changeset 1006:0aa1feb8adda coverity

merge
author Matt Johnston <matt@ucc.asn.au>
date Wed, 28 Jan 2015 22:49:55 +0800
parents e75316906852 (current diff) f19be6a28d7e (diff)
children 37c510c2ac7c
files
diffstat 9 files changed, 41 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES	Wed Jan 28 21:40:34 2015 +0800
+++ b/CHANGES	Wed Jan 28 22:49:55 2015 +0800
@@ -1,3 +1,32 @@
+2015.67 - Wednesday 28 January 2015
+
+- Call fsync() after generating private keys to ensure they aren't lost if a
+  reboot occurs. Thanks to Peter Korsgaard
+
+- Disable non-delayed zlib compression by default on the server. Can be
+  enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB
+
+- Default client key path ~/.ssh/id_dropbear
+
+- Prefer stronger algorithms by default, from Fedor Brunner. 
+  AES256 over 3DES
+  Diffie-hellman group14 over group1
+
+- Add option to disable CBC ciphers.
+
+- Disable twofish in default options.h
+
+- Enable sha2 HMAC algorithms by default, the code was already required
+  for ECC key exchange. sha1 is the first preference still for performance. 
+
+- Fix installing dropbear.8 in a separate build directory, from Like Ma
+
+- Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusamäe
+
+- Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea
+
+- Minor bug fixes, a few issues found by Coverity scan
+
 2014.66 - Thursday 23 October 2014
 
 - Use the same keepalive handling behaviour as OpenSSH. This will work better 
--- a/configure.ac	Wed Jan 28 21:40:34 2015 +0800
+++ b/configure.ac	Wed Jan 28 22:49:55 2015 +0800
@@ -660,6 +660,7 @@
 AC_EXEEXT
 
 # XXX there must be a nicer way to do this
+if test $BUNDLED_LIBTOM = 1 ; then
 AS_MKDIR_P(libtomcrypt/src/ciphers/aes)
 AS_MKDIR_P(libtomcrypt/src/ciphers/safer)
 AS_MKDIR_P(libtomcrypt/src/ciphers/twofish)
@@ -710,8 +711,10 @@
 AS_MKDIR_P(libtomcrypt/src/pk/pkcs1)
 AS_MKDIR_P(libtomcrypt/src/pk/rsa)
 AS_MKDIR_P(libtomcrypt/src/prngs)
+LIBTOM_FILES="libtomcrypt/Makefile libtommath/Makefile"
+fi
 AC_CONFIG_HEADER(config.h)
-AC_CONFIG_FILES(Makefile libtomcrypt/Makefile libtommath/Makefile)
+AC_CONFIG_FILES(Makefile $LIBTOM_FILES)
 AC_OUTPUT
 
 AC_MSG_NOTICE()
--- a/dbclient.1	Wed Jan 28 21:40:34 2015 +0800
+++ b/dbclient.1	Wed Jan 28 22:49:55 2015 +0800
@@ -33,7 +33,7 @@
 Read the identity key from file
 .I idfile
 (multiple allowed). This file is created with dropbearkey(1) or converted
-from OpenSSH with dropbearconvert(1).
+from OpenSSH with dropbearconvert(1). The default path ~/.ssh/id_dropbear is used
 .TP
 .B \-L [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR
 Local port forwarding.
--- a/dbutil.h	Wed Jan 28 21:40:34 2015 +0800
+++ b/dbutil.h	Wed Jan 28 22:49:55 2015 +0800
@@ -91,7 +91,7 @@
 void * m_malloc(size_t size);
 void * m_strdup(const char * str);
 void * m_realloc(void* ptr, size_t size);
-#define m_free(X) free(X); (X) = NULL;
+#define m_free(X) do {free(X); (X) = NULL;} while (0); 
 void m_burn(void* data, unsigned int len);
 void setnonblocking(int fd);
 void disallow_core();
--- a/dropbearconvert.1	Wed Jan 28 21:40:34 2015 +0800
+++ b/dropbearconvert.1	Wed Jan 28 22:49:55 2015 +0800
@@ -39,9 +39,9 @@
 An existing Dropbear or OpenSSH private key file
 .TP
 .B output file
-The path to write the converted private key file
+The path to write the converted private key file. For client authentication ~/.ssh/id_dropbear is loaded by default
 .SH EXAMPLE
- # dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/dropbear_priv
+ # dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_dropbear
 .SH AUTHOR
 Matt Johnston ([email protected]).
 .SH SEE ALSO
--- a/dropbearkey.1	Wed Jan 28 21:40:34 2015 +0800
+++ b/dropbearkey.1	Wed Jan 28 22:49:55 2015 +0800
@@ -33,7 +33,7 @@
 .TP
 .B \-f \fIfile
 Write the secret key to the file
-.IR file .
+.IR file . For client authentication ~/.ssh/id_dropbear is loaded by default
 .TP
 .B \-s \fIbits
 Set the key size to
--- a/ecdsa.c	Wed Jan 28 21:40:34 2015 +0800
+++ b/ecdsa.c	Wed Jan 28 22:49:55 2015 +0800
@@ -131,6 +131,7 @@
 
 	if (buf_getmpint(buf, new_key->k) != DROPBEAR_SUCCESS) {
 		ecc_free(new_key);
+		m_free(new_key);
 		return NULL;
 	}
 
--- a/keyimport.c	Wed Jan 28 21:40:34 2015 +0800
+++ b/keyimport.c	Wed Jan 28 22:49:55 2015 +0800
@@ -810,7 +810,7 @@
 	}
 	m_burn(key->keyblob, key->keyblob_size);
 	m_free(key->keyblob);
-	m_burn(key, sizeof(key));
+	m_burn(key, sizeof(*key));
 	m_free(key);
 	if (errmsg) {
 		fprintf(stderr, "Error: %s\n", errmsg);
--- a/svr-main.c	Wed Jan 28 21:40:34 2015 +0800
+++ b/svr-main.c	Wed Jan 28 22:49:55 2015 +0800
@@ -343,6 +343,7 @@
 
 	sa_chld.sa_handler = sigchld_handler;
 	sa_chld.sa_flags = SA_NOCLDSTOP;
+	sigemptyset(&sa_chld.sa_mask);
 	if (sigaction(SIGCHLD, &sa_chld, NULL) < 0) {
 		dropbear_exit("signal() error");
 	}