Fix CVE-2023-1667 and CVE-2023-2283

- NULL dereference during rekeying
- Possible authentication bypass

- Resolves: rhbz#2182251, rhbz#2189742

Signed-off-by: Norbert Pocs <npocs@redhat.com>

auth_bypass.patch

@@ -0,0 +1,86 @@
+diff --color -ru ../libssh-0.9.6/src/pki_crypto.c ./src/pki_crypto.c
+--- ../libssh-0.9.6/src/pki_crypto.c	2023-04-27 12:59:08.463259052 +0200
++++ ./src/pki_crypto.c	2023-04-27 13:05:24.020610873 +0200
+@@ -2291,8 +2291,12 @@
+     unsigned char *raw_sig_data = NULL;
+     unsigned int raw_sig_len;
+ 
++    /* Function return code
++     * Do not change this variable throughout the function until the signature
++     * is successfully verified!
++     */
+     int rc = SSH_ERROR;
+-    int evp_rc;
++    int ok;
+ 
+     if (pubkey == NULL || ssh_key_is_private(pubkey) || input == NULL ||
+         signature == NULL || (signature->raw_sig == NULL
+@@ -2307,8 +2311,8 @@
+     }
+ 
+     /* Check if public key and hash type are compatible */
+-    rc = pki_key_check_hash_compatible(pubkey, signature->hash_type);
+-    if (rc != SSH_OK) {
++    ok = pki_key_check_hash_compatible(pubkey, signature->hash_type);
++    if (ok != SSH_OK) {
+         return SSH_ERROR;
+     }
+ 
+@@ -2351,8 +2355,8 @@
+     }
+ 
+     /* Verify the signature */
+-    evp_rc = EVP_DigestVerifyInit(ctx, NULL, md, NULL, pkey);
+-    if (evp_rc != 1){
++    ok = EVP_DigestVerifyInit(ctx, NULL, md, NULL, pkey);
++    if (ok != 1){
+         SSH_LOG(SSH_LOG_TRACE,
+                 "EVP_DigestVerifyInit() failed: %s",
+                 ERR_error_string(ERR_get_error(), NULL));
+@@ -2360,35 +2364,31 @@
+     }
+ 
+ #ifdef HAVE_OPENSSL_EVP_DIGESTVERIFY
+-    evp_rc = EVP_DigestVerify(ctx, raw_sig_data, raw_sig_len, input, input_len);
++    ok = EVP_DigestVerify(ctx, raw_sig_data, raw_sig_len, input, input_len);
+ #else
+-    evp_rc = EVP_DigestVerifyUpdate(ctx, input, input_len);
+-    if (evp_rc != 1) {
++    ok = EVP_DigestVerifyUpdate(ctx, input, input_len);
++    if (ok != 1) {
+         SSH_LOG(SSH_LOG_TRACE,
+                 "EVP_DigestVerifyUpdate() failed: %s",
+                 ERR_error_string(ERR_get_error(), NULL));
+         goto out;
+     }
+ 
+-    evp_rc = EVP_DigestVerifyFinal(ctx, raw_sig_data, raw_sig_len);
++    ok = EVP_DigestVerifyFinal(ctx, raw_sig_data, raw_sig_len);
+ #endif
+-    if (evp_rc == 1) {
+-        SSH_LOG(SSH_LOG_TRACE, "Signature valid");
+-        rc = SSH_OK;
+-    } else {
++    if (ok != 1) {
+         SSH_LOG(SSH_LOG_TRACE,
+                 "Signature invalid: %s",
+                 ERR_error_string(ERR_get_error(), NULL));
+-        rc = SSH_ERROR;
++        goto out;
+     }
+ 
++    SSH_LOG(SSH_LOG_TRACE, "Signature valid");
++    rc = SSH_OK;
++
+ out:
+-    if (ctx != NULL) {
+-        EVP_MD_CTX_free(ctx);
+-    }
+-    if (pkey != NULL) {
+-        EVP_PKEY_free(pkey);
+-    }
++    EVP_MD_CTX_free(ctx);
++    EVP_PKEY_free(pkey);
+     return rc;
+ }
+ 

libssh.spec

@@ -1,6 +1,6 @@
 Name:           libssh
 Version:        0.9.6
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@@ -13,6 +13,8 @@ Source4:        libssh_server.config
 
 Patch0:         loglevel.patch
 Patch1:         s390x_fix.patch
+Patch2:         null_dereference_rekey.patch
+Patch3:         auth_bypass.patch
 
 BuildRequires:  cmake
 BuildRequires:  doxygen
@@ -141,6 +143,13 @@ popd
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
 
 %changelog
+* Thu Apr 27 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-7
+- Fix NULL dereference during rekeying with algorithm guessing
+  GHSL-2023-032 / CVE-2023-1667
+- Fix possible authentication bypass
+  GHSL 2023-085 / CVE-2023-2283
+- Resolves: rhbz#2182251, rhbz#2189742
+
 * Fri Jan 06 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-6
 - Enable client and server testing build time
 - Fix failing rekey test on arch s390x