rpms/libssh
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS libssh-0.9.6-14.el8

Browse Source
This commit is contained in:
eabdullin 2024-03-27 19:59:42 +00:00
parent fa87722efb
commit 7ae10cb5a6
8 changed files with 6286 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

723
SOURCES/CVE-2023-48795.patch Normal file
View File

@ -0,0 +1,723 @@
From 87b93be5a2071be782aa84aa5a91544b18959d5e Mon Sep 17 00:00:00 2001
From: Aris Adamantiadis <aris@0xbadc0de.be>
Date: Tue, 12 Dec 2023 23:09:57 +0100
Subject: [PATCH 1/4] CVE-2023-48795: client side mitigation
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
include/libssh/packet.h | 1 +
include/libssh/session.h | 6 +++++
src/curve25519.c | 19 +++----------
src/dh-gex.c | 7 +----
src/dh.c | 17 +++---------
src/ecdh.c | 8 +-----
src/ecdh_crypto.c | 12 +++------
src/ecdh_gcrypt.c | 10 +++----
src/ecdh_mbedcrypto.c | 11 +++-----
src/kex.c | 34 +++++++++++++++++++----
src/packet.c | 58 ++++++++++++++++++++++++++++++++++++++++
src/packet_cb.c | 12 +++++++++
12 files changed, 126 insertions(+), 69 deletions(-)
diff --git a/include/libssh/packet.h b/include/libssh/packet.h
index 561bba8e..c6fbc3fc 100644
--- a/include/libssh/packet.h
+++ b/include/libssh/packet.h
@@ -63,6 +63,7 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info);
SSH_PACKET_CALLBACK(ssh_packet_kexdh_init);
#endif
+int ssh_packet_send_newkeys(ssh_session session);
int ssh_packet_send_unimplemented(ssh_session session, uint32_t seqnum);
int ssh_packet_parse_type(ssh_session session);
//int packet_flush(ssh_session session, int enforce_blocking);
diff --git a/include/libssh/session.h b/include/libssh/session.h
index 64e118ef..3cde0dd4 100644
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -80,6 +80,12 @@ enum ssh_pending_call_e {
* sending it twice during key exchange to simplify the state machine. */
#define SSH_SESSION_FLAG_KEXINIT_SENT 4
+/* The current SSH2 session implements the "strict KEX" feature and should behave
+ * differently on SSH2_MSG_NEWKEYS. */
+#define SSH_SESSION_FLAG_KEX_STRICT 0x0010
+/* Unexpected packets have been sent while the session was still unencrypted */
+#define SSH_SESSION_FLAG_KEX_TAINTED 0x0020
+
/* codes to use with ssh_handle_packets*() */
/* Infinite timeout */
#define SSH_TIMEOUT_INFINITE -1
diff --git a/src/curve25519.c b/src/curve25519.c
index 37654438..6b7b4238 100644
--- a/src/curve25519.c
+++ b/src/curve25519.c
@@ -335,16 +335,10 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_curve25519_reply){
}
/* Send the MSG_NEWKEYS */
- if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
- goto error;
- }
-
- rc=ssh_packet_send(session);
+ rc = ssh_packet_send_newkeys(session);
if (rc == SSH_ERROR) {
goto error;
}
-
- SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent");
session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
return SSH_PACKET_USED;
@@ -502,18 +496,13 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_curve25519_init){
return SSH_ERROR;
}
- /* Send the MSG_NEWKEYS */
- rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
- if (rc < 0) {
- goto error;
- }
-
session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
- rc = ssh_packet_send(session);
+
+ /* Send the MSG_NEWKEYS */
+ rc = ssh_packet_send_newkeys(session);
if (rc == SSH_ERROR) {
goto error;
}
- SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent");
return SSH_PACKET_USED;
error:
diff --git a/src/dh-gex.c b/src/dh-gex.c
index 4a298542..f1880270 100644
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -287,15 +287,10 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
}
/* Send the MSG_NEWKEYS */
- if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
- goto error;
- }
-
- rc = ssh_packet_send(session);
+ rc = ssh_packet_send_newkeys(session);
if (rc == SSH_ERROR) {
goto error;
}
- SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent");
session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
return SSH_PACKET_USED;
diff --git a/src/dh.c b/src/dh.c
index c265efcb..1d519c63 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -386,16 +386,10 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
}
/* Send the MSG_NEWKEYS */
- if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
- goto error;
- }
-
- rc=ssh_packet_send(session);
+ rc = ssh_packet_send_newkeys(session);
if (rc == SSH_ERROR) {
goto error;
}
-
- SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent");
session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
return SSH_PACKET_USED;
error:
@@ -532,15 +526,12 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
}
SSH_LOG(SSH_LOG_DEBUG, "Sent KEX_DH_[GEX]_REPLY");
- if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
- ssh_buffer_reinit(session->out_buffer);
- goto error;
- }
session->dh_handshake_state=DH_STATE_NEWKEYS_SENT;
- if (ssh_packet_send(session) == SSH_ERROR) {
+ /* Send the MSG_NEWKEYS */
+ rc = ssh_packet_send_newkeys(session);
+ if (rc == SSH_ERROR) {
goto error;
}
- SSH_LOG(SSH_LOG_PACKET, "SSH_MSG_NEWKEYS sent");
return SSH_OK;
error:
diff --git a/src/ecdh.c b/src/ecdh.c
index e5b11ba9..af80beec 100644
--- a/src/ecdh.c
+++ b/src/ecdh.c
@@ -93,16 +93,10 @@ SSH_PACKET_CALLBACK(ssh_packet_client_ecdh_reply){
}
/* Send the MSG_NEWKEYS */
- if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
- goto error;
- }
-
- rc=ssh_packet_send(session);
+ rc = ssh_packet_send_newkeys(session);
if (rc == SSH_ERROR) {
goto error;
}
-
- SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent");
session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
return SSH_PACKET_USED;
diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c
index a1de27fd..62578c1b 100644
--- a/src/ecdh_crypto.c
+++ b/src/ecdh_crypto.c
@@ -323,18 +323,12 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
goto error;
}
- /* Send the MSG_NEWKEYS */
- rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
- if (rc < 0) {
- goto error;
- }
-
session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
- rc = ssh_packet_send(session);
- if (rc == SSH_ERROR){
+ /* Send the MSG_NEWKEYS */
+ rc = ssh_packet_send_newkeys(session);
+ if (rc == SSH_ERROR) {
goto error;
}
- SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent");
return SSH_PACKET_USED;
error:
diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c
index d9c41bf9..dd4332d7 100644
--- a/src/ecdh_gcrypt.c
+++ b/src/ecdh_gcrypt.c
@@ -372,17 +372,13 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
goto out;
}
-
+ session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
/* Send the MSG_NEWKEYS */
- rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
- if (rc != SSH_OK) {
+ rc = ssh_packet_send_newkeys(session);
+ if (rc == SSH_ERROR) {
goto out;
}
- session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
- rc = ssh_packet_send(session);
- SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent");
-
out:
gcry_sexp_release(param);
gcry_sexp_release(key);
diff --git a/src/ecdh_mbedcrypto.c b/src/ecdh_mbedcrypto.c
index 718f1522..45251a42 100644
--- a/src/ecdh_mbedcrypto.c
+++ b/src/ecdh_mbedcrypto.c
@@ -300,16 +300,13 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
goto out;
}
- rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
- if (rc < 0) {
- rc = SSH_ERROR;
+ session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+ /* Send the MSG_NEWKEYS */
+ rc = ssh_packet_send_newkeys(session);
+ if (rc == SSH_ERROR) {
goto out;
}
- session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
- rc = ssh_packet_send(session);
- SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent");
-
out:
mbedtls_ecp_group_free(&grp);
if (rc == SSH_ERROR) {
diff --git a/src/kex.c b/src/kex.c
index 3e5ca6ad..0772cae8 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -163,6 +163,9 @@
/* RFC 8308 */
#define KEX_EXTENSION_CLIENT "ext-info-c"
+/* Strict kex mitigation against CVE-2023-48795 */
+#define KEX_STRICT_CLIENT "kex-strict-c-v00@openssh.com"
+#define KEX_STRICT_SERVER "kex-strict-s-v00@openssh.com"
/* Allowed algorithms in FIPS mode */
#define FIPS_ALLOWED_CIPHERS "aes256-gcm@openssh.com,"\
@@ -491,6 +494,27 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
session->first_kex_follows_guess_wrong ? "wrong" : "right");
}
+ /*
+ * handle the "strict KEX" feature. If supported by peer, then set up the
+ * flag and verify packet sequence numbers.
+ */
+ if (server_kex) {
+ ok = ssh_match_group(crypto->client_kex.methods[SSH_KEX],
+ KEX_STRICT_CLIENT);
+ if (ok) {
+ SSH_LOG(SSH_LOG_DEBUG, "Client supports strict kex, enabling.");
+ session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
+ }
+ } else {
+ /* client kex */
+ ok = ssh_match_group(crypto->server_kex.methods[SSH_KEX],
+ KEX_STRICT_SERVER);
+ if (ok) {
+ SSH_LOG(SSH_LOG_DEBUG, "Server supports strict kex, enabling.");
+ session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
+ }
+ }
+
if (server_kex) {
/*
* If client sent a ext-info-c message in the kex list, it supports
@@ -767,21 +791,21 @@ int ssh_set_client_kex(ssh_session session)
return SSH_OK;
}
- /* Here we append ext-info-c to the list of kex algorithms */
+ /* Here we append ext-info-c and kex-strict-c-v00@openssh.com to the list of kex algorithms */
kex = client->methods[SSH_KEX];
len = strlen(kex);
- if (len + strlen(KEX_EXTENSION_CLIENT) + 2 < len) {
+ /* Comma, comma, nul byte */
+ kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 + strlen(KEX_STRICT_CLIENT ) + 1;
+ if (kex_len >= MAX_PACKET_LEN) {
/* Overflow */
return SSH_ERROR;
}
- kex_len = len + strlen(KEX_EXTENSION_CLIENT) + 2; /* comma, NULL */
kex_tmp = realloc(kex, kex_len);
if (kex_tmp == NULL) {
- free(kex);
ssh_set_error_oom(session);
return SSH_ERROR;
}
- snprintf(kex_tmp + len, kex_len - len, ",%s", KEX_EXTENSION_CLIENT);
+ snprintf(kex_tmp + len, kex_len - len, ",%s,%s", KEX_EXTENSION_CLIENT, KEX_STRICT_CLIENT);
client->methods[SSH_KEX] = kex_tmp;
return SSH_OK;
diff --git a/src/packet.c b/src/packet.c
index ca7a03b7..82965fb3 100644
--- a/src/packet.c
+++ b/src/packet.c
@@ -1309,6 +1309,19 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
}
#endif /* WITH_ZLIB */
payloadsize = ssh_buffer_get_len(session->in_buffer);
+ if (session->recv_seq == UINT32_MAX) {
+ /* Overflowing sequence numbers is always fishy */
+ if (crypto == NULL) {
+ /* don't allow sequence number overflow when unencrypted */
+ ssh_set_error(session,
+ SSH_FATAL,
+ "Incoming sequence number overflow");
+ goto error;
+ } else {
+ SSH_LOG(SSH_LOG_WARNING,
+ "Incoming sequence number overflow");
+ }
+ }
session->recv_seq++;
if (crypto != NULL) {
struct ssh_cipher_struct *cipher = NULL;
@@ -1331,7 +1344,19 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
SSH_LOG(SSH_LOG_PACKET,
"packet: read type %hhd [len=%d,padding=%hhd,comp=%d,payload=%d]",
session->in_packet.type, packet_len, padding, compsize, payloadsize);
+ if (crypto == NULL) {
+ /* In strict kex, only a few packets are allowed. Taint the session
+ * if we received packets that are normally allowed but to be
+ * refused if we are in strict kex when KEX is over.
+ */
+ uint8_t type = session->in_packet.type;
+ if (type != SSH2_MSG_KEXINIT && type != SSH2_MSG_NEWKEYS &&
+ (type < SSH2_MSG_KEXDH_INIT ||
+ type > SSH2_MSG_KEX_DH_GEX_REQUEST)) {
+ session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
+ }
+ }
/* Check if the packet is expected */
filter_result = ssh_packet_incoming_filter(session);
@@ -1347,6 +1372,9 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
session->in_packet.type);
goto error;
case SSH_PACKET_UNKNOWN:
+ if (crypto == NULL) {
+ session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
+ }
ssh_packet_send_unimplemented(session, session->recv_seq - 1);
break;
}
@@ -1521,7 +1549,33 @@ void ssh_packet_process(ssh_session session, uint8_t type)
SSH_LOG(SSH_LOG_RARE, "Failed to send unimplemented: %s",
ssh_get_error(session));
}
+ if (session->current_crypto == NULL) {
+ session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
+ }
+ }
+}
+
+/** @internal
+ * @brief sends a SSH_MSG_NEWKEYS when enabling the new negotiated ciphers
+ * @param session the SSH session
+ * @return SSH_ERROR on error, else SSH_OK
+ */
+int ssh_packet_send_newkeys(ssh_session session)
+{
+ int rc;
+
+ /* Send the MSG_NEWKEYS */
+ rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+ if (rc < 0) {
+ return rc;
}
+
+ rc = ssh_packet_send(session);
+ if (rc == SSH_ERROR) {
+ return rc;
+ }
+ SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent");
+ return rc;
}
/** @internal
@@ -1829,6 +1883,10 @@ int ssh_packet_send(ssh_session session)
if (rc == SSH_OK && type == SSH2_MSG_NEWKEYS) {
struct ssh_iterator *it;
+ if (session->flags & SSH_SESSION_FLAG_KEX_STRICT) {
+ /* reset packet sequence number when running in strict kex mode */
+ session->send_seq = 0;
+ }
for (it = ssh_list_get_iterator(session->out_queue);
it != NULL;
it = ssh_list_get_iterator(session->out_queue)) {
diff --git a/src/packet_cb.c b/src/packet_cb.c
index 3e4d5f6d..a08f1d8a 100644
--- a/src/packet_cb.c
+++ b/src/packet_cb.c
@@ -110,6 +110,18 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
goto error;
}
+ if (session->flags & SSH_SESSION_FLAG_KEX_STRICT) {
+ /* reset packet sequence number when running in strict kex mode */
+ session->recv_seq = 0;
+ /* Check that we aren't tainted */
+ if (session->flags & SSH_SESSION_FLAG_KEX_TAINTED) {
+ ssh_set_error(session,
+ SSH_FATAL,
+ "Received unexpected packets in strict KEX mode.");
+ goto error;
+ }
+ }
+
if(session->server){
/* server things are done in server.c */
session->dh_handshake_state=DH_STATE_FINISHED;
--
2.41.0
From fd4948255560039b51c2d61f0a62784ed8b6f5a6 Mon Sep 17 00:00:00 2001
From: Aris Adamantiadis <aris@0xbadc0de.be>
Date: Tue, 12 Dec 2023 23:30:26 +0100
Subject: [PATCH 2/4] CVE-2023-48795: Server side mitigations
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
include/libssh/kex.h | 1 +
src/kex.c | 46 ++++++++++++++++++++++++++++++++++----------
src/server.c | 8 +++++++-
3 files changed, 44 insertions(+), 11 deletions(-)
diff --git a/include/libssh/kex.h b/include/libssh/kex.h
index 2ace69b6..40da4ef2 100644
--- a/include/libssh/kex.h
+++ b/include/libssh/kex.h
@@ -36,6 +36,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit);
int ssh_send_kex(ssh_session session);
void ssh_list_kex(struct ssh_kex_struct *kex);
int ssh_set_client_kex(ssh_session session);
+int ssh_kex_append_extensions(ssh_session session, struct ssh_kex_struct *pkex);
int ssh_kex_select_methods(ssh_session session);
int ssh_verify_existing_algo(enum ssh_kex_types_e algo, const char *name);
char *ssh_keep_known_algos(enum ssh_kex_types_e algo, const char *list);
diff --git a/src/kex.c b/src/kex.c
index 0772cae8..e37c176c 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -738,11 +738,8 @@ int ssh_set_client_kex(ssh_session session)
{
struct ssh_kex_struct *client = &session->next_crypto->client_kex;
const char *wanted;
- char *kex = NULL;
- char *kex_tmp = NULL;
int ok;
int i;
- size_t kex_len, len;
/* Skip if already set, for example for the rekey or when we do the guessing
