upstream: fix a out-of-bounds read if the known_hosts file is #1948
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: C/C++ CI | |
| on: | |
| push: | |
| paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yml' ] | |
| pull_request: | |
| paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yml' ] | |
| jobs: | |
| ci: | |
| name: "${{ matrix.target }} ${{ matrix.config }}" | |
| if: github.repository != 'openssh/openssh-portable-selfhosted' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # First we test all OSes in the default configuration. | |
| target: | |
| - ubuntu-22.04 | |
| - ubuntu-latest | |
| - ubuntu-22.04-arm | |
| - ubuntu-24.04-arm | |
| - macos-13 | |
| - macos-14 | |
| - macos-15 | |
| - windows-2019 | |
| - windows-2022 | |
| config: [default] | |
| # Then we include any extra configs we want to test for specific VMs. | |
| # Valgrind slows things down quite a bit, so start them first. | |
| include: | |
| - { target: windows-2019, config: cygwin-release } | |
| - { target: windows-2022, config: cygwin-release } | |
| - { target: ubuntu-22.04, config: c89 } | |
| - { target: ubuntu-22.04, config: clang-11 } | |
| - { target: ubuntu-22.04, config: clang-12-Werror } | |
| - { target: ubuntu-22.04, config: clang-14 } | |
| - { target: ubuntu-22.04, config: clang-sanitize-address } | |
| - { target: ubuntu-22.04, config: clang-sanitize-undefined } | |
| - { target: ubuntu-22.04, config: gcc-9 } | |
| - { target: ubuntu-22.04, config: gcc-11-Werror } | |
| - { target: ubuntu-22.04, config: gcc-12-Werror } | |
| - { target: ubuntu-22.04, config: gcc-sanitize-address } | |
| - { target: ubuntu-22.04, config: gcc-sanitize-undefined } | |
| - { target: ubuntu-22.04, config: hardenedmalloc } | |
| - { target: ubuntu-22.04, config: heimdal } | |
| - { target: ubuntu-22.04, config: kitchensink } | |
| - { target: ubuntu-22.04, config: krb5 } | |
| - { target: ubuntu-22.04, config: libedit } | |
| - { target: ubuntu-22.04, config: pam } | |
| - { target: ubuntu-22.04, config: selinux } | |
| - { target: ubuntu-22.04, config: sk } | |
| - { target: ubuntu-22.04, config: valgrind-1 } | |
| - { target: ubuntu-22.04, config: valgrind-2 } | |
| - { target: ubuntu-22.04, config: valgrind-3 } | |
| - { target: ubuntu-22.04, config: valgrind-4 } | |
| - { target: ubuntu-22.04, config: valgrind-unit } | |
| - { target: ubuntu-22.04, config: without-openssl } | |
| - { target: ubuntu-latest, config: gcc-14 } | |
| - { target: ubuntu-latest, config: clang-15 } | |
| - { target: ubuntu-latest, config: clang-19 } | |
| - { target: ubuntu-latest, config: boringssl } | |
| - { target: ubuntu-latest, config: aws-lc } | |
| - { target: ubuntu-latest, config: libressl-master } | |
| - { target: ubuntu-latest, config: libressl-3.2.6 } | |
| - { target: ubuntu-latest, config: libressl-3.3.6 } | |
| - { target: ubuntu-latest, config: libressl-3.4.3 } | |
| - { target: ubuntu-latest, config: libressl-3.5.3 } | |
| - { target: ubuntu-latest, config: libressl-3.6.1 } | |
| - { target: ubuntu-latest, config: libressl-3.7.2 } | |
| - { target: ubuntu-latest, config: libressl-3.8.4 } | |
| - { target: ubuntu-latest, config: libressl-3.9.2 } | |
| - { target: ubuntu-latest, config: libressl-4.0.0 } | |
| - { target: ubuntu-latest, config: openssl-master } | |
| - { target: ubuntu-latest, config: openssl-noec } | |
