Compare commits

...

No commits in common. "c9-beta" and "c8" have entirely different histories.
c9-beta ... c8

23 changed files with 3341 additions and 7105 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/libssh-0.10.4.tar.xz SOURCES/libssh-0.9.6.tar.xz
SOURCES/libssh.keyring SOURCES/libssh.keyring

View File

@ -1,2 +1,2 @@
4c48350a0a688ad82080175ed26a2019928a99c4 SOURCES/libssh-0.10.4.tar.xz 1b2dd673b58e1eaf20fde45cd8de2197cfab2f78 SOURCES/libssh-0.9.6.tar.xz
3f2ab0bca02893402ba0ad172a6bd44456a65f86 SOURCES/libssh.keyring 3f2ab0bca02893402ba0ad172a6bd44456a65f86 SOURCES/libssh.keyring

View File

@ -1,4 +1,4 @@
From 4cef5e965a46e9271aed62631b152e4bd23c1e3c Mon Sep 17 00:00:00 2001 From 87b93be5a2071be782aa84aa5a91544b18959d5e Mon Sep 17 00:00:00 2001
From: Aris Adamantiadis <aris@0xbadc0de.be> From: Aris Adamantiadis <aris@0xbadc0de.be>
Date: Tue, 12 Dec 2023 23:09:57 +0100 Date: Tue, 12 Dec 2023 23:09:57 +0100
Subject: [PATCH 1/4] CVE-2023-48795: client side mitigation Subject: [PATCH 1/4] CVE-2023-48795: client side mitigation
@ -22,10 +22,10 @@ Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
12 files changed, 126 insertions(+), 69 deletions(-) 12 files changed, 126 insertions(+), 69 deletions(-)
diff --git a/include/libssh/packet.h b/include/libssh/packet.h diff --git a/include/libssh/packet.h b/include/libssh/packet.h
index 7f10a709..f0c8cb20 100644 index 561bba8e..c6fbc3fc 100644
--- a/include/libssh/packet.h --- a/include/libssh/packet.h
+++ b/include/libssh/packet.h +++ b/include/libssh/packet.h
@@ -67,6 +67,7 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info); @@ -63,6 +63,7 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info);
SSH_PACKET_CALLBACK(ssh_packet_kexdh_init); SSH_PACKET_CALLBACK(ssh_packet_kexdh_init);
#endif #endif
@ -34,10 +34,10 @@ index 7f10a709..f0c8cb20 100644
int ssh_packet_parse_type(ssh_session session); int ssh_packet_parse_type(ssh_session session);
//int packet_flush(ssh_session session, int enforce_blocking); //int packet_flush(ssh_session session, int enforce_blocking);
diff --git a/include/libssh/session.h b/include/libssh/session.h diff --git a/include/libssh/session.h b/include/libssh/session.h
index eb14e97a..97936195 100644 index 64e118ef..3cde0dd4 100644
--- a/include/libssh/session.h --- a/include/libssh/session.h
+++ b/include/libssh/session.h +++ b/include/libssh/session.h
@@ -81,6 +81,12 @@ enum ssh_pending_call_e { @@ -80,6 +80,12 @@ enum ssh_pending_call_e {
* sending it twice during key exchange to simplify the state machine. */ * sending it twice during key exchange to simplify the state machine. */
#define SSH_SESSION_FLAG_KEXINIT_SENT 4 #define SSH_SESSION_FLAG_KEXINIT_SENT 4
@ -51,7 +51,7 @@ index eb14e97a..97936195 100644
/* Infinite timeout */ /* Infinite timeout */
#define SSH_TIMEOUT_INFINITE -1 #define SSH_TIMEOUT_INFINITE -1
diff --git a/src/curve25519.c b/src/curve25519.c diff --git a/src/curve25519.c b/src/curve25519.c
index 66291b5f..4aeb4756 100644 index 37654438..6b7b4238 100644
--- a/src/curve25519.c --- a/src/curve25519.c
+++ b/src/curve25519.c +++ b/src/curve25519.c
@@ -335,16 +335,10 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_curve25519_reply){ @@ -335,16 +335,10 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_curve25519_reply){
@ -95,10 +95,10 @@ index 66291b5f..4aeb4756 100644
return SSH_PACKET_USED; return SSH_PACKET_USED;
error: error:
diff --git a/src/dh-gex.c b/src/dh-gex.c diff --git a/src/dh-gex.c b/src/dh-gex.c
index 91617081..642a88ae 100644 index 4a298542..f1880270 100644
--- a/src/dh-gex.c --- a/src/dh-gex.c
+++ b/src/dh-gex.c +++ b/src/dh-gex.c
@@ -297,15 +297,10 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply) @@ -287,15 +287,10 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
} }
/* Send the MSG_NEWKEYS */ /* Send the MSG_NEWKEYS */
@ -116,10 +116,10 @@ index 91617081..642a88ae 100644
return SSH_PACKET_USED; return SSH_PACKET_USED;
diff --git a/src/dh.c b/src/dh.c diff --git a/src/dh.c b/src/dh.c
index 011d97b3..e19e43d1 100644 index c265efcb..1d519c63 100644
--- a/src/dh.c --- a/src/dh.c
+++ b/src/dh.c +++ b/src/dh.c
@@ -398,16 +398,10 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){ @@ -386,16 +386,10 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
} }
/* Send the MSG_NEWKEYS */ /* Send the MSG_NEWKEYS */
@ -137,7 +137,7 @@ index 011d97b3..e19e43d1 100644
session->dh_handshake_state = DH_STATE_NEWKEYS_SENT; session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
return SSH_PACKET_USED; return SSH_PACKET_USED;
error: error:
@@ -551,15 +545,12 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet) @@ -532,15 +526,12 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
} }
SSH_LOG(SSH_LOG_DEBUG, "Sent KEX_DH_[GEX]_REPLY"); SSH_LOG(SSH_LOG_DEBUG, "Sent KEX_DH_[GEX]_REPLY");
@ -179,10 +179,10 @@ index e5b11ba9..af80beec 100644
return SSH_PACKET_USED; return SSH_PACKET_USED;
diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c
index 51084b7a..069b1372 100644 index a1de27fd..62578c1b 100644
--- a/src/ecdh_crypto.c --- a/src/ecdh_crypto.c
+++ b/src/ecdh_crypto.c +++ b/src/ecdh_crypto.c
@@ -619,18 +619,12 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){ @@ -323,18 +323,12 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
goto error; goto error;
} }
@ -205,7 +205,7 @@ index 51084b7a..069b1372 100644
return SSH_PACKET_USED; return SSH_PACKET_USED;
error: error:
diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c
index 235f2904..3d9d426f 100644 index d9c41bf9..dd4332d7 100644
--- a/src/ecdh_gcrypt.c --- a/src/ecdh_gcrypt.c
+++ b/src/ecdh_gcrypt.c +++ b/src/ecdh_gcrypt.c
@@ -372,17 +372,13 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){ @@ -372,17 +372,13 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
@ -230,10 +230,10 @@ index 235f2904..3d9d426f 100644
gcry_sexp_release(param); gcry_sexp_release(param);
gcry_sexp_release(key); gcry_sexp_release(key);
diff --git a/src/ecdh_mbedcrypto.c b/src/ecdh_mbedcrypto.c diff --git a/src/ecdh_mbedcrypto.c b/src/ecdh_mbedcrypto.c
index cfe017a0..dda73922 100644 index 718f1522..45251a42 100644
--- a/src/ecdh_mbedcrypto.c --- a/src/ecdh_mbedcrypto.c
+++ b/src/ecdh_mbedcrypto.c +++ b/src/ecdh_mbedcrypto.c
@@ -318,16 +318,13 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){ @@ -300,16 +300,13 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
goto out; goto out;
} }
@ -255,10 +255,10 @@ index cfe017a0..dda73922 100644
mbedtls_ecp_group_free(&grp); mbedtls_ecp_group_free(&grp);
if (rc == SSH_ERROR) { if (rc == SSH_ERROR) {
diff --git a/src/kex.c b/src/kex.c diff --git a/src/kex.c b/src/kex.c
index b9455d2d..3818297b 100644 index 3e5ca6ad..0772cae8 100644
--- a/src/kex.c --- a/src/kex.c
+++ b/src/kex.c +++ b/src/kex.c
@@ -188,6 +188,9 @@ @@ -163,6 +163,9 @@
/* RFC 8308 */ /* RFC 8308 */
#define KEX_EXTENSION_CLIENT "ext-info-c" #define KEX_EXTENSION_CLIENT "ext-info-c"
@ -268,7 +268,7 @@ index b9455d2d..3818297b 100644
/* Allowed algorithms in FIPS mode */ /* Allowed algorithms in FIPS mode */
#define FIPS_ALLOWED_CIPHERS "aes256-gcm@openssh.com,"\ #define FIPS_ALLOWED_CIPHERS "aes256-gcm@openssh.com,"\
@@ -516,6 +519,27 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit) @@ -491,6 +494,27 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
session->first_kex_follows_guess_wrong ? "wrong" : "right"); session->first_kex_follows_guess_wrong ? "wrong" : "right");
} }
@ -296,7 +296,7 @@ index b9455d2d..3818297b 100644
if (server_kex) { if (server_kex) {
/* /*
* If client sent a ext-info-c message in the kex list, it supports * If client sent a ext-info-c message in the kex list, it supports
@@ -792,21 +816,21 @@ int ssh_set_client_kex(ssh_session session) @@ -767,21 +791,21 @@ int ssh_set_client_kex(ssh_session session)
return SSH_OK; return SSH_OK;
} }
@ -324,10 +324,10 @@ index b9455d2d..3818297b 100644
return SSH_OK; return SSH_OK;
diff --git a/src/packet.c b/src/packet.c diff --git a/src/packet.c b/src/packet.c
index eb7eb42a..ea73f9ad 100644 index ca7a03b7..82965fb3 100644
--- a/src/packet.c --- a/src/packet.c
+++ b/src/packet.c +++ b/src/packet.c
@@ -1314,6 +1314,19 @@ ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user) @@ -1309,6 +1309,19 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
} }
#endif /* WITH_ZLIB */ #endif /* WITH_ZLIB */
payloadsize = ssh_buffer_get_len(session->in_buffer); payloadsize = ssh_buffer_get_len(session->in_buffer);
@ -347,7 +347,27 @@ index eb7eb42a..ea73f9ad 100644
session->recv_seq++; session->recv_seq++;
if (crypto != NULL) { if (crypto != NULL) {
struct ssh_cipher_struct *cipher = NULL; struct ssh_cipher_struct *cipher = NULL;
@@ -1354,6 +1379,9 @@ ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user) @@ -1331,7 +1344,19 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
SSH_LOG(SSH_LOG_PACKET,
"packet: read type %hhd [len=%d,padding=%hhd,comp=%d,payload=%d]",
session->in_packet.type, packet_len, padding, compsize, payloadsize);
+ if (crypto == NULL) {
+ /* In strict kex, only a few packets are allowed. Taint the session
+ * if we received packets that are normally allowed but to be
+ * refused if we are in strict kex when KEX is over.
+ */
+ uint8_t type = session->in_packet.type;
+ if (type != SSH2_MSG_KEXINIT && type != SSH2_MSG_NEWKEYS &&
+ (type < SSH2_MSG_KEXDH_INIT ||
+ type > SSH2_MSG_KEX_DH_GEX_REQUEST)) {
+ session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
+ }
+ }
/* Check if the packet is expected */
filter_result = ssh_packet_incoming_filter(session);
@@ -1347,6 +1372,9 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
session->in_packet.type); session->in_packet.type);
goto error; goto error;
case SSH_PACKET_UNKNOWN: case SSH_PACKET_UNKNOWN:
@ -357,7 +377,7 @@ index eb7eb42a..ea73f9ad 100644
ssh_packet_send_unimplemented(session, session->recv_seq - 1); ssh_packet_send_unimplemented(session, session->recv_seq - 1);
break; break;
} }
@@ -1529,7 +1557,33 @@ void ssh_packet_process(ssh_session session, uint8_t type) @@ -1521,7 +1549,33 @@ void ssh_packet_process(ssh_session session, uint8_t type)
SSH_LOG(SSH_LOG_RARE, "Failed to send unimplemented: %s", SSH_LOG(SSH_LOG_RARE, "Failed to send unimplemented: %s",
ssh_get_error(session)); ssh_get_error(session));
} }
@ -391,7 +411,7 @@ index eb7eb42a..ea73f9ad 100644
} }
/** @internal /** @internal
@@ -1842,6 +1896,10 @@ int ssh_packet_send(ssh_session session) @@ -1829,6 +1883,10 @@ int ssh_packet_send(ssh_session session)
