Accepting request 645609 from home:elvigia:branches:network
- openssh-7.7p1-audit.patch: fix sshd fatal error in mm_answer_keyverify: buffer error: incomplete message [bnc#1114008] OBS-URL: https://build.opensuse.org/request/show/645609 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=162
This commit is contained in:
parent
5f87526504
commit
81347795a3
@ -1160,15 +1160,19 @@ Index: openssh-7.9p1/monitor.c
|
|||||||
#endif
|
#endif
|
||||||
#ifdef GSSAPI
|
#ifdef GSSAPI
|
||||||
{MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
|
{MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
|
||||||
@@ -1379,6 +1397,7 @@ mm_answer_keyverify(int sock, struct ssh
|
@@ -1379,8 +1397,10 @@ mm_answer_keyverify(int sock, struct ssh
|
||||||
char *sigalg;
|
char *sigalg;
|
||||||
size_t signaturelen, datalen, bloblen;
|
size_t signaturelen, datalen, bloblen;
|
||||||
int r, ret, valid_data = 0, encoded_ret;
|
int r, ret, valid_data = 0, encoded_ret;
|
||||||
+ int type = 0;
|
+ int type = 0;
|
||||||
|
|
||||||
if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
|
- if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
|
||||||
|
+ if ((r = sshbuf_get_u32(m, &type)) != 0 ||
|
||||||
|
+ (r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
|
||||||
(r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
|
(r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
|
||||||
@@ -1389,6 +1408,8 @@ mm_answer_keyverify(int sock, struct ssh
|
(r = sshbuf_get_string(m, &data, &datalen)) != 0 ||
|
||||||
|
(r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)
|
||||||
|
@@ -1389,6 +1409,8 @@ mm_answer_keyverify(int sock, struct ssh
|
||||||
if (hostbased_cuser == NULL || hostbased_chost == NULL ||
|
if (hostbased_cuser == NULL || hostbased_chost == NULL ||
|
||||||
!monitor_allowed_key(blob, bloblen))
|
!monitor_allowed_key(blob, bloblen))
|
||||||
fatal("%s: bad key, not previously allowed", __func__);
|
fatal("%s: bad key, not previously allowed", __func__);
|
||||||
@ -1177,7 +1181,7 @@ Index: openssh-7.9p1/monitor.c
|
|||||||
|
|
||||||
/* Empty signature algorithm means NULL. */
|
/* Empty signature algorithm means NULL. */
|
||||||
if (*sigalg == '\0') {
|
if (*sigalg == '\0') {
|
||||||
@@ -1403,22 +1424,25 @@ mm_answer_keyverify(int sock, struct ssh
|
@@ -1403,22 +1425,25 @@ mm_answer_keyverify(int sock, struct ssh
|
||||||
switch (key_blobtype) {
|
switch (key_blobtype) {
|
||||||
case MM_USERKEY:
|
case MM_USERKEY:
|
||||||
valid_data = monitor_valid_userblob(data, datalen);
|
valid_data = monitor_valid_userblob(data, datalen);
|
||||||
@ -1205,7 +1209,7 @@ Index: openssh-7.9p1/monitor.c
|
|||||||
debug3("%s: %s %p signature %s", __func__, auth_method, key,
|
debug3("%s: %s %p signature %s", __func__, auth_method, key,
|
||||||
(ret == 0) ? "verified" : "unverified");
|
(ret == 0) ? "verified" : "unverified");
|
||||||
auth2_record_key(authctxt, ret == 0, key);
|
auth2_record_key(authctxt, ret == 0, key);
|
||||||
@@ -1478,6 +1502,12 @@ mm_session_close(Session *s)
|
@@ -1478,6 +1503,12 @@ mm_session_close(Session *s)
|
||||||
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
|
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
|
||||||
session_pty_cleanup2(s);
|
session_pty_cleanup2(s);
|
||||||
}
|
}
|
||||||
@ -1218,7 +1222,7 @@ Index: openssh-7.9p1/monitor.c
|
|||||||
