Add a function to enable security-related malloc_options.
With and ok deraadt@, something similar has been in the snaps for a while.
Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
1) Use xcalloc() instead of xmalloc() to check for
potential overflow. (Feedback from both mmcc@ and djm@) 2) move set_size
just before the for loop. (suggested by djm@)
OK djm@
Upstream-ID: 013534c308187284756c3141f11d2c0f33c47213
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
fsync@openssh.com protocol extension for sftp-server
client support to allow calling fsync() faster successful transfer
patch mostly by imorgan AT nas.nasa.gov; bz#1798
"fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
refactor client config code a little:
add multistate option partsing to readconf.c, similar to servconf.c's
existing code.
move checking of options that accept "none" as an argument to readconf.c
add a lowercase() function and use it instead of explicit tolower() in
loops
part of a larger diff that was ok markus@
[sftp-server.8 sftp-server.c]
Add ability to whitelist and/or blacklist sftp protocol requests by name.
Refactor dispatch loop and consolidate read-only mode checks.
Make global variables static, since sftp-server is linked into sshd(8).
ok dtucker@
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
add a protocol extension to support a hard link operation. It is
available through the "ln" command in the client. The old "ln"
behaviour of creating a symlink is available using its "-s" option
or through the preexisting "symlink" command; based on a patch from
miklos AT szeredi.hu in bz#1555; ok markus@
[sftp-server.c sftp-server.8]
add a 'read-only' mode to sftp-server(8) that disables open in write mode
and all other fs-modifying protocol methods. bz#430 ok dtucker@
[sftp-client.c sftp-server.c]
allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky
bits. Note that this only affects explicit setting of modes (e.g. via
sftp(1)'s chmod command) and not file transfers. (bz#1310)
ok deraadt@ at c2k8
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and
fstatvfs and remove #defines around statvfs code. ok djm@
[sftp-server.c sftp-client.c]
statvfs member fsid needs to be wider, increase it to 64 bits and
crank extension revision number to 2; prodded and ok dtucker@
[sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c sftp.h]
introduce sftp extension methods statvfs@openssh.com and
fstatvfs@openssh.com that implement statvfs(2)-like operations,
based on a patch from miklos AT szeredi.hu (bz#1399)
also add a "df" command to the sftp client that uses the
statvfs@openssh.com to produce a df(1)-like display of filesystem
space and inode utilisation
ok markus@
[sftp-server.c]
add an extension method "posix-rename@openssh.com" to perform POSIX atomic
rename() operations. based on patch from miklos AT szeredi.hu in bz#1400;
ok dtucker@ markus@
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
[sshd_config.5]
add sshd_config ChrootDirectory option to chroot(2) users to a directory
and tweak internal sftp server to work with it (no special files in chroot
required). ok markus@
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
[sshd_config.5]
add sshd_config ChrootDirectory option to chroot(2) users to a directory
and tweak internal sftp server to work with it (no special files in
chroot required). ok markus@
[sftp-server.c]
Remove the fixed 100 handle limit in sftp-server and allocate as many
as we have available file descriptors. Patch from miklos AT szeredi.hu;
ok dtucker@ markus@
[sftp-server.c]
bz#1286 stop reading and processing commands when input or output buffer
is nearly full, otherwise sftp-server would happily try to grow the
input/output buffers past the maximum supported by the buffer API and
promptly fatal()
based on patch from Thue Janus Kristensen; feedback & ok dtucker@
[sftp-server.c]
cast "%llu" format spec to (unsigned long long); do not assume a
u_int64_t arg is the same as 'unsigned long long'.
from Dmitry V. Levin <ldv@altlinux.org>
ok markus@ 'Yes, that looks correct' millert@
Darren Tucker
dtucker@openbsd.org
Damien Miller
logan@openbsd.org
deraadt@openbsd.org
djm@openbsd.org