djm@openbsd.org [Mon, 1 Jun 2026 05:49:20 +0000 (05:49 +0000)]
upstream: sk-usbhid: skip unsupported key types in read_rks()
When enumerating resident keys, encountering a credential with an
unsupported COSE key type (not ES256 or EdDSA) caused the entire
enumeration to abort via goto out, discarding all valid keys.
Move the key type check before the per-credential allocation so
unsupported types can be skipped with continue instead. This
preserves all valid resident keys on the token.
djm@openbsd.org [Mon, 1 Jun 2026 05:40:13 +0000 (05:40 +0000)]
upstream: Actually set pollfd.events correctly for socket type
channels; previously we were throwing away the events we computed if the
channel had a c->sock distinct from it's other read and write fds.
Fortunately, it appears that this case happens rarely, if ever.
djm@openbsd.org [Sun, 31 May 2026 04:20:58 +0000 (04:20 +0000)]
upstream: flesh out match_pattern() tests, including a new
comparison test of the new NFA-based implementation against the original one
for all possible combinations of short inputs and patterns constructed from a
small dictionary of possibilities.
djm@openbsd.org [Sun, 31 May 2026 11:30:50 +0000 (11:30 +0000)]
upstream: big refactor of sshd config management code.
This generates much of the initialisation, defaults and keyword table
code from a set of macros rather than hand coding them. These same
macros are also used to generate serialisation and deserialisation
code.
The macros are admittedly ugly but have the advantage of forcing a
good degree of consistency across places that need to stay in sync
with each other.
The new de/serialisation code is used to pass configurations across
the various sshd-* process boundaries. This removes the need to pass
around raw text configurations that need to be re-parsed as well as
eliminating some raw pointer leakage across the processes where
structures were previously clumsily serialised.
djm@openbsd.org [Sun, 31 May 2026 05:55:21 +0000 (05:55 +0000)]
upstream: DNS0x20[1] can randomise the case of domain names returned by
lookup to force some more uniqueness in queries to reduce the likelihood of
spoofing attacks succeeding.
Normally this should be hidden from the user by the resolver, but
in some cases it can leak through. When it does, it can mess up
ssh's CanonicalizePermittedCNAMEs.
Fix this by forcing the name we received from the system resolver to
lowercase.
djm@openbsd.org [Sun, 31 May 2026 04:51:45 +0000 (04:51 +0000)]
upstream: Fix two separate one-byte out-of-cound reads
1) if a server sent an empty reply to a SSH2_FXP_REALPATH request
2) if a batch command used the full 2048 byte buffer but ended in a
literal backslash character
Both reported by Zhenpeng (Leo) Lin from depthfirst
djm@openbsd.org [Sun, 31 May 2026 04:44:38 +0000 (04:44 +0000)]
upstream: make the transport protocol stricter by disconnecting if
the peer sends non-KEX messages during a key re-exchange.
Previously an evil peer could continue sending non-KEX messages
without penalty, causing memory to be wasted up until the
connection terminated or the server/client hit a OOM limit.
djm@openbsd.org [Sun, 31 May 2026 04:37:56 +0000 (04:37 +0000)]
upstream: stricter validation of the transport state passed from
the unprivileged preauth sshd-auth process to the user-privileged postauth
sshd-session process.
These are harmless unless an attacker had an exploit for sshd-auth
in which case they could be used for post-auth memory DoS or to
crash you own session in a new and exciting way.
djm@openbsd.org [Sun, 31 May 2026 04:31:04 +0000 (04:31 +0000)]
upstream: Enforce a maximum size for usernames in agent key use
constraints
Along with the match_pattern() performance change that was just
committed this avoids a denial-of-service where an agent client could
waste CPU on an agent by sending user constraints with lots of
wildcards.
tb@openbsd.org [Wed, 27 May 2026 13:54:15 +0000 (13:54 +0000)]
upstream: ssh: use sentinel idiom for timegm(3) and mktime(3)
There is nothing wrong with times before the epoch, even -1, so use the
idiom recently added to the CAVEATS section to figure out whether there
was an error in the timegm() or mktime() calls.
We should sweep the tree for this. If anyone is bored, feel free to beat
me to it...
djm@openbsd.org [Thu, 21 May 2026 04:04:57 +0000 (04:04 +0000)]
upstream: mention that compression could potentially leak
information about session contents (cf. the CRIME attack on TLS) if a
connection allows attacker- controlled traffic over it alongside trused
traffic. This might occur in some forwarding scenarios.
