From bd816c8da45fcedc253ed47262ccd37fc7b28bef0ae0333008f721edb136d601 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=C4=9Bzslav=20=C4=8C=C3=AD=C5=BEek?= Date: Thu, 28 Mar 2019 13:07:24 +0000 Subject: [PATCH] Accepting request 689347 from home:vitezslav_cizek:branches:network - Fix a double free() in the KDF CAVS testing tool (bsc#1065237) * modify openssh-7.7p1-cavstest-kdf.patch OBS-URL: https://build.opensuse.org/request/show/689347 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=187 --- openssh-7.7p1-cavstest-kdf.patch | 68 ++++++-------------------------- openssh.changes | 6 +++ 2 files changed, 19 insertions(+), 55 deletions(-) diff --git a/openssh-7.7p1-cavstest-kdf.patch b/openssh-7.7p1-cavstest-kdf.patch index ec7117d..bca6c3b 100644 --- a/openssh-7.7p1-cavstest-kdf.patch +++ b/openssh-7.7p1-cavstest-kdf.patch @@ -2,15 +2,11 @@ # Parent 1e1d5a2ab8bddfc800f570755f9ea1addcc878c1 CAVS test for KDF implementation in OpenSSH -diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in ---- openssh-7.7p1/Makefile.in -+++ openssh-7.7p1/Makefile.in -@@ -20,16 +20,17 @@ top_srcdir=@top_srcdir@ - DESTDIR= - VPATH=@srcdir@ - SSH_PROGRAM=@bindir@/ssh - ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass - SFTP_SERVER=$(libexecdir)/sftp-server +Index: openssh-7.9p1/Makefile.in +=================================================================== +--- openssh-7.9p1.orig/Makefile.in 2019-03-12 16:12:42.213142294 +0100 ++++ openssh-7.9p1/Makefile.in 2019-03-28 13:49:37.150166231 +0100 +@@ -25,6 +25,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper CAVSTEST_CTR=$(libexecdir)/cavstest-ctr @@ -18,17 +14,7 @@ diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in PRIVSEP_PATH=@PRIVSEP_PATH@ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ STRIP_OPT=@STRIP_OPT@ - TEST_SHELL=@TEST_SHELL@ - - PATHS= -DSSHDIR=\"$(sysconfdir)\" \ - -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ - -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \ -@@ -58,17 +59,17 @@ ENT=@ENT@ - XAUTH_PATH=@XAUTH_PATH@ - LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ - EXEEXT=@EXEEXT@ - MANFMT=@MANFMT@ - MKDIR_P=@MKDIR_P@ +@@ -63,7 +64,7 @@ MKDIR_P=@MKDIR_P@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) @@ -37,17 +23,7 @@ diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in XMSS_OBJS=\ ssh-xmss.o \ - sshkey-xmss.o \ - xmss_commons.o \ - xmss_fast.o \ - xmss_hash.o \ - xmss_hash_address.o \ -@@ -206,16 +207,19 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libss - - sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o - $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) - - # FIPS tests +@@ -211,6 +212,9 @@ sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sft cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-ctr.o $(LD) -o $@ cavstest-ctr.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) @@ -57,17 +33,7 @@ diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in # test driver for the loginrec code - not built by default logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) - - $(MANPAGES): $(MANPAGES_IN) - if test "$(MANTYPE)" = "cat"; then \ - manpage=$(srcdir)/`echo $@ | sed 's/\.[1-9]\.out$$/\.0/'`; \ - else \ -@@ -347,16 +351,17 @@ install-files: - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT) - $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) +@@ -356,6 +360,7 @@ install-files: $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) cavstest-ctr$(EXEEXT) $(DESTDIR)$(libexecdir)/cavstest-ctr$(EXEEXT) @@ -75,16 +41,11 @@ diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 - $(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1 - $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 - $(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 - $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5 - $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 -diff --git a/openssh-7.7p1/cavstest-kdf.c b/openssh-7.7p1/cavstest-kdf.c -new file mode 100644 ---- /dev/null -+++ openssh-7.7p1/cavstest-kdf.c -@@ -0,0 +1,387 @@ +Index: openssh-7.9p1/cavstest-kdf.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssh-7.9p1/cavstest-kdf.c 2019-03-28 13:54:20.047709759 +0100 +@@ -0,0 +1,384 @@ +/* + * Copyright (C) 2015, Stephan Mueller + * @@ -364,9 +325,6 @@ new file mode 100644 + hex, HEXOUTLEN, 0); + printf("Integrity key (server to client) = %s\n", hex); + -+ free(keys_client); -+ free(keys_server); -+ +out: + if (Kbn) + BN_free(Kbn); diff --git a/openssh.changes b/openssh.changes index 47ed038..01de7d3 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Mar 28 12:55:13 UTC 2019 - Vítězslav Čížek + +- Fix a double free() in the KDF CAVS testing tool (bsc#1065237) + * modify openssh-7.7p1-cavstest-kdf.patch + ------------------------------------------------------------------- Tue Mar 12 15:16:20 UTC 2019 - Vítězslav Čížek