jonathan/openssh
1
0
Fork 0
forked from rpms/openssh
Code Pull Requests Activity

Forbid shell metasymbols in username/hostname

Browse Source 
Resolves: RHEL-19788
This commit is contained in:
Dmitry Belyavskiy 2023-12-20 12:20:37 +01:00
parent 99988fba8f
commit 61a590faaf
2 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
openssh-9.6p1-CVE-2023-51385.patch Normal file
View File

@ -0,0 +1,57 @@
diff --git a/ssh.c b/ssh.c
index 35c48e62..48d93ddf 100644
--- a/ssh.c
+++ b/ssh.c
@@ -626,6 +626,41 @@ ssh_conn_info_free(struct ssh_conn_info *cinfo)
}
}
+static int
+valid_hostname(const char *s)
+{
+ size_t i;
+
+ if (*s == '-')
+ return 0;
+ for (i = 0; s[i] != 0; i++) {
+ if (strchr("'`\"$\\;&<>|(){}", s[i]) != NULL ||
+ isspace((u_char)s[i]) || iscntrl((u_char)s[i]))
+ return 0;
+ }
+ return 1;
+}
+
+static int
+valid_ruser(const char *s)
+{
+ size_t i;
+
+ if (*s == '-')
+ return 0;
+ for (i = 0; s[i] != 0; i++) {
+ if (strchr("'`\";&<>|(){}", s[i]) != NULL)
+ return 0;
+ /* Disallow '-' after whitespace */
+ if (isspace((u_char)s[i]) && s[i + 1] == '-')
+ return 0;
+ /* Disallow \ in last position */
+ if (s[i] == '\\' && s[i + 1] == '\0')
+ return 0;
+ }
+ return 1;
+}
+
/*
* Main program for the ssh client.
*/
@@ -1118,6 +1153,10 @@ main(int ac, char **av)
if (!host)
usage();
+ if (!valid_hostname(host))
+ fatal("hostname contains invalid characters");
+ if (options.user != NULL && !valid_ruser(options.user))
+ fatal("remote username contains invalid characters");
host_arg = xstrdup(host);
/* Initialize the command to execute on remote host. */

5
openssh.spec
View File

@ -288,6 +288,8 @@ Patch1015: openssh-9.3p1-upstream-cve-2023-38408.patch
Patch1017: openssh-9.4p2-limit-delay.patch Patch1017: openssh-9.4p2-limit-delay.patch
#upstream commit 1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 #upstream commit 1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5
Patch1018: openssh-9.6p1-CVE-2023-48795.patch Patch1018: openssh-9.6p1-CVE-2023-48795.patch
#upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a
Patch1019: openssh-9.6p1-CVE-2023-51385.patch
License: BSD License: BSD
Group: Applications/Internet Group: Applications/Internet
@ -533,6 +535,7 @@ popd
%patch1015 -p1 -b .cve-2023-38408 %patch1015 -p1 -b .cve-2023-38408
%patch1017 -p1 -b .limitdelay %patch1017 -p1 -b .limitdelay
%patch1018 -p1 -b .cve-2023-48795 %patch1018 -p1 -b .cve-2023-48795
%patch1019 -p1 -b .cve-2023-51385
autoreconf autoreconf
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@ -821,6 +824,8 @@ getent passwd sshd >/dev/null || \
* Thu Dec 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-22 * Thu Dec 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-22
- Fix Terrapin attack - Fix Terrapin attack
Resolves: RHEL-19308 Resolves: RHEL-19308
- Forbid shell metasymbols in username/hostname
Resolves: RHEL-19788
* Tue Nov 07 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-21 * Tue Nov 07 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-21
- Using DigestSign/DigestVerify functions for better FIPS compatibility - Using DigestSign/DigestVerify functions for better FIPS compatibility