| - { target: ubuntu-latest, config: openssl-1.1.1 } | |
| - { target: ubuntu-latest, config: openssl-1.1.1t } | |
| - { target: ubuntu-latest, config: openssl-1.1.1w } | |
| - { target: ubuntu-latest, config: openssl-3.0.0 } | |
| - { target: ubuntu-latest, config: openssl-3.0.15 } | |
| - { target: ubuntu-latest, config: openssl-3.1.0 } | |
| - { target: ubuntu-latest, config: openssl-3.1.7 } | |
| - { target: ubuntu-latest, config: openssl-3.2.3 } | |
| - { target: ubuntu-latest, config: openssl-3.3.2 } | |
| - { target: ubuntu-latest, config: openssl-3.4.0 } | |
| - { target: ubuntu-latest, config: openssl-1.1.1_stable } | |
| - { target: ubuntu-latest, config: openssl-3.0 } # stable branch | |
| - { target: ubuntu-latest, config: openssl-3.1 } # stable branch | |
| - { target: ubuntu-latest, config: openssl-3.2 } # stable branch | |
| - { target: ubuntu-latest, config: openssl-3.3 } # stable branch | |
| - { target: ubuntu-latest, config: putty-0.71 } | |
| - { target: ubuntu-latest, config: putty-0.72 } | |
| - { target: ubuntu-latest, config: putty-0.73 } | |
| - { target: ubuntu-latest, config: putty-0.74 } | |
| - { target: ubuntu-latest, config: putty-0.75 } | |
| - { target: ubuntu-latest, config: putty-0.76 } | |
| - { target: ubuntu-latest, config: putty-0.77 } | |
| - { target: ubuntu-latest, config: putty-0.78 } | |
| - { target: ubuntu-latest, config: putty-0.79 } | |
| - { target: ubuntu-latest, config: putty-0.80 } | |
| - { target: ubuntu-latest, config: putty-0.81 } | |
| - { target: ubuntu-latest, config: putty-0.82 } | |
| - { target: ubuntu-latest, config: putty-0.83 } | |
| - { target: ubuntu-latest, config: putty-snapshot } | |
| - { target: ubuntu-latest, config: zlib-develop } | |
| - { target: ubuntu-latest, config: tcmalloc } | |
| - { target: ubuntu-latest, config: musl } | |
| - { target: ubuntu-22.04-arm, config: kitchensink } | |
| - { target: ubuntu-24.04-arm, config: kitchensink } | |
| - { target: macos-13, config: pam } | |
| - { target: macos-14, config: pam } | |
| - { target: macos-15, config: pam } | |
| runs-on: ${{ matrix.target }} | |
| steps: | |
| - name: set cygwin git params | |
| if: ${{ startsWith(matrix.target, 'windows') }} | |
| run: git config --global core.autocrlf input | |
| - name: install cygwin | |
| if: ${{ startsWith(matrix.target, 'windows') }} | |
| uses: cygwin/cygwin-install-action@master | |
| - uses: actions/checkout@main | |
| - name: setup CI system | |
| run: sh ./.github/setup_ci.sh ${{ matrix.config }} | |
| - name: autoreconf | |
| run: sh -c autoreconf | |
| - name: configure | |
| run: sh ./.github/configure.sh ${{ matrix.config }} | |
| - name: save config | |
| uses: actions/upload-artifact@main | |
| with: | |
| name: ${{ matrix.target }}-${{ matrix.config }}-config | |
| path: config.h | |
| - name: make clean | |
| run: make clean | |
| - name: make | |
| run: make | |
| - name: make tests | |
| run: sh ./.github/run_test.sh ${{ matrix.config }} | |
| env: | |
| TEST_SSH_UNSAFE_PERMISSIONS: 1 | |
| TEST_SSH_HOSTBASED_AUTH: yes | |
| - name: save logs | |
| if: failure() | |
| uses: actions/upload-artifact@main | |
| with: | |
| name: ${{ matrix.target }}-${{ matrix.config }}-logs | |
| path: | | |
| config.h | |
| config.log | |
| regress/*.log | |
| regress/valgrind-out/ | |
| regress/asan.log.* | |
| regress/msan.log.* | |
| regress/log/* |