if (rc == SSH_OK && type == SSH2_MSG_NEWKEYS) { if (rc == SSH_OK && type == SSH2_MSG_NEWKEYS) {
struct ssh_iterator *it; struct ssh_iterator *it;
@ -403,10 +423,10 @@ index eb7eb42a..ea73f9ad 100644
it != NULL; it != NULL;
it = ssh_list_get_iterator(session->out_queue)) { it = ssh_list_get_iterator(session->out_queue)) {
diff --git a/src/packet_cb.c b/src/packet_cb.c diff --git a/src/packet_cb.c b/src/packet_cb.c
index 0ecf8771..2f364c26 100644 index 3e4d5f6d..a08f1d8a 100644
--- a/src/packet_cb.c --- a/src/packet_cb.c
+++ b/src/packet_cb.c +++ b/src/packet_cb.c
@@ -115,6 +115,18 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){ @@ -110,6 +110,18 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
goto error; goto error;
} }
@ -429,7 +449,7 @@ index 0ecf8771..2f364c26 100644
2.41.0 2.41.0
From 0870c8db28be9eb457ee3d4f9a168959d9507efd Mon Sep 17 00:00:00 2001 From fd4948255560039b51c2d61f0a62784ed8b6f5a6 Mon Sep 17 00:00:00 2001
From: Aris Adamantiadis <aris@0xbadc0de.be> From: Aris Adamantiadis <aris@0xbadc0de.be>
Date: Tue, 12 Dec 2023 23:30:26 +0100 Date: Tue, 12 Dec 2023 23:30:26 +0100
Subject: [PATCH 2/4] CVE-2023-48795: Server side mitigations Subject: [PATCH 2/4] CVE-2023-48795: Server side mitigations
@ -444,10 +464,10 @@ Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
3 files changed, 44 insertions(+), 11 deletions(-) 3 files changed, 44 insertions(+), 11 deletions(-)
diff --git a/include/libssh/kex.h b/include/libssh/kex.h diff --git a/include/libssh/kex.h b/include/libssh/kex.h
index ede7fa8a..ba98fded 100644 index 2ace69b6..40da4ef2 100644
--- a/include/libssh/kex.h --- a/include/libssh/kex.h
+++ b/include/libssh/kex.h +++ b/include/libssh/kex.h
@@ -40,6 +40,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit); @@ -36,6 +36,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit);
int ssh_send_kex(ssh_session session); int ssh_send_kex(ssh_session session);
void ssh_list_kex(struct ssh_kex_struct *kex); void ssh_list_kex(struct ssh_kex_struct *kex);
int ssh_set_client_kex(ssh_session session); int ssh_set_client_kex(ssh_session session);
@ -456,10 +476,10 @@ index ede7fa8a..ba98fded 100644
int ssh_verify_existing_algo(enum ssh_kex_types_e algo, const char *name); int ssh_verify_existing_algo(enum ssh_kex_types_e algo, const char *name);
char *ssh_keep_known_algos(enum ssh_kex_types_e algo, const char *list); char *ssh_keep_known_algos(enum ssh_kex_types_e algo, const char *list);
diff --git a/src/kex.c b/src/kex.c diff --git a/src/kex.c b/src/kex.c
index 3818297b..9ad671db 100644 index 0772cae8..e37c176c 100644
--- a/src/kex.c --- a/src/kex.c
+++ b/src/kex.c +++ b/src/kex.c
@@ -763,11 +763,8 @@ int ssh_set_client_kex(ssh_session session) @@ -738,11 +738,8 @@ int ssh_set_client_kex(ssh_session session)
{ {
struct ssh_kex_struct *client = &session->next_crypto->client_kex; struct ssh_kex_struct *client = &session->next_crypto->client_kex;
const char *wanted; const char *wanted;
@ -471,7 +491,7 @@ index 3818297b..9ad671db 100644
/* Skip if already set, for example for the rekey or when we do the guessing /* Skip if already set, for example for the rekey or when we do the guessing
* it could have been already used to make some protocol decisions. */ * it could have been already used to make some protocol decisions. */
@@ -816,11 +813,33 @@ int ssh_set_client_kex(ssh_session session) @@ -791,11 +788,33 @@ int ssh_set_client_kex(ssh_session session)
return SSH_OK; return SSH_OK;
} }
@ -509,7 +529,7 @@ index 3818297b..9ad671db 100644
if (kex_len >= MAX_PACKET_LEN) { if (kex_len >= MAX_PACKET_LEN) {
/* Overflow */ /* Overflow */
return SSH_ERROR; return SSH_ERROR;
@@ -830,9 +849,16 @@ int ssh_set_client_kex(ssh_session session) @@ -805,9 +824,16 @@ int ssh_set_client_kex(ssh_session session)
ssh_set_error_oom(session); ssh_set_error_oom(session);
return SSH_ERROR; return SSH_ERROR;
} }
@ -530,7 +550,7 @@ index 3818297b..9ad671db 100644
} }
diff --git a/src/server.c b/src/server.c diff --git a/src/server.c b/src/server.c
index dc070a73..70b90899 100644 index ed73e7fb..35e84465 100644
--- a/src/server.c --- a/src/server.c
+++ b/src/server.c +++ b/src/server.c
@@ -195,7 +195,13 @@ int server_set_kex(ssh_session session) @@ -195,7 +195,13 @@ int server_set_kex(ssh_session session)
@ -552,7 +572,7 @@ index dc070a73..70b90899 100644
2.41.0 2.41.0
From 5846e57538c750c5ce67df887d09fa99861c79c6 Mon Sep 17 00:00:00 2001 From 03bbbc9e4c93aae2ccdd302d6123e4809be37746 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com> From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 14 Dec 2023 12:22:01 +0100 Date: Thu, 14 Dec 2023 12:22:01 +0100
Subject: [PATCH 3/4] CVE-2023-48795: Strip extensions from both kex lists for Subject: [PATCH 3/4] CVE-2023-48795: Strip extensions from both kex lists for
@ -565,10 +585,10 @@ Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
1 file changed, 12 insertions(+), 4 deletions(-) 1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/src/kex.c b/src/kex.c diff --git a/src/kex.c b/src/kex.c
index 9ad671db..fbc70cf4 100644 index e37c176c..eea3604b 100644
--- a/src/kex.c --- a/src/kex.c
+++ b/src/kex.c +++ b/src/kex.c
@@ -961,11 +961,19 @@ int ssh_kex_select_methods (ssh_session session) @@ -936,11 +936,19 @@ int ssh_kex_select_methods (ssh_session session)
enum ssh_key_exchange_e kex_type; enum ssh_key_exchange_e kex_type;
int i; int i;
@ -596,7 +616,7 @@ index 9ad671db..fbc70cf4 100644
2.41.0 2.41.0
From 89df759200d31fc79fbbe213d8eda0d329eebf6d Mon Sep 17 00:00:00 2001 From 768d1ed30cf4b3cb9628254ef3ee24b9c38abdbc Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com> From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 14 Dec 2023 12:47:48 +0100 Date: Thu, 14 Dec 2023 12:47:48 +0100
Subject: [PATCH 4/4] CVE-2023-48795: tests: Adjust calculation to strict kex Subject: [PATCH 4/4] CVE-2023-48795: tests: Adjust calculation to strict kex
@ -604,11 +624,11 @@ Subject: [PATCH 4/4] CVE-2023-48795: tests: Adjust calculation to strict kex
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
--- ---
tests/client/torture_rekey.c | 55 ++++++++++++++++++++---------------- tests/client/torture_rekey.c | 56 ++++++++++++++++++++----------------
1 file changed, 31 insertions(+), 24 deletions(-) 1 file changed, 32 insertions(+), 24 deletions(-)
diff --git a/tests/client/torture_rekey.c b/tests/client/torture_rekey.c diff --git a/tests/client/torture_rekey.c b/tests/client/torture_rekey.c
index ccd5ae2c..57e03e3f 100644 index 13c9a7fe..bfb273af 100644
--- a/tests/client/torture_rekey.c --- a/tests/client/torture_rekey.c
+++ b/tests/client/torture_rekey.c +++ b/tests/client/torture_rekey.c
@@ -148,6 +148,29 @@ static void torture_rekey_default(void **state) @@ -148,6 +148,29 @@ static void torture_rekey_default(void **state)
@ -661,7 +681,25 @@ index ccd5ae2c..57e03e3f 100644
secret_hash = malloc(c->digest_len); secret_hash = malloc(c->digest_len);
assert_non_null(secret_hash); assert_non_null(secret_hash);
memcpy(secret_hash, c->secret_hash, c->digest_len); memcpy(secret_hash, c->secret_hash, c->digest_len);
@@ -468,15 +480,10 @@ static void torture_rekey_different_kex(void **state) @@ -272,14 +289,10 @@ static void torture_rekey_recv(void **state)
sftp_file file;
mode_t mask;
- /* The blocks limit is set correctly */
- c = s->ssh.session->current_crypto;
- assert_int_equal(c->in_cipher->max_blocks, bytes / c->in_cipher->blocksize);
- assert_int_equal(c->out_cipher->max_blocks, bytes / c->out_cipher->blocksize);
- /* We should have less encrypted packets than transfered (first are not encrypted) */
- assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
- assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
+ sanity_check_session(state);
/* Copy the initial secret hash = session_id so we know we changed keys later */
+ c = s->ssh.session->current_crypto;
+ assert_non_null(c);
secret_hash = malloc(c->digest_len);
assert_non_null(secret_hash);
memcpy(secret_hash, c->secret_hash, c->digest_len);
@@ -464,15 +477,10 @@ static void torture_rekey_different_kex(void **state)
assert_ssh_return_code(s->ssh.session, rc); assert_ssh_return_code(s->ssh.session, rc);
/* The blocks limit is set correctly */ /* The blocks limit is set correctly */
@ -683,47 +721,3 @@ index ccd5ae2c..57e03e3f 100644
-- --
2.41.0 2.41.0
diff -up libssh-0.10.4/src/packet.c.CVE-2023-48795.patch libssh-0.10.4/src/packet.c
--- libssh-0.10.4/src/packet.c.CVE-2023-48795.patch 2024-01-09 05:46:53.064383034 +0100
+++ libssh-0.10.4/src/packet.c 2024-01-09 05:48:28.360340184 +0100
@@ -1345,6 +1345,19 @@ size_t ssh_packet_socket_callback(const
"packet: read type %hhd [len=%d,padding=%hhd,comp=%d,payload=%d]",
session->in_packet.type, packet_len, padding, compsize, payloadsize);
+ if (crypto == NULL) {
+ /* In strict kex, only a few packets are allowed. Taint the session
+ * if we received packets that are normally allowed but to be
+ * refused if we are in strict kex when KEX is over.
+ */
+ uint8_t type = session->in_packet.type;
+
+ if (type != SSH2_MSG_KEXINIT && type != SSH2_MSG_NEWKEYS &&
+ (type < SSH2_MSG_KEXDH_INIT ||
+ type > SSH2_MSG_KEX_DH_GEX_REQUEST)) {
+ session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
+ }
+ }
/* Check if the packet is expected */
filter_result = ssh_packet_incoming_filter(session);
diff -up libssh-0.10.4/tests/client/torture_rekey.c.CVE-2023-48795.patch libssh-0.10.4/tests/client/torture_rekey.c
--- libssh-0.10.4/tests/client/torture_rekey.c.CVE-2023-48795.patch 2024-01-09 18:48:16.684366049 +0100
+++ libssh-0.10.4/tests/client/torture_rekey.c 2024-01-09 18:50:49.135897268 +0100
@@ -290,14 +290,10 @@ static void torture_rekey_recv(void **st
mode_t mask;
int rc;
- /* The blocks limit is set correctly */
- c = s->ssh.session->current_crypto;
- assert_int_equal(c->in_cipher->max_blocks, bytes / c->in_cipher->blocksize);
- assert_int_equal(c->out_cipher->max_blocks, bytes / c->out_cipher->blocksize);
- /* We should have less encrypted packets than transfered (first are not encrypted) */
- assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
- assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
+ sanity_check_session(state);
/* Copy the initial secret hash = session_id so we know we changed keys later */
+ c = s->ssh.session->current_crypto;
+ assert_non_null(c);
secret_hash = malloc(c->digest_len);
assert_non_null(secret_hash);
memcpy(secret_hash, c->secret_hash, c->digest_len);

