Mercurial > dropbear
changeset 1355:3fdd8c5a0195 fuzz
merge main to fuzz
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 18 May 2017 23:45:10 +0800 |
parents | 7618759e9327 (current diff) bbc0a0ee3843 (diff) |
children | 3677a510f545 |
files | Makefile.in buffer.c common-kex.c dbrandom.c netio.c runopts.h svr-auth.c svr-runopts.c svr-session.c |
diffstat | 88 files changed, 2149 insertions(+), 1606 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgsigs Thu May 18 23:38:30 2017 +0800 +++ b/.hgsigs Thu May 18 23:45:10 2017 +0800 @@ -20,3 +20,6 @@ 5bb5976e6902a0c9fba974a880c68c9487ee1e77 0 iQIcBAABCgAGBQJWVyIKAAoJEESTFJTynGdzQosP/0k5bVTerpUKZLjyNuMU8o0eyc7njkX8EyMOyGbtcArKpzO2opSBTRsuCT9Zsk1iiQ1GMTY1quKD7aNr86Hipqo4th/+ZXmLe9mmaCDukKjD0ZYC4dBVUy6RSUAMvdkDP9sZs7CMTO/22a9SqOsKTv3s2NN6XnsBGnmNbvVx5hkAk5hMVNFrjKIaexzI/7bWQIDRo2HQCaWaL06JvWEDSEQd2mynGSXxT/+m4hBnuGg6qxn2pd4XfG0g10tDAFx64HQkWgZqSB+F8z71Cvfjondy1zjJYgtABqNlwCKQJZhRUW2+PblqQnz08TUy83XN2vtisOju4avGcHSaBgBbMvg8Wx4ZtM7sPP9pLrhhOTd5ceERHeTceTJy+iI1SQFvccjrRfs5aJ0zAQX5q6f4bV0zp5SmxkvnZUEkZIoetkM8VrPOYugqx31LtHAWfVT9NM+VkV/rrxLhk6J0giIQvC9MPWxRDileFVDszPiOgTLcxWjOziOLT+xijcj7dtx1b/f2bNCduN5G7i+icjjTlCNtyRPRqhBqn705W7F+xESP2gsscM/1BjQ7TGidU5m1njdkUjbrqm3+Qic6iqkG7SfETHmQB9mHqpJ0hACRPvZlhwB7oimNHllkrlw8UJw9f0SiuLjfERIgVS2EOp+mAia0RU7MlTt19o017M1ffEYL 926e7275cef4f4f2a4251597ee4814748394824c 0 iQIcBAABCgAGBQJWYES4AAoJEESTFJTynGdzdT0P/0O/1frevtr698DwMe6kmJx35P6Bqq8szntMxYucv0HROTfr85JRcCCSvl/2SflDS215QmOxdvYLGLUWPJNz/gURCLpzsT88KLF68Y1tC72nl4Fj+LGIOlsWsvwEqQqw0v4iQkHIfcxI6q7g1r9Hfldf/ju4bzQ4HnKLxm6KNcLLoAsuehVpQ+njHpLmlLAGHU5a84B7xeXHFR+U/EBPxSdm637rNhmpLpkuK2Mym/Mzv7BThKDstpB8lhFHIwAVNqi3Cy4nGYxFZOJpooUN9pDornqAwuzHmOAMs9+49L8GZ1de5PBRGyFKibzjBIUWPEU9EIkfJVaVwTlqYK8Q/IRi9HjITPx6GpE8cZhdSvAibrQdb6BbIDrZ8eCvD9vnod6Uk0Jb9/ui6nCF9x+CN/3Qez4epV5+JCMYsqCiXFkVPm9Lab6L2eGZis7Q2TXImA/sSV+E4BGfH2urpkKlnuXTTtDp4XRG+lOISkIBXgjVY+uy8soVKNdx1gv+LeY8hu/oQ2NyOlaOeL47aSQ3who4Pk6pVRUOl6zfcKo9Vs6xDWm35A3Z6x/mrAENaXasB0JrfY5nIbefJUpbeSmi76fYldU98HdQNHPHCSeiKVYl7v/B6gi2JXp5xngLZz/5VVAurago7sRmpIp7G/AqU6LNE85IUzG8aQz8AfR0d1dW fd1981f41c626a969f07b4823848deaefef3c8aa 0 iQIcBAABCgAGBQJW4W2TAAoJEESTFJTynGdzuOcP/j6tvB2WRwSj39KoJuRcRebFWWv4ZHiQXYMXWa3X0Ppzz52r9W0cXDjjlp5FyGdovCQsK+IXmjPo5cCvWBrZJYA6usFr9ssnUtTC+45lvPxPYwj47ZGPngCXDt7LD+v08XhqCu4LsctXIP/zejd30KVS1eR2RHI+tnEyaIKC0Xaa0igcv74MZX7Q8/U+B730QMX5adfYAHoeyRhoctRWaxVV3To7Vadd9jNXP45MRY5auhRcK7XyQcS85vJeCRoysfDUas4ERRQWYkX+68GyzO9GrkYFle931Akw2K6ZZfUuiC2TrF5xv1eRP1Zm2GX481U4ZGFTI8IzZL8sVQ6tvzq2Mxsecu589JNui9aB2d8Gp2Su/E2zn0h0ShIRmviGzf2HiBt+Bnji5X2h/fJKWbLaWge0MdOU5Jidfyh9k0YT7xo4piJLJYSaZ3nv+j4jTYnTfL7uYvuWbYkJ1T32aQVCan7Eup3BFAgQjzbWYi1XQVg6fvu8uHPpS3tNNA9EAMeeyTyg1l6zI2EIU5gPfd/dKmdyotY2lZBkFZNJqFkKRZuzjWekcw7hAxS+Bd68GKklt/DGrQiVycAgimqwXrfkzzQagawq2fXL2uXB8ghlsyxKLSQPnAtBF2Jcn5FH2z7HOQ+e18ZrFfNy0cYa/4OdH6K5aK1igTzhZZP2Urn0 +70705edee9dd29cd3d410f19fbd15cc3489313e2 0 iQIcBAABCgAGBQJW7CQRAAoJEESTFJTynGdzTj0QAJL38CKSZthBAeI9c6B+IlwIeT6kPZaPqk1pkycCTWOe87NiNU9abrsF+JrjTuRQiO1EpM2IvfQEIXTijUcMxvld3PnzrZDDv6UvBLtOkn3i++HSVRO0MOuTKI8gFDEPUxRtcaCKXEbqYnf1OTK25FT09Vb//qP9mK1thvlLJmbV+D2a9MkMK66rom1d1h+347IsuwsM+ycHjB80VVAQLA7VYLC5YIwmL17dSmcQLvetfikAMwwmUE+KES4qiLSaqOcAWcKcU67RZzgMMv5o0rESlQmv1nj0mHZtHoUR71sd21emPaRXLOr0oT5YogWUphKq2qVthRn2B06+vd3hPdtn92CmJw9j7zT2jl4OeSjNm9qfAajsRzHIANssFxkGAb7w/LxcMoO29JC+01iUUJMdOVm+4Ns6wGI7qxssWPKdB+VbQUDlHrXLR+sopO524uhkYoWB6DVfTj4R6tImaHtj5/VXON0lsYaLGj8cSH60emL6nNQ0lYV/bSlk6l0s+0x3uXGZnp9oKA+vqMzHfG3vJeMm6KUqtFVjUsYx+q8nHm5/SlWxj1EwnkH8s8ELKZAUXjd76nWEwJ7JFRNRSQWvjOUh3/rsOo4JopzZXPsjCjm+Vql9TG0X6hB21noai32oD5RvfhtR/NX6sXNS5TKZz/j/cMsMnAAsSKb6W7Jm +9030ffdbe5625e35ed7189ab84a41dfc8d413e9c 0 iQIcBAABCgAGBQJXkOg0AAoJEESTFJTynGdzc1kP/3vSKCnhOOvjCjnpTQadYcCUq8vTNnfLHYVu0R4ItPa/jT6RmxoaYP+lZnLnnBx9+aX7kzwHsa9BUX3MbMEyLrOzX2I+bDJbNPhQyupyCuPYlf5Q9KVcO9YlpbsC4q5XBzCn3j2+pT8kSfi9uD8fgY3TgE4w9meINrfQAealfjwMLT8S/I49/ni0r+usSfk/dnSShJYDUO7Ja0VWbJea/GkkZTu30bCnMUZPjRApipU3hPP63WFjkSMT1rp2mAXbWqyr9lf8z32yxzM9nMSjq4ViRFzFlkGtE3EVRJ4PwkO7JuiWAMPJpiQcEr+r52cCsmWhiGyHuINo01MwoMO9/n6uL1WVa3mJcE9se3xBOvfgDu2FRFGCAdm1tef+AGVo9EG1uJXi0sX2yUc6DMeuYaRWrXMMlZh7zp9cuNU9Y/lLui9RFmq66yeXG3Z2B72doju3Ig5QGrNNw2AOsSzeHdAtOp6ychqPcl9QfIeJQG18KyPSefZKM3G8YRKBRIwXFEH6iZJe5ZIP4iXrHDMn2JqtTRtDqKR8VNDAgb9z4Ffx8QRxFyj5JzTTMM1GddHb9udLvTQlO0ULYG7hCSMRNzvUBE2aTw8frjLRyfyyg3QpDu/hz8op8s1ecE8rTCD8RuX9DiiylNozypPtGNS+UDbAmkc1PCWaRpPVl+9K6787 +5c9207ceedaea794f958224c19214d66af6e2d56 0 iQIzBAABCgAdFiEE9zR+8u4uB6JnYoypRJMUlPKcZ3MFAlkdtooACgkQRJMUlPKcZ3P6ZxAAmLy/buZB/d96DJF/pViRWt/fWdjQFC4MqWfeSLW02OZ8Qkm1vPL3ln6WPHC2thy3xZWVg2uan3pLk/XXnsIFu8Q7r1EAfFFpvlMUmdl7asE8V6ilaeqmiI7bIvGMFbf4cZkQliLjiFkJX56tFHRCNi+rb7WgRuru3/GzPXUq2AvXZvFpFJgik0B72TxVlmCKeBRZq1FvP0UhAH48RJWYJksdEyzh2paMfjX9ZO5Q2SFFrmPw6k2ArdJFC1AYcgceZC84y06RKJ0WiSntUPlEUXgQbQVVWbtQDhjfJXMr/beuroNdT/vsRraLVkAzvhaDXNnHlAJNLQxci+AcLpnzZhxMW+ax7RRtrpXGxRN4cs0lBGUcSkaDybFqMYXwEjXAE8w6fdJRWCIlxctkAW/iNEO4kAG97hI2Qwcw5oU2Ymnv09zyGR+XJE35pJqPulJHExdwanJHvmjH0QF7TNFS82yxS5dKnP954cj3Lu9SWGYWjxQJRmLtOwb+lqqol4VTxG7Ois4uef9/Tpp9skeMZXVeNlpn2wrp6iFcX3uiiVDg9VKkl3ig6UqCiqQSuiIN87RXwUOeHXlCnW3adz3Xei0ziBrwLSql7lBIHGEAlUUNmJ3CrR8IwQtcynGEMKfNIeZ/XK+uNlm9cJIqZf1fzqc8KexlyS9AS0i/kiYZTr4=
--- a/.hgtags Thu May 18 23:38:30 2017 +0800 +++ b/.hgtags Thu May 18 23:45:10 2017 +0800 @@ -52,3 +52,6 @@ 79a6ef02307d05cb9dda10465cb5b807baa8f62e DROPBEAR_2015.70 9a944a243f08be6b22d32f166a0690eb4872462b DROPBEAR_2015.71 78b12b6549be08b0bea3da329b2578060a76ca31 DROPBEAR_2016.72 +309e1c4a87682b6ca7d80b8555a1db416c3cb7ac DROPBEAR_2016.73 +0ed3d2bbf956cb8a9bf0f4b5a86b7dd9688205cb DROPBEAR_2016.74 +c31276613181c5cff7854e7ef586ace03424e55e DROPBEAR_2017.75
--- a/.travis.yml Thu May 18 23:38:30 2017 +0800 +++ b/.travis.yml Thu May 18 23:45:10 2017 +0800 @@ -41,7 +41,9 @@ script: - autoconf && autoheader && ./configure "$BUNDLEDLIBTOM" CFLAGS="-O2 -Wall -Wno-pointer-sign $WEXTRAFLAGS" --prefix="$HOME/inst" - if [ "$NOWRITEV" = "1" ]; then sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h ; fi - - make -j3 install + - make -j3 + # avoid concurrent install, osx/freebsd is racey (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208093) + - make install after_success: - ~/inst/bin/dropbearkey -t rsa -f testrsa
--- a/CHANGES Thu May 18 23:38:30 2017 +0800 +++ b/CHANGES Thu May 18 23:45:10 2017 +0800 @@ -1,3 +1,28 @@ +2017.75 - 18 May 2017 + +- Security: Fix double-free in server TCP listener cleanup + A double-free in the server could be triggered by an authenticated user if + dropbear is running with -a (Allow connections to forwarded ports from any host) + This could potentially allow arbitrary code execution as root by an authenticated user. + Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. + +- Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. + Dropbear parsed authorized_keys as root, even if it were a symlink. The fix + is to switch to user permissions when opening authorized_keys + + A user could symlink their ~/.ssh/authorized_keys to a root-owned file they + couldn't normally read. If they managed to get that file to contain valid + authorized_keys with command= options it might be possible to read other + contents of that file. + This information disclosure is to an already authenticated user. + Thanks to Jann Horn of Google Project Zero for reporting this. + +- Generate hostkeys with dropbearkey atomically and flush to disk with fsync + Thanks to Andrei Gherzan for a patch + +- Fix out of tree builds with bundled libtom + Thanks to Henrik Nordström and Peter Krefting for patches. + 2016.74 - 21 July 2016 - Security: Message printout was vulnerable to format string injection. @@ -9,16 +34,24 @@ A dbclient user who can control username or host arguments could potentially run arbitrary code as the dbclient user. This could be a problem if scripts or webpages pass untrusted input to the dbclient program. + CVE-2016-7406 + https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files + CVE-2016-7407 + https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e - Security: dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided. This could be an issue where dbclient is used in scripts. + CVE-2016-7408 + https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6 - Security: dbclient or dropbear server could expose process memory to the running user if compiled with DEBUG_TRACE and running with -v + CVE-2016-7409 + https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04 The security issues were reported by an anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html @@ -64,6 +97,7 @@ - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions, found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116 + https://secure.ucc.asn.au/hg/dropbear/rev/a3e8389e01ff 2015.71 - 3 December 2015 @@ -342,9 +376,11 @@ - Limit the size of decompressed payloads, avoids memory exhaustion denial of service Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421 + https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f - Avoid disclosing existence of valid users through inconsistent delays Thanks to Logan Lamb for reporting. CVE-2013-4434 + https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a - Update config.guess and config.sub for newer architectures @@ -447,6 +483,7 @@ This bug affects releases 0.52 onwards. Ref CVE-2012-0920. Thanks to Danny Fullerton of Mantor Organization for reporting the bug. + https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749 - Compile fix, only apply IPV6 socket options if they are available in headers Thanks to Gustavo Zacarias for the patch
--- a/Makefile.in Thu May 18 23:38:30 2017 +0800 +++ b/Makefile.in Thu May 18 23:45:10 2017 +0800 @@ -24,6 +24,10 @@ LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM) endif +ifneq ($(wildcard localoptions.h),) +CFLAGS+=-DLOCALOPTIONS_H_EXISTS +endif + COMMONOBJS=dbutil.o buffer.o dbhelpers.o \ dss.o bignum.o \ signkey.o rsa.o dbrandom.o \ @@ -76,6 +80,8 @@ sbindir=@sbindir@ mandir=@mandir@ +.DELETE_ON_ERROR: + CC=@CC@ AR=@AR@ RANLIB=@RANLIB@ @@ -155,7 +161,6 @@ inst_dropbearmulti: $(addprefix insmulti, $(PROGRAMS)) - # for some reason the rule further down doesn't like $($@objs) as a prereq. dropbear: $(dropbearobjs) dbclient: $(dbclientobjs) @@ -195,18 +200,18 @@ -ln -s dropbearmulti$(EXEEXT) $*$(EXEEXT) $(STATIC_LTC): options.h - cd libtomcrypt && $(MAKE) + $(MAKE) -C libtomcrypt $(STATIC_LTM): options.h - cd libtommath && $(MAKE) + $(MAKE) -C libtommath .PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean ltc-clean: - cd libtomcrypt && $(MAKE) clean + $(MAKE) -C libtomcrypt clean ltm-clean: - cd libtommath && $(MAKE) clean + $(MAKE) -C libtommath clean sizes: dropbear objdump -t dropbear|grep ".text"|cut -d "." -f 2|sort -rn @@ -224,6 +229,14 @@ tidy: -rm -f *~ *.gcov */*~ +# default_options.h is stored in version control, could not find a workaround +# for parallel "make -j" and dependency rules. +default_options.h: default_options.h.in + echo "# > > > Generated from $^, edit that file instead !" > [email protected] + echo >> [email protected] + $(srcdir)/ifndef_wrapper.sh < $^ > [email protected] + mv [email protected] $@ + ## Fuzzing targets # list of fuzz targets @@ -257,4 +270,3 @@ /usr/bin/xxd -i -a keyr >> hostkeys.c /usr/bin/xxd -i -a keye >> hostkeys.c /usr/bin/xxd -i -a keyd >> hostkeys.c -
--- a/agentfwd.h Thu May 18 23:38:30 2017 +0800 +++ b/agentfwd.h Thu May 18 23:45:10 2017 +0800 @@ -30,7 +30,7 @@ #include "auth.h" #include "list.h" -#ifdef ENABLE_CLI_AGENTFWD +#if DROPBEAR_CLI_AGENTFWD /* An agent reply can be reasonably large, as it can * contain a list of all public keys held by the agent. @@ -50,14 +50,14 @@ extern const struct ChanType cli_chan_agent; -#endif /* ENABLE_CLI_AGENTFWD */ +#endif /* DROPBEAR_CLI_AGENTFWD */ -#ifdef ENABLE_SVR_AGENTFWD +#if DROPBEAR_SVR_AGENTFWD int svr_agentreq(struct ChanSess * chansess); void svr_agentcleanup(struct ChanSess * chansess); void svr_agentset(struct ChanSess *chansess); -#endif /* ENABLE_SVR_AGENTFWD */ +#endif /* DROPBEAR_SVR_AGENTFWD */ #endif /* DROPBEAR_AGENTFWD_H_ */
--- a/algo.h Thu May 18 23:38:30 2017 +0800 +++ b/algo.h Thu May 18 23:45:10 2017 +0800 @@ -83,9 +83,15 @@ }; enum dropbear_kex_mode { +#if DROPBEAR_NORMAL_DH DROPBEAR_KEX_NORMAL_DH, +#endif +#if DROPBEAR_ECDH DROPBEAR_KEX_ECDH, +#endif +#if DROPBEAR_CURVE25519 DROPBEAR_KEX_CURVE25519, +#endif }; struct dropbear_kex { @@ -96,7 +102,7 @@ const int dh_p_len; /* elliptic curve DH KEX */ -#ifdef DROPBEAR_ECDH +#if DROPBEAR_ECDH const struct dropbear_ecc_curve *ecc_curve; #else const void* dummy; @@ -122,7 +128,7 @@ algo_type * buf_match_algo(buffer* buf, algo_type localalgos[], enum kexguess2_used *kexguess2, int *goodguess); -#ifdef ENABLE_USER_ALGO_LIST +#if DROPBEAR_USER_ALGO_LIST int check_user_algos(const char* user_algo_list, algo_type * algos, const char *algo_desc); char * algolist_string(algo_type algos[]);
