libssh2_knownhost_readfile() silently ignored problems when reading keys
in unsupported formats from the known hosts file. When the file is
written again from the internal structures of libssh2 it gets truntcated
to the point where the first unknown key was located.
* src/knownhost.c:libssh2_knownhost_readfile() - return error if key
parsing fails
Add a "use_in_auth" flag to the LIBSSH2_COMP_METHOD struct and a
separate "zlib@openssh.com" method, along with checking session->state
for LIBSSH2_STATE_AUTHENTICATED. Appears to work on the OpenSSH servers
I've tried against, and it should work as before with normal zlib
compression.
If libssh2_session_free is called without the channel being freed
previously by libssh2_channel_free a memory leak could occur.
A mismatch of states variables in session_free() prevent the call to
libssh2_channel_free function. session->state member is used instead of
session->free_state.
It causes a leak of around 600 bytes on every connection on my systems
(Linux, x64 and PPC).
(Debugging done under contract for Accedian Networks)
Fixes#246
When using libssh2 to perform an SFTP file transfer from the "JSCAPE MFT
Server" (http://www.jscape.com) the transfer failed. The default JSCAPE
configuration is to enforce zlib compression on SSH2 sessions so the
session was compressed. The relevant part of the debug trace contained:
[libssh2] 1.052750 Transport: unhandled zlib error -5
[libssh2] 1.052750 Failure Event: -29 - decompression failure
The trace comes from comp_method_zlib_decomp() in comp.c. The "unhandled
zlib error -5" is the status returned from the zlib function
inflate(). The -5 status corresponds to "Z_BUF_ERROR".
The inflate() function takes a pointer to a z_stream structure and
"inflates" (decompresses) as much as it can. The relevant fields of the
z_stream structure are:
next_in - pointer to the input buffer containing compressed data
avail_in - the number of bytes available at next_in
next_out - pointer to the output buffer to be filled with uncompressed
data
avail_out - how much space available at next_out
To decompress data you set up a z_stream struct with the relevant fields
filled in and pass it to inflate(). On return the fields will have been
updated so next_in and avail_in show how much compressed data is yet to
be processed and next_out and avail_out show how much space is left in
the output buffer.
If the supplied output buffer is too small then on return there will be
compressed data yet to be processed (avail_in != 0) and inflate() will
return Z_OK. In this case the output buffer must be grown, avail_out
updated and inflate() called again.
If the supplied output buffer was big enough then on return the
compressed data will have been exhausted (avail_in == 0) and inflate()
will return Z_OK, so the data has all been uncompressed.
There is a corner case where inflate() makes no progress. That is, there
may be unprocessed compressed data and space available in the output
buffer and yet the function does nothing. In this case inflate() will
return Z_BUF_ERROR. From the zlib documentation and the source code it
is not clear under what circumstances this happens. It could be that it
needs to write multiple bytes (all in one go) from its internal state to
the output buffer before processing the next chunk of input but but
can't because there is not enough space (though my guesses as to the
cause are not really relevant). Recovery from Z_BUF_ERROR is pretty
simple - just grow the output buffer, update avail_out and call
inflate() again.
The comp_method_zlib_decomp() function does not handle the case when
inflate() returns Z_BUF_ERROR. It treats it as a non-recoverable error
and basically aborts the session.
Fixes#240
Changed to use Windows commandline tools instead of
GNU tools when compiling on Windows. Fixed dist and
dev targets. Enabled nlmconv error for unresolved
symbols.
Usually a format macro should hold the whole format, otherwise
it should be named a prefix. Also fixed usage of this macro in
scp.c for a signed var where it was used as prefix for unsigned.
Rationale: Everything else in this file states a fact about the win32
platform that is unconditional for that platform. There is nothing
unconditional about the presence of zlib. It is neither included with
Windows nor with the platform SDK. Therefore, this is not an appropriate
place to assert its presence. Especially as, once asserted, it cannot be
overridden using a compiler flag.