View File

@ -1,4 +1,4 @@
From c2c56bacab00766d01671413321d564227aabf19 Mon Sep 17 00:00:00 2001 From 11bd6e6ad926a38cd7b9f8308a4c2fd8dfd9200c Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertpocs0@gmail.com> From: Norbert Pocs <norbertpocs0@gmail.com>
Date: Sun, 5 Nov 2023 13:12:47 +0100 Date: Sun, 5 Nov 2023 13:12:47 +0100
Subject: [PATCH 01/12] CVE-2023-6004: torture_config: Allow multiple '@' in Subject: [PATCH 01/12] CVE-2023-6004: torture_config: Allow multiple '@' in
@ -6,98 +6,86 @@ Subject: [PATCH 01/12] CVE-2023-6004: torture_config: Allow multiple '@' in
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
--- ---
tests/unittests/torture_config.c | 56 +++++++++++++++++--------------- tests/unittests/torture_config.c | 44 ++++++++++++++++++--------------
1 file changed, 30 insertions(+), 26 deletions(-) 1 file changed, 25 insertions(+), 19 deletions(-)
diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c
index 406f1985..b7c763af 100644 index f91112a9..3a5a74bf 100644
--- a/tests/unittests/torture_config.c --- a/tests/unittests/torture_config.c
+++ b/tests/unittests/torture_config.c +++ b/tests/unittests/torture_config.c
@@ -995,23 +995,22 @@ static void torture_config_proxyjump(void **state, @@ -671,24 +671,40 @@ static void torture_config_proxyjump(void **state) {
assert_string_equal(session->opts.ProxyCommand, assert_string_equal(session->opts.ProxyCommand,
"ssh -W [%h]:%p 2620:52:0::fed"); "ssh -W [%h]:%p 2620:52:0::fed");
- /* In this part, we try various other config files and strings. */
-
- /* Try to create some invalid configurations */ - /* Try to create some invalid configurations */
- /* Non-numeric port */ - /* Non-numeric port */
- config = "Host bad-port\n"
- "\tProxyJump jumpbox:22bad22\n";
+ /* Multiple @ is allowed in second jump */ + /* Multiple @ is allowed in second jump */
+ config = "Host allowed-hostname\n" torture_write_file(LIBSSH_TESTCONFIG11,
+ "\tProxyJump localhost,user@principal.com@jumpbox:22\n"; - "Host bad-port\n"
if (file != NULL) { - "\tProxyJump jumpbox:22bad22\n"
torture_write_file(file, config); + "Host allowed-hostname\n"
} else { + "\tProxyJump localhost,user@principal.com@jumpbox:22\n"
string = config; "");
}
torture_reset_config(session); torture_reset_config(session);
- ssh_options_set(session, SSH_OPTIONS_HOST, "bad-port"); - ssh_options_set(session, SSH_OPTIONS_HOST, "bad-port");
- _parse_config(session, file, string, SSH_ERROR);
+ ssh_options_set(session, SSH_OPTIONS_HOST, "allowed-hostname"); + ssh_options_set(session, SSH_OPTIONS_HOST, "allowed-hostname");
+ _parse_config(session, file, string, SSH_OK); ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
- assert_ssh_return_code_equal(session, ret, SSH_ERROR);
+ assert_ssh_return_code(session, ret);
+ assert_string_equal(session->opts.ProxyCommand, + assert_string_equal(session->opts.ProxyCommand,
+ "ssh -J user@principal.com@jumpbox:22 -W '[%h]:%p' localhost"); + "ssh -J user@principal.com@jumpbox:22 -W [%h]:%p localhost");
- /* Too many @ */ - /* Too many @ */
- config = "Host bad-hostname\n"
+ /* Multiple @ is allowed */ + /* Multiple @ is allowed */
+ config = "Host allowed-hostname\n" torture_write_file(LIBSSH_TESTCONFIG11,
"\tProxyJump user@principal.com@jumpbox:22\n"; - "Host bad-hostname\n"
if (file != NULL) { + "Host allowed-hostname\n"
torture_write_file(file, config); "\tProxyJump user@principal.com@jumpbox:22\n"
@@ -1019,7 +1018,24 @@ static void torture_config_proxyjump(void **state, "");
string = config;
}
torture_reset_config(session); torture_reset_config(session);
- ssh_options_set(session, SSH_OPTIONS_HOST, "bad-hostname"); - ssh_options_set(session, SSH_OPTIONS_HOST, "bad-hostname");
+ ssh_options_set(session, SSH_OPTIONS_HOST, "allowed-hostname"); + ssh_options_set(session, SSH_OPTIONS_HOST, "allowed-hostname");
+ _parse_config(session, file, string, SSH_OK); + ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
+ assert_ssh_return_code(session, ret);
+ assert_string_equal(session->opts.ProxyCommand, + assert_string_equal(session->opts.ProxyCommand,
+ "ssh -l user@principal.com -p 22 -W '[%h]:%p' jumpbox"); + "ssh -l user@principal.com -p 22 -W [%h]:%p jumpbox");
+ +
+ /* In this part, we try various other config files and strings. */ + /* In this part, we try various other config files and strings. */
+ +
+ /* Try to create some invalid configurations */ + /* Try to create some invalid configurations */
+ /* Non-numeric port */ + /* Non-numeric port */
+ config = "Host bad-port\n" + torture_write_file(LIBSSH_TESTCONFIG11,
+ "\tProxyJump jumpbox:22bad22\n"; + "Host bad-port\n"
+ if (file != NULL) { + "\tProxyJump jumpbox:22bad22\n"
+ torture_write_file(file, config); + "");
+ } else {
+ string = config;
+ }
+ torture_reset_config(session); + torture_reset_config(session);
+ ssh_options_set(session, SSH_OPTIONS_HOST, "bad-port"); + ssh_options_set(session, SSH_OPTIONS_HOST, "bad-port");
_parse_config(session, file, string, SSH_ERROR); ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
assert_ssh_return_code_equal(session, ret, SSH_ERROR);
/* Braces mismatch in hostname */ @@ -752,16 +768,6 @@ static void torture_config_proxyjump(void **state) {
@@ -1094,18 +1110,6 @@ static void torture_config_proxyjump(void **state, ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
ssh_options_set(session, SSH_OPTIONS_HOST, "bad-port-2"); assert_ssh_return_code_equal(session, ret, SSH_ERROR);
_parse_config(session, file, string, SSH_ERROR);
- /* Too many @ in second jump */ - /* Too many @ in second jump */
- config = "Host bad-hostname\n" - torture_write_file(LIBSSH_TESTCONFIG11,
- "\tProxyJump localhost,user@principal.com@jumpbox:22\n"; - "Host bad-hostname\n"
- if (file != NULL) { - "\tProxyJump localhost,user@principal.com@jumpbox:22\n"
- torture_write_file(file, config); - "");
- } else {
- string = config;
- }
- torture_reset_config(session); - torture_reset_config(session);
- ssh_options_set(session, SSH_OPTIONS_HOST, "bad-hostname"); - ssh_options_set(session, SSH_OPTIONS_HOST, "bad-hostname");
- _parse_config(session, file, string, SSH_ERROR); - ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
- assert_ssh_return_code_equal(session, ret, SSH_ERROR);
- -
/* Braces mismatch in second jump */ /* Braces mismatch in second jump */
config = "Host mismatch\n" torture_write_file(LIBSSH_TESTCONFIG11,
"\tProxyJump localhost,[::1:20\n"; "Host mismatch\n"
-- --
2.41.0 2.41.0
From a66b4a6eae6614d200a3625862d77565b96a7cd3 Mon Sep 17 00:00:00 2001 From c3234e5f94b96d6e29f0c1c82821c1e3ebb181ed Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertpocs0@gmail.com> From: Norbert Pocs <norbertpocs0@gmail.com>
Date: Wed, 1 Nov 2023 11:24:43 +0100 Date: Wed, 1 Nov 2023 11:24:43 +0100
Subject: [PATCH 02/12] CVE-2023-6004: config_parser: Allow multiple '@' in Subject: [PATCH 02/12] CVE-2023-6004: config_parser: Allow multiple '@' in
@ -105,16 +93,15 @@ Subject: [PATCH 02/12] CVE-2023-6004: config_parser: Allow multiple '@' in
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
--- ---
src/config_parser.c | 2 +- src/config_parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/config_parser.c b/src/config_parser.c diff --git a/src/config_parser.c b/src/config_parser.c
index 0d988fec..cf83e2c5 100644 index ae2aa2c8..76cca224 100644
--- a/src/config_parser.c --- a/src/config_parser.c
+++ b/src/config_parser.c +++ b/src/config_parser.c
@@ -180,7 +180,7 @@ int ssh_config_parse_uri(const char *tok, @@ -152,7 +152,7 @@ int ssh_config_parse_uri(const char *tok,
} }
/* Username part (optional) */ /* Username part (optional) */
@ -127,7 +114,7 @@ index 0d988fec..cf83e2c5 100644
2.41.0 2.41.0
From 8615c24647f773a5e04203c7459512715d698be1 Mon Sep 17 00:00:00 2001 From a5b8bd0d8841296cf71d927824d60f576581243f Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertpocs0@gmail.com> From: Norbert Pocs <norbertpocs0@gmail.com>
Date: Tue, 31 Oct 2023 09:48:52 +0100 Date: Tue, 31 Oct 2023 09:48:52 +0100
Subject: [PATCH 03/12] CVE-2023-6004: options: Simplify the hostname parsing Subject: [PATCH 03/12] CVE-2023-6004: options: Simplify the hostname parsing
@ -138,16 +125,15 @@ parsing inside the function of ssh_options_set
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
--- ---
src/options.c | 40 ++++++++++++++++------------------------ src/options.c | 40 ++++++++++++++++------------------------
1 file changed, 16 insertions(+), 24 deletions(-) 1 file changed, 16 insertions(+), 24 deletions(-)
diff --git a/src/options.c b/src/options.c diff --git a/src/options.c b/src/options.c
index 6f2c9397..38511455 100644 index b5f951ac..7c03e7ab 100644
--- a/src/options.c --- a/src/options.c
+++ b/src/options.c +++ b/src/options.c
@@ -37,6 +37,7 @@ @@ -36,6 +36,7 @@
#include "libssh/session.h" #include "libssh/session.h"
#include "libssh/misc.h" #include "libssh/misc.h"
#include "libssh/options.h" #include "libssh/options.h"
@ -155,7 +141,7 @@ index 6f2c9397..38511455 100644
#ifdef WITH_SERVER #ifdef WITH_SERVER
