Accepting request 645609 from home:elvigia:branches:network
- openssh-7.7p1-audit.patch: fix sshd fatal error in mm_answer_keyverify: buffer error: incomplete message [bnc#1114008] OBS-URL: https://build.opensuse.org/request/show/645609 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=162
This commit is contained in:
Tomáš Chvátal
Git OBS Bridge
parent
5f87526504
commit
81347795a3
@ -1160,15 +1160,19 @@ Index: openssh-7.9p1/monitor.c
|
||||
#endif
|
||||
#ifdef GSSAPI
|
||||
{MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
|
||||
@@ -1379,6 +1397,7 @@ mm_answer_keyverify(int sock, struct ssh
|
||||
@@ -1379,8 +1397,10 @@ mm_answer_keyverify(int sock, struct ssh
|
||||
char *sigalg;
|
||||
size_t signaturelen, datalen, bloblen;
|
||||
int r, ret, valid_data = 0, encoded_ret;
|
||||
+ int type = 0;
|
||||
|
||||
if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
|
||||
- if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
|
||||
+ if ((r = sshbuf_get_u32(m, &type)) != 0 ||
|
||||
+ (r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
|
||||
(r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
|
||||
@@ -1389,6 +1408,8 @@ mm_answer_keyverify(int sock, struct ssh
|
||||
(r = sshbuf_get_string(m, &data, &datalen)) != 0 ||
|
||||
(r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)
|
||||
@@ -1389,6 +1409,8 @@ mm_answer_keyverify(int sock, struct ssh
|
||||
if (hostbased_cuser == NULL || hostbased_chost == NULL ||
|
||||
!monitor_allowed_key(blob, bloblen))
|
||||
fatal("%s: bad key, not previously allowed", __func__);
|
||||
@ -1177,7 +1181,7 @@ Index: openssh-7.9p1/monitor.c
|
||||
|
||||
/* Empty signature algorithm means NULL. */
|
||||
if (*sigalg == '\0') {
|
||||
@@ -1403,22 +1424,25 @@ mm_answer_keyverify(int sock, struct ssh
|
||||
@@ -1403,22 +1425,25 @@ mm_answer_keyverify(int sock, struct ssh
|
||||
switch (key_blobtype) {
|
||||
case MM_USERKEY:
|
||||
valid_data = monitor_valid_userblob(data, datalen);
|
||||
@ -1205,7 +1209,7 @@ Index: openssh-7.9p1/monitor.c
|
||||
debug3("%s: %s %p signature %s", __func__, auth_method, key,
|
||||
(ret == 0) ? "verified" : "unverified");
|
||||
auth2_record_key(authctxt, ret == 0, key);
|
||||
@@ -1478,6 +1502,12 @@ mm_session_close(Session *s)
|
||||
@@ -1478,6 +1503,12 @@ mm_session_close(Session *s)
|
||||
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
|
||||
session_pty_cleanup2(s);
|
||||
}
|
||||
@ -1218,7 +1222,7 @@ Index: openssh-7.9p1/monitor.c
|
||||
session_unused(s->self);
|
||||
}
|
||||
|
||||
@@ -1586,6 +1616,8 @@ mm_answer_term(int sock, struct sshbuf *
|
||||
@@ -1586,6 +1617,8 @@ mm_answer_term(int sock, struct sshbuf *
|
||||
sshpam_cleanup();
|
||||
#endif
|
||||
|
||||
@ -1227,7 +1231,7 @@ Index: openssh-7.9p1/monitor.c
|
||||
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
|
||||
if (errno != EINTR)
|
||||
exit(1);
|
||||
@@ -1632,14 +1664,50 @@ mm_answer_audit_command(int socket, stru
|
||||
@@ -1632,14 +1665,50 @@ mm_answer_audit_command(int socket, stru
|
||||
{
|
||||
char *cmd;
|
||||
int r;
|
||||
@ -1281,7 +1285,7 @@ Index: openssh-7.9p1/monitor.c
|
||||
}
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
|
||||
@@ -1701,6 +1769,7 @@ monitor_apply_keystate(struct monitor *p
|
||||
@@ -1701,6 +1770,7 @@ monitor_apply_keystate(struct monitor *p
|
||||
void
|
||||
mm_get_keystate(struct monitor *pmonitor)
|
||||
{
|
||||
@ -1289,7 +1293,7 @@ Index: openssh-7.9p1/monitor.c
|
||||
debug3("%s: Waiting for new keys", __func__);
|
||||
|
||||
if ((child_state = sshbuf_new()) == NULL)
|
||||
@@ -1708,6 +1777,19 @@ mm_get_keystate(struct monitor *pmonitor
|
||||
@@ -1708,6 +1778,19 @@ mm_get_keystate(struct monitor *pmonitor
|
||||
mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT,
|
||||
child_state);
|
||||
debug3("%s: GOT new keys", __func__);
|
||||
@ -1309,7 +1313,7 @@ Index: openssh-7.9p1/monitor.c
|
||||
}
|
||||
|
||||
|
||||
@@ -1909,7 +1991,7 @@ mm_answer_gss_sign(int socket, struct ss
|
||||
@@ -1909,7 +1992,7 @@ mm_answer_gss_sign(int socket, struct ss
|
||||
fatal("In GSSAPI monitor when GSSAPI is disabled");
|
||||
|
||||
if ((r = sshbuf_get_string(m, (u_char **)&data.value, &data.length)) != 0)
|
||||
@ -1318,7 +1322,7 @@ Index: openssh-7.9p1/monitor.c
|
||||
if (data.length != 20)
|
||||
fatal("%s: data length incorrect: %d", __func__,
|
||||
(int) data.length);
|
||||
@@ -1966,3 +2048,102 @@ mm_answer_gss_updatecreds(int socket, st
|
||||
@@ -1966,3 +2049,102 @@ mm_answer_gss_updatecreds(int socket, st
|
||||
}
|
||||
|
||||
#endif /* GSSAPI */
|
||||
|
||||
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 31 00:27:41 UTC 2018 - Cristian Rodríguez <crrodriguez@opensuse.org>
|
||||
|
||||
- openssh-7.7p1-audit.patch: fix sshd fatal error in
|
||||
mm_answer_keyverify: buffer error: incomplete message [bnc#1114008]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 22 08:51:30 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user