session_unused(s->self);
|
session_unused(s->self);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1586,6 +1616,8 @@ mm_answer_term(int sock, struct sshbuf *
|
@@ -1586,6 +1617,8 @@ mm_answer_term(int sock, struct sshbuf *
|
||||||
sshpam_cleanup();
|
sshpam_cleanup();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -1227,7 +1231,7 @@ Index: openssh-7.9p1/monitor.c
|
|||||||
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
|
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
|
||||||
if (errno != EINTR)
|
if (errno != EINTR)
|
||||||
exit(1);
|
exit(1);
|
||||||
@@ -1632,14 +1664,50 @@ mm_answer_audit_command(int socket, stru
|
@@ -1632,14 +1665,50 @@ mm_answer_audit_command(int socket, stru
|
||||||
{
|
{
|
||||||
char *cmd;
|
char *cmd;
|
||||||
int r;
|
int r;
|
||||||
@ -1281,7 +1285,7 @@ Index: openssh-7.9p1/monitor.c
|
|||||||
}
|
}
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
|
|
||||||
@@ -1701,6 +1769,7 @@ monitor_apply_keystate(struct monitor *p
|
@@ -1701,6 +1770,7 @@ monitor_apply_keystate(struct monitor *p
|
||||||
void
|
void
|
||||||
mm_get_keystate(struct monitor *pmonitor)
|
mm_get_keystate(struct monitor *pmonitor)
|
||||||
{
|
{
|
||||||
@ -1289,7 +1293,7 @@ Index: openssh-7.9p1/monitor.c
|
|||||||
debug3("%s: Waiting for new keys", __func__);
|
debug3("%s: Waiting for new keys", __func__);
|
||||||
|
|
||||||
if ((child_state = sshbuf_new()) == NULL)
|
if ((child_state = sshbuf_new()) == NULL)
|
||||||
@@ -1708,6 +1777,19 @@ mm_get_keystate(struct monitor *pmonitor
|
@@ -1708,6 +1778,19 @@ mm_get_keystate(struct monitor *pmonitor
|
||||||
mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT,
|
mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT,
|
||||||
child_state);
|
child_state);
|
||||||
debug3("%s: GOT new keys", __func__);
|
debug3("%s: GOT new keys", __func__);
|
||||||
@ -1309,7 +1313,7 @@ Index: openssh-7.9p1/monitor.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -1909,7 +1991,7 @@ mm_answer_gss_sign(int socket, struct ss
|
@@ -1909,7 +1992,7 @@ mm_answer_gss_sign(int socket, struct ss
|
||||||
fatal("In GSSAPI monitor when GSSAPI is disabled");
|
fatal("In GSSAPI monitor when GSSAPI is disabled");
|
||||||
|
|
||||||
if ((r = sshbuf_get_string(m, (u_char **)&data.value, &data.length)) != 0)
|
if ((r = sshbuf_get_string(m, (u_char **)&data.value, &data.length)) != 0)
|
||||||
@ -1318,7 +1322,7 @@ Index: openssh-7.9p1/monitor.c
|
|||||||
if (data.length != 20)
|
if (data.length != 20)
|
||||||
fatal("%s: data length incorrect: %d", __func__,
|
fatal("%s: data length incorrect: %d", __func__,
|
||||||
(int) data.length);
|
(int) data.length);
|
||||||
@@ -1966,3 +2048,102 @@ mm_answer_gss_updatecreds(int socket, st
|
@@ -1966,3 +2049,102 @@ mm_answer_gss_updatecreds(int socket, st
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* GSSAPI */
|
#endif /* GSSAPI */
|
||||||
|
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 31 00:27:41 UTC 2018 - Cristian Rodríguez <crrodriguez@opensuse.org>
|
||||||
|
|
||||||
|
- openssh-7.7p1-audit.patch: fix sshd fatal error in
|
||||||
|
mm_answer_keyverify: buffer error: incomplete message [bnc#1114008]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Oct 22 08:51:30 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
Mon Oct 22 08:51:30 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user