* it could have been already used to make some protocol decisions. */
@@ -791,11 +788,33 @@ int ssh_set_client_kex(ssh_session session)
return SSH_OK;
}
- /* Here we append ext-info-c and kex-strict-c-v00@openssh.com to the list of kex algorithms */
- kex = client->methods[SSH_KEX];
+ ok = ssh_kex_append_extensions(session, client);
+ if (ok != SSH_OK){
+ return ok;
+ }
+
+ return SSH_OK;
+}
+
+int ssh_kex_append_extensions(ssh_session session, struct ssh_kex_struct *pkex)
+{
+ char *kex = NULL;
+ char *kex_tmp = NULL;
+ size_t kex_len, len;
+
+ /* Here we append ext-info-c and kex-strict-c-v00@openssh.com for client
+ * and kex-strict-s-v00@openssh.com for server to the list of kex algorithms
+ */
+ kex = pkex->methods[SSH_KEX];
len = strlen(kex);
- /* Comma, comma, nul byte */
- kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 + strlen(KEX_STRICT_CLIENT ) + 1;
+ if (session->server) {
+ /* Comma, nul byte */
+ kex_len = len + 1 + strlen(KEX_STRICT_SERVER) + 1;
+ } else {
+ /* Comma, comma, nul byte */
+ kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 +
+ strlen(KEX_STRICT_CLIENT) + 1;
+ }
if (kex_len >= MAX_PACKET_LEN) {
/* Overflow */
return SSH_ERROR;
@@ -805,9 +824,16 @@ int ssh_set_client_kex(ssh_session session)
ssh_set_error_oom(session);
return SSH_ERROR;
}
- snprintf(kex_tmp + len, kex_len - len, ",%s,%s", KEX_EXTENSION_CLIENT, KEX_STRICT_CLIENT);
- client->methods[SSH_KEX] = kex_tmp;
-
+ if (session->server){
+ snprintf(kex_tmp + len, kex_len - len, ",%s", KEX_STRICT_SERVER);
+ } else {
+ snprintf(kex_tmp + len,
+ kex_len - len,
+ ",%s,%s",
+ KEX_EXTENSION_CLIENT,
+ KEX_STRICT_CLIENT);
+ }
+ pkex->methods[SSH_KEX] = kex_tmp;
return SSH_OK;
}
diff --git a/src/server.c b/src/server.c
index ed73e7fb..35e84465 100644
--- a/src/server.c
+++ b/src/server.c
@@ -195,7 +195,13 @@ int server_set_kex(ssh_session session)
}
}
- return 0;
+ /* Do not append the extensions during rekey */
+ if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) {
+ return SSH_OK;
+ }
+
+ rc = ssh_kex_append_extensions(session, server);
+ return rc;
}
int ssh_server_init_kex(ssh_session session) {
--
2.41.0
From 03bbbc9e4c93aae2ccdd302d6123e4809be37746 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 14 Dec 2023 12:22:01 +0100
Subject: [PATCH 3/4] CVE-2023-48795: Strip extensions from both kex lists for
matching
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/kex.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/src/kex.c b/src/kex.c
index e37c176c..eea3604b 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -936,11 +936,19 @@ int ssh_kex_select_methods (ssh_session session)
enum ssh_key_exchange_e kex_type;
int i;
- /* Here we should drop the ext-info-c from the list so we avoid matching.
+ /* Here we should drop the extensions from the list so we avoid matching.
* it. We added it to the end, so we can just truncate the string here */
- ext_start = strstr(client->methods[SSH_KEX], ","KEX_EXTENSION_CLIENT);
- if (ext_start != NULL) {
- ext_start[0] = '\0';
+ if (session->client) {
+ ext_start = strstr(client->methods[SSH_KEX], "," KEX_EXTENSION_CLIENT);
+ if (ext_start != NULL) {
+ ext_start[0] = '\0';
+ }
+ }
+ if (session->server) {
+ ext_start = strstr(server->methods[SSH_KEX], "," KEX_STRICT_SERVER);
+ if (ext_start != NULL) {
+ ext_start[0] = '\0';
+ }
}
for (i = 0; i < SSH_KEX_METHODS; i++) {
--
2.41.0
From 768d1ed30cf4b3cb9628254ef3ee24b9c38abdbc Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 14 Dec 2023 12:47:48 +0100
Subject: [PATCH 4/4] CVE-2023-48795: tests: Adjust calculation to strict kex
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
tests/client/torture_rekey.c | 56 ++++++++++++++++++++----------------
1 file changed, 32 insertions(+), 24 deletions(-)
diff --git a/tests/client/torture_rekey.c b/tests/client/torture_rekey.c
index 13c9a7fe..bfb273af 100644
--- a/tests/client/torture_rekey.c
+++ b/tests/client/torture_rekey.c
@@ -148,6 +148,29 @@ static void torture_rekey_default(void **state)
ssh_disconnect(s->ssh.session);
}
+static void sanity_check_session(void **state)
+{
+ struct torture_state *s = *state;
+ struct ssh_crypto_struct *c = NULL;
+
+ c = s->ssh.session->current_crypto;
+ assert_non_null(c);
+ assert_int_equal(c->in_cipher->max_blocks,
+ bytes / c->in_cipher->blocksize);
+ assert_int_equal(c->out_cipher->max_blocks,
+ bytes / c->out_cipher->blocksize);
+ /* when strict kex is used, the newkeys reset the sequence number */
+ if ((s->ssh.session->flags & SSH_SESSION_FLAG_KEX_STRICT) != 0) {
+ assert_int_equal(c->out_cipher->packets, s->ssh.session->send_seq);
+ assert_int_equal(c->in_cipher->packets, s->ssh.session->recv_seq);
+ } else {
+ /* Otherwise we have less encrypted packets than transferred
+ * (first are not encrypted) */
+ assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
+ assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
+ }
+}
+
/* We lower the rekey limits manually and check that the rekey
* really happens when sending data
*/
@@ -166,16 +189,10 @@ static void torture_rekey_send(void **state)
rc = ssh_connect(s->ssh.session);
assert_ssh_return_code(s->ssh.session, rc);
- /* The blocks limit is set correctly */
- c = s->ssh.session->current_crypto;
- assert_int_equal(c->in_cipher->max_blocks,
- bytes / c->in_cipher->blocksize);
- assert_int_equal(c->out_cipher->max_blocks,
- bytes / c->out_cipher->blocksize);
- /* We should have less encrypted packets than transfered (first are not encrypted) */
- assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
- assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
+ sanity_check_session(state);
/* Copy the initial secret hash = session_id so we know we changed keys later */
+ c = s->ssh.session->current_crypto;
+ assert_non_null(c);
secret_hash = malloc(c->digest_len);
assert_non_null(secret_hash);
memcpy(secret_hash, c->secret_hash, c->digest_len);
@@ -272,14 +289,10 @@ static void torture_rekey_recv(void **state)
sftp_file file;
mode_t mask;
- /* The blocks limit is set correctly */
- c = s->ssh.session->current_crypto;
- assert_int_equal(c->in_cipher->max_blocks, bytes / c->in_cipher->blocksize);
- assert_int_equal(c->out_cipher->max_blocks, bytes / c->out_cipher->blocksize);
- /* We should have less encrypted packets than transfered (first are not encrypted) */
- assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
- assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
+ sanity_check_session(state);
/* Copy the initial secret hash = session_id so we know we changed keys later */
+ c = s->ssh.session->current_crypto;
+ assert_non_null(c);
secret_hash = malloc(c->digest_len);
assert_non_null(secret_hash);
memcpy(secret_hash, c->secret_hash, c->digest_len);
@@ -464,15 +477,10 @@ static void torture_rekey_different_kex(void **state)
assert_ssh_return_code(s->ssh.session, rc);
/* The blocks limit is set correctly */
- c = s->ssh.session->current_crypto;
- assert_int_equal(c->in_cipher->max_blocks,
- bytes / c->in_cipher->blocksize);
- assert_int_equal(c->out_cipher->max_blocks,
- bytes / c->out_cipher->blocksize);
- /* We should have less encrypted packets than transfered (first are not encrypted) */
- assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
- assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
+ sanity_check_session(state);
/* Copy the initial secret hash = session_id so we know we changed keys later */
+ c = s->ssh.session->current_crypto;
+ assert_non_null(c);
secret_hash = malloc(c->digest_len);
assert_non_null(secret_hash);
memcpy(secret_hash, c->secret_hash, c->digest_len);
--
2.41.0