In contrast, if it is omitted, then it can easily be reasserted by adding
a compiler flag defining LIBSSH2_HAVE_ZLIB.
sftp_packet_add takes ownership of the packet passed to it and (now that we
handle zombies) might free the packet. sftp_packet_read uses the packet type
byte as its return code but by this point sftp_packet_add might have freed
it. This change fixes the problem by caching the packet type before calling
sftp_packet_add.
I don't understand why sftp_packet_read uses the packet type as its return
code. A future change might get rid of this entirely.
As this function is called when the SFTP session is closed, it needs to
also kill all zombies left in the SFTP session to avoid leaking memory
just in case some zombie would still be in there.
When flushing the packetlist, we must only add the request as a zombie
if no response has already been received. Otherwise we could wrongly
make it a zombie even though the response was already received and then
we'd get a zombie stuck there "forever"...
Since the sftp_packetlist_flush() function will move all the existing
FXP_READ requests in this handle to the zombie list we must first remove
this just received packet as it is clearly not a zombie.
Exactly as the comment in the code said, checking the return code from
sftp_packet_read() with <= was wrong and it should be < 0. With the new
filtering on incoming packets that are "zombies" we can now see this
getting zero returned.
In order to be fast, sftp_read sends many read requests at once. With a small
file, this can mean that when EOF is received back, many of these requests are
still outstanding. Responses arriving after we close the file and abandon the
file handle are queued in the SFTP packet queue and never collected. This
causes transfer speed to drop as a progressively longer queue must be searched
for every packet.
This change introduces a zombie request-ID list in the SFTP session that is
used to recognise these outstanding requests and prevent them being added to
the queue.
libcrypto on win32 now depends on gdi32.dll, so move the OpenSSL LDLIBS
block to before the compiler definitions, so that libcrypto gets added
first, and then add -lgdi32 into the following common LDLIBS for gcc.
Examples are built by default. Any of the following options on the
configure command line will skip building them:
--disable-examples-build
--enable-examples-build=no
--enable-examples-build=false
If the filename parameter for file_read_publickey() was the name of a
directory instead of a file then libssh2 would spin trying to fgetc()
from the FILE * for the opened directory when trying to determine the
length of the encoded public key, since fgetc() can't report errors.
Use fread() instead to correctly detect this error condition along
with many others.
This fixes the problem reported in
http://www.libssh2.org/mail/libssh2-devel-archive-2012-04/0021.shtml
Reported-by: Oleksiy Zagorskyi <zalex_ua@i.ua>
When calling _libssh2_channel_receive_window_adjust() internally, we now
always use the 'force' option to prevent libssh2 to avoid sending the
update if the update isn't big enough.
It isn't fully analyzed but we have seen corner cases which made a
necessary window update not get send due to this and then the other side
doesn't send data our side then sits waiting for forever.
if there's not enough room to receive the data that's being requested,
the window adjustment needs to be sent to the remote and thus the force
option has to be used. _libssh2_channel_receive_window_adjust() would
otherwise "queue" small window adjustments for a later packet but that
is really terribly for the small buffer read that for example is the
final little piece of a very large file as then there is no logical next
packet!
Reported by: Armen Babakhanian
Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0130.shtml
_libssh2_channel_write() first reads outstanding packets before writing
new data. If it reads a key exchange request, it will immediately start
key re-exchange, which will require sending a response. If the output
socket is full, this will result in a return from
_libssh2_transport_read() of LIBSSH2_ERROR_EAGAIN. In order not to block
a write because there is no data to read, this error is explicitly
ignored and the code continues marshalling a packet for sending. When it
is sent, the remote end immediately drops the connection because it was
expecting a continuation of the key exchange, but got a data packet.
This change adds the same check for key exchange to
_libssh2_transport_send() that is in _libssh2_transport_read(). This
ensures that key exchange is completed before any data packet is sent.
When draining data off the socket with _libssh2_transport_read() (which
in turn has to be done so that we can be sure to have read any possible
window-increasing packets), this code previously ignored errors which
could lead to nasty loops. Now all error codes except EAGAIN will cause
the error to be returned at once.
Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0068.shtml
Reported by: Matthew Booth
sizeof(buf) expands to 8 or 4 (since its a pointer). This variable may
have been static in the past, leading to this error.
