Accepting request 645609 from home:elvigia:branches:network

- openssh-7.7p1-audit.patch: fix sshd fatal error in 
  mm_answer_keyverify: buffer error: incomplete message [bnc#1114008]

OBS-URL: https://build.opensuse.org/request/show/645609
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=162
This commit is contained in:
Tomáš Chvátal 2018-10-31 05:45:24 +00:00 committed by Git OBS Bridge
parent 5f87526504
commit 81347795a3
2 changed files with 21 additions and 11 deletions

View File

@ -1160,15 +1160,19 @@ Index: openssh-7.9p1/monitor.c
#endif
#ifdef GSSAPI
{MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
@@ -1379,6 +1397,7 @@ mm_answer_keyverify(int sock, struct ssh
@@ -1379,8 +1397,10 @@ mm_answer_keyverify(int sock, struct ssh
char *sigalg;
size_t signaturelen, datalen, bloblen;
int r, ret, valid_data = 0, encoded_ret;
+ int type = 0;
if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
- if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
+ if ((r = sshbuf_get_u32(m, &type)) != 0 ||
+ (r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
(r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
@@ -1389,6 +1408,8 @@ mm_answer_keyverify(int sock, struct ssh
(r = sshbuf_get_string(m, &data, &datalen)) != 0 ||
(r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)
@@ -1389,6 +1409,8 @@ mm_answer_keyverify(int sock, struct ssh
if (hostbased_cuser == NULL || hostbased_chost == NULL ||
!monitor_allowed_key(blob, bloblen))
fatal("%s: bad key, not previously allowed", __func__);
@ -1177,7 +1181,7 @@ Index: openssh-7.9p1/monitor.c
/* Empty signature algorithm means NULL. */
if (*sigalg == '\0') {
@@ -1403,22 +1424,25 @@ mm_answer_keyverify(int sock, struct ssh
@@ -1403,22 +1425,25 @@ mm_answer_keyverify(int sock, struct ssh
switch (key_blobtype) {
case MM_USERKEY:
valid_data = monitor_valid_userblob(data, datalen);
@ -1205,7 +1209,7 @@ Index: openssh-7.9p1/monitor.c
debug3("%s: %s %p signature %s", __func__, auth_method, key,
(ret == 0) ? "verified" : "unverified");
auth2_record_key(authctxt, ret == 0, key);
@@ -1478,6 +1502,12 @@ mm_session_close(Session *s)
@@ -1478,6 +1503,12 @@ mm_session_close(Session *s)
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
session_pty_cleanup2(s);
}
@ -1218,7 +1222,7 @@ Index: openssh-7.9p1/monitor.c
session_unused(s->self);
}
@@ -1586,6 +1616,8 @@ mm_answer_term(int sock, struct sshbuf *
@@ -1586,6 +1617,8 @@ mm_answer_term(int sock, struct sshbuf *
sshpam_cleanup();
#endif
@ -1227,7 +1231,7 @@ Index: openssh-7.9p1/monitor.c
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
if (errno != EINTR)
exit(1);
@@ -1632,14 +1664,50 @@ mm_answer_audit_command(int socket, stru
@@ -1632,14 +1665,50 @@ mm_answer_audit_command(int socket, stru
{
char *cmd;
int r;
@ -1281,7 +1285,7 @@ Index: openssh-7.9p1/monitor.c
}
#endif /* SSH_AUDIT_EVENTS */
@@ -1701,6 +1769,7 @@ monitor_apply_keystate(struct monitor *p
@@ -1701,6 +1770,7 @@ monitor_apply_keystate(struct monitor *p
void
mm_get_keystate(struct monitor *pmonitor)
{
@ -1289,7 +1293,7 @@ Index: openssh-7.9p1/monitor.c
debug3("%s: Waiting for new keys", __func__);
if ((child_state = sshbuf_new()) == NULL)
@@ -1708,6 +1777,19 @@ mm_get_keystate(struct monitor *pmonitor
@@ -1708,6 +1778,19 @@ mm_get_keystate(struct monitor *pmonitor
mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT,
child_state);
debug3("%s: GOT new keys", __func__);
@ -1309,7 +1313,7 @@ Index: openssh-7.9p1/monitor.c
}
@@ -1909,7 +1991,7 @@ mm_answer_gss_sign(int socket, struct ss
@@ -1909,7 +1992,7 @@ mm_answer_gss_sign(int socket, struct ss
fatal("In GSSAPI monitor when GSSAPI is disabled");
if ((r = sshbuf_get_string(m, (u_char **)&data.value, &data.length)) != 0)
@ -1318,7 +1322,7 @@ Index: openssh-7.9p1/monitor.c
if (data.length != 20)
fatal("%s: data length incorrect: %d", __func__,
(int) data.length);
@@ -1966,3 +2048,102 @@ mm_answer_gss_updatecreds(int socket, st
@@ -1966,3 +2049,102 @@ mm_answer_gss_updatecreds(int socket, st
}
#endif /* GSSAPI */

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Oct 31 00:27:41 UTC 2018 - Cristian Rodríguez <crrodriguez@opensuse.org>
- openssh-7.7p1-audit.patch: fix sshd fatal error in
mm_answer_keyverify: buffer error: incomplete message [bnc#1114008]
-------------------------------------------------------------------
Mon Oct 22 08:51:30 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>