--- a/atomicio.c Thu May 18 23:38:30 2017 +0800 +++ b/atomicio.c Thu May 18 23:45:10 2017 +0800 @@ -1,6 +1,8 @@ +/* $OpenBSD: atomicio.c,v 1.17 2006/04/01 05:51:34 djm Exp $ */ /* - * Copied from OpenSSH 3.6.1p2. + * Copied from OpenSSH/OpenBSD. * + * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. * All rights reserved. * @@ -25,39 +27,32 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("OpenBSD: atomicio.c,v 1.10 2001/05/08 22:48:07 markus Exp "); */ +#include "includes.h" #include "atomicio.h" /* - * ensure all of data on socket comes through. f==read || f==write + * ensure all of data on socket comes through. f==read || f==vwrite */ -ssize_t -atomicio(f, fd, _s, n) - ssize_t (*f) (); - int fd; - void *_s; - size_t n; +size_t +atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n) { char *s = _s; + size_t pos = 0; ssize_t res; - size_t pos = 0; while (n > pos) { res = (f) (fd, s + pos, n - pos); switch (res) { case -1: -#ifdef EWOULDBLOCK - if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) -#else if (errno == EINTR || errno == EAGAIN) -#endif continue; - /* FALLTHROUGH */ + return 0; case 0: - return (res); + errno = EPIPE; + return pos; default: - pos += res; + pos += (size_t)res; } } return (pos);
--- a/atomicio.h Thu May 18 23:38:30 2017 +0800 +++ b/atomicio.h Thu May 18 23:45:10 2017 +0800 @@ -1,8 +1,7 @@ +/* $OpenBSD: atomicio.h,v 1.7 2006/03/25 22:22:42 djm Exp $ */ /* - * Copied from OpenSSH 3.6.1p2, required for loginrec.c - * - * $OpenBSD: atomicio.h,v 1.4 2001/06/26 06:32:46 itojun Exp $ + * Copied from OpenSSH/OpenBSD, required for loginrec.c * * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. * All rights reserved. @@ -28,9 +27,9 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "includes.h" +/* + * Ensure all of data on socket comes through. f==read || f==vwrite + */ +size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t); -/* - * Ensure all of data on socket comes through. f==read || f==write - */ -ssize_t atomicio(ssize_t (*)(), int, void *, size_t); +#define vwrite (ssize_t (*)(int, void *, size_t))write
--- a/auth.h Thu May 18 23:38:30 2017 +0800 +++ b/auth.h Thu May 18 23:45:10 2017 +0800 @@ -41,7 +41,7 @@ void svr_auth_pubkey(void); void svr_auth_pam(void); -#ifdef ENABLE_SVR_PUBKEY_OPTIONS +#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT int svr_pubkey_allows_agentfwd(void); int svr_pubkey_allows_tcpfwd(void); int svr_pubkey_allows_x11fwd(void); @@ -119,12 +119,12 @@ char *pw_shell; char *pw_name; char *pw_passwd; -#ifdef ENABLE_SVR_PUBKEY_OPTIONS +#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT struct PubKeyOptions* pubkey_options; #endif }; -#ifdef ENABLE_SVR_PUBKEY_OPTIONS +#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT struct PubKeyOptions; struct PubKeyOptions { /* Flags */
--- a/buffer.c Thu May 18 23:38:30 2017 +0800 +++ b/buffer.c Thu May 18 23:45:10 2017 +0800 @@ -109,7 +109,7 @@ dropbear_exit("Bad buf_setlen"); } buf->len = len; - buf->pos = 0; + buf->pos = MIN(buf->pos, buf->len); } /* Increment the length of the buffer */
--- a/channel.h Thu May 18 23:38:30 2017 +0800 +++ b/channel.h Thu May 18 23:45:10 2017 +0800 @@ -126,11 +126,11 @@ void common_recv_msg_channel_data(struct Channel *channel, int fd, circbuffer * buf); -#ifdef DROPBEAR_CLIENT +#if DROPBEAR_CLIENT extern const struct ChanType clichansess; #endif -#if defined(USING_LISTENERS) || defined(DROPBEAR_CLIENT) +#if DROPBEAR_LISTENERS || DROPBEAR_CLIENT int send_msg_channel_open_init(int fd, const struct ChanType *type); void recv_msg_channel_open_confirmation(void); void recv_msg_channel_open_failure(void);
--- a/chansession.h Thu May 18 23:38:30 2017 +0800 +++ b/chansession.h Thu May 18 23:45:10 2017 +0800 @@ -58,7 +58,7 @@ /* Used to set $SSH_CLIENT in the child session. */ char *client_string; -#ifndef DISABLE_X11FWD +#if DROPBEAR_X11FWD struct Listener * x11listener; int x11port; char * x11authprot; @@ -67,13 +67,13 @@ unsigned char x11singleconn; #endif -#ifdef ENABLE_SVR_AGENTFWD +#if DROPBEAR_SVR_AGENTFWD struct Listener * agentlistener; char * agentfile; char * agentdir; #endif -#ifdef ENABLE_SVR_PUBKEY_OPTIONS +#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT char *original_command; #endif }; @@ -89,7 +89,7 @@ void cli_send_chansess_request(void); void cli_tty_cleanup(void); void cli_chansess_winchange(void); -#ifdef ENABLE_CLI_NETCAT +#if DROPBEAR_CLI_NETCAT void cli_send_netcat_request(void); #endif