Signed-off-by: Steven Dake <sdake@redhat.com>
In the x11 example, sizeof(buf) = 8UL (on x86_64), when this should
probably represent the buffer size available. I am not sure how to
test that this change is actually correct, however.
Signed-off-by: Steven Dake <sdake@redhat.com>
Lots of places in the code translated the original error into the more
generic LIBSSH2_ERROR_SOCKET_TIMEOUT but this turns out to distort the
original error reason a lot and makes tracking down the real origin of a
problem really hard. This change makes the original error code be
preserved to a larger extent when return up to the parent function.
Commit 03ca902075 tried to simplify the window sizing logic but broke
SFTP readdir as there was no window sizing code left there so large
directory listings no longer worked.
This change introduces window sizing logic to the sftp_packet_read()
function so that it now tells the remote about the local size having a
window size that suffice when it is about to ask for directory data.
Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0069.shtml
Reported by: Eric
The call of libssh2_init returns a return code, but nothing could be done
within the _libssh2_init_if_needed execution path.
Signed-off-by: Steven Dake <sdake@redhat.com>
Although the function checks the length, if the code was in error, there
could potentially be a buffer overrun with the use of sprintf. Instead replace
with snprintf.
Signed-off-by: Steven Dake <sdake@redhat.com>
INVALID_SOCKET is a special value in Windows representing a
non-valid socket identifier. We were #defining this to -1 on
non-Windows platforms, causing unneccessary namespace pollution.
Let's have our own identifier instead.
Thanks to Matt Lawson for pointing this out.
OpenSolaris has no cfmakeraw() so to make the example more portable
we simply do the equivalent operations on struct termios ourselves.
Thanks to Tom Weber for reporting this problem, and finding a solution.
Whenever we have acked data and is about to call a function that *MAY*
return EAGAIN we must return the number now and wait to get called
again. Our API only allows data *or* EAGAIN and we must never try to get
both.
Removed the total_read variable that originally must have tracked how
much data had been written to the buffer. With non-blocking reads, we
must return straight away once we have read data into the buffer so this
variable served not purpose.
I think it was still hanging around in case the initial processing of
'leftover' data meant we wrote to the buffer but this case, like the
others, must return immediately. Now that it does, the last remaining
need for the variable is gone.
Whenever we have data and is about to call a function that *MAY* return
EAGAIN we must return the data now and wait to get called again. Our API
only allows data *or* EAGAIN and we must never try to get both.
If the function that extracts/computes the public key from a private key
fails the errors it reports were masked by the function calling it. This
patch modifies the key extraction function to return errors using
_libssh_error() function. The error messages are tweaked to contain
reference to the failed operaton in addition to the reason.
* AUTHORS: - add my name
* libgcrypt.c: _libssh2_pub_priv_keyfile(): - return a more verbose
error using
_libssh2_error() func.
* openssl.c: - modify call graph of _libssh2_pub_priv_keyfile() to use
_libssh2_error for error reporting();
* userauth.c: - tweak functions calling _libssh2_pub_priv_keyfile() not
to shadow error messages
Some SFTP servers send SFTP packets larger than 40000. Since the limit
is only present to avoid insane sizes anyway, we can easily bump it.
The define was formerly in the public header libssh2_sftp.h but served
no external purpose and was moved into the source dir.
Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2011-11/0004.shtml
Reported by: Michael Harris
Documentation for libssh2_knownhost_checkp() and related functions
states that the last argument is filled with data if non-NULL.
"knownhost if set to non-NULL, it must be a pointer to a 'struct
libssh2_knownhost' pointer that gets filled in to point to info about a
known host that matches or partially matches."
In this function ext is dereferenced even if set to NULL, causing
segfault in applications not needing the extra data.
In function knownhost_add, memory is alocated for a new entry. If normal
alocation is used, memory is not initialized to 0 right after, but a
check is done to verify if correct key type is passed. This test is done
BEFORE setting the memory to null, and on the error path function
free_host() is called, that tries to dereference unititialized memory,
resulting into a glibc abort().
* knownhost.c - knownhost_add(): - move typemask check before alloc
When cross compiling to Windows, libssh2.h include Windows header files
with upper case filenames : BaseTsd.h and WinSock2.h.