#include "libssh/server.h" #include "libssh/server.h"
#include "libssh/bind.h" #include "libssh/bind.h"
@@ -515,33 +516,24 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type, @@ -490,33 +491,24 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
ssh_set_error_invalid(session); ssh_set_error_invalid(session);
return -1; return -1;
} else { } else {
@ -167,7 +153,7 @@ index 6f2c9397..38511455 100644
+ if (rc != SSH_OK) { + if (rc != SSH_OK) {
return -1; return -1;
} }
- p = strrchr(q, '@'); - p = strchr(q, '@');
- -
- SAFE_FREE(session->opts.host); - SAFE_FREE(session->opts.host);
- -
@ -208,7 +194,7 @@ index 6f2c9397..38511455 100644
2.41.0 2.41.0
From c6180409677c765e6b9ae2b18a3a7a9671ac1dbe Mon Sep 17 00:00:00 2001 From efb24b6472e8b87c5832c0590f14e99e82fcdeeb Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertpocs0@gmail.com> From: Norbert Pocs <norbertpocs0@gmail.com>
Date: Tue, 10 Oct 2023 12:44:16 +0200 Date: Tue, 10 Oct 2023 12:44:16 +0200
Subject: [PATCH 04/12] CVE-2023-6004: misc: Add function to check allowed Subject: [PATCH 04/12] CVE-2023-6004: misc: Add function to check allowed
@ -219,18 +205,37 @@ allowed because of IPv6 even it is prohibited in domain names.
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
--- ---
include/libssh/misc.h | 3 ++ include/libssh/misc.h | 2 ++
src/misc.c | 68 +++++++++++++++++++++++++++++++++++++++++++ src/misc.c | 68 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 71 insertions(+) 2 files changed, 70 insertions(+)
diff --git a/include/libssh/misc.h b/include/libssh/misc.h
index 3cc3b113..a5bee930 100644
--- a/include/libssh/misc.h
+++ b/include/libssh/misc.h
@@ -97,4 +97,6 @@ int ssh_mkdirs(const char *pathname, mode_t mode);
int ssh_quote_file_name(const char *file_name, char *buf, size_t buf_len);
int ssh_newline_vis(const char *string, char *buf, size_t buf_len);
+int ssh_check_hostname_syntax(const char *hostname);
+
#endif /* MISC_H_ */
diff --git a/src/misc.c b/src/misc.c diff --git a/src/misc.c b/src/misc.c
index 7c478a77..be6ee836 100644 index 149eb85e..e4239e81 100644
--- a/src/misc.c --- a/src/misc.c
+++ b/src/misc.c +++ b/src/misc.c
@@ -1974,4 +1976,70 @@ char *ssh_strerror(int err_num, char *buf, size_t buflen) @@ -94,6 +94,8 @@
#endif /* defined(__linux__) && defined(__GLIBC__) && defined(_GNU_SOURCE) */ #define ZLIB_STRING ""
#endif
+#define ARPA_DOMAIN_MAX_LEN 63
+
/**
* @defgroup libssh_misc The SSH helper functions.
* @ingroup libssh
@@ -1734,4 +1736,70 @@ int ssh_newline_vis(const char *string, char *buf, size_t buf_len)
return out - buf;
} }
+/** +/**
@ -304,7 +309,7 @@ index 7c478a77..be6ee836 100644
2.41.0 2.41.0
From 9bbb817c0c5434f03613d0783b2ef5f52235b901 Mon Sep 17 00:00:00 2001 From 234ecdf4d9705efa3727a54dcc1ddfe6377c7bf6 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertpocs0@gmail.com> From: Norbert Pocs <norbertpocs0@gmail.com>
Date: Tue, 10 Oct 2023 12:45:28 +0200 Date: Tue, 10 Oct 2023 12:45:28 +0200
Subject: [PATCH 05/12] CVE-2023-6004: torture_misc: Add test for Subject: [PATCH 05/12] CVE-2023-6004: torture_misc: Add test for
@ -312,17 +317,16 @@ Subject: [PATCH 05/12] CVE-2023-6004: torture_misc: Add test for
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
--- ---
tests/unittests/torture_misc.c | 73 ++++++++++++++++++++++++++++++++++ tests/unittests/torture_misc.c | 73 ++++++++++++++++++++++++++++++++++
1 file changed, 73 insertions(+) 1 file changed, 73 insertions(+)
diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c
index 9e346ff8..e682b6d4 100644 index 0a48abbe..d14f4254 100644
--- a/tests/unittests/torture_misc.c --- a/tests/unittests/torture_misc.c
+++ b/tests/unittests/torture_misc.c +++ b/tests/unittests/torture_misc.c
@@ -760,6 +760,78 @@ static void torture_ssh_strerror(void **state) @@ -656,6 +656,78 @@ static void torture_ssh_newline_vis(UNUSED_PARAM(void **state))
assert_non_null(out); assert_string_equal(buffer, "a\\nb\\n");
} }
+static void torture_ssh_check_hostname_syntax(void **state) +static void torture_ssh_check_hostname_syntax(void **state)
@ -400,10 +404,10 @@ index 9e346ff8..e682b6d4 100644
int torture_run_tests(void) { int torture_run_tests(void) {
int rc; int rc;
struct CMUnitTest tests[] = { struct CMUnitTest tests[] = {
@@ -784,6 +856,7 @@ int torture_run_tests(void) { @@ -678,6 +750,7 @@ int torture_run_tests(void) {
cmocka_unit_test(torture_ssh_newline_vis),
cmocka_unit_test(torture_ssh_mkdirs),
cmocka_unit_test(torture_ssh_quote_file_name), cmocka_unit_test(torture_ssh_quote_file_name),
cmocka_unit_test(torture_ssh_strreplace),
cmocka_unit_test(torture_ssh_strerror),
+ cmocka_unit_test(torture_ssh_check_hostname_syntax), + cmocka_unit_test(torture_ssh_check_hostname_syntax),
}; };
@ -412,7 +416,7 @@ index 9e346ff8..e682b6d4 100644
2.41.0 2.41.0
From 22492b69bba22b102342afc574800d354a08e405 Mon Sep 17 00:00:00 2001 From 4d7ae19e9cd8c407012b40f3f2eaf480bfb1da7d Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertpocs0@gmail.com> From: Norbert Pocs <norbertpocs0@gmail.com>
Date: Tue, 10 Oct 2023 18:33:56 +0200 Date: Tue, 10 Oct 2023 18:33:56 +0200
Subject: [PATCH 06/12] CVE-2023-6004: config_parser: Check for valid syntax of Subject: [PATCH 06/12] CVE-2023-6004: config_parser: Check for valid syntax of
@ -423,13 +427,12 @@ The domain name syntax checker is based on RFC1035.
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
--- ---
src/config_parser.c | 12 +++++++++++- src/config_parser.c | 10 ++++++++++
1 file changed, 11 insertions(+), 1 deletion(-) 1 file changed, 10 insertions(+)
diff --git a/src/config_parser.c b/src/config_parser.c diff --git a/src/config_parser.c b/src/config_parser.c
index cf83e2c5..b8b94611 100644 index 76cca224..87bac5d4 100644
--- a/src/config_parser.c --- a/src/config_parser.c
+++ b/src/config_parser.c +++ b/src/config_parser.c
@@ -30,6 +30,7 @@ @@ -30,6 +30,7 @@
@ -438,9 +441,9 @@ index cf83e2c5..b8b94611 100644
#include "libssh/priv.h" #include "libssh/priv.h"
+#include "libssh/misc.h" +#include "libssh/misc.h"
/* Returns the original string after skipping the leading whitespace char *ssh_config_get_cmd(char **str)
* and optional quotes. {
@@ -167,6 +168,7 @@ int ssh_config_parse_uri(const char *tok, @@ -139,6 +140,7 @@ int ssh_config_parse_uri(const char *tok,
{ {
char *endp = NULL; char *endp = NULL;
long port_n; long port_n;
@ -448,7 +451,7 @@ index cf83e2c5..b8b94611 100644
/* Sanitize inputs */ /* Sanitize inputs */
if (username != NULL) { if (username != NULL) {
@@ -224,6 +226,14 @@ int ssh_config_parse_uri(const char *tok, @@ -196,6 +198,14 @@ int ssh_config_parse_uri(const char *tok,
if (*hostname == NULL) { if (*hostname == NULL) {
goto error; goto error;
} }
@ -467,7 +470,7 @@ index cf83e2c5..b8b94611 100644
2.41.0 2.41.0
From d7467498fd988949edde9c6384973250fd454a8b Mon Sep 17 00:00:00 2001 From 8cf4f4bfda968ab526c1a601ea1030bbaccaba17 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertpocs0@gmail.com> From: Norbert Pocs <norbertpocs0@gmail.com>
Date: Tue, 10 Oct 2023 10:28:47 +0200 Date: Tue, 10 Oct 2023 10:28:47 +0200
Subject: [PATCH 07/12] CVE-2023-6004: torture_proxycommand: Add test for Subject: [PATCH 07/12] CVE-2023-6004: torture_proxycommand: Add test for
@ -475,16 +478,15 @@ Subject: [PATCH 07/12] CVE-2023-6004: torture_proxycommand: Add test for
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
--- ---
tests/client/torture_proxycommand.c | 53 +++++++++++++++++++++++++++++ tests/client/torture_proxycommand.c | 53 +++++++++++++++++++++++++++++
1 file changed, 53 insertions(+) 1 file changed, 53 insertions(+)
diff --git a/tests/client/torture_proxycommand.c b/tests/client/torture_proxycommand.c diff --git a/tests/client/torture_proxycommand.c b/tests/client/torture_proxycommand.c
index 9b8019ca..1bad4ccc 100644 index c04ff2ab..dc17f3d8 100644
--- a/tests/client/torture_proxycommand.c --- a/tests/client/torture_proxycommand.c
+++ b/tests/client/torture_proxycommand.c +++ b/tests/client/torture_proxycommand.c
@@ -166,6 +166,56 @@ static void torture_options_set_proxycommand_ssh_stderr(void **state) @@ -161,6 +161,56 @@ static void torture_options_set_proxycommand_ssh_stderr(void **state)
assert_int_equal(rc & O_RDWR, O_RDWR); assert_int_equal(rc & O_RDWR, O_RDWR);
} }
@ -541,7 +543,7 @@ index 9b8019ca..1bad4ccc 100644
int torture_run_tests(void) { int torture_run_tests(void) {
int rc; int rc;
struct CMUnitTest tests[] = { struct CMUnitTest tests[] = {
@@ -181,6 +231,9 @@ int torture_run_tests(void) { @@ -176,6 +226,9 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_options_set_proxycommand_ssh_stderr, cmocka_unit_test_setup_teardown(torture_options_set_proxycommand_ssh_stderr,
session_setup, session_setup,
session_teardown), session_teardown),
@ -555,23 +557,22 @@ index 9b8019ca..1bad4ccc 100644
2.41.0 2.41.0
From 62d3101c1f76b6891b70c50154e0e934d6b8cb57 Mon Sep 17 00:00:00 2001 From a0dbe0d556e073804cc549802569577bb24757d9 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertpocs0@gmail.com> From: Norbert Pocs <norbertpocs0@gmail.com>
