Mercurial > dropbear
annotate .travis.yml @ 1788:1fc0012b9c38
Fix handling of replies to global requests (#112)
The current code assumes that all global requests want / need a reply.
This isn't always true and the request itself indicates if it wants a
reply or not.
It causes a specific problem with [email protected] messages.
These are sent by OpenSSH after authentication to inform the client of
potential other host keys for the host. This can be used to add a new
type of host key or to rotate host keys.
The initial information message from the server is sent as a global
request, but with want_reply set to false. This means that the server
doesn't expect an answer to this message. Instead the client needs to
send a prove request as a reply if it wants to receive proof of
ownership for the host keys.
The bug doesn't cause any current problems with due to how OpenSSH
treats receiving the failure message. It instead treats it as a
keepalive message and further ignores it.
Arguably this is a protocol violation though of Dropbear and it is only
accidental that it doesn't cause a problem with OpenSSH.
The bug was found when adding host keys support to libssh, which is more
strict protocol wise and treats the unexpected failure message an error,
also see https://gitlab.com/libssh/libssh-mirror/-/merge_requests/145
for more information.
The fix here is to honor the want_reply flag in the global request and
to only send a reply if the other side expects a reply.
| author | Dirkjan Bussink <d.bussink@gmail.com> |
|---|---|
| date | Thu, 10 Dec 2020 16:13:13 +0100 |
| parents | 32307118bc26 |
| children | f78e67527731 |
| rev | line source |
|---|---|
|
912
e630c7aecff7
Add Travis CI autobuilder config
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 language: c |
|
1240
87a43bf49e37
TravisCI: modify to run builds in container
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1142
diff
changeset
|
2 |
|
1485
3a916b945185
Use an explicit matrix instead, avoid bad clang combinations etc
Matt Johnston <matt@ucc.asn.au>
parents:
1481
diff
changeset
|
3 git: |
|
3a916b945185
Use an explicit matrix instead, avoid bad clang combinations etc
Matt Johnston <matt@ucc.asn.au>
parents:
1481
diff
changeset
|
4 depth: 3 |
|
1243
2e3d083483de
TravisCI: enable osx builds
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1242
diff
changeset
|
5 |
|
1691
2d3745d58843
try rearrange travis build matrix
Matt Johnston <matt@ucc.asn.au>
parents:
1690
diff
changeset
|
6 # use focal which provides libtommath 1.20 |
|
2d3745d58843
try rearrange travis build matrix
Matt Johnston <matt@ucc.asn.au>
parents:
1690
diff
changeset
|
7 dist: focal |
|
2d3745d58843
try rearrange travis build matrix
Matt Johnston <matt@ucc.asn.au>
parents:
1690
diff
changeset
|
8 |
|
1243
2e3d083483de
TravisCI: enable osx builds
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1242
diff
changeset
|
9 matrix: |
|
1485
3a916b945185
Use an explicit matrix instead, avoid bad clang combinations etc
Matt Johnston <matt@ucc.asn.au>
parents:
1481
diff
changeset
|
10 include: |
|
1693
f9ad4d39e388
Bring back -Werror and improve travis tests
Matt Johnston <matt@ucc.asn.au>
parents:
1691
diff
changeset
|
11 - name: "plain linux" |
|
f9ad4d39e388
Bring back -Werror and improve travis tests
Matt Johnston <matt@ucc.asn.au>
parents:
1691
diff
changeset
|
12 compiler: gcc |
|
1485
3a916b945185
Use an explicit matrix instead, avoid bad clang combinations etc
Matt Johnston <matt@ucc.asn.au>
parents:
1481
diff
changeset
|
13 env: WEXTRAFLAGS=-Werror |
|
1693
f9ad4d39e388
Bring back -Werror and improve travis tests
Matt Johnston <matt@ucc.asn.au>
parents:
1691
diff
changeset
|
14 - name: "multi binary" |
|
f9ad4d39e388
Bring back -Werror and improve travis tests
Matt Johnston <matt@ucc.asn.au>
parents:
1691
diff
changeset
|
15 env: MULTI=1 WEXTRAFLAGS=-Werror |
|
f9ad4d39e388
Bring back -Werror and improve travis tests
Matt Johnston <matt@ucc.asn.au>
parents:
1691
diff
changeset
|
