# HG changeset patch # User Matt Johnston # Date 1516718767 -28800 # Node ID 4afde04f0607d7cdabe6a2b98c6616b3ad739ca5 # Parent 5b25d86b865b66084f1253c2fd4ba0209dfab9b4# Parent ef310db5ccec4e20d703f4c97547ee69711fb2c6 merge up to date diff -r 5b25d86b865b -r 4afde04f0607 INSTALL --- a/INSTALL Mon Aug 14 00:00:10 2017 +0800 +++ b/INSTALL Tue Jan 23 22:46:07 2018 +0800 @@ -22,7 +22,11 @@ See MULTI for instructions on making all-in-one binaries. -If you want to compile statically, add "STATIC=1" to the make command-line. +If you want to compile statically use ./configure --enable-static + +By default Dropbear adds various build flags that improve robustness +against programming bugs (good for security) - if these cause problems +they can be disabled with ./configure --disable-harden Binaries can be stripped with "make strip" diff -r 5b25d86b865b -r 4afde04f0607 Makefile.in --- a/Makefile.in Mon Aug 14 00:00:10 2017 +0800 +++ b/Makefile.in Tue Jan 23 22:46:07 2018 +0800 @@ -2,12 +2,11 @@ # @configure_input@ # invocation: -# make PROGRAMS="dropbear dbclient scp" MULTI=1 STATIC=1 SCPPROGRESS=1 +# make PROGRAMS="dropbear dbclient scp" MULTI=1 SCPPROGRESS=1 # -# to make a multiple-program statically linked binary "staticdropbearmulti". +# to make a multiple-program binary "dropbearmulti". # This example will include dropbear, scp, dropbearkey, dropbearconvert, and # dbclient functionality, and includes the progress-bar functionality in scp. -# Hopefully that seems intuitive. ifndef PROGRAMS PROGRAMS=dropbear dbclient dropbearkey dropbearconvert @@ -35,7 +34,7 @@ atomicio.o compat.o fake-rfc2553.o \ ltc_prng.o ecc.o ecdsa.o crypto_desc.o \ dbmalloc.o \ - gensignkey.o gendss.o genrsa.o + gensignkey.o gendss.o genrsa.o SVROBJS=svr-kex.o svr-auth.o sshpty.o \ svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o \ @@ -99,6 +98,8 @@ EXEEXT=@EXEEXT@ +STATIC=@STATIC@ + # whether we're building client, server, or both for the common objects. # evilness so we detect 'dropbear' by itself as a word space:= $(empty) $(empty) @@ -120,7 +121,7 @@ endif ifeq ($(MULTI), 1) - TARGETS=dropbearmulti + TARGETS=dropbearmulti$(EXEEXT) else TARGETS=$(PROGRAMS) endif @@ -137,14 +138,14 @@ install: $(addprefix inst_, $(TARGETS)) -insmultidropbear: dropbearmulti +insmultidropbear: dropbearmulti$(EXEEXT) $(INSTALL) -d $(DESTDIR)$(sbindir) -rm -f $(DESTDIR)$(sbindir)/dropbear$(EXEEXT) -ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/dropbear$(EXEEXT) $(INSTALL) -d $(DESTDIR)$(mandir)/man8 $(INSTALL) -m 644 $(srcdir)/dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8 -insmulti%: dropbearmulti +insmulti%: dropbearmulti$(EXEEXT) $(INSTALL) -d $(DESTDIR)$(bindir) -rm -f $(DESTDIR)$(bindir)/$*$(EXEEXT) -ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)/$*$(EXEEXT) @@ -224,8 +225,9 @@ clean: ltc-clean ltm-clean thisclean thisclean: - -rm -f dropbear dbclient dropbearkey dropbearconvert scp scp-progress \ - dropbearmulti *.o *.da *.bb *.bbg *.prof + -rm -f dropbear$(EXEEXT) dbclient$(EXEEXT) dropbearkey$(EXEEXT) \ + dropbearconvert$(EXEEXT) scp$(EXEEXT) scp-progress$(EXEEXT) \ + dropbearmulti$(EXEEXT) *.o *.da *.bb *.bbg *.prof distclean: clean tidy -rm -f config.h diff -r 5b25d86b865b -r 4afde04f0607 configure.ac --- a/configure.ac Mon Aug 14 00:00:10 2017 +0800 +++ b/configure.ac Tue Jan 23 22:46:07 2018 +0800 @@ -33,9 +33,20 @@ [AC_MSG_RESULT(no); CFLAGS="$OLDCFLAGS" ] ) +STATIC=0 +AC_ARG_ENABLE(static, + [ --enable-static Build static binaries], + [ + if test "x$enableval" = "xyes"; then + STATIC=1 + AC_MSG_NOTICE(Static Build) + fi + ], []) +AC_SUBST(STATIC) + hardenbuild=1 AC_ARG_ENABLE(harden, - [ --disable-harden Don't set hardened build flags], + [ --disable-harden Don't set hardened build flags], [ if test "x$enableval" = "xno"; then hardenbuild=0 @@ -45,37 +56,40 @@ if test "$hardenbuild" -eq 1; then AC_MSG_NOTICE(Checking for available hardened build flags:) - # pie - OLDCFLAGS="$CFLAGS" - TESTFLAGS="-fPIE" - CFLAGS="$CFLAGS $TESTFLAGS" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_NOTICE([Setting $TESTFLAGS])], - [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ] - ) - OLDLDFLAGS="$LDFLAGS" - TESTFLAGS="-Wl,-pie" - LDFLAGS="$LDFLAGS $TESTFLAGS" - AC_LINK_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_NOTICE([Setting $TESTFLAGS])], - [ - LDFLAGS="$OLDLDFLAGS" - TESTFLAGS="-pie" - LDFLAGS="$LDFLAGS $TESTFLAGS" - AC_LINK_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_NOTICE([Setting $TESTFLAGS])], - [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ] - ) - ] - ) - # readonly elf relocation sections (relro) - OLDLDFLAGS="$LDFLAGS" - TESTFLAGS="-Wl,-z,now -Wl,-z,relro" - LDFLAGS="$LDFLAGS $TESTFLAGS" - AC_LINK_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_NOTICE([Setting $TESTFLAGS])], - [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ] - ) + # relocation flags don't make sense for static builds + if test "$STATIC" -ne 1; then + # pie + OLDCFLAGS="$CFLAGS" + TESTFLAGS="-fPIE" + CFLAGS="$CFLAGS $TESTFLAGS" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_NOTICE([Setting $TESTFLAGS])], + [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ] + ) + OLDLDFLAGS="$LDFLAGS" + TESTFLAGS="-Wl,-pie" + LDFLAGS="$LDFLAGS $TESTFLAGS" + AC_LINK_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_NOTICE([Setting $TESTFLAGS])], + [ + LDFLAGS="$OLDLDFLAGS" + TESTFLAGS="-pie" + LDFLAGS="$LDFLAGS $TESTFLAGS" + AC_LINK_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_NOTICE([Setting $TESTFLAGS])], + [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ] + ) + ] + ) + # readonly elf relocation sections (relro) + OLDLDFLAGS="$LDFLAGS" + TESTFLAGS="-Wl,-z,now -Wl,-z,relro" + LDFLAGS="$LDFLAGS $TESTFLAGS" + AC_LINK_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_NOTICE([Setting $TESTFLAGS])], + [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ] + ) + fi # non-static # stack protector. -strong is good but only in gcc 4.9 or later OLDCFLAGS="$CFLAGS" TESTFLAGS="-fstack-protector-strong" @@ -230,7 +244,7 @@ AC_ARG_ENABLE(pam, - [ --enable-pam Try to include PAM support], + [ --enable-pam Try to include PAM support], [ if test "x$enableval" = "xyes"; then AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check config.log ***])) @@ -827,6 +841,7 @@ AS_MKDIR_P(libtomcrypt/src/modes/ofb) AS_MKDIR_P(libtomcrypt/src/modes/f8) AS_MKDIR_P(libtomcrypt/src/modes/lrw) +AS_MKDIR_P(libtomcrypt/src/modes/xts) AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/bit) AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/boolean) AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/choice) diff -r 5b25d86b865b -r 4afde04f0607 dbutil.c --- a/dbutil.c Mon Aug 14 00:00:10 2017 +0800 +++ b/dbutil.c Tue Jan 23 22:46:07 2018 +0800 @@ -514,7 +514,7 @@ void m_close(int fd) { int val; - if (fd == -1) { + if (fd < 0) { return; } diff -r 5b25d86b865b -r 4afde04f0607 default_options.h --- a/default_options.h Mon Aug 14 00:00:10 2017 +0800 +++ b/default_options.h Tue Jan 23 22:46:07 2018 +0800 @@ -10,7 +10,7 @@ used if it exists. Options defined there will override any options in this file (#ifndef guards added by ifndef_wrapper.sh). -Options can also be defined with -DDROPBEAR_XXX Makefile CFLAGS +Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS IMPORTANT: Many options will require "make clean" after changes */ @@ -198,6 +198,13 @@ #define DROPBEAR_ECDSA 1 #endif +/* RSA must be >=1024 */ +#ifndef DROPBEAR_DEFAULT_RSA_SIZE +#define DROPBEAR_DEFAULT_RSA_SIZE 2048 +#endif +/* DSS is always 1024 */ +/* ECDSA defaults to largest size configured, usually 521 */ + /* Add runtime flag "-R" to generate hostkeys as-needed when the first connection using that key type occurs. This avoids the need to otherwise run "dropbearkey" and avoids some problems @@ -373,7 +380,8 @@ #define MAX_UNAUTH_CLIENTS 30 #endif -/* Maximum number of failed authentication tries (server option) */ +/* Default maximum number of failed authentication tries (server option) */ +/* -T runtime option overrides */ #ifndef MAX_AUTH_TRIES #define MAX_AUTH_TRIES 10 #endif diff -r 5b25d86b865b -r 4afde04f0607 default_options.h.in --- a/default_options.h.in Mon Aug 14 00:00:10 2017 +0800 +++ b/default_options.h.in Tue Jan 23 22:46:07 2018 +0800 @@ -10,7 +10,7 @@ used if it exists. Options defined there will override any options in this file (#ifndef guards added by ifndef_wrapper.sh). -Options can also be defined with -DDROPBEAR_XXX Makefile CFLAGS +Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS IMPORTANT: Many options will require "make clean" after changes */ @@ -130,6 +130,11 @@ * on x86-64 */ #define DROPBEAR_ECDSA 1 +/* RSA must be >=1024 */ +#define DROPBEAR_DEFAULT_RSA_SIZE 2048 +/* DSS is always 1024 */ +/* ECDSA defaults to largest size configured, usually 521 */ + /* Add runtime flag "-R" to generate hostkeys as-needed when the first connection using that key type occurs. This avoids the need to otherwise run "dropbearkey" and avoids some problems @@ -253,7 +258,8 @@ * come from many IPs */ #define MAX_UNAUTH_CLIENTS 30 -/* Maximum number of failed authentication tries (server option) */ +/* Default maximum number of failed authentication tries (server option) */ +/* -T server option overrides */ #define MAX_AUTH_TRIES 10 /* The default file to store the daemon's process ID, for shutdown diff -r 5b25d86b865b -r 4afde04f0607 dropbear.8 --- a/dropbear.8 Mon Aug 14 00:00:10 2017 +0800 +++ b/dropbear.8 Tue Jan 23 22:46:07 2018 +0800 @@ -91,6 +91,9 @@ .B \-I \fIidle_timeout Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds. .TP +.B \-T \fImax_authentication_attempts +Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES) +.TP .B \-c \fIforced_command Disregard the command provided by the user and always run \fIforced_command\fR. This also overrides any authorized_keys command= option. diff -r 5b25d86b865b -r 4afde04f0607 dropbearkey.c --- a/dropbearkey.c Mon Aug 14 00:00:10 2017 +0800 +++ b/dropbearkey.c Tue Jan 23 22:46:07 2018 +0800 @@ -139,7 +139,7 @@ enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE; char * typetext = NULL; char * sizetext = NULL; - unsigned int bits = 0; + unsigned int bits = 0, genbits; int printpub = 0; crypto_init(); @@ -240,7 +240,8 @@ check_signkey_bits(keytype, bits);; } - fprintf(stderr, "Generating key, this may take a while...\n"); + genbits = signkey_generate_get_bits(keytype, bits); + fprintf(stderr, "Generating %d bit %s key, this may take a while...