1114
SOURCES/CVE-2023-6004.patch Normal file
View File

File diff suppressed because it is too large Load Diff

1577
SOURCES/CVE-2023-6918.patch Normal file
View File

File diff suppressed because it is too large Load Diff

86
SOURCES/auth_bypass.patch Normal file
View File

@ -0,0 +1,86 @@
diff --color -ru ../libssh-0.9.6/src/pki_crypto.c ./src/pki_crypto.c
--- ../libssh-0.9.6/src/pki_crypto.c 2023-04-27 12:59:08.463259052 +0200
+++ ./src/pki_crypto.c 2023-04-27 13:05:24.020610873 +0200
@@ -2291,8 +2291,12 @@
unsigned char *raw_sig_data = NULL;
unsigned int raw_sig_len;
+ /* Function return code
+ * Do not change this variable throughout the function until the signature
+ * is successfully verified!
+ */
int rc = SSH_ERROR;
- int evp_rc;
+ int ok;
if (pubkey == NULL || ssh_key_is_private(pubkey) || input == NULL ||
signature == NULL || (signature->raw_sig == NULL
@@ -2307,8 +2311,8 @@
}
/* Check if public key and hash type are compatible */
- rc = pki_key_check_hash_compatible(pubkey, signature->hash_type);
- if (rc != SSH_OK) {
+ ok = pki_key_check_hash_compatible(pubkey, signature->hash_type);
+ if (ok != SSH_OK) {
return SSH_ERROR;
}
@@ -2351,8 +2355,8 @@
}
/* Verify the signature */
- evp_rc = EVP_DigestVerifyInit(ctx, NULL, md, NULL, pkey);
- if (evp_rc != 1){
+ ok = EVP_DigestVerifyInit(ctx, NULL, md, NULL, pkey);
+ if (ok != 1){
SSH_LOG(SSH_LOG_TRACE,
"EVP_DigestVerifyInit() failed: %s",
ERR_error_string(ERR_get_error(), NULL));
@@ -2360,35 +2364,31 @@
}
#ifdef HAVE_OPENSSL_EVP_DIGESTVERIFY
- evp_rc = EVP_DigestVerify(ctx, raw_sig_data, raw_sig_len, input, input_len);
+ ok = EVP_DigestVerify(ctx, raw_sig_data, raw_sig_len, input, input_len);
#else
- evp_rc = EVP_DigestVerifyUpdate(ctx, input, input_len);
- if (evp_rc != 1) {
+ ok = EVP_DigestVerifyUpdate(ctx, input, input_len);
+ if (ok != 1) {
SSH_LOG(SSH_LOG_TRACE,
"EVP_DigestVerifyUpdate() failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto out;
}
- evp_rc = EVP_DigestVerifyFinal(ctx, raw_sig_data, raw_sig_len);
+ ok = EVP_DigestVerifyFinal(ctx, raw_sig_data, raw_sig_len);
#endif
- if (evp_rc == 1) {
- SSH_LOG(SSH_LOG_TRACE, "Signature valid");
- rc = SSH_OK;
- } else {
+ if (ok != 1) {
SSH_LOG(SSH_LOG_TRACE,
"Signature invalid: %s",
ERR_error_string(ERR_get_error(), NULL));
- rc = SSH_ERROR;
+ goto out;
}
+ SSH_LOG(SSH_LOG_TRACE, "Signature valid");
+ rc = SSH_OK;
+
out:
- if (ctx != NULL) {
- EVP_MD_CTX_free(ctx);
- }
- if (pkey != NULL) {
- EVP_PKEY_free(pkey);
- }
+ EVP_MD_CTX_free(ctx);
+ EVP_PKEY_free(pkey);
return rc;
}