Date: Mon, 6 Nov 2023 20:11:38 +0100 Date: Mon, 6 Nov 2023 20:11:38 +0100
Subject: [PATCH 08/12] CVE-2023-6004: torture_misc: Add test for ssh_is_ipaddr Subject: [PATCH 08/12] CVE-2023-6004: torture_misc: Add test for ssh_is_ipaddr
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
--- ---
tests/unittests/torture_misc.c | 26 ++++++++++++++++++++++++++ tests/unittests/torture_misc.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+) 1 file changed, 26 insertions(+)
diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c
index e682b6d4..b07392ab 100644 index d14f4254..073bc54c 100644
--- a/tests/unittests/torture_misc.c --- a/tests/unittests/torture_misc.c
+++ b/tests/unittests/torture_misc.c +++ b/tests/unittests/torture_misc.c
@@ -832,6 +832,31 @@ static void torture_ssh_check_hostname_syntax(void **state) @@ -728,6 +728,31 @@ static void torture_ssh_check_hostname_syntax(void **state)
assert_int_equal(rc, SSH_ERROR); assert_int_equal(rc, SSH_ERROR);
} }
@ -603,9 +604,9 @@ index e682b6d4..b07392ab 100644
int torture_run_tests(void) { int torture_run_tests(void) {
int rc; int rc;
struct CMUnitTest tests[] = { struct CMUnitTest tests[] = {
@@ -857,6 +882,7 @@ int torture_run_tests(void) { @@ -751,6 +776,7 @@ int torture_run_tests(void) {
cmocka_unit_test(torture_ssh_strreplace), cmocka_unit_test(torture_ssh_mkdirs),
cmocka_unit_test(torture_ssh_strerror), cmocka_unit_test(torture_ssh_quote_file_name),
cmocka_unit_test(torture_ssh_check_hostname_syntax), cmocka_unit_test(torture_ssh_check_hostname_syntax),
+ cmocka_unit_test(torture_ssh_is_ipaddr), + cmocka_unit_test(torture_ssh_is_ipaddr),
}; };
@ -615,35 +616,57 @@ index e682b6d4..b07392ab 100644
2.41.0 2.41.0
From cea841d71c025f9c998b7d5fc9f2a2839df62921 Mon Sep 17 00:00:00 2001 From cdaec0d6273243a03f460cc5ba1a2265b4afb93a Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertpocs0@gmail.com> From: Norbert Pocs <norbertpocs0@gmail.com>
Date: Tue, 28 Nov 2023 15:26:45 +0100 Date: Tue, 28 Nov 2023 15:26:45 +0100
Subject: [PATCH 09/12] CVE-2023-6004 misc: Add ipv6 link-local check for an ip Subject: [PATCH 09/12] CVE-2023-6004: misc: Add ipv6 link-local check for an
address ip address
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
--- ---
src/CMakeLists.txt | 1 + src/CMakeLists.txt | 17 ++++++++++-------
src/connect.c | 2 +- src/connect.c | 2 +-
src/misc.c | 44 ++++++++++++++++++++++++++++++++++++++------ src/misc.c | 44 ++++++++++++++++++++++++++++++++++++++------
3 files changed, 40 insertions(+), 7 deletions(-) 3 files changed, 49 insertions(+), 14 deletions(-)
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index d6245c0d..807313b5 100644 index a576cf71..fc401793 100644
--- a/src/CMakeLists.txt --- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt +++ b/src/CMakeLists.txt
@@ -91,6 +91,7 @@ endif() @@ -9,13 +9,6 @@ set(LIBSSH_LINK_LIBRARIES
if (WIN32) ${LIBSSH_REQUIRED_LIBRARIES}
set(LIBSSH_LINK_LIBRARIES
${LIBSSH_LINK_LIBRARIES}
+ iphlpapi
ws2_32
) )
endif (WIN32)
-if (WIN32)
- set(LIBSSH_LINK_LIBRARIES
- ${LIBSSH_LINK_LIBRARIES}
- ws2_32
- )
-endif (WIN32)
-
if (OPENSSL_CRYPTO_LIBRARIES)
set(LIBSSH_PRIVATE_INCLUDE_DIRS
${LIBSSH_PRIVATE_INCLUDE_DIRS}
@@ -93,6 +86,16 @@ if (MINGW AND Threads_FOUND)
)
endif()
+# This needs to be last for mingw to build
+# https://gitlab.com/libssh/libssh-mirror/-/issues/84
+if (WIN32)
+ set(LIBSSH_LINK_LIBRARIES
+ ${LIBSSH_LINK_LIBRARIES}
+ iphlpapi
+ ws2_32
+ )
+endif (WIN32)
+
if (BUILD_STATIC_LIB)
set(LIBSSH_STATIC_LIBRARY
ssh_static
diff --git a/src/connect.c b/src/connect.c diff --git a/src/connect.c b/src/connect.c
index 57e37e63..15cae644 100644 index ce4d58df..ca62dcf0 100644
--- a/src/connect.c --- a/src/connect.c
+++ b/src/connect.c +++ b/src/connect.c
@@ -136,7 +136,7 @@ static int getai(const char *host, int port, struct addrinfo **ai) @@ -136,7 +136,7 @@ static int getai(const char *host, int port, struct addrinfo **ai)
@ -656,7 +679,7 @@ index 57e37e63..15cae644 100644
SSH_LOG(SSH_LOG_PACKET, "host %s matches an IP address", host); SSH_LOG(SSH_LOG_PACKET, "host %s matches an IP address", host);
hints.ai_flags |= AI_NUMERICHOST; hints.ai_flags |= AI_NUMERICHOST;
diff --git a/src/misc.c b/src/misc.c diff --git a/src/misc.c b/src/misc.c
index be6ee836..7081f12a 100644 index e4239e81..6f5d2d60 100644
--- a/src/misc.c --- a/src/misc.c
+++ b/src/misc.c +++ b/src/misc.c
@@ -32,6 +32,7 @@ @@ -32,6 +32,7 @@
@ -675,9 +698,9 @@ index be6ee836..7081f12a 100644
#ifdef HAVE_IO_H #ifdef HAVE_IO_H
#include <io.h> #include <io.h>
@@ -222,22 +224,37 @@ int ssh_is_ipaddr_v4(const char *str) @@ -216,22 +218,37 @@ int ssh_is_ipaddr_v4(const char *str) {
int ssh_is_ipaddr(const char *str)
{ int ssh_is_ipaddr(const char *str) {
int rc = SOCKET_ERROR; int rc = SOCKET_ERROR;
+ char *s = strdup(str); + char *s = strdup(str);
@ -716,9 +739,9 @@ index be6ee836..7081f12a 100644
return ssh_is_ipaddr_v4(str); return ssh_is_ipaddr_v4(str);
} }
#else /* _WIN32 */ #else /* _WIN32 */
@@ -343,17 +360,32 @@ int ssh_is_ipaddr_v4(const char *str) @@ -335,17 +352,32 @@ int ssh_is_ipaddr_v4(const char *str) {
int ssh_is_ipaddr(const char *str)
{ int ssh_is_ipaddr(const char *str) {
int rc = -1; int rc = -1;
+ char *s = strdup(str); + char *s = strdup(str);
@ -756,7 +779,7 @@ index be6ee836..7081f12a 100644
2.41.0 2.41.0
From 2c492ee179d5caa2718c5e768bab6e0b2b64a8b0 Mon Sep 17 00:00:00 2001 From 6a8a18c73e73a338283dfbade0a7d83e5cfafe3b Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertpocs0@gmail.com> From: Norbert Pocs <norbertpocs0@gmail.com>
Date: Tue, 28 Nov 2023 15:27:31 +0100 Date: Tue, 28 Nov 2023 15:27:31 +0100
Subject: [PATCH 10/12] CVE-2023-6004: torture_misc: Add tests for ipv6 Subject: [PATCH 10/12] CVE-2023-6004: torture_misc: Add tests for ipv6
@ -764,17 +787,16 @@ Subject: [PATCH 10/12] CVE-2023-6004: torture_misc: Add tests for ipv6
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
--- ---
tests/unittests/torture_misc.c | 20 ++++++++++++++++++++ tests/unittests/torture_misc.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+) 1 file changed, 20 insertions(+)
diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c
index b07392ab..77166759 100644 index 073bc54c..f16b766e 100644
--- a/tests/unittests/torture_misc.c --- a/tests/unittests/torture_misc.c
+++ b/tests/unittests/torture_misc.c +++ b/tests/unittests/torture_misc.c
@@ -17,7 +17,14 @@ @@ -17,7 +17,14 @@
#include "torture.h" #include "misc.c"
#include "error.c" #include "error.c"
+#ifdef _WIN32 +#ifdef _WIN32
@ -788,7 +810,7 @@ index b07392ab..77166759 100644
const char template[] = "temp_dir_XXXXXX"; const char template[] = "temp_dir_XXXXXX";
@@ -834,14 +841,27 @@ static void torture_ssh_check_hostname_syntax(void **state) @@ -730,14 +737,27 @@ static void torture_ssh_check_hostname_syntax(void **state)
static void torture_ssh_is_ipaddr(void **state) { static void torture_ssh_is_ipaddr(void **state) {
int rc; int rc;
@ -820,7 +842,7 @@ index b07392ab..77166759 100644
2.41.0 2.41.0
From 1a02364b5107a4125ea3cb76fcdb6beabaebf3be Mon Sep 17 00:00:00 2001 From 72f59157e6ccbd4c0bb806690931413169a0886f Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com> From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 22 Dec 2023 10:32:40 +0100 Date: Fri, 22 Dec 2023 10:32:40 +0100
Subject: [PATCH 11/12] Fix regression in IPv6 addresses in hostname parsing Subject: [PATCH 11/12] Fix regression in IPv6 addresses in hostname parsing
@ -836,10 +858,10 @@ Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
4 files changed, 23 insertions(+), 18 deletions(-) 4 files changed, 23 insertions(+), 18 deletions(-)
diff --git a/include/libssh/config_parser.h b/include/libssh/config_parser.h diff --git a/include/libssh/config_parser.h b/include/libssh/config_parser.h
index a7dd42a2..ca353432 100644 index e974917c..ee647bfb 100644
--- a/include/libssh/config_parser.h --- a/include/libssh/config_parser.h
+++ b/include/libssh/config_parser.h +++ b/include/libssh/config_parser.h
@@ -30,6 +30,8 @@ @@ -26,6 +26,8 @@
#ifndef CONFIG_PARSER_H_ #ifndef CONFIG_PARSER_H_
#define CONFIG_PARSER_H_ #define CONFIG_PARSER_H_
@ -848,11 +870,31 @@ index a7dd42a2..ca353432 100644
char *ssh_config_get_cmd(char **str); char *ssh_config_get_cmd(char **str);
char *ssh_config_get_token(char **str); char *ssh_config_get_token(char **str);
@@ -45,13 +47,16 @@ int ssh_config_get_yesno(char **str, int notfound);
* be stored or NULL if we do not care about the result.
* @param[out] port Pointer to the location, where the new port will
* be stored or NULL if we do not care about the result.
+ * @param[in] ignore_port Set to true if the we should not attempt to parse
+ * port number.
*
* @returns SSH_OK if the provided string is in format of SSH URI,
* SSH_ERROR on failure
*/
int ssh_config_parse_uri(const char *tok,
- char **username,
- char **hostname,
- char **port);
+ char **username,
+ char **hostname,
+ char **port,
+ bool ignore_port);