--- a/cli-agentfwd.c Thu May 18 23:38:30 2017 +0800 +++ b/cli-agentfwd.c Thu May 18 23:45:10 2017 +0800 @@ -24,7 +24,7 @@ #include "includes.h" -#ifdef ENABLE_CLI_AGENTFWD +#if DROPBEAR_CLI_AGENTFWD #include "agentfwd.h" #include "session.h" @@ -130,7 +130,7 @@ } buf_setpos(payload, 0); - ret = atomicio(write, fd, buf_getptr(payload, payload->len), payload->len); + ret = atomicio(vwrite, fd, buf_getptr(payload, payload->len), payload->len); if ((size_t)ret != payload->len) { TRACE(("write failed fd %d for agent_request, %s", fd, strerror(errno))) goto out;
--- a/cli-auth.c Thu May 18 23:38:30 2017 +0800 +++ b/cli-auth.c Thu May 18 23:45:10 2017 +0800 @@ -51,7 +51,7 @@ encrypt_packet(); -#ifdef DROPBEAR_CLI_IMMEDIATE_AUTH +#if DROPBEAR_CLI_IMMEDIATE_AUTH /* We can't haven't two auth requests in-flight with delayed zlib mode since if the first one succeeds then the remote side will expect the second one to be compressed. @@ -78,6 +78,7 @@ char* banner = NULL; unsigned int bannerlen; unsigned int i, linecount; + int truncated = 0; TRACE(("enter recv_msg_userauth_banner")) if (ses.authstate.authdone) { @@ -90,26 +91,29 @@ if (bannerlen > MAX_BANNER_SIZE) { TRACE(("recv_msg_userauth_banner: bannerlen too long: %d", bannerlen)) - goto out; + truncated = 1; + } else { + cleantext(banner); + + /* Limit to 24 lines */ + linecount = 1; + for (i = 0; i < bannerlen; i++) { + if (banner[i] == '\n') { + if (linecount >= MAX_BANNER_LINES) { + banner[i] = '\0'; + truncated = 1; + break; + } + linecount++; + } + } + fprintf(stderr, "%s\n", banner); } - cleantext(banner); - - /* Limit to 25 lines */ - linecount = 1; - for (i = 0; i < bannerlen; i++) { - if (banner[i] == '\n') { - if (linecount >= MAX_BANNER_LINES) { - banner[i] = '\0'; - break; - } - linecount++; - } + if (truncated) { + fprintf(stderr, "[Banner from the server is too long]\n"); } - fprintf(stderr, "%s\n", banner); - -out: m_free(banner); TRACE(("leave recv_msg_userauth_banner")) } @@ -121,21 +125,21 @@ * SSH_MSG_USERAUTH_INFO_REQUEST. */ void recv_msg_userauth_specific_60() { -#ifdef ENABLE_CLI_PUBKEY_AUTH +#if DROPBEAR_CLI_PUBKEY_AUTH if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) { recv_msg_userauth_pk_ok(); return; } #endif -#ifdef ENABLE_CLI_INTERACT_AUTH +#if DROPBEAR_CLI_INTERACT_AUTH if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT) { recv_msg_userauth_info_request(); return; } #endif -#ifdef ENABLE_CLI_PASSWORD_AUTH +#if DROPBEAR_CLI_PASSWORD_AUTH if (cli_ses.lastauthtype == AUTH_TYPE_PASSWORD) { /* Eventually there could be proper password-changing * support. However currently few servers seem to @@ -179,7 +183,7 @@ TRACE(("leave recv_msg_userauth_failure, ignored response, state set to USERAUTH_REQ_SENT")); return; } else { -#ifdef ENABLE_CLI_PUBKEY_AUTH +#if DROPBEAR_CLI_PUBKEY_AUTH /* If it was a pubkey auth request, we should cross that key * off the list. */ if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) { @@ -187,7 +191,7 @@ } #endif -#ifdef ENABLE_CLI_INTERACT_AUTH +#if DROPBEAR_CLI_INTERACT_AUTH /* If we get a failure message for keyboard interactive without * receiving any request info packet, then we don't bother trying * keyboard interactive again */ @@ -227,19 +231,19 @@ for (i = 0; i <= methlen; i++) { if (methods[i] == '\0') { TRACE(("auth method '%s'", tok)) -#ifdef ENABLE_CLI_PUBKEY_AUTH +#if DROPBEAR_CLI_PUBKEY_AUTH if (strncmp(AUTH_METHOD_PUBKEY, tok, AUTH_METHOD_PUBKEY_LEN) == 0) { ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; } #endif -#ifdef ENABLE_CLI_INTERACT_AUTH +#if DROPBEAR_CLI_INTERACT_AUTH if (strncmp(AUTH_METHOD_INTERACT, tok, AUTH_METHOD_INTERACT_LEN) == 0) { ses.authstate.authtypes |= AUTH_TYPE_INTERACT; } #endif -#ifdef ENABLE_CLI_PASSWORD_AUTH +#if DROPBEAR_CLI_PASSWORD_AUTH if (strncmp(AUTH_METHOD_PASSWORD, tok, AUTH_METHOD_PASSWORD_LEN) == 0) { ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; @@ -267,7 +271,7 @@ cli_ses.state = USERAUTH_SUCCESS_RCVD; cli_ses.lastauthtype = AUTH_TYPE_NONE; -#ifdef ENABLE_CLI_PUBKEY_AUTH +#if DROPBEAR_CLI_PUBKEY_AUTH