228
SOURCES/covscan23.patch Normal file
View File

@ -0,0 +1,228 @@
diff --color -ru ../libssh-0.9.6/src/buffer.c ./src/buffer.c
--- ../libssh-0.9.6/src/buffer.c 2023-05-03 11:53:48.710217753 +0200
+++ ./src/buffer.c 2023-05-03 11:58:21.995200990 +0200
@@ -747,7 +747,8 @@
*/
int ssh_buffer_validate_length(struct ssh_buffer_struct *buffer, size_t len)
{
- if (buffer->pos + len < len || buffer->pos + len > buffer->used) {
+ if (buffer == NULL || buffer->pos + len < len ||
+ buffer->pos + len > buffer->used) {
return SSH_ERROR;
}
diff --color -ru ../libssh-0.9.6/src/gssapi.c ./src/gssapi.c
--- ../libssh-0.9.6/src/gssapi.c 2023-05-03 11:53:48.732217993 +0200
+++ ./src/gssapi.c 2023-05-03 11:58:21.976200782 +0200
@@ -437,11 +437,18 @@
hexa = ssh_get_hexa(output_token.value, output_token.length);
SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa);
SAFE_FREE(hexa);
- ssh_buffer_pack(session->out_buffer,
- "bdP",
- SSH2_MSG_USERAUTH_GSSAPI_TOKEN,
- output_token.length,
- (size_t)output_token.length, output_token.value);
+ rc = ssh_buffer_pack(session->out_buffer,
+ "bdP",
+ SSH2_MSG_USERAUTH_GSSAPI_TOKEN,
+ output_token.length,
+ (size_t)output_token.length, output_token.value);
+ if (rc != SSH_OK) {
+ ssh_set_error_oom(session);
+ ssh_auth_reply_default(session, 0);
+ ssh_gssapi_free(session);
+ session->gssapi = NULL;
+ return SSH_PACKET_USED;
+ }
ssh_packet_send(session);
}
@@ -846,6 +853,7 @@
}
SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
+ int rc;
ssh_string oid_s;
gss_uint32 maj_stat, min_stat;
gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
@@ -897,11 +905,15 @@
hexa = ssh_get_hexa(output_token.value, output_token.length);
SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s", hexa);
SAFE_FREE(hexa);
- ssh_buffer_pack(session->out_buffer,
- "bdP",
- SSH2_MSG_USERAUTH_GSSAPI_TOKEN,
- output_token.length,
- (size_t)output_token.length, output_token.value);
+ rc = ssh_buffer_pack(session->out_buffer,
+ "bdP",
+ SSH2_MSG_USERAUTH_GSSAPI_TOKEN,
+ output_token.length,
+ (size_t)output_token.length, output_token.value);
+ if (rc != SSH_OK) {
+ ssh_set_error_oom(session);
+ goto error;
+ }
ssh_packet_send(session);
session->auth.state = SSH_AUTH_STATE_GSSAPI_TOKEN;
}
@@ -963,6 +975,7 @@
}
SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
+ int rc;
ssh_string token;
char *hexa;
OM_uint32 maj_stat, min_stat;
@@ -1015,11 +1028,15 @@
hexa = ssh_get_hexa(output_token.value, output_token.length);
SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa);
SAFE_FREE(hexa);
- ssh_buffer_pack(session->out_buffer,
- "bdP",
- SSH2_MSG_USERAUTH_GSSAPI_TOKEN,
- output_token.length,
- (size_t)output_token.length, output_token.value);
+ rc = ssh_buffer_pack(session->out_buffer,
+ "bdP",
+ SSH2_MSG_USERAUTH_GSSAPI_TOKEN,
+ output_token.length,
+ (size_t)output_token.length, output_token.value);
+ if (rc != SSH_OK) {
+ ssh_set_error_oom(session);
+ goto error;
+ }
ssh_packet_send(session);
}
diff --color -ru ../libssh-0.9.6/src/options.c ./src/options.c
--- ../libssh-0.9.6/src/options.c 2021-08-26 14:27:42.000000000 +0200
+++ ./src/options.c 2023-05-03 11:58:22.000201044 +0200
@@ -547,7 +547,9 @@
}
i = strtol(q, &p, 10);
if (q == p) {
+ SSH_LOG(SSH_LOG_DEBUG, "No port number was parsed");
SAFE_FREE(q);
+ return -1;
}
SAFE_FREE(q);
if (i <= 0) {
@@ -743,7 +745,9 @@
}
i = strtol(q, &p, 10);
if (q == p) {
+ SSH_LOG(SSH_LOG_DEBUG, "No log verbositiy was parsed");
SAFE_FREE(q);
+ return -1;
}
SAFE_FREE(q);
if (i < 0) {
@@ -1818,7 +1822,9 @@
}
i = strtol(q, &p, 10);
if (q == p) {
- SAFE_FREE(q);
+ SSH_LOG(SSH_LOG_DEBUG, "No bind port was parsed");
+ SAFE_FREE(q);
+ return -1;
}
SAFE_FREE(q);
@@ -1845,7 +1851,9 @@
}
i = strtol(q, &p, 10);
if (q == p) {
- SAFE_FREE(q);
+ SSH_LOG(SSH_LOG_DEBUG, "No log verbositiy was parsed");
+ SAFE_FREE(q);
+ return -1;
}
SAFE_FREE(q);
diff --color -ru ../libssh-0.9.6/src/pki_container_openssh.c ./src/pki_container_openssh.c
--- ../libssh-0.9.6/src/pki_container_openssh.c 2023-05-03 11:53:48.713217785 +0200
+++ ./src/pki_container_openssh.c 2023-05-03 11:58:21.976200782 +0200
@@ -630,7 +630,11 @@
goto error;
}
- ssh_buffer_pack(kdf_buf, "Sd", salt, rounds);
+ rc = ssh_buffer_pack(kdf_buf, "Sd", salt, rounds);
+ if (rc != SSH_OK) {
+ SSH_BUFFER_FREE(kdf_buf);
+ goto error;
+ }
kdf_options = ssh_string_new(ssh_buffer_get_len(kdf_buf));
if (kdf_options == NULL){
SSH_BUFFER_FREE(kdf_buf);
diff --color -ru ../libssh-0.9.6/tests/unittests/torture_options.c ./tests/unittests/torture_options.c
--- ../libssh-0.9.6/tests/unittests/torture_options.c 2021-08-26 14:27:42.000000000 +0200
+++ ./tests/unittests/torture_options.c 2023-05-03 11:59:21.726853027 +0200
@@ -311,6 +311,7 @@
rc = ssh_options_set(session, SSH_OPTIONS_PORT_STR, "five");
assert_true(rc == -1);
+ assert_int_not_equal(session->opts.port, 0);
rc = ssh_options_set(session, SSH_OPTIONS_PORT, NULL);
assert_true(rc == -1);
@@ -853,6 +854,26 @@
ssh_free(new);
}
+static void torture_options_set_verbosity (void **state)
+{
+ ssh_session session = *state;
+ int rc, new_level;
+
+ rc = ssh_options_set(session,
+ SSH_OPTIONS_LOG_VERBOSITY_STR,
+ "3");
+ assert_int_equal(rc, SSH_OK);
+ new_level = ssh_get_log_level();
+ assert_int_equal(new_level, SSH_LOG_PACKET);
+
+ rc = ssh_options_set(session,
+ SSH_OPTIONS_LOG_VERBOSITY_STR,
+ "datsun");
+ assert_int_equal(rc, -1);
+ new_level = ssh_get_log_level();
+ assert_int_not_equal(new_level, 0);
+}
+
#ifdef WITH_SERVER
const char template[] = "temp_dir_XXXXXX";
@@ -1107,6 +1128,10 @@
rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDPORT_STR, "23");
assert_int_equal(rc, 0);
assert_int_equal(bind->bindport, 23);
+
+ rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDPORT_STR, "twentythree");
+ assert_int_equal(rc, -1);
+ assert_int_not_equal(bind->bindport, 0);
}
static void torture_bind_options_log_verbosity(void **state)
@@ -1156,6 +1181,11 @@
new_level = ssh_get_log_level();
assert_int_equal(new_level, SSH_LOG_PACKET);
+ rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "verbosity");
+ assert_int_equal(rc, -1);
+ new_level = ssh_get_log_level();
+ assert_int_not_equal(new_level, 0);
+
rc = ssh_set_log_level(previous_level);
assert_int_equal(rc, SSH_OK);
}
@@ -1643,6 +1673,7 @@
cmocka_unit_test_setup_teardown(torture_options_config_host, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_config_match,
setup, teardown),
+ cmocka_unit_test_setup_teardown(torture_options_set_verbosity, setup, teardown),
};
#ifdef WITH_SERVER