#endif /* LIBSSH_CONFIG_H_ */
diff --git a/src/config.c b/src/config.c diff --git a/src/config.c b/src/config.c
index c5c40125..273db7c8 100644 index 54ada276..a813568d 100644
--- a/src/config.c --- a/src/config.c
+++ b/src/config.c +++ b/src/config.c
@@ -464,7 +464,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing) @@ -324,7 +324,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
} }
if (parse_entry) { if (parse_entry) {
/* We actually care only about the first item */ /* We actually care only about the first item */
@ -861,7 +903,7 @@ index c5c40125..273db7c8 100644
/* The rest of the list needs to be passed on */ /* The rest of the list needs to be passed on */
if (endp != NULL) { if (endp != NULL) {
next = strdup(endp + 1); next = strdup(endp + 1);
@@ -475,7 +475,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing) @@ -335,7 +335,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
} }
} else { } else {
/* The rest is just sanity-checked to avoid failures later */ /* The rest is just sanity-checked to avoid failures later */
@ -871,10 +913,10 @@ index c5c40125..273db7c8 100644
if (rv != SSH_OK) { if (rv != SSH_OK) {
goto out; goto out;
diff --git a/src/config_parser.c b/src/config_parser.c diff --git a/src/config_parser.c b/src/config_parser.c
index b8b94611..d4b2d2c3 100644 index 87bac5d4..a2da0a62 100644
--- a/src/config_parser.c --- a/src/config_parser.c
+++ b/src/config_parser.c +++ b/src/config_parser.c
@@ -162,9 +162,10 @@ int ssh_config_get_yesno(char **str, int notfound) @@ -134,9 +134,10 @@ int ssh_config_get_yesno(char **str, int notfound)
} }
int ssh_config_parse_uri(const char *tok, int ssh_config_parse_uri(const char *tok,
@ -888,7 +930,7 @@ index b8b94611..d4b2d2c3 100644
{ {
char *endp = NULL; char *endp = NULL;
long port_n; long port_n;
@@ -210,12 +211,17 @@ int ssh_config_parse_uri(const char *tok, @@ -182,12 +183,17 @@ int ssh_config_parse_uri(const char *tok,
if (endp == NULL) { if (endp == NULL) {
goto error; goto error;
} }
@ -909,10 +951,10 @@ index b8b94611..d4b2d2c3 100644
if (tok == endp) { if (tok == endp) {
/* Zero-length hostnames are not valid */ /* Zero-length hostnames are not valid */
diff --git a/src/options.c b/src/options.c diff --git a/src/options.c b/src/options.c
index 38511455..b3ecffe1 100644 index 7c03e7ab..0890ff2e 100644
--- a/src/options.c --- a/src/options.c
+++ b/src/options.c +++ b/src/options.c
@@ -516,17 +516,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type, @@ -491,17 +491,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
ssh_set_error_invalid(session); ssh_set_error_invalid(session);
return -1; return -1;
} else { } else {
@ -936,7 +978,7 @@ index 38511455..b3ecffe1 100644
2.41.0 2.41.0
From 6f1b1e76bb38bc89819132e1810e4301ec9034a4 Mon Sep 17 00:00:00 2001 From 5dc10ff63ca2e8db91abfdccf1d095f5b4261b8e Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com> From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 22 Dec 2023 09:52:18 +0100 Date: Fri, 22 Dec 2023 09:52:18 +0100
Subject: [PATCH 12/12] tests: Increase test coverage for IPv6 address parsing Subject: [PATCH 12/12] tests: Increase test coverage for IPv6 address parsing
@ -951,15 +993,23 @@ Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 6f6e453d7b0ad4ee6a6f6a1c96a9a6b27821410d) (cherry picked from commit 6f6e453d7b0ad4ee6a6f6a1c96a9a6b27821410d)
--- ---
tests/unittests/torture_config.c | 49 +++++++++++++++++++++++++++++++ tests/unittests/torture_config.c | 49 +++++++++++++++++++++++++++++++
tests/unittests/torture_options.c | 16 ++++++++++ tests/unittests/torture_options.c | 22 ++++++++++++++
2 files changed, 65 insertions(+) 2 files changed, 71 insertions(+)
diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c
index b7c763af..26a24215 100644 index 3a5a74bf..d8097e79 100644
--- a/tests/unittests/torture_config.c --- a/tests/unittests/torture_config.c
+++ b/tests/unittests/torture_config.c +++ b/tests/unittests/torture_config.c
@@ -1850,6 +1850,53 @@ static void torture_config_make_absolute_no_sshdir(void **state) @@ -2,6 +2,7 @@
torture_config_make_absolute_int(state, 1);
#define LIBSSH_STATIC
+#include <errno.h>
#include "torture.h"
#include "libssh/options.h"
#include "libssh/session.h"
@@ -997,6 +998,53 @@ static void torture_config_match_pattern(void **state)
} }
+static void torture_config_parse_uri(void **state) +static void torture_config_parse_uri(void **state)
@ -1009,23 +1059,22 @@ index b7c763af..26a24215 100644
+ SAFE_FREE(hostname); + SAFE_FREE(hostname);
+} +}
+ +
int torture_run_tests(void)
{ int torture_run_tests(void) {
int rc; int rc;
@@ -1922,6 +1969,8 @@ int torture_run_tests(void) @@ -1012,6 +1060,7 @@ int torture_run_tests(void) {
setup, teardown), cmocka_unit_test(torture_config_rekey),
cmocka_unit_test_setup_teardown(torture_config_make_absolute_no_sshdir, cmocka_unit_test(torture_config_pubkeyacceptedkeytypes),
setup_no_sshdir, teardown), cmocka_unit_test(torture_config_match_pattern),
+ cmocka_unit_test_setup_teardown(torture_config_parse_uri, + cmocka_unit_test(torture_config_parse_uri),
+ setup, teardown),
}; };
diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c
index 425d7295..8a5505a1 100644 index d0fdaed1..576ca9cd 100644
--- a/tests/unittests/torture_options.c --- a/tests/unittests/torture_options.c
+++ b/tests/unittests/torture_options.c +++ b/tests/unittests/torture_options.c
@@ -60,6 +60,20 @@ static void torture_options_set_host(void **state) { @@ -59,12 +59,34 @@ static void torture_options_set_host(void **state) {
assert_non_null(session->opts.host); assert_non_null(session->opts.host);
assert_string_equal(session->opts.host, "localhost"); assert_string_equal(session->opts.host, "localhost");
@ -1046,67 +1095,20 @@ index 425d7295..8a5505a1 100644
rc = ssh_options_set(session, SSH_OPTIONS_HOST, "guru@meditation"); rc = ssh_options_set(session, SSH_OPTIONS_HOST, "guru@meditation");
assert_true(rc == 0); assert_true(rc == 0);
assert_non_null(session->opts.host); assert_non_null(session->opts.host);
@@ -67,12 +81,14 @@ static void torture_options_set_host(void **state) { assert_string_equal(session->opts.host, "meditation");
assert_non_null(session->opts.username); assert_non_null(session->opts.username);
assert_string_equal(session->opts.username, "guru"); assert_string_equal(session->opts.username, "guru");
+ /* more @ in uri is OK -- it should go to the username */
rc = ssh_options_set(session, SSH_OPTIONS_HOST, "at@login@hostname");
assert_true(rc == 0);
assert_non_null(session->opts.host);
assert_string_equal(session->opts.host, "hostname");
assert_non_null(session->opts.username);
assert_string_equal(session->opts.username, "at@login");
+ +
+ /* more @ in uri is OK -- it should go to the username */
+ rc = ssh_options_set(session, SSH_OPTIONS_HOST, "at@login@hostname");
+ assert_true(rc == 0);
+ assert_non_null(session->opts.host);
+ assert_string_equal(session->opts.host, "hostname");
+ assert_non_null(session->opts.username);
+ assert_string_equal(session->opts.username, "at@login");
} }
static void torture_options_set_ciphers(void **state) { static void torture_options_set_ciphers(void **state) {
-- --
2.41.0 2.41.0
diff -up libssh-0.10.4/include/libssh/config_parser.h.CVE-2023-6004.patch libssh-0.10.4/include/libssh/config_parser.h
--- libssh-0.10.4/include/libssh/config_parser.h.CVE-2023-6004.patch 2024-01-08 19:48:48.964006647 +0100
+++ libssh-0.10.4/include/libssh/config_parser.h 2024-01-08 19:56:38.850726165 +0100
@@ -47,13 +47,16 @@ int ssh_config_get_yesno(char **str, int
* be stored or NULL if we do not care about the result.
* @param[out] port Pointer to the location, where the new port will
* be stored or NULL if we do not care about the result.
+ * @param[in] ignore_port Set to true if the we should not attempt to parse
+ * port number.
*
* @returns SSH_OK if the provided string is in format of SSH URI,
* SSH_ERROR on failure
*/
int ssh_config_parse_uri(const char *tok,
- char **username,
- char **hostname,
- char **port);
+ char **username,
+ char **hostname,
+ char **port,
+ bool ignore_port);
#endif /* LIBSSH_CONFIG_H_ */
diff -up libssh-0.10.4/include/libssh/misc.h.CVE-2023-6004.patch libssh-0.10.4/include/libssh/misc.h
--- libssh-0.10.4/include/libssh/misc.h.CVE-2023-6004.patch 2024-01-08 19:48:07.422589393 +0100
+++ libssh-0.10.4/include/libssh/misc.h 2024-01-08 19:53:33.830867829 +0100
@@ -99,4 +99,7 @@ int ssh_newline_vis(const char *string,
int ssh_tmpname(char *template);
char *ssh_strreplace(const char *src, const char *pattern, const char *repl);
+
+int ssh_check_hostname_syntax(const char *hostname);
+
#endif /* MISC_H_ */
diff -up libssh-0.10.4/src/misc.c.CVE-2023-6004.patch libssh-0.10.4/src/misc.c
--- libssh-0.10.4/src/misc.c.CVE-2023-6004.patch 2024-01-08 19:48:26.779783823 +0100
+++ libssh-0.10.4/src/misc.c 2024-01-08 19:54:55.209685193 +0100
@@ -96,6 +96,8 @@
#define ZLIB_STRING ""
#endif
+#define ARPA_DOMAIN_MAX_LEN 63
+
/**
* @defgroup libssh_misc The SSH helper functions.
* @ingroup libssh

