Accepting request 645609 from home:elvigia:branches:network

- openssh-7.7p1-audit.patch: fix sshd fatal error in 
  mm_answer_keyverify: buffer error: incomplete message [bnc#1114008]

OBS-URL: https://build.opensuse.org/request/show/645609
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=162
This commit is contained in:
Tomáš Chvátal 2018-10-31 05:45:24 +00:00 committed by Git OBS Bridge
parent 5f87526504
commit 81347795a3
2 changed files with 21 additions and 11 deletions

View File

@ -1160,15 +1160,19 @@ Index: openssh-7.9p1/monitor.c
#endif #endif
#ifdef GSSAPI #ifdef GSSAPI
{MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx}, {MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
@@ -1379,6 +1397,7 @@ mm_answer_keyverify(int sock, struct ssh @@ -1379,8 +1397,10 @@ mm_answer_keyverify(int sock, struct ssh
char *sigalg; char *sigalg;
size_t signaturelen, datalen, bloblen; size_t signaturelen, datalen, bloblen;
int r, ret, valid_data = 0, encoded_ret; int r, ret, valid_data = 0, encoded_ret;
+ int type = 0; + int type = 0;
if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 || - if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
+ if ((r = sshbuf_get_u32(m, &type)) != 0 ||
+ (r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
(r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 || (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
@@ -1389,6 +1408,8 @@ mm_answer_keyverify(int sock, struct ssh (r = sshbuf_get_string(m, &data, &datalen)) != 0 ||
(r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)
@@ -1389,6 +1409,8 @@ mm_answer_keyverify(int sock, struct ssh
if (hostbased_cuser == NULL || hostbased_chost == NULL || if (hostbased_cuser == NULL || hostbased_chost == NULL ||
!monitor_allowed_key(blob, bloblen)) !monitor_allowed_key(blob, bloblen))
fatal("%s: bad key, not previously allowed", __func__); fatal("%s: bad key, not previously allowed", __func__);
@ -1177,7 +1181,7 @@ Index: openssh-7.9p1/monitor.c
/* Empty signature algorithm means NULL. */ /* Empty signature algorithm means NULL. */
if (*sigalg == '\0') { if (*sigalg == '\0') {
@@ -1403,22 +1424,25 @@ mm_answer_keyverify(int sock, struct ssh @@ -1403,22 +1425,25 @@ mm_answer_keyverify(int sock, struct ssh
switch (key_blobtype) { switch (key_blobtype) {
case MM_USERKEY: case MM_USERKEY:
valid_data = monitor_valid_userblob(data, datalen); valid_data = monitor_valid_userblob(data, datalen);
@ -1205,7 +1209,7 @@ Index: openssh-7.9p1/monitor.c
debug3("%s: %s %p signature %s", __func__, auth_method, key, debug3("%s: %s %p signature %s", __func__, auth_method, key,
(ret == 0) ? "verified" : "unverified"); (ret == 0) ? "verified" : "unverified");
auth2_record_key(authctxt, ret == 0, key); auth2_record_key(authctxt, ret == 0, key);
@@ -1478,6 +1502,12 @@ mm_session_close(Session *s) @@ -1478,6 +1503,12 @@ mm_session_close(Session *s)
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
session_pty_cleanup2(s); session_pty_cleanup2(s);
} }
@ -1218,7 +1222,7 @@ Index: openssh-7.9p1/monitor.c
session_unused(s->self); session_unused(s->self);
} }
@@ -1586,6 +1616,8 @@ mm_answer_term(int sock, struct sshbuf * @@ -1586,6 +1617,8 @@ mm_answer_term(int sock, struct sshbuf *
sshpam_cleanup(); sshpam_cleanup();
#endif #endif
@ -1227,7 +1231,7 @@ Index: openssh-7.9p1/monitor.c
while (waitpid(pmonitor->m_pid, &status, 0) == -1) while (waitpid(pmonitor->m_pid, &status, 0) == -1)
if (errno != EINTR) if (errno != EINTR)
exit(1); exit(1);
@@ -1632,14 +1664,50 @@ mm_answer_audit_command(int socket, stru @@ -1632,14 +1665,50 @@ mm_answer_audit_command(int socket, stru
{ {
char *cmd; char *cmd;
int r; int r;
@ -1281,7 +1285,7 @@ Index: openssh-7.9p1/monitor.c
} }
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
@@ -1701,6 +1769,7 @@ monitor_apply_keystate(struct monitor *p @@ -1701,6 +1770,7 @@ monitor_apply_keystate(struct monitor *p
void void
mm_get_keystate(struct monitor *pmonitor) mm_get_keystate(struct monitor *pmonitor)
{ {
@ -1289,7 +1293,7 @@ Index: openssh-7.9p1/monitor.c
debug3("%s: Waiting for new keys", __func__); debug3("%s: Waiting for new keys", __func__);
if ((child_state = sshbuf_new()) == NULL) if ((child_state = sshbuf_new()) == NULL)
@@ -1708,6 +1777,19 @@ mm_get_keystate(struct monitor *pmonitor @@ -1708,6 +1778,19 @@ mm_get_keystate(struct monitor *pmonitor
mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT,
child_state); child_state);
debug3("%s: GOT new keys", __func__); debug3("%s: GOT new keys", __func__);
@ -1309,7 +1313,7 @@ Index: openssh-7.9p1/monitor.c
} }
@@ -1909,7 +1991,7 @@ mm_answer_gss_sign(int socket, struct ss @@ -1909,7 +1992,7 @@ mm_answer_gss_sign(int socket, struct ss
fatal("In GSSAPI monitor when GSSAPI is disabled"); fatal("In GSSAPI monitor when GSSAPI is disabled");
if ((r = sshbuf_get_string(m, (u_char **)&data.value, &data.length)) != 0) if ((r = sshbuf_get_string(m, (u_char **)&data.value, &data.length)) != 0)
@ -1318,7 +1322,7 @@ Index: openssh-7.9p1/monitor.c
if (data.length != 20) if (data.length != 20)
fatal("%s: data length incorrect: %d", __func__, fatal("%s: data length incorrect: %d", __func__,
(int) data.length); (int) data.length);
@@ -1966,3 +2048,102 @@ mm_answer_gss_updatecreds(int socket, st @@ -1966,3 +2049,102 @@ mm_answer_gss_updatecreds(int socket, st
} }
#endif /* GSSAPI */ #endif /* GSSAPI */

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Oct 31 00:27:41 UTC 2018 - Cristian Rodríguez <crrodriguez@opensuse.org>
- openssh-7.7p1-audit.patch: fix sshd fatal error in
mm_answer_keyverify: buffer error: incomplete message [bnc#1114008]
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 22 08:51:30 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> Mon Oct 22 08:51:30 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>