668
SOURCES/fix_tests.patch Normal file
View File

@ -0,0 +1,668 @@
diff --color -ru ../libssh-0.9.6/examples/sshnetcat.c ./examples/sshnetcat.c
--- ../libssh-0.9.6/examples/sshnetcat.c 2021-08-26 14:27:42.000000000 +0200
+++ ./examples/sshnetcat.c 2023-05-02 10:36:00.793381735 +0200
@@ -233,9 +233,10 @@
}
void cleanup_pcap(void);
-void cleanup_pcap(){
+void cleanup_pcap(void)
+{
ssh_pcap_file_free(pcap);
- pcap=NULL;
+ pcap = NULL;
}
#endif
diff --color -ru ../libssh-0.9.6/src/init.c ./src/init.c
--- ../libssh-0.9.6/src/init.c 2021-03-15 08:11:33.000000000 +0100
+++ ./src/init.c 2023-05-02 10:36:00.793381735 +0200
@@ -269,7 +269,7 @@
*
* @see ssh_init()
*/
-bool is_ssh_initialized() {
+bool is_ssh_initialized(void) {
bool is_initialized = false;
diff --color -ru ../libssh-0.9.6/tests/client/torture_auth.c ./tests/client/torture_auth.c
--- ../libssh-0.9.6/tests/client/torture_auth.c 2021-08-26 14:27:42.000000000 +0200
+++ ./tests/client/torture_auth.c 2023-05-02 10:36:00.815381960 +0200
@@ -200,7 +200,8 @@
assert_non_null(ssh_agent_pidfile);
/* kill agent pid */
- torture_terminate_process(ssh_agent_pidfile);
+ rc = torture_terminate_process(ssh_agent_pidfile);
+ assert_return_code(rc, errno);
unlink(ssh_agent_pidfile);
@@ -551,6 +552,7 @@
static void torture_auth_agent_cert(void **state)
{
+#if OPENSSH_VERSION_MAJOR < 8 || (OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR == 0)
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
@@ -570,6 +572,7 @@
"ssh-rsa-cert-v01@openssh.com");
assert_int_equal(rc, SSH_OK);
}
+#endif /* OPENSSH_VERSION_MAJOR < 8.1 */
/* Setup loads a different key, tests are exactly the same. */
torture_auth_agent(state);
@@ -577,6 +580,7 @@
static void torture_auth_agent_cert_nonblocking(void **state)
{
+#if OPENSSH_VERSION_MAJOR < 8 || (OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR == 0)
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
@@ -596,6 +600,7 @@
"ssh-rsa-cert-v01@openssh.com");
assert_int_equal(rc, SSH_OK);
}
+#endif /* OPENSSH_VERSION_MAJOR < 8.1 */
torture_auth_agent_nonblocking(state);
}
diff --color -ru ../libssh-0.9.6/tests/client/torture_rekey.c ./tests/client/torture_rekey.c
--- ../libssh-0.9.6/tests/client/torture_rekey.c 2023-04-28 17:26:41.472315318 +0200
+++ ./tests/client/torture_rekey.c 2023-05-02 10:36:00.805381857 +0200
@@ -38,6 +38,8 @@
#include <fcntl.h>
#include <pwd.h>
+#define KEX_RETRY 32
+
static uint64_t bytes = 2048; /* 2KB (more than the authentication phase) */
static int sshd_setup(void **state)
@@ -190,10 +192,11 @@
rc = ssh_userauth_publickey_auto(s->ssh.session, NULL, NULL);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
- /* send ignore packets of up to 1KB to trigger rekey */
+ /* send ignore packets of up to 1KB to trigger rekey. Send little bit more
+ * to make sure it completes with all different ciphers */
memset(data, 0, sizeof(data));
memset(data, 'A', 128);
- for (i = 0; i < 16; i++) {
+ for (i = 0; i < KEX_RETRY; i++) {
ssh_send_ignore(s->ssh.session, data);
ssh_handle_packets(s->ssh.session, 50);
}
@@ -496,9 +499,15 @@
* to make sure the rekey it completes with all different ciphers (paddings */
memset(data, 0, sizeof(data));
memset(data, 'A', 128);
- for (i = 0; i < 20; i++) {
+ for (i = 0; i < KEX_RETRY; i++) {
ssh_send_ignore(s->ssh.session, data);
- ssh_handle_packets(s->ssh.session, 50);
+ ssh_handle_packets(s->ssh.session, 100);
+
+ c = s->ssh.session->current_crypto;
+ /* SHA256 len */
+ if (c->digest_len != 32) {
+ break;
+ }
}
/* The rekey limit was restored in the new crypto to the same value */
@@ -568,9 +577,15 @@
* to make sure the rekey it completes with all different ciphers (paddings */
memset(data, 0, sizeof(data));
memset(data, 'A', 128);
- for (i = 0; i < 25; i++) {
+ for (i = 0; i < KEX_RETRY; i++) {
ssh_send_ignore(s->ssh.session, data);
- ssh_handle_packets(s->ssh.session, 50);
+ ssh_handle_packets(s->ssh.session, 100);
+
+ c = s->ssh.session->current_crypto;
+ /* SHA256 len */
+ if (c->digest_len != 32) {
+ break;
+ }
}
/* Check that the secret hash is different than initially */
diff --color -ru ../libssh-0.9.6/tests/CMakeLists.txt ./tests/CMakeLists.txt
--- ../libssh-0.9.6/tests/CMakeLists.txt 2021-08-26 14:27:42.000000000 +0200
+++ ./tests/CMakeLists.txt 2023-05-02 10:32:03.964511860 +0200
@@ -153,6 +153,17 @@
execute_process(COMMAND ${ID_EXECUTABLE} -u OUTPUT_VARIABLE LOCAL_UID OUTPUT_STRIP_TRAILING_WHITESPACE)
endif()
+ find_program(TIMEOUT_EXECUTABLE
+ NAME
+ timeout
+ PATHS
+ /bin
+ /usr/bin
+ /usr/local/bin)
+ if (TIMEOUT_EXECUTABLE)
+ set(WITH_TIMEOUT "1")
+ endif()
+
# chroot_wrapper
add_library(chroot_wrapper SHARED chroot_wrapper.c)
set(CHROOT_WRAPPER_LIBRARY ${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}chroot_wrapper${CMAKE_SHARED_LIBRARY_SUFFIX})
diff --color -ru ../libssh-0.9.6/tests/pkd/pkd_keyutil.c ./tests/pkd/pkd_keyutil.c
--- ../libssh-0.9.6/tests/pkd/pkd_keyutil.c 2021-03-15 08:11:33.000000000 +0100
+++ ./tests/pkd/pkd_keyutil.c 2023-05-02 10:36:00.793381735 +0200
@@ -22,7 +22,7 @@
#include "pkd_keyutil.h"
#include "pkd_util.h"
-void setup_rsa_key() {
+void setup_rsa_key(void) {
int rc = 0;
if (access(LIBSSH_RSA_TESTKEY, F_OK) != 0) {
rc = system_checked(OPENSSH_KEYGEN " -t rsa -q -N \"\" -f "
@@ -31,7 +31,7 @@
assert_int_equal(rc, 0);
}
-void setup_ed25519_key() {
+void setup_ed25519_key(void) {
int rc = 0;
if (access(LIBSSH_ED25519_TESTKEY, F_OK) != 0) {
rc = system_checked(OPENSSH_KEYGEN " -t ed25519 -q -N \"\" -f "
@@ -41,7 +41,7 @@
}
#ifdef HAVE_DSA
-void setup_dsa_key() {
+void setup_dsa_key(void) {
int rc = 0;
if (access(LIBSSH_DSA_TESTKEY, F_OK) != 0) {
rc = system_checked(OPENSSH_KEYGEN " -t dsa -q -N \"\" -f "
@@ -51,7 +51,7 @@
}
#endif
-void setup_ecdsa_keys() {
+void setup_ecdsa_keys(void) {
int rc = 0;
if (access(LIBSSH_ECDSA_256_TESTKEY, F_OK) != 0) {
@@ -71,27 +71,27 @@
}
}
-void cleanup_rsa_key() {
+void cleanup_rsa_key(void) {
cleanup_key(LIBSSH_RSA_TESTKEY);
}
-void cleanup_ed25519_key() {
+void cleanup_ed25519_key(void) {
cleanup_key(LIBSSH_ED25519_TESTKEY);
}
#ifdef HAVE_DSA
-void cleanup_dsa_key() {
+void cleanup_dsa_key(void) {
cleanup_key(LIBSSH_DSA_TESTKEY);
}
#endif
-void cleanup_ecdsa_keys() {
+void cleanup_ecdsa_keys(void) {
cleanup_key(LIBSSH_ECDSA_256_TESTKEY);
cleanup_key(LIBSSH_ECDSA_384_TESTKEY);
cleanup_key(LIBSSH_ECDSA_521_TESTKEY);
}
-void setup_openssh_client_keys() {
+void setup_openssh_client_keys(void) {
int rc = 0;
if (access(OPENSSH_CA_TESTKEY, F_OK) != 0) {
@@ -184,7 +184,7 @@
}
}
-void cleanup_openssh_client_keys() {
+void cleanup_openssh_client_keys(void) {
cleanup_key(OPENSSH_CA_TESTKEY);
cleanup_key(OPENSSH_RSA_TESTKEY);
cleanup_file(OPENSSH_RSA_TESTKEY "-sha256-cert.pub");
@@ -199,7 +199,7 @@
}
}
-void setup_dropbear_client_rsa_key() {
+void setup_dropbear_client_rsa_key(void) {
int rc = 0;
if (access(DROPBEAR_RSA_TESTKEY, F_OK) != 0) {
rc = system_checked(DROPBEAR_KEYGEN " -t rsa -f "
@@ -208,6 +208,6 @@
assert_int_equal(rc, 0);
}
-void cleanup_dropbear_client_rsa_key() {
+void cleanup_dropbear_client_rsa_key(void) {
unlink(DROPBEAR_RSA_TESTKEY);
}
diff --color -ru ../libssh-0.9.6/tests/server/torture_server_config.c ./tests/server/torture_server_config.c
--- ../libssh-0.9.6/tests/server/torture_server_config.c 2021-08-26 14:27:42.000000000 +0200
+++ ./tests/server/torture_server_config.c 2023-05-02 10:36:00.815381960 +0200
@@ -285,9 +285,7 @@
assert_non_null(s);
rc = torture_terminate_process(s->srv_pidfile);
- if (rc != 0) {
- fprintf(stderr, "XXXXXX Failed to terminate sshd\n");
- }
+ assert_return_code(rc, errno);
unlink(s->srv_pidfile);
@@ -513,6 +511,12 @@
/* Try each algorithm individually */
j = 0;
while(tokens->tokens[j] != NULL) {
+ char *cmp = strstr(OPENSSH_CIPHERS, tokens->tokens[j]);
+ if (cmp == NULL) {
+ /* This cipher is not supported by the OpenSSH. Skip it */
+ j++;
+ continue;
+ }
snprintf(config_content,
sizeof(config_content),
"HostKey %s\nCiphers %s\n",
diff --color -ru ../libssh-0.9.6/tests/tests_config.h.cmake ./tests/tests_config.h.cmake
--- ../libssh-0.9.6/tests/tests_config.h.cmake 2021-08-26 14:27:42.000000000 +0200
+++ ./tests/tests_config.h.cmake 2023-05-02 10:32:03.964511860 +0200
@@ -66,4 +66,6 @@
#cmakedefine NC_EXECUTABLE "${NC_EXECUTABLE}"
#cmakedefine SSHD_EXECUTABLE "${SSHD_EXECUTABLE}"
-#cmakedefine SSH_EXECUTABLE "${SSH_EXECUTABLE}"
\ No newline at end of file
+#cmakedefine SSH_EXECUTABLE "${SSH_EXECUTABLE}"
+#cmakedefine WITH_TIMEOUT ${WITH_TIMEOUT}
+#cmakedefine TIMEOUT_EXECUTABLE "${TIMEOUT_EXECUTABLE}"
diff --color -ru ../libssh-0.9.6/tests/torture.c ./tests/torture.c
--- ../libssh-0.9.6/tests/torture.c 2021-08-26 14:27:44.000000000 +0200
+++ ./tests/torture.c 2023-05-02 10:36:00.815381960 +0200
@@ -51,6 +51,7 @@
#include "torture.h"
#include "torture_key.h"
#include "libssh/misc.h"
+#include "libssh/token.h"
#define TORTURE_SSHD_SRV_IPV4 "127.0.0.10"
/* socket wrapper IPv6 prefix fd00::5357:5fxx */
@@ -250,8 +251,12 @@
rc = kill(pid, 0);
if (rc != 0) {
- is_running = 0;
- break;
+ /* Process not found */