File diff suppressed because it is too large Load Diff

View File

@ -1,7 +1,7 @@
diff --color -ru ../libssh-0.10.4/src/pki_crypto.c ./src/pki_crypto.c diff --color -ru ../libssh-0.9.6/src/pki_crypto.c ./src/pki_crypto.c
--- ../libssh-0.10.4/src/pki_crypto.c 2023-04-27 13:24:03.105744519 +0200 --- ../libssh-0.9.6/src/pki_crypto.c 2023-04-27 12:59:08.463259052 +0200
+++ ./src/pki_crypto.c 2023-04-27 13:30:24.016756496 +0200 +++ ./src/pki_crypto.c 2023-04-27 13:05:24.020610873 +0200
@@ -3186,8 +3186,12 @@ @@ -2291,8 +2291,12 @@
unsigned char *raw_sig_data = NULL; unsigned char *raw_sig_data = NULL;
unsigned int raw_sig_len; unsigned int raw_sig_len;
@ -15,7 +15,7 @@ diff --color -ru ../libssh-0.10.4/src/pki_crypto.c ./src/pki_crypto.c
if (pubkey == NULL || ssh_key_is_private(pubkey) || input == NULL || if (pubkey == NULL || ssh_key_is_private(pubkey) || input == NULL ||
signature == NULL || (signature->raw_sig == NULL signature == NULL || (signature->raw_sig == NULL
@@ -3202,8 +3206,8 @@ @@ -2307,8 +2311,8 @@
} }
/* Check if public key and hash type are compatible */ /* Check if public key and hash type are compatible */
@ -26,7 +26,7 @@ diff --color -ru ../libssh-0.10.4/src/pki_crypto.c ./src/pki_crypto.c
return SSH_ERROR; return SSH_ERROR;
} }
@@ -3248,8 +3252,8 @@ @@ -2351,8 +2355,8 @@
} }
/* Verify the signature */ /* Verify the signature */
@ -37,7 +37,7 @@ diff --color -ru ../libssh-0.10.4/src/pki_crypto.c ./src/pki_crypto.c
SSH_LOG(SSH_LOG_TRACE, SSH_LOG(SSH_LOG_TRACE,
"EVP_DigestVerifyInit() failed: %s", "EVP_DigestVerifyInit() failed: %s",
ERR_error_string(ERR_get_error(), NULL)); ERR_error_string(ERR_get_error(), NULL));
@@ -3257,32 +3261,30 @@ @@ -2360,35 +2364,31 @@
} }
#ifdef HAVE_OPENSSL_EVP_DIGESTVERIFY #ifdef HAVE_OPENSSL_EVP_DIGESTVERIFY
@ -76,7 +76,11 @@ diff --color -ru ../libssh-0.10.4/src/pki_crypto.c ./src/pki_crypto.c
- if (ctx != NULL) { - if (ctx != NULL) {
- EVP_MD_CTX_free(ctx); - EVP_MD_CTX_free(ctx);
- } - }
- if (pkey != NULL) {
- EVP_PKEY_free(pkey);
- }
+ EVP_MD_CTX_free(ctx); + EVP_MD_CTX_free(ctx);
EVP_PKEY_free(pkey); + EVP_PKEY_free(pkey);
return rc; return rc;
} }

View File

@ -1,23 +0,0 @@
diff --git a/src/dh_crypto.c b/src/dh_crypto.c
index a847c6a2..1eb94307 100644
--- a/src/dh_crypto.c
+++ b/src/dh_crypto.c
@@ -341,8 +341,16 @@ int ssh_dh_set_parameters(struct dh_ctx *ctx,
goto done;
}
- OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, modulus);
- OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, generator);
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, modulus);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto done;
+ }
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, generator);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto done;
+ }
params = OSSL_PARAM_BLD_to_param(param_bld);
if (params == NULL) {
OSSL_PARAM_BLD_free(param_bld);