These files have lowercase names with mingw-w64 (iirc, it's the same with
mingw). And as on Windows, being lowercase or uppercase does not matter.
Make sure we don't clear or reset static structs after first init so
that they work fine even when used from multiple threads. Init the
structs in the global init.
Help and assistance by: John Engstrom
Fixes#229 (again)
make_ctr_evp() is changed to take a struct pointer, and then each
_libssh2_EVP_aes_[keylen]_ctr function is made to pass in their own
static struct
Reported by: John Engstrom
Fixes#229
Set read_state back to idle before trying to send anything so that if
the state somehow is wrongly set.
Also, avoid such a case of confusion by resetting the read_state when an
sftp handle is closed.
Removed the automatic window_size adjustments from
_libssh2_channel_read() and instead all channel readers must now make
sure to enlarge the window sizes properly themselves.
libssh2_channel_read_ex() - the public function, now grows the window
size according to the requested buffer size. Applications can still opt
to grow the window more on demand. Larger windows tend to give higher
performance.
sftp_read() now uses the read-ahead logic to figure out a window_size.
A returned READ packet that is short will now only reduce the
offset.
This is a temporary fix as it is slightly better than the previous
approach but still not very good.
When receiving more data than what the window size allows on a
particular channel, make sure that the window size is adjusted in that
case too. Previously it would only adjust the window in the non-error
case.
When seeking to a new position, flush the packetlist and buffered data
to prevent already received or pending data to wrongly get used when
sftp-reading from the new offset within the file.
In the case where a read packet has been received from the server, but
the entire contents couldn't be copied to the user-buffer, the data is
instead buffered and copied to the user's buffer in the next invocation
of sftp_read(). When that "extra" copy is made, the 'offset' pointer was
not advanced accordingly.
The biggest impact of this flaw was that the 'already' variable at the
top of the function that figures out how much data "ahead" that has
already been asked for would slowly go more and more out of sync, which
could lead to the file not being read all the way to the end.
This problem was most noticable in cases where the application would
only try to read the exact file size amount, like curl does. In the
examples libssh2 provides the sftp read function is most often called
with a fixed size large buffer and then the bug would not appear as
easily.
This bug was introduced in the SFTP rewrite in 1.2.8.
Bug: http://curl.haxx.se/mail/lib-2011-08/0305.htmlhttp://www.libssh2.org/mail/libssh2-devel-archive-2011-08/0085.shtml
A sftp session failed with error "failure establishing ssh session" on
Solaris and HP-UX. Sometimes the first recv() function call sets errno
to ENOENT. In the man pages for recv of Solaris and HP-UX the error
ENOENT is not documented.
I tested Solaris SPARC and x86, HP-UX i64, AIX, Windows and Linux.
After an error occurs in libssh2_scp_recv() or libssh2_scp_send(), the
function libssh2_session_last_error() would return
LIBSSH2_ERROR_SOCKET_NONE on error.
Bug: http://trac.libssh2.org/ticket/216
Patch by: "littlesavage"
Fixes#216
Added libraries needed to link whether using openssl dynamically or
statically
Added LIBSSH2DEBUG define to debug versions to enable tracing
URL: http://trac.libssh2.org/ticket/215
Patch by: Mark Smith
Someone on IRC pointed out that we don't have these documented so I
wrote up a first set based on the information in the wiki:
http://trac.libssh2.org/wiki/KeepAlive
Stop using the $VERSION variable as it seems to be magically used by
autoconfig itself and thus gets set to the value set in AC_INIT()
without us wanting that. $LIBSSH2VER is now the libssh2 version as
detected.
Reported by: Paul Howarth
Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2011-04/0008.shtml
\fILIBSSH2_ERROR_INVAL\fP - Internal error (normally should not occur).
\fILIBSSH2_ERROR_ALLOC\fP - Allocation of memory failed.
.SHAVAILABILITY
Added in 1.4.0
.SHSEEALSO
.BRlibssh2_session_methods(3),
.BRlibssh2_session_method_pref(3)
.BRlibssh2_free(3)
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