+ if (errno == ESRCH) {
+ is_running = 0;
+ rc = 0;
+ break;
+ }
}
}
@@ -260,7 +265,7 @@
"WARNING: The process with pid %u is still running!\n", pid);
}
- return 0;
+ return rc;
}
ssh_session torture_ssh_session(struct torture_state *s,
@@ -611,6 +616,112 @@
*state = s;
}
+/**
+ * @brief Create a libssh server configuration file
+ *
+ * It is expected the socket directory to be already created before by calling
+ * torture_setup_socket_dir(). The created configuration file will be stored in
+ * the socket directory and the srv_config pointer in the state will be
+ * initialized.
+ *
+ * @param[in] state A pointer to a pointer to an initialized torture_state
+ * structure
+ */
+void torture_setup_create_libssh_config(void **state)
+{
+ struct torture_state *s = *state;
+ char ed25519_hostkey[1024] = {0};
+#ifdef HAVE_DSA
+ char dsa_hostkey[1024];
+#endif /* HAVE_DSA */
+ char rsa_hostkey[1024];
+ char ecdsa_hostkey[1024];
+ char sshd_config[2048];
+ char sshd_path[1024];
+ const char *additional_config = NULL;
+ struct stat sb;
+ const char config_string[]=
+ "LogLevel DEBUG3\n"
+ "Port 22\n"
+ "ListenAddress 127.0.0.10\n"
+ "%s %s\n"
+ "%s %s\n"
+ "%s %s\n"
+#ifdef HAVE_DSA
+ "%s %s\n"
+#endif /* HAVE_DSA */
+ "%s\n"; /* The space for test-specific options */
+ bool written = false;
+ int rc;
+
+ assert_non_null(s->socket_dir);
+
+ snprintf(sshd_path,
+ sizeof(sshd_path),
+ "%s/sshd",
+ s->socket_dir);
+
+ rc = lstat(sshd_path, &sb);
+ if (rc == 0 ) { /* The directory is already in place */
+ written = true;
+ }
+
+ if (!written) {
+ rc = mkdir(sshd_path, 0755);
+ assert_return_code(rc, errno);
+ }
+
+ snprintf(ed25519_hostkey,
+ sizeof(ed25519_hostkey),
+ "%s/sshd/ssh_host_ed25519_key",
+ s->socket_dir);
+
+ snprintf(rsa_hostkey,
+ sizeof(rsa_hostkey),
+ "%s/sshd/ssh_host_rsa_key",
+ s->socket_dir);
+
+ snprintf(ecdsa_hostkey,
+ sizeof(ecdsa_hostkey),
+ "%s/sshd/ssh_host_ecdsa_key",
+ s->socket_dir);
+
+#ifdef HAVE_DSA
+ snprintf(dsa_hostkey,
+ sizeof(dsa_hostkey),
+ "%s/sshd/ssh_host_dsa_key",
+ s->socket_dir);
+#endif /* HAVE_DSA */
+
+ if (!written) {
+ torture_write_file(ed25519_hostkey,
+ torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
+ torture_write_file(rsa_hostkey,
+ torture_get_testkey(SSH_KEYTYPE_RSA, 0));
+ torture_write_file(ecdsa_hostkey,
+ torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
+#ifdef HAVE_DSA
+ torture_write_file(dsa_hostkey,
+ torture_get_testkey(SSH_KEYTYPE_DSS, 0));
+#endif /* HAVE_DSA */
+ }
+
+ additional_config = (s->srv_additional_config != NULL ?
+ s->srv_additional_config : "");
+
+ snprintf(sshd_config, sizeof(sshd_config),
+ config_string,
+ "HostKey", ed25519_hostkey,
+ "HostKey", rsa_hostkey,
+ "HostKey", ecdsa_hostkey,
+#ifdef HAVE_DSA
+ "HostKey", dsa_hostkey,
+#endif /* HAVE_DSA */
+ additional_config);
+
+ torture_write_file(s->srv_config, sshd_config);
+}
+
static void torture_setup_create_sshd_config(void **state, bool pam)
{
struct torture_state *s = *state;
@@ -856,21 +967,140 @@
return 1;
}
-void torture_setup_sshd_server(void **state, bool pam)
+/**
+ * @brief Run a libssh based server under timeout.
+ *
+ * It is expected that the socket directory and libssh configuration file were
+ * already created before by calling torture_setup_socket_dir() and
+ * torture_setup_create_libssh_config() (or alternatively setup the state with
+ * the correct values).
+ *
+ * @param[in] state The content of the address pointed by this variable must be
+ * a pointer to an initialized instance of torture_state
+ * structure; it can be obtained by calling
+ * torture_setup_socket_dir() and
+ * torture_setup_create_libssh_config().
+ * @param[in] server_path The path to the server executable.
+ *
+ * @note This function will use the state->srv_additional_config field as
+ * additional command line option used when starting the server instead of extra
+ * configuration file options.
+ * */
+void torture_setup_libssh_server(void **state, const char *server_path)
{
struct torture_state *s;
- char sshd_start_cmd[1024];
+ char start_cmd[1024];
+ char timeout_cmd[512];
+ char env[1024];
+ char extra_options[1024];
int rc;
+ char *ld_preload = NULL;
+ const char *force_fips = NULL;
- torture_setup_socket_dir(state);
- torture_setup_create_sshd_config(state, pam);
+ struct ssh_tokens_st *env_tokens;
+ struct ssh_tokens_st *arg_tokens;
+
+ pid_t pid;
+ ssize_t printed;
+
+ s = *state;
+
+ /* Get all the wrapper libraries to be pre-loaded */
+ ld_preload = getenv("LD_PRELOAD");
+
+ if (s->srv_additional_config != NULL) {
+ printed = snprintf(extra_options, sizeof(extra_options), " %s ",
+ s->srv_additional_config);
+ if (printed < 0) {
+ fail_msg("Failed to print additional config!");
+ }
+ } else {
+ printed = snprintf(extra_options, sizeof(extra_options), " ");
+ if (printed < 0) {
+ fail_msg("Failed to print empty additional config!");
+ }
+ }
+
+ if (ssh_fips_mode()) {
+ force_fips = "OPENSSL_FORCE_FIPS_MODE=1 ";
+ } else {
+ force_fips = "";
+ }
+
+ /* Write the environment setting */
+ printed = snprintf(env, sizeof(env),
+ "SOCKET_WRAPPER_DIR=%s "
+ "SOCKET_WRAPPER_DEFAULT_IFACE=10 "
+ "LD_PRELOAD=%s "
+ "%s",
+ s->socket_dir, ld_preload, force_fips);
+ if (printed < 0) {
+ fail_msg("Failed to print env!");
+ }
+
+#ifdef WITH_TIMEOUT
+ snprintf(timeout_cmd, sizeof(timeout_cmd),
+ "%s %s ", TIMEOUT_EXECUTABLE, "5m");
+#else
+ timeout_cmd[0] = '\0';
+#endif
+
+ /* Write the start command */
+ printed = snprintf(start_cmd, sizeof(start_cmd),
+ "%s"
+ "%s -f%s -v4 -p22 -i%s -C%s%s%s",
+ timeout_cmd,
+ server_path, s->pcap_file, s->srv_pidfile,
+ s->srv_config, extra_options, TORTURE_SSH_SERVER);
+ if (printed < 0) {
+ fail_msg("Failed to print start command!");
+ }
+
+ pid = fork();
+ switch(pid) {
+ case 0:
+ env_tokens = ssh_tokenize(env, ' ');
+ if (env_tokens == NULL || env_tokens->tokens == NULL) {
+ fail_msg("Failed to tokenize env!");
+ }
+
+ arg_tokens = ssh_tokenize(start_cmd, ' ');
+ if (arg_tokens == NULL || arg_tokens->tokens == NULL) {
+ ssh_tokens_free(env_tokens);
+ fail_msg("Failed to tokenize args!");
+ }
+
+ rc = execve(arg_tokens->tokens[0], (char **)arg_tokens->tokens,
+ (char **)env_tokens->tokens);
+
+ /* execve returns only in case of error */
+ ssh_tokens_free(env_tokens);
+ ssh_tokens_free(arg_tokens);
+ fail_msg("Error in execve: %s", strerror(errno));
+ case -1:
+ fail_msg("Failed to fork!");
+ default:
+ /* The parent continues the execution of the tests */
+ setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
+ unsetenv("PAM_WRAPPER");
+
+ /* Wait until the server is ready to accept connections */
+ rc = torture_wait_for_daemon(15);
+ assert_int_equal(rc, 0);
+ break;
+ }
+}
+
+static int torture_start_sshd_server(void **state)
+{
+ struct torture_state *s = *state;
+ char sshd_start_cmd[1024];
+ int rc;
/* Set the default interface for the server */
setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1);
setenv("PAM_WRAPPER", "1", 1);
- s = *state;
-
snprintf(sshd_start_cmd, sizeof(sshd_start_cmd),
SSHD_EXECUTABLE " -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",
s->srv_config, s->socket_dir, s->socket_dir);
@@ -882,7 +1112,20 @@
unsetenv("PAM_WRAPPER");
/* Wait until the sshd is ready to accept connections */
- rc = torture_wait_for_daemon(5);
+ rc = torture_wait_for_daemon(15);
+ assert_int_equal(rc, 0);
+
+ return SSH_OK;
+}
+
+void torture_setup_sshd_server(void **state, bool pam)
+{
+ int rc;
+
+ torture_setup_socket_dir(state);
+ torture_setup_create_sshd_config(state, pam);
+
+ rc = torture_start_sshd_server(state);
assert_int_equal(rc, 0);
}
@@ -922,29 +1165,12 @@
torture_reload_sshd_server(void **state)
{
struct torture_state *s = *state;
- pid_t pid;
int rc;
- /* read the pidfile */
- pid = torture_read_pidfile(s->srv_pidfile);
- assert_int_not_equal(pid, -1);
-
- kill(pid, SIGHUP);
-
- /* 10 ms */
- usleep(10 * 1000);
-
- rc = kill(pid, 0);
- if (rc != 0) {
- fprintf(stderr,
- "ERROR: SSHD process %u died during reload!\n", pid);
- return SSH_ERROR;
- }
+ rc = torture_terminate_process(s->srv_pidfile);
+ assert_return_code(rc, errno);
- /* Wait until the sshd is ready to accept connections */
- rc = torture_wait_for_daemon(5);
- assert_int_equal(rc, 0);
- return SSH_OK;
+ return torture_start_sshd_server(state);
}
/* @brief: Updates SSHD server configuration with more options and
@@ -980,9 +1206,7 @@
int rc;
rc = torture_terminate_process(s->srv_pidfile);
- if (rc != 0) {
- fprintf(stderr, "XXXXXX Failed to terminate sshd\n");
- }
+ assert_return_code(rc, errno);
torture_teardown_socket_dir(state);
}
diff --color -ru ../libssh-0.9.6/tests/torture.h ./tests/torture.h
--- ../libssh-0.9.6/tests/torture.h 2021-08-26 14:27:44.000000000 +0200
+++ ./tests/torture.h 2023-05-02 10:32:03.964511860 +0200
@@ -132,6 +132,10 @@
void torture_reset_config(ssh_session session);
+void torture_setup_create_libssh_config(void **state);
+
+void torture_setup_libssh_server(void **state, const char *server_path);
+
/*
* This function must be defined in every unit test file.
*/