View File

@ -1,6 +1,6 @@
diff --color -ru ../libssh-0.10.4/src/buffer.c ./src/buffer.c diff --color -ru ../libssh-0.9.6/src/buffer.c ./src/buffer.c
--- ../libssh-0.10.4/src/buffer.c 2023-05-03 12:22:40.304114511 +0200 --- ../libssh-0.9.6/src/buffer.c 2023-05-03 11:53:48.710217753 +0200
+++ ./src/buffer.c 2023-05-03 12:24:11.578110236 +0200 +++ ./src/buffer.c 2023-05-03 11:58:21.995200990 +0200
@@ -747,7 +747,8 @@ @@ -747,7 +747,8 @@
*/ */
int ssh_buffer_validate_length(struct ssh_buffer_struct *buffer, size_t len) int ssh_buffer_validate_length(struct ssh_buffer_struct *buffer, size_t len)
@ -11,10 +11,10 @@ diff --color -ru ../libssh-0.10.4/src/buffer.c ./src/buffer.c
return SSH_ERROR; return SSH_ERROR;
} }
diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c diff --color -ru ../libssh-0.9.6/src/gssapi.c ./src/gssapi.c
--- ../libssh-0.10.4/src/gssapi.c 2023-05-03 12:22:40.356115078 +0200 --- ../libssh-0.9.6/src/gssapi.c 2023-05-03 11:53:48.732217993 +0200
+++ ./src/gssapi.c 2023-05-03 12:24:11.566110105 +0200 +++ ./src/gssapi.c 2023-05-03 11:58:21.976200782 +0200
@@ -444,11 +444,18 @@ @@ -437,11 +437,18 @@
hexa = ssh_get_hexa(output_token.value, output_token.length); hexa = ssh_get_hexa(output_token.value, output_token.length);
SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa); SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa);
SAFE_FREE(hexa); SAFE_FREE(hexa);
@ -38,7 +38,7 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
ssh_packet_send(session); ssh_packet_send(session);
} }
@@ -857,6 +864,7 @@ @@ -846,6 +853,7 @@
} }
SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
@ -46,7 +46,7 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
ssh_string oid_s; ssh_string oid_s;
gss_uint32 maj_stat, min_stat; gss_uint32 maj_stat, min_stat;
gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
@@ -908,11 +916,15 @@ @@ -897,11 +905,15 @@
hexa = ssh_get_hexa(output_token.value, output_token.length); hexa = ssh_get_hexa(output_token.value, output_token.length);
SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s", hexa); SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s", hexa);
SAFE_FREE(hexa); SAFE_FREE(hexa);
@ -67,7 +67,7 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
ssh_packet_send(session); ssh_packet_send(session);
session->auth.state = SSH_AUTH_STATE_GSSAPI_TOKEN; session->auth.state = SSH_AUTH_STATE_GSSAPI_TOKEN;
} }
@@ -975,6 +987,7 @@ @@ -963,6 +975,7 @@
} }
SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
@ -75,7 +75,7 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
ssh_string token; ssh_string token;
char *hexa; char *hexa;
OM_uint32 maj_stat, min_stat; OM_uint32 maj_stat, min_stat;
@@ -1027,11 +1040,15 @@ @@ -1015,11 +1028,15 @@
hexa = ssh_get_hexa(output_token.value, output_token.length); hexa = ssh_get_hexa(output_token.value, output_token.length);
SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa); SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa);
SAFE_FREE(hexa); SAFE_FREE(hexa);
@ -96,10 +96,10 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
ssh_packet_send(session); ssh_packet_send(session);
} }
diff --color -ru ../libssh-0.10.4/src/options.c ./src/options.c diff --color -ru ../libssh-0.9.6/src/options.c ./src/options.c
--- ../libssh-0.10.4/src/options.c 2023-05-03 12:22:40.342114926 +0200 --- ../libssh-0.9.6/src/options.c 2021-08-26 14:27:42.000000000 +0200
+++ ./src/options.c 2023-05-03 12:24:11.582110280 +0200 +++ ./src/options.c 2023-05-03 11:58:22.000201044 +0200
@@ -614,7 +614,9 @@ @@ -547,7 +547,9 @@
} }
i = strtol(q, &p, 10); i = strtol(q, &p, 10);
if (q == p) { if (q == p) {
@ -109,7 +109,7 @@ diff --color -ru ../libssh-0.10.4/src/options.c ./src/options.c
} }
SAFE_FREE(q); SAFE_FREE(q);
if (i <= 0) { if (i <= 0) {
@@ -816,7 +818,9 @@ @@ -743,7 +745,9 @@
} }
i = strtol(q, &p, 10); i = strtol(q, &p, 10);
if (q == p) { if (q == p) {
@ -119,7 +119,7 @@ diff --color -ru ../libssh-0.10.4/src/options.c ./src/options.c
} }
SAFE_FREE(q); SAFE_FREE(q);
if (i < 0) { if (i < 0) {
@@ -2035,7 +2039,9 @@ @@ -1818,7 +1822,9 @@
} }
i = strtol(q, &p, 10); i = strtol(q, &p, 10);
if (q == p) { if (q == p) {
@ -130,7 +130,7 @@ diff --color -ru ../libssh-0.10.4/src/options.c ./src/options.c
} }
SAFE_FREE(q); SAFE_FREE(q);
@@ -2062,7 +2068,9 @@ @@ -1845,7 +1851,9 @@
} }
i = strtol(q, &p, 10); i = strtol(q, &p, 10);
if (q == p) { if (q == p) {
@ -141,9 +141,9 @@ diff --color -ru ../libssh-0.10.4/src/options.c ./src/options.c
} }
SAFE_FREE(q); SAFE_FREE(q);
diff --color -ru ../libssh-0.10.4/src/pki_container_openssh.c ./src/pki_container_openssh.c diff --color -ru ../libssh-0.9.6/src/pki_container_openssh.c ./src/pki_container_openssh.c
--- ../libssh-0.10.4/src/pki_container_openssh.c 2023-05-03 12:22:40.314114620 +0200 --- ../libssh-0.9.6/src/pki_container_openssh.c 2023-05-03 11:53:48.713217785 +0200
+++ ./src/pki_container_openssh.c 2023-05-03 12:24:11.566110105 +0200 +++ ./src/pki_container_openssh.c 2023-05-03 11:58:21.976200782 +0200
@@ -630,7 +630,11 @@ @@ -630,7 +630,11 @@
goto error; goto error;
} }
@ -157,10 +157,10 @@ diff --color -ru ../libssh-0.10.4/src/pki_container_openssh.c ./src/pki_containe
kdf_options = ssh_string_new(ssh_buffer_get_len(kdf_buf)); kdf_options = ssh_string_new(ssh_buffer_get_len(kdf_buf));
if (kdf_options == NULL){ if (kdf_options == NULL){
SSH_BUFFER_FREE(kdf_buf); SSH_BUFFER_FREE(kdf_buf);
diff --color -ru ../libssh-0.10.4/tests/unittests/torture_options.c ./tests/unittests/torture_options.c diff --color -ru ../libssh-0.9.6/tests/unittests/torture_options.c ./tests/unittests/torture_options.c
--- ../libssh-0.10.4/tests/unittests/torture_options.c 2023-05-03 12:22:40.343114937 +0200 --- ../libssh-0.9.6/tests/unittests/torture_options.c 2021-08-26 14:27:42.000000000 +0200
+++ ./tests/unittests/torture_options.c 2023-05-03 12:24:11.587110335 +0200 +++ ./tests/unittests/torture_options.c 2023-05-03 11:59:21.726853027 +0200
@@ -319,6 +319,7 @@ @@ -311,6 +311,7 @@
rc = ssh_options_set(session, SSH_OPTIONS_PORT_STR, "five"); rc = ssh_options_set(session, SSH_OPTIONS_PORT_STR, "five");
assert_true(rc == -1); assert_true(rc == -1);
@ -168,8 +168,8 @@ diff --color -ru ../libssh-0.10.4/tests/unittests/torture_options.c ./tests/unit
rc = ssh_options_set(session, SSH_OPTIONS_PORT, NULL); rc = ssh_options_set(session, SSH_OPTIONS_PORT, NULL);
assert_true(rc == -1); assert_true(rc == -1);
@@ -1496,6 +1497,26 @@ @@ -853,6 +854,26 @@
ssh_list_free(awaited_list); ssh_free(new);
} }
+static void torture_options_set_verbosity (void **state) +static void torture_options_set_verbosity (void **state)
@ -195,7 +195,7 @@ diff --color -ru ../libssh-0.10.4/tests/unittests/torture_options.c ./tests/unit
#ifdef WITH_SERVER #ifdef WITH_SERVER
const char template[] = "temp_dir_XXXXXX"; const char template[] = "temp_dir_XXXXXX";
@@ -1750,6 +1771,10 @@ @@ -1107,6 +1128,10 @@
rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDPORT_STR, "23"); rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDPORT_STR, "23");
assert_int_equal(rc, 0); assert_int_equal(rc, 0);
assert_int_equal(bind->bindport, 23); assert_int_equal(bind->bindport, 23);
@ -206,7 +206,7 @@ diff --color -ru ../libssh-0.10.4/tests/unittests/torture_options.c ./tests/unit
} }
static void torture_bind_options_log_verbosity(void **state) static void torture_bind_options_log_verbosity(void **state)
@@ -1799,6 +1824,11 @@ @@ -1156,6 +1181,11 @@
new_level = ssh_get_log_level(); new_level = ssh_get_log_level();
assert_int_equal(new_level, SSH_LOG_PACKET); assert_int_equal(new_level, SSH_LOG_PACKET);
@ -218,10 +218,10 @@ diff --color -ru ../libssh-0.10.4/tests/unittests/torture_options.c ./tests/unit
rc = ssh_set_log_level(previous_level); rc = ssh_set_log_level(previous_level);
assert_int_equal(rc, SSH_OK); assert_int_equal(rc, SSH_OK);
} }
@@ -2297,6 +2327,7 @@ @@ -1643,6 +1673,7 @@
cmocka_unit_test_setup_teardown(torture_options_caret_sign, cmocka_unit_test_setup_teardown(torture_options_config_host, setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_config_match,
setup, teardown), setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_apply, setup, teardown),
+ cmocka_unit_test_setup_teardown(torture_options_set_verbosity, setup, teardown), + cmocka_unit_test_setup_teardown(torture_options_set_verbosity, setup, teardown),
}; };

View File

@