16 - name: "bundled libtom, xenial, no writev()" |
|
f9ad4d39e388
Bring back -Werror and improve travis tests
Matt Johnston <matt@ucc.asn.au>
parents:
1691
diff
changeset
|
17 # NOWRITEV is unrelated to libtom/xenial, test here to save a job |
|
f9ad4d39e388
Bring back -Werror and improve travis tests
Matt Johnston <matt@ucc.asn.au>
parents:
1691
diff
changeset
|
18 env: CONFIGURE_FLAGS=--enable-bundled-libtom WEXTRAFLAGS=-Werror NOWRITEV=1 |
|
1690
2a06ef4ba80d
.travis.yml needs spaces not tabs
Matt Johnston <matt@ucc.asn.au>
parents:
1689
diff
changeset
|
19 # can use an older distro with bundled libtom |
|
2a06ef4ba80d
.travis.yml needs spaces not tabs
Matt Johnston <matt@ucc.asn.au>
parents:
1689
diff
changeset
|
20 dist: xenial |
|
1693
f9ad4d39e388
Bring back -Werror and improve travis tests
Matt Johnston <matt@ucc.asn.au>
parents:
1691
diff
changeset
|
21 - name: "linux clang" |
|
f9ad4d39e388
Bring back -Werror and improve travis tests
Matt Johnston <matt@ucc.asn.au>
parents:
1691
diff
changeset
|
22 os: linux |
|
1485
3a916b945185
Use an explicit matrix instead, avoid bad clang combinations etc
Matt Johnston <matt@ucc.asn.au>
parents:
1481
diff
changeset
|
23 compiler: clang |
|
1693
f9ad4d39e388
Bring back -Werror and improve travis tests
Matt Johnston <matt@ucc.asn.au>
parents:
1691
diff
changeset
|
24 env: WEXTRAFLAGS=-Werror |
|
f9ad4d39e388
Bring back -Werror and improve travis tests
Matt Johnston <matt@ucc.asn.au>
parents:
1691
diff
changeset
|
25 - name: "osx" |
|
f9ad4d39e388
Bring back -Werror and improve travis tests
Matt Johnston <matt@ucc.asn.au>
parents:
1691
diff
changeset
|
26 os: osx |
|
1485
3a916b945185
Use an explicit matrix instead, avoid bad clang combinations etc
Matt Johnston <matt@ucc.asn.au>
parents:
1481
diff
changeset
|
27 compiler: clang |
|
1693
f9ad4d39e388
Bring back -Werror and improve travis tests
Matt Johnston <matt@ucc.asn.au>
parents:
1691
diff
changeset
|
28 # OS X says daemon() and utmp are deprecated |
|
f9ad4d39e388
Bring back -Werror and improve travis tests
Matt Johnston <matt@ucc.asn.au>
parents:
1691
diff
changeset
|
29 env: WEXTRAFLAGS="-Wno-deprecated-declarations -Werror" |
| 1581 | 30 # Note: the fuzzing malloc wrapper doesn't replace free() in system libtomcrypt, so need bundled. |
|
1749
32307118bc26
Add ubsan fuzz run to Travis CI too
Matt Johnston <matt@ucc.asn.au>
parents:
1693
diff
changeset
|
31 # Address sanitizer |
|
32307118bc26
Add ubsan fuzz run to Travis CI too
Matt Johnston <matt@ucc.asn.au>
parents:
1693
diff
changeset
|
32 - name: "fuzz-asan" |
|
1693
f9ad4d39e388
Bring back -Werror and improve travis tests
Matt Johnston <matt@ucc.asn.au>
parents:
1691
diff
changeset
|
33 env: DO_FUZZ=1 CONFIGURE_FLAGS="--enable-fuzz --disable-harden --enable-bundled-libtom" WEXTRAFLAGS=-Werror LDFLAGS=-fsanitize=address EXTRACFLAGS=-fsanitize=address CXX=clang++ |
| 1567 | 34 compiler: clang |
|
1749
32307118bc26
Add ubsan fuzz run to Travis CI too
Matt Johnston <matt@ucc.asn.au>
parents:
1693
diff
changeset
|
35 # Undefined Behaviour sanitizer |
|
32307118bc26
Add ubsan fuzz run to Travis CI too
Matt Johnston <matt@ucc.asn.au>
parents:
1693
diff
changeset
|
36 - name: "fuzz-ubsan" |
|
32307118bc26
Add ubsan fuzz run to Travis CI too
Matt Johnston <matt@ucc.asn.au>
parents:
1693
diff
changeset
|
37 # don't fail with alignment due to https://github.com/libtom/libtomcrypt/issues/549 |
|
32307118bc26
Add ubsan fuzz run to Travis CI too
Matt Johnston <matt@ucc.asn.au>
parents:
1693
diff
changeset
|
38 env: DO_FUZZ=1 CONFIGURE_FLAGS="--enable-fuzz --disable-harden --enable-bundled-libtom" WEXTRAFLAGS=-Werror LDFLAGS=-fsanitize=undefined EXTRACFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined -fsanitize-recover=alignment" CXX=clang++ |
|
32307118bc26
Add ubsan fuzz run to Travis CI too
Matt Johnston <matt@ucc.asn.au>
parents:
1693
diff
changeset
|
39 compiler: clang |
|
1242
53111b3413dc
TravisCI: enable build with clang
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1241