\n", genbits, typetext); if (signkey_generate(keytype, bits, filename, 0) == DROPBEAR_FAILURE) { dropbear_exit("Failed to generate key.\n"); diff -r 5b25d86b865b -r 4afde04f0607 gensignkey.c --- a/gensignkey.c Mon Aug 14 00:00:10 2017 +0800 +++ b/gensignkey.c Tue Jan 23 22:46:07 2018 +0800 @@ -7,9 +7,6 @@ #include "signkey.h" #include "dbrandom.h" -#define RSA_DEFAULT_SIZE 2048 -#define DSS_DEFAULT_SIZE 1024 - /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ static int buf_writefile(buffer * buf, const char * filename) { int ret = DROPBEAR_FAILURE; @@ -55,11 +52,12 @@ switch (keytype) { #if DROPBEAR_RSA case DROPBEAR_SIGNKEY_RSA: - return RSA_DEFAULT_SIZE; + return DROPBEAR_DEFAULT_RSA_SIZE; #endif #if DROPBEAR_DSS case DROPBEAR_SIGNKEY_DSS: - return DSS_DEFAULT_SIZE; + /* DSS for SSH only defines 1024 bits */ + return 1024; #endif #if DROPBEAR_ECDSA case DROPBEAR_SIGNKEY_ECDSA_KEYGEN: @@ -76,6 +74,14 @@ } } +int signkey_generate_get_bits(enum signkey_type keytype, int bits) { + if (bits == 0) + { + bits = get_default_bits(keytype); + } + return bits; +} + /* if skip_exist is set it will silently return if the key file exists */ int signkey_generate(enum signkey_type keytype, int bits, const char* filename, int skip_exist) { @@ -83,10 +89,7 @@ buffer *buf = NULL; char *fn_temp = NULL; int ret = DROPBEAR_FAILURE; - if (bits == 0) - { - bits = get_default_bits(keytype); - } + bits = signkey_generate_get_bits(keytype, bits); /* now we can generate the key */ key = new_sign_key(); diff -r 5b25d86b865b -r 4afde04f0607 gensignkey.h --- a/gensignkey.h Mon Aug 14 00:00:10 2017 +0800 +++ b/gensignkey.h Tue Jan 23 22:46:07 2018 +0800 @@ -4,5 +4,6 @@ #include "signkey.h" int signkey_generate(enum signkey_type type, int bits, const char* filename, int skip_exist); +int signkey_generate_get_bits(enum signkey_type keytype, int bits); #endif diff -r 5b25d86b865b -r 4afde04f0607 libtomcrypt/Makefile.in --- a/libtomcrypt/Makefile.in Mon Aug 14 00:00:10 2017 +0800 +++ b/libtomcrypt/Makefile.in Tue Jan 23 22:46:07 2018 +0800 @@ -9,7 +9,8 @@ PLATFORM := $(shell uname | sed -e 's/_.*//') -srcdir=. +VPATH=@srcdir@ +srcdir=@srcdir@ # Compiler and Linker Names #CC=gcc diff -r 5b25d86b865b -r 4afde04f0607 libtommath/Makefile.in --- a/libtommath/Makefile.in Mon Aug 14 00:00:10 2017 +0800 +++ b/libtommath/Makefile.in Tue Jan 23 22:46:07 2018 +0800 @@ -2,7 +2,8 @@ # #Tom St Denis -srcdir=. +VPATH=@srcdir@ +srcdir=@srcdir@ # So that libtommath can include Dropbear headers for options and m_burn() CFLAGS += -I$(srcdir) -I../libtomcrypt/src/headers/ -I$(srcdir)/../libtomcrypt/src/headers/ -I../ -I$(srcdir)/../ @@ -26,8 +27,6 @@ coverage: LIBNAME:=-Wl,--whole-archive $(LIBNAME) -Wl,--no-whole-archive -include makefile.include - LCOV_ARGS=--directory . #START_INS diff -r 5b25d86b865b -r 4afde04f0607 options.h --- a/options.h Mon Aug 14 00:00:10 2017 +0800 +++ b/options.h Tue Jan 23 22:46:07 2018 +0800 @@ -2,6 +2,8 @@ #define DROPBEAR_OPTIONS_H /* + > > > Don't edit this file any more! < < < + Local compile-time configuration should be defined in localoptions.h See default_options.h.in for a description of the available options. */ diff -r 5b25d86b865b -r 4afde04f0607 runopts.h --- a/runopts.h Mon Aug 14 00:00:10 2017 +0800 +++ b/runopts.h Tue Jan 23 22:46:07 2018 +0800 @@ -96,6 +96,7 @@ int noauthpass; int norootpass; int allowblankpass; + unsigned int maxauthtries; #if DROPBEAR_SVR_REMOTETCPFWD int noremotetcp; diff -r 5b25d86b865b -r 4afde04f0607 svr-auth.c --- a/svr-auth.c Mon Aug 14 00:00:10 2017 +0800 +++ b/svr-auth.c Tue Jan 23 22:46:07 2018 +0800 @@ -368,7 +368,7 @@ ses.authstate.failcount++; } - if (ses.authstate.failcount >= MAX_AUTH_TRIES) { + if (ses.authstate.failcount >= svr_opts.maxauthtries) { char * userstr; /* XXX - send disconnect ? */ TRACE(("Max auth tries reached, exiting")) diff -r 5b25d86b865b -r 4afde04f0607 svr-authpubkey.c --- a/svr-authpubkey.c Mon Aug 14 00:00:10 2017 +0800 +++ b/svr-authpubkey.c Tue Jan 23 22:46:07 2018 +0800 @@ -196,7 +196,7 @@ int ret = DROPBEAR_FAILURE; if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) { - TRACE(("checkpubkey: bad line length %d", line->len)) + TRACE(("checkpubkey_line: bad line length %d", line->len)) return DROPBEAR_FAILURE; } @@ -261,7 +261,7 @@ /* check for space (' ') character */ if (buf_getbyte(line) != ' ') { - TRACE(("checkpubkey: space character expected, isn't there")) + TRACE(("checkpubkey_line: space character expected, isn't there")) goto out; } @@ -273,7 +273,7 @@ buf_setpos(line, pos); buf_setlen(line, line->pos + len); - TRACE(("checkpubkey: line pos = %d len = %d", line->pos, line->len)) + TRACE(("checkpubkey_line: line pos = %d len = %d", line->pos, line->len)) ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algo, algolen, line, NULL); @@ -361,8 +361,8 @@ } line_num++; - if (checkpubkey_line(line, line_num, filename, - algo, algolen, keyblob, keybloblen) == DROPBEAR_SUCCESS) { + ret = checkpubkey_line(line, line_num, filename, algo, algolen, keyblob, keybloblen); + if (ret == DROPBEAR_SUCCESS) { break; } diff -r 5b25d86b865b -r 4afde04f0607 svr-runopts.c --- a/svr-runopts.c Mon Aug 14 00:00:10 2017 +0800 +++ b/svr-runopts.c Tue Jan 23 22:46:07 2018 +0800 @@ -73,6 +73,7 @@ "-g Disable password logins for root\n" "-B Allow blank password logins\n" #endif + "-T Maximum authentication tries (default %d)\n" #if DROPBEAR_SVR_LOCALTCPFWD "-j Disable local port forwarding\n" #endif @@ -107,6 +108,7 @@ #if DROPBEAR_ECDSA ECDSA_PRIV_FILENAME, #endif + MAX_AUTH_TRIES, DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); } @@ -119,6 +121,7 @@ char* recv_window_arg = NULL; char* keepalive_arg = NULL; char* idle_timeout_arg = NULL; + char* maxauthtries_arg = NULL; char* keyfile = NULL; char c; @@ -132,6 +135,7 @@ svr_opts.noauthpass = 0; svr_opts.norootpass = 0; svr_opts.allowblankpass = 0; + svr_opts.maxauthtries = MAX_AUTH_TRIES; svr_opts.inetdmode = 0; svr_opts.portcount = 0; svr_opts.hostkey = NULL; @@ -235,6 +239,9 @@ case 'I': next = &idle_timeout_arg; break; + case 'T': + next = &maxauthtries_arg; + break; #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH case 's': svr_opts.noauthpass = 1; @@ -331,6 +338,16 @@ dropbear_exit("Bad recv window '%s'", recv_window_arg); } } + + if (maxauthtries_arg) { + unsigned int val = 0; + if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE + || val == 0) { + dropbear_exit("Bad maxauthtries '%s'", maxauthtries_arg); + } + svr_opts.maxauthtries = val; + } + if (keepalive_arg) { unsigned int val; diff -r 5b25d86b865b -r 4afde04f0607 sysoptions.h --- a/sysoptions.h Mon Aug 14 00:00:10 2017 +0800 +++ b/sysoptions.h Tue Jan 23 22:46:07 2018 +0800 @@ -235,11 +235,13 @@ #define DROPBEAR_VFORK 1 #endif +#ifndef DROPBEAR_LISTEN_BACKLOG #if MAX_UNAUTH_CLIENTS > MAX_CHANNELS #define DROPBEAR_LISTEN_BACKLOG MAX_UNAUTH_CLIENTS #else #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS #endif +#endif #ifndef DROPBEAR_NONE_CIPHER #define DROPBEAR_NONE_CIPHER 0