cli_auth_pubkey_cleanup(); #endif } @@ -281,14 +285,14 @@ /* Order to try is pubkey, interactive, password. * As soon as "finished" is set for one, we don't do any more. */ -#ifdef ENABLE_CLI_PUBKEY_AUTH +#if DROPBEAR_CLI_PUBKEY_AUTH if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) { finished = cli_auth_pubkey(); cli_ses.lastauthtype = AUTH_TYPE_PUBKEY; } #endif -#ifdef ENABLE_CLI_PASSWORD_AUTH +#if DROPBEAR_CLI_PASSWORD_AUTH if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) { if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n"); @@ -300,7 +304,7 @@ } #endif -#ifdef ENABLE_CLI_INTERACT_AUTH +#if DROPBEAR_CLI_INTERACT_AUTH if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) { if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n"); @@ -324,7 +328,7 @@ return DROPBEAR_FAILURE; } -#if defined(ENABLE_CLI_PASSWORD_AUTH) || defined(ENABLE_CLI_INTERACT_AUTH) +#if DROPBEAR_CLI_PASSWORD_AUTH || DROPBEAR_CLI_INTERACT_AUTH /* A helper for getpass() that exits if the user cancels. The returned * password is statically allocated by getpass() */ char* getpass_or_cancel(char* prompt)
--- a/cli-authinteract.c Thu May 18 23:38:30 2017 +0800 +++ b/cli-authinteract.c Thu May 18 23:45:10 2017 +0800 @@ -29,7 +29,7 @@ #include "ssh.h" #include "runopts.h" -#ifdef ENABLE_CLI_INTERACT_AUTH +#if DROPBEAR_CLI_INTERACT_AUTH static char* get_response(char* prompt) { @@ -172,4 +172,4 @@ TRACE(("leave cli_auth_interactive")) } -#endif /* ENABLE_CLI_INTERACT_AUTH */ +#endif /* DROPBEAR_CLI_INTERACT_AUTH */
--- a/cli-authpasswd.c Thu May 18 23:38:30 2017 +0800 +++ b/cli-authpasswd.c Thu May 18 23:45:10 2017 +0800 @@ -29,9 +29,9 @@ #include "ssh.h" #include "runopts.h" -#ifdef ENABLE_CLI_PASSWORD_AUTH +#if DROPBEAR_CLI_PASSWORD_AUTH -#ifdef ENABLE_CLI_ASKPASS_HELPER +#if DROPBEAR_CLI_ASKPASS_HELPER /* Returns 1 if we want to use the askpass program, 0 otherwise */ static int want_askpass() { @@ -113,7 +113,7 @@ TRACE(("leave gui_getpass")) return(buf); } -#endif /* ENABLE_CLI_ASKPASS_HELPER */ +#endif /* DROPBEAR_CLI_ASKPASS_HELPER */ void cli_auth_password() { @@ -125,7 +125,7 @@ snprintf(prompt, sizeof(prompt), "%s@%s's password: ", cli_opts.username, cli_opts.remotehost); -#ifdef ENABLE_CLI_ASKPASS_HELPER +#if DROPBEAR_CLI_ASKPASS_HELPER if (want_askpass()) { password = gui_getpass(prompt); @@ -158,4 +158,4 @@ TRACE(("leave cli_auth_password")) } -#endif /* ENABLE_CLI_PASSWORD_AUTH */ +#endif /* DROPBEAR_CLI_PASSWORD_AUTH */
--- a/cli-authpubkey.c Thu May 18 23:38:30 2017 +0800 +++ b/cli-authpubkey.c Thu May 18 23:45:10 2017 +0800 @@ -32,7 +32,7 @@ #include "auth.h" #include "agentfwd.h" -#ifdef ENABLE_CLI_PUBKEY_AUTH +#if DROPBEAR_CLI_PUBKEY_AUTH static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign); /* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request. @@ -122,7 +122,7 @@ void cli_buf_put_sign(buffer* buf, sign_key *key, int type, buffer *data_buf) { -#ifdef ENABLE_CLI_AGENTFWD +#if DROPBEAR_CLI_AGENTFWD if (key->source == SIGNKEY_SOURCE_AGENT) { /* Format the agent signature ourselves, as buf_put_sign would. */ buffer *sigblob; @@ -131,7 +131,7 @@ buf_putbufstring(buf, sigblob); buf_free(sigblob); } else -#endif /* ENABLE_CLI_AGENTFWD */ +#endif /* DROPBEAR_CLI_AGENTFWD */ { buf_put_sign(buf, key, type, data_buf); } @@ -185,7 +185,7 @@ TRACE(("enter cli_auth_pubkey")) -#ifdef ENABLE_CLI_AGENTFWD +#if DROPBEAR_CLI_AGENTFWD if (!cli_opts.agent_keys_loaded) { /* get the list of available keys from the agent */ cli_load_agent_keys(cli_opts.privkeys); @@ -209,7 +209,7 @@ void cli_auth_pubkey_cleanup() { -#ifdef ENABLE_CLI_AGENTFWD +#if DROPBEAR_CLI_AGENTFWD m_close(cli_opts.agent_fd); cli_opts.agent_fd = -1; #endif
--- a/cli-chansession.c Thu May 18 23:38:30 2017 +0800 +++ b/cli-chansession.c Thu May 18 23:45:10 2017 +0800 @@ -355,7 +355,7 @@ cli_init_stdpipe_sess(channel); -#ifdef ENABLE_CLI_AGENTFWD +#if DROPBEAR_CLI_AGENTFWD if (cli_opts.agent_fwd) { cli_setup_agent(channel); } @@ -379,7 +379,7 @@ return 0; /* Success */ } -#ifdef ENABLE_CLI_NETCAT +#if DROPBEAR_CLI_NETCAT static const struct ChanType cli_chan_netcat = { 0, /* sepfds */