Instead of freeing struct dns_query and struct dns_rr by walking the
linked lists recursively, use a simple loop. This avoids a possible
stack exhaustion unlikely to be reachable with the limits modern
resolvers impose.
Darren Tucker [Mon, 4 May 2026 11:40:52 +0000 (21:40 +1000)]
Improve Solaris PAM tests.
- Set up and run tests with SUDO.
- Set random password to use for password & kbdint auth tests.
- Only run t-exec when re-testing with PAM, don't rerun unit tests.
- When testing PAM builds, test with and without UsePAM.
Renaud Allard [Sat, 21 Mar 2026 18:23:04 +0000 (19:23 +0100)]
vm.yml: fix solaris PAM tests
Add missing SSHD_CONFOPTS="UsePam yes" to the solaris PAM test
step so it actually tests PAM functionality instead of re-running
the default tests with a PAM-enabled binary.
upstream: Drop -Winline from CDIAGFLAGS it breaks on sparc64
On sparc64 ssh/unittests/kex fails to build with:
usr.bin/ssh/libcrux_mlkem768_sha3.h:8196: warning: inlining failed
in call to 'libcrux_ml_kem_polynomial_ZERO_89_ea':
--param max-inline-insns-single limit reached
Darren Tucker [Mon, 27 Apr 2026 10:51:17 +0000 (20:51 +1000)]
Re-enable SHA1 sigs in OpenSSL on Cygwin for tests.
Recently Cygwin imported changes from Fedora which disable SHA1
signatures by default. This breaks the unit tests (and a couple of
regression tests), so set rh-allow-sha1-signatures=yes in the OpenSSL
config to re-enable them.
Darren Tucker [Sat, 25 Apr 2026 10:00:38 +0000 (20:00 +1000)]
Check for OPENSSL_NO_ENGINE for --with-ssl-engine.
OpenSSL 4 removes support for ENGINE, but it provides no-op stubs
for the ENGINE functions in addition to setting OPENSSL_NO_ENGINE.
The presence of the stubs fooled the old configure test, so if someone
tried --with-ssl-engine with OpenSSL 4.0.0 it'd try but fail at build
time. Explicitly check for OPENSSL_NO_ENGINE. before trying to enable
ENGINE support. bz#3952.
upstream: move username validity check for usernames specified on
the commandline to earlier in main(), specifically before some contexts where
a username with shell characters might be expanded by a %u directive in
ssh_config.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We continue to recommend against using untrusted input on
the SSH commandline. Mitigations like this are not 100%
guarantees of safety because we can't control every
combination of user shell and configuration where they are
used.
upstream: Fix possible sshd crash when sshd_config set MaxStartups
to a value <10 using the single-argument form of MaxStartups (e.g.
MaxStartups=3). This doesn't affect the three-argument form of the directive
(e.g. MaxStartups 3:20:5).
Damien Miller [Thu, 2 Apr 2026 07:32:00 +0000 (18:32 +1100)]
properly bail out when PAM changes username
OpenSSH doesn't support PAM changing its conception of the
username via a module calling pam_set_item(h, PAM_USER, ...).
We were supposed to bail out here, but I messed up while "fixing"
this last time and dropped a return statement.
This will MODIFY THE CONFIG OF THE SYSTEM IT IS RUNNING ON to enable
hostbased authentication to/from itself and run the hostbased tests. It
won't undo these changes, so don't do this on a system where this matters.
djm@openbsd.org [Mon, 30 Mar 2026 07:18:24 +0000 (07:18 +0000)]
upstream: apply the same validity rules to usernames and hostnames
set for ProxyJump/-J on the commandline as we do for destination user/host
names.
Specifically, they are no longer allowed to contain most characters
that have special meaning for common shells. Special characters are
still allowed in ProxyJump commands that are specified in the config
files.
This _reduces_ the chance that shell characters from a hostile -J
option from ending up in a shell execution context.
Don't pass untrusted stuff to the ssh commandline, it's not intended
to be a security boundary. We try to make it safe where we can, but
we can't make guarantees, because we can't know the parsing rules
and special characters for all the shells in the world, nor can we
know what the user does with this data in their ssh_config wrt
percent expansion, LocalCommand, match exec, etc.
While I'm in there, make ProxyJump and ProxyCommand first-match-wins
between each other.
projects / thirdparty / openssh-portable.git / log
