rpm/openssh
SHA256
1
0
Fork 0
forked from pool/openssh
Code Pull Requests Activity

Accepting request 689347 from home:vitezslav_cizek:branches:network

Browse Source 
- Fix a double free() in the KDF CAVS testing tool (bsc#1065237)
  * modify openssh-7.7p1-cavstest-kdf.patch

OBS-URL: https://build.opensuse.org/request/show/689347
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=187
This commit is contained in:
Vítězslav Čížek 2019-03-28 13:07:24 +00:00 committed by Git OBS Bridge
parent 8ca4d6f6f4
commit bd816c8da4
2 changed files with 19 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
openssh-7.7p1-cavstest-kdf.patch
View File

@ -2,15 +2,11 @@
# Parent 1e1d5a2ab8bddfc800f570755f9ea1addcc878c1 # Parent 1e1d5a2ab8bddfc800f570755f9ea1addcc878c1
CAVS test for KDF implementation in OpenSSH CAVS test for KDF implementation in OpenSSH
diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in Index: openssh-7.9p1/Makefile.in
--- openssh-7.7p1/Makefile.in ===================================================================
+++ openssh-7.7p1/Makefile.in --- openssh-7.9p1.orig/Makefile.in 2019-03-12 16:12:42.213142294 +0100
@@ -20,16 +20,17 @@ top_srcdir=@top_srcdir@ +++ openssh-7.9p1/Makefile.in 2019-03-28 13:49:37.150166231 +0100
DESTDIR= @@ -25,6 +25,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server
VPATH=@srcdir@
SSH_PROGRAM=@bindir@/ssh
ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign SSH_KEYSIGN=$(libexecdir)/ssh-keysign
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
CAVSTEST_CTR=$(libexecdir)/cavstest-ctr CAVSTEST_CTR=$(libexecdir)/cavstest-ctr
@ -18,17 +14,7 @@ diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in
PRIVSEP_PATH=@PRIVSEP_PATH@ PRIVSEP_PATH=@PRIVSEP_PATH@
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
STRIP_OPT=@STRIP_OPT@ STRIP_OPT=@STRIP_OPT@
TEST_SHELL=@TEST_SHELL@ @@ -63,7 +64,7 @@ MKDIR_P=@MKDIR_P@
PATHS= -DSSHDIR=\"$(sysconfdir)\" \
-D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
-D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \
@@ -58,17 +59,17 @@ ENT=@ENT@
XAUTH_PATH=@XAUTH_PATH@
LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
EXEEXT=@EXEEXT@
MANFMT=@MANFMT@
MKDIR_P=@MKDIR_P@
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
@ -37,17 +23,7 @@ diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in
XMSS_OBJS=\ XMSS_OBJS=\
ssh-xmss.o \ ssh-xmss.o \
sshkey-xmss.o \ @@ -211,6 +212,9 @@ sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sft
xmss_commons.o \
xmss_fast.o \
xmss_hash.o \
xmss_hash_address.o \
@@ -206,16 +207,19 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libss
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
# FIPS tests
cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-ctr.o cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a cavstest-ctr.o
$(LD) -o $@ cavstest-ctr.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(LD) -o $@ cavstest-ctr.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
@ -57,17 +33,7 @@ diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in
# test driver for the loginrec code - not built by default # test driver for the loginrec code - not built by default
logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
$(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
@@ -356,6 +360,7 @@ install-files:
$(MANPAGES): $(MANPAGES_IN)
if test "$(MANTYPE)" = "cat"; then \
manpage=$(srcdir)/`echo $@ | sed 's/\.[1-9]\.out$$/\.0/'`; \
else \
@@ -347,16 +351,17 @@ install-files:
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) cavstest-ctr$(EXEEXT) $(DESTDIR)$(libexecdir)/cavstest-ctr$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) cavstest-ctr$(EXEEXT) $(DESTDIR)$(libexecdir)/cavstest-ctr$(EXEEXT)
@ -75,16 +41,11 @@ diff --git a/openssh-7.7p1/Makefile.in b/openssh-7.7p1/Makefile.in
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
$(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1 Index: openssh-7.9p1/cavstest-kdf.c
$(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 ===================================================================
$(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
$(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5 +++ openssh-7.9p1/cavstest-kdf.c 2019-03-28 13:54:20.047709759 +0100
$(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 @@ -0,0 +1,384 @@
diff --git a/openssh-7.7p1/cavstest-kdf.c b/openssh-7.7p1/cavstest-kdf.c
new file mode 100644
--- /dev/null
+++ openssh-7.7p1/cavstest-kdf.c
@@ -0,0 +1,387 @@
+/* +/*
+ * Copyright (C) 2015, Stephan Mueller <smueller@chronox.de> + * Copyright (C) 2015, Stephan Mueller <smueller@chronox.de>
+ * + *
@ -364,9 +325,6 @@ new file mode 100644
+ hex, HEXOUTLEN, 0); + hex, HEXOUTLEN, 0);
+ printf("Integrity key (server to client) = %s\n", hex); + printf("Integrity key (server to client) = %s\n", hex);
+ +
+ free(keys_client);
+ free(keys_server);
+
+out: +out:
+ if (Kbn) + if (Kbn)
+ BN_free(Kbn); + BN_free(Kbn);

6
openssh.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Mar 28 12:55:13 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
- Fix a double free() in the KDF CAVS testing tool (bsc#1065237)
* modify openssh-7.7p1-cavstest-kdf.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Mar 12 15:16:20 UTC 2019 - Vítězslav Čížek <vcizek@suse.com> Tue Mar 12 15:16:20 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>