--- a/cli-kex.c Thu May 18 23:38:30 2017 +0800 +++ b/cli-kex.c Thu May 18 23:45:10 2017 +0800 @@ -48,6 +48,7 @@ CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT); switch (ses.newkeys->algo_kex->mode) { +#if DROPBEAR_NORMAL_DH case DROPBEAR_KEX_NORMAL_DH: if (ses.newkeys->algo_kex != cli_ses.param_kex_algo || !cli_ses.dh_param) { @@ -58,8 +59,9 @@ } buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub); break; +#endif +#if DROPBEAR_ECDH case DROPBEAR_KEX_ECDH: -#ifdef DROPBEAR_ECDH if (ses.newkeys->algo_kex != cli_ses.param_kex_algo || !cli_ses.ecdh_param) { if (cli_ses.ecdh_param) { @@ -68,9 +70,9 @@ cli_ses.ecdh_param = gen_kexecdh_param(); } buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key); + break; #endif - break; -#ifdef DROPBEAR_CURVE25519 +#if DROPBEAR_CURVE25519 case DROPBEAR_KEX_CURVE25519: if (ses.newkeys->algo_kex != cli_ses.param_kex_algo || !cli_ses.curve25519_param) { @@ -80,8 +82,8 @@ cli_ses.curve25519_param = gen_kexcurve25519_param(); } buf_putstring(ses.writepayload, (const char*)cli_ses.curve25519_param->pub, CURVE25519_LEN); + break; #endif - break; } cli_ses.param_kex_algo = ses.newkeys->algo_kex; @@ -118,6 +120,7 @@ } switch (ses.newkeys->algo_kex->mode) { +#if DROPBEAR_NORMAL_DH case DROPBEAR_KEX_NORMAL_DH: { DEF_MP_INT(dh_f); @@ -131,37 +134,38 @@ mp_clear(&dh_f); } break; +#endif +#if DROPBEAR_ECDH case DROPBEAR_KEX_ECDH: -#ifdef DROPBEAR_ECDH { buffer *ecdh_qs = buf_getstringbuf(ses.payload); kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey); buf_free(ecdh_qs); } + break; #endif - break; -#ifdef DROPBEAR_CURVE25519 +#if DROPBEAR_CURVE25519 case DROPBEAR_KEX_CURVE25519: { buffer *ecdh_qs = buf_getstringbuf(ses.payload); kexcurve25519_comb_key(cli_ses.curve25519_param, ecdh_qs, hostkey); buf_free(ecdh_qs); } + break; #endif - break; } if (cli_ses.dh_param) { free_kexdh_param(cli_ses.dh_param); cli_ses.dh_param = NULL; } -#ifdef DROPBEAR_ECDH +#if DROPBEAR_ECDH if (cli_ses.ecdh_param) { free_kexecdh_param(cli_ses.ecdh_param); cli_ses.ecdh_param = NULL; } #endif -#ifdef DROPBEAR_CURVE25519 +#if DROPBEAR_CURVE25519 if (cli_ses.curve25519_param) { free_kexcurve25519_param(cli_ses.curve25519_param); cli_ses.curve25519_param = NULL;
--- a/cli-main.c Thu May 18 23:38:30 2017 +0800 +++ b/cli-main.c Thu May 18 23:45:10 2017 +0800 @@ -35,13 +35,13 @@ static void cli_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN; static void cli_dropbear_log(int priority, const char* format, va_list param); -#ifdef ENABLE_CLI_PROXYCMD +#if DROPBEAR_CLI_PROXYCMD static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out); static void kill_proxy_sighandler(int signo); #endif -#if defined(DBMULTI_dbclient) || !defined(DROPBEAR_MULTI) -#if defined(DBMULTI_dbclient) && defined(DROPBEAR_MULTI) +#if defined(DBMULTI_dbclient) || !DROPBEAR_MULTI +#if defined(DBMULTI_dbclient) && DROPBEAR_MULTI int cli_main(int argc, char ** argv) { #else int main(int argc, char ** argv) { @@ -74,7 +74,7 @@ } pid_t proxy_cmd_pid = 0; -#ifdef ENABLE_CLI_PROXYCMD +#if DROPBEAR_CLI_PROXYCMD if (cli_opts.proxycmd) { cli_proxy_cmd(&sock_in, &sock_out, &proxy_cmd_pid); m_free(cli_opts.proxycmd); @@ -151,7 +151,7 @@ dropbear_exit("Failed to run '%s'\n", cmd); } -#ifdef ENABLE_CLI_PROXYCMD +#if DROPBEAR_CLI_PROXYCMD static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out) { char * ex_cmd = NULL; size_t ex_cmdlen; @@ -176,4 +176,4 @@ kill_proxy_command(); _exit(1); } -#endif /* ENABLE_CLI_PROXYCMD */ +#endif /* DROPBEAR_CLI_PROXYCMD */
--- a/cli-runopts.c Thu May 18 23:38:30 2017 +0800 +++ b/cli-runopts.c Thu May 18 23:45:10 2017 +0800 @@ -37,13 +37,13 @@ static void parse_hostname(const char* orighostarg); static void parse_multihop_hostname(const char* orighostarg, const char* argv0); static void fill_own_user(void); -#ifdef ENABLE_CLI_PUBKEY_AUTH +#if DROPBEAR_CLI_PUBKEY_AUTH static void loadidentityfile(const char* filename, int warnfail); #endif -#ifdef ENABLE_CLI_ANYTCPFWD +#if DROPBEAR_CLI_ANYTCPFWD static void addforward(const char* str, m_list *fwdlist); #endif -#ifdef ENABLE_CLI_NETCAT +#if DROPBEAR_CLI_NETCAT static void add_netcat(const char *str); #endif static void add_extendedopt(const char *str); @@ -51,7 +51,7 @@ static void printhelp() { fprintf(stderr, "Dropbear SSH client v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n" -#ifdef ENABLE_CLI_MULTIHOP +#if DROPBEAR_CLI_MULTIHOP "Usage: %s [options] [user@]host[/port][,[user@]host/port],...] [command]\n" #else "Usage: %s [options] [user@]host[/port] [command]\n" @@ -66,38 +66,38 @@ "-y -y Don't perform any remote host key checking (caution)\n" "-s Request a subsystem (use by external sftp)\n" "-o option Set option in OpenSSH-like format ('-o help' to list options)\n" -#ifdef ENABLE_CLI_PUBKEY_AUTH +#if DROPBEAR_CLI_PUBKEY_AUTH "-i <identityfile> (multiple allowed, default %s)\n" #endif -#ifdef ENABLE_CLI_AGENTFWD +#if DROPBEAR_CLI_AGENTFWD "-A Enable agent auth forwarding\n" #endif -#ifdef ENABLE_CLI_LOCALTCPFWD +#if DROPBEAR_CLI_LOCALTCPFWD "-L <[listenaddress:]listenport:remotehost:remoteport> Local port forwarding\n" "-g Allow remote hosts to connect to forwarded ports\n" #endif -#ifdef ENABLE_CLI_REMOTETCPFWD +#if DROPBEAR_CLI_REMOTETCPFWD "-R <[listenaddress:]listenport:remotehost:remoteport> Remote port forwarding\n" #endif "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n" "-K <keepalive> (0 is never, default %d)\n" "-I <idle_timeout> (0 is never, default %d)\n" -#ifdef ENABLE_CLI_NETCAT +#if DROPBEAR_CLI_NETCAT "-B <endhost:endport> Netcat-alike forwarding\n" #endif -#ifdef ENABLE_CLI_PROXYCMD +#if DROPBEAR_CLI_PROXYCMD "-J <proxy_program> Use program pipe rather than TCP connection\n" #endif -#ifdef ENABLE_USER_ALGO_LIST +#if DROPBEAR_USER_ALGO_LIST "-c <cipher list> Specify preferred ciphers ('-c help' to list options)\n" "-m <MAC list> Specify preferred MACs for packet verification (or '-m help')\n" #endif "-V Version\n" -#ifdef DEBUG_TRACE +#if DEBUG_TRACE "-v verbose (compiled with DEBUG_TRACE)\n" #endif ,DROPBEAR_VERSION, cli_opts.progname, -#ifdef ENABLE_CLI_PUBKEY_AUTH +#if DROPBEAR_CLI_PUBKEY_AUTH DROPBEAR_DEFAULT_CLI_AUTHKEY, #endif DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); @@ -109,16 +109,16 @@ char ** next = 0; enum { OPT_EXTENDED_OPTIONS, -#ifdef ENABLE_CLI_PUBKEY_AUTH +#if DROPBEAR_CLI_PUBKEY_AUTH OPT_AUTHKEY, #endif -#ifdef ENABLE_CLI_LOCALTCPFWD +#if DROPBEAR_CLI_LOCALTCPFWD OPT_LOCALTCPFWD, #endif -#ifdef ENABLE_CLI_REMOTETCPFWD +#if DROPBEAR_CLI_REMOTETCPFWD OPT_REMOTETCPFWD, #endif -#ifdef ENABLE_CLI_NETCAT +#if DROPBEAR_CLI_NETCAT OPT_NETCAT, #endif /* a flag (no arg) if 'next' is NULL, a string-valued option otherwise */ @@ -145,31 +145,31 @@ cli_opts.always_accept_key = 0; cli_opts.no_hostkey_check = 0; cli_opts.is_subsystem = 0; -#ifdef ENABLE_CLI_PUBKEY_AUTH +#if DROPBEAR_CLI_PUBKEY_AUTH cli_opts.privkeys = list_new(); #endif -#ifdef ENABLE_CLI_ANYTCPFWD +#if DROPBEAR_CLI_ANYTCPFWD cli_opts.exit_on_fwd_failure = 0; #endif -#ifdef ENABLE_CLI_LOCALTCPFWD +#if DROPBEAR_CLI_LOCALTCPFWD cli_opts.localfwds = list_new(); opts.listen_fwd_all = 0; #endif -#ifdef ENABLE_CLI_REMOTETCPFWD +#if DROPBEAR_CLI_REMOTETCPFWD cli_opts.remotefwds = list_new(); #endif -#ifdef ENABLE_CLI_AGENTFWD +#if DROPBEAR_CLI_AGENTFWD cli_opts.agent_fwd = 0; cli_opts.agent_fd = -1; cli_opts.agent_keys_loaded = 0; #endif -#ifdef ENABLE_CLI_PROXYCMD +#if DROPBEAR_CLI_PROXYCMD cli_opts.proxycmd = NULL; #endif #ifndef DISABLE_ZLIB opts.compress_mode = DROPBEAR_COMPRESS_ON; #endif -#ifdef ENABLE_USER_ALGO_LIST +#if DROPBEAR_USER_ALGO_LIST opts.cipher_list = NULL; opts.mac_list = NULL; #endif @@ -213,7 +213,7 @@ case 'p': /* remoteport */ next = &cli_opts.remoteport; break; -#ifdef ENABLE_CLI_PUBKEY_AUTH +#if DROPBEAR_CLI_PUBKEY_AUTH case 'i': /* an identityfile */ opt = OPT_AUTHKEY; break; @@ -236,7 +236,7 @@ case 'o': opt = OPT_EXTENDED_OPTIONS; break; -#ifdef ENABLE_CLI_LOCALTCPFWD +#if DROPBEAR_CLI_LOCALTCPFWD case 'L': opt = OPT_LOCALTCPFWD; break; @@ -244,17 +244,17 @@ opts.listen_fwd_all = 1; break; #endif -#ifdef ENABLE_CLI_REMOTETCPFWD +#if DROPBEAR_CLI_REMOTETCPFWD case 'R': opt = OPT_REMOTETCPFWD; break; #endif -#ifdef ENABLE_CLI_NETCAT +#if DROPBEAR_CLI_NETCAT case 'B': opt = OPT_NETCAT; break; #endif -#ifdef ENABLE_CLI_PROXYCMD +#if DROPBEAR_CLI_PROXYCMD case 'J': next = &cli_opts.proxycmd; break; @@ -278,12 +278,12 @@ case 'I': next = &idle_timeout_arg; break; -#ifdef ENABLE_CLI_AGENTFWD +#if DROPBEAR_CLI_AGENTFWD case 'A': cli_opts.agent_fwd = 1; break; #endif -#ifdef ENABLE_USER_ALGO_LIST +#if DROPBEAR_USER_ALGO_LIST case 'c': next = &opts.cipher_list; break; @@ -291,22 +291,22 @@ next = &opts.mac_list; break; #endif -#ifdef DEBUG_TRACE +#if DEBUG_TRACE