diff
changeset
|
40 |
|
1240
87a43bf49e37
TravisCI: modify to run builds in container
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1142
diff
changeset
|
41 # container-based builds |
|
87a43bf49e37
TravisCI: modify to run builds in container
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1142
diff
changeset
|
42 addons: |
|
87a43bf49e37
TravisCI: modify to run builds in container
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1142
diff
changeset
|
43 apt: |
|
87a43bf49e37
TravisCI: modify to run builds in container
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1142
diff
changeset
|
44 packages: |
|
87a43bf49e37
TravisCI: modify to run builds in container
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1142
diff
changeset
|
45 # packages list: https://github.com/travis-ci/apt-package-whitelist/blob/master/ubuntu-precise |
|
87a43bf49e37
TravisCI: modify to run builds in container
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1142
diff
changeset
|
46 - zlib1g-dev |
|
87a43bf49e37
TravisCI: modify to run builds in container
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1142
diff
changeset
|
47 - libtomcrypt-dev |
|
87a43bf49e37
TravisCI: modify to run builds in container
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1142
diff
changeset
|
48 - libtommath-dev |
| 1566 | 49 - mercurial |
|
1243
2e3d083483de
TravisCI: enable osx builds
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1242
diff
changeset
|
50 |
|
1245
cb0806413220
TravisCI: fix linux + clang compile
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1244
diff
changeset
|
51 before_install: |
|
cb0806413220
TravisCI: fix linux + clang compile
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1244
diff
changeset
|
52 - if [ "$CC" = "clang" ]; then WEXTRAFLAGS="$WEXTRAFLAGS -Wno-error=incompatible-library-redeclaration" ; fi # workaround |
|
cb0806413220
TravisCI: fix linux + clang compile
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1244
diff
changeset
|
53 |
| 1566 | 54 install: |
|
1578
fdadac70ee67
add -fsanitize=address for fuzz test again
Matt Johnston <matt@ucc.asn.au>
parents:
1572
diff
changeset
|
55 - autoconf |
|
fdadac70ee67
add -fsanitize=address for fuzz test again
Matt Johnston <matt@ucc.asn.au>
parents:
1572
diff
changeset
|
56 - autoheader |
|
1579
8c1f762c6e9d
print config.log on failure
Matt Johnston <matt@ucc.asn.au>
parents:
1578
diff
changeset
|
57 - ./configure $CONFIGURE_FLAGS CFLAGS="-O2 -Wall -Wno-pointer-sign $WEXTRAFLAGS $EXTRACFLAGS" --prefix="$HOME/inst" || (cat config.log; exit 1) |
|
1262
71698088bdac
TravisCI: re-enable MULTI=1 & NOWRITEV=1 builds on OSX, fixes d416a9b
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1245
diff
changeset
|
58 - if [ "$NOWRITEV" = "1" ]; then sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h ; fi |
| 1680 | 59 - make lint |
| 1291 | 60 - make -j3 |
|
1578
fdadac70ee67
add -fsanitize=address for fuzz test again
Matt Johnston <matt@ucc.asn.au>
parents:
1572
diff
changeset
|
61 - test -z $DO_FUZZ || make fuzzstandalone |
| 1291 | 62 # avoid concurrent install, osx/freebsd is racey (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208093) |
| 63 - make install | |
|
1240
87a43bf49e37
TravisCI: modify to run builds in container
Chocobo1 <Chocobo1@users.noreply.github.com>
parents:
1142
diff
changeset
|
64 |
| 1566 | 65 script: |
| 915 | 66 - ~/inst/bin/dropbearkey -t rsa -f testrsa |
| 67 - ~/inst/bin/dropbearkey -t dss -f testdss | |
| 68 - ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256 | |
| 69 - ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384 | |
| 70 - ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521 | |
|
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1583
diff
changeset
|
71 - ~/inst/bin/dropbearkey -t ed25519 -f tested25519 |
| 1566 | 72 - test -z $DO_FUZZ || ./fuzzers_test.sh |
| 1486 | 73 |
| 74 branches: | |
| 75 only: | |
| 76 - master | |
| 77 - coverity | |
| 78 |