1845
SOURCES/null_dereference_rekey.patch Normal file
View File

File diff suppressed because it is too large Load Diff

46
SPECS/libssh.spec
View File

@ -1,6 +1,6 @@
Name: libssh
Version: 0.9.6
Release: 6%{?dist}
Release: 14%{?dist}
Summary: A library implementing the SSH protocol
License: LGPLv2+
URL: http://www.libssh.org
@ -13,6 +13,13 @@ Source4: libssh_server.config
Patch0: loglevel.patch
Patch1: s390x_fix.patch
Patch2: null_dereference_rekey.patch
Patch3: auth_bypass.patch
Patch4: fix_tests.patch
Patch5: covscan23.patch
Patch6: CVE-2023-48795.patch
Patch7: CVE-2023-6004.patch
Patch8: CVE-2023-6918.patch
BuildRequires: cmake
BuildRequires: doxygen
@ -141,6 +148,43 @@ popd
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
%changelog
* Mon Feb 26 2024 Sahana Prasad <sahana@redhat.com> - 0.9.6-14
- Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP)
- Fix CVE-2023-6918 Missing checks for return values for digests
- Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection
of malicious code through hostname
- Note: version is bumped from 12 to 14 directly, as the z-stream
version in 8.9 also has 13. So bumping it to 14, will prevent
upgrade conflicts.
- Resolves:RHEL-19690, RHEL-17244, RHEL-19312
* Mon May 15 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-12
- Fix loglevel regression
- Related: rhbz#2182251, rhbz#2189742
* Thu May 04 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-11
- .fmf/version is needed to run the tests
- Related: rhbz#2182251, rhbz#2189742
* Wed May 03 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-10
- Add missing ci.fmf file
- Related: rhbz#2182251, rhbz#2189742
* Wed May 03 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-9
- Fix covscan errors found at gating
- Related: rhbz#2182251, rhbz#2189742
* Tue May 02 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-8
- Backport test fixing commits to make the build pass
- Related: rhbz#2182251, rhbz#2189742
* Thu Apr 27 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-7
- Fix NULL dereference during rekeying with algorithm guessing
GHSL-2023-032 / CVE-2023-1667
- Fix possible authentication bypass
GHSL 2023-085 / CVE-2023-2283
- Resolves: rhbz#2182251, rhbz#2189742
* Fri Jan 06 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-6
- Enable client and server testing build time
- Fix failing rekey test on arch s390x