37c63edc change (mostly) int to socklen_t. GCC 4 doesn't like that int and 
socklen_t are different signness.
 2006-05-09 20:18:05 +00:00
tsutsui
4cd8515cfc Add a NetBSD RCS ID. 2006-04-15 13:43:11 +00:00
wiz
83620ded04 Remove references to KerberosIV. 2006-03-23 19:58:03 +00:00
elad
504a2dd02c Pull in from djm@OpenBSD: 
remove IV support from the CRC attack detector, OpenSSH has never used
it - it only applied to IDEA-CFB, which we don't support.

Thanks to deraadt@OpenBSD for looking into this one.
 2006-03-22 23:04:39 +00:00
christos
e13746b11b Fix krb4 compilation (although krb4 is removed, this leaves the code compiling) 2006-03-21 00:01:29 +00:00
elad
dc4926056e plug leak, coverity cid 2014. 2006-03-20 16:42:34 +00:00
elad
204152ace9 plug leak, coverity cid 2027. 2006-03-20 16:41:46 +00:00
elad
04b503af06 plug leaks, coverity cids 2030, 2031. 2006-03-20 16:40:25 +00:00
elad
3a008ccc30 plug leak, coverity cid 2019. 2006-03-20 16:39:05 +00:00
elad
9266948705 plug leaks, coverity cids 2012, 2013. 2006-03-20 16:36:31 +00:00
elad
14c3ee98a9 fix null deref, coverity cid 953. 2006-03-20 16:31:45 +00:00
christos
85e611dd01 Goodbye KerberosIV 2006-03-20 04:03:10 +00:00
christos
1db63daa9d fix compilation after des.h change. The countdown to krb4 has started. 2006-03-20 02:18:59 +00:00
christos
e4547e1148 Coverity CID 1904: Don't leak memory on error. 2006-03-19 22:49:59 +00:00
christos
a09bebd7da Don't forget to free reply on failure. 2006-03-19 22:45:03 +00:00
christos
5ebcdaa51a Add casts to compile again. 2006-03-19 21:45:33 +00:00
christos
4ea32734dc Make this compile again, before I nuke it from orbit. 2006-03-19 21:01:17 +00:00
elad
2ff3564ba8 fix memory leak, coverity cid 2032. 2006-03-19 16:48:36 +00:00
elad
0a2d3f7a19 fix memory leaks, coverity cid 2016. 2006-03-19 16:47:09 +00:00
elad
f6bc7e7627 fix memory leaks, coverity cids 2028, 2029. 2006-03-19 16:40:32 +00:00
elad
2741a951b4 fix fd leak, coverity cid 2015. 2006-03-19 16:33:26 +00:00
elad
be71d6bbfd fix null deref, coverity cid 1341. 2006-03-19 16:29:43 +00:00
elad
8a41610291 fix null deref, coverity cid 1339. 2006-03-19 16:23:19 +00:00
elad
28788b89c7 fix null deref, coverity cid 1340. 2006-03-19 16:20:47 +00:00
christos
d5b9c02e8c add a semi colon. 2006-03-19 08:00:19 +00:00
christos
4fcb2eb6de Coveriry CID 1998: Fix memory leak. 2006-03-18 22:17:48 +00:00
elad
6c6e841e30 Don't dereference NULL pointer, found by Coverity, CID 954. 2006-03-18 21:09:57 +00:00
dan
ccd53bd92b reform a loop to be prettier and appease coverity CID 2618 2006-03-18 10:41:24 +00:00
jnemeth
79787ff03b Fix Coverity run 5, issue 2021 -- memory leak. 
Approved by christos@.
 2006-03-18 10:22:46 +00:00
jnemeth
1f89beeb43 Fix Coverity run 5, issue 1966 -- memory leak 
Approved by christos@.
 2006-03-18 10:19:09 +00:00
is
2de2502171 Make sure the right error is reported later, if all socket() calls fail. 
If we close the invalid sock, we'll report EBADF later in that case.
 2006-03-01 15:39:00 +00:00
is
6aece482c0 On non-fatal errors (identified: EPROTONOTSUPPORT), don't output the 
error message unless debugging - the error for the last address tried
will be shown anyway, and earlier errors without context are only confusing
the user.
 2006-03-01 15:18:09 +00:00
christos
dd8ccf5b99 Add a namespace.h to rename the most conflict inducing names from libssh. 
Idea from thorpej.
 2006-02-13 16:49:33 +00:00
he
e245f48109 The sig_atomic_t type is not guaranteed to be printf-compatible 
with %d, so cast to int before printing it.
 2006-02-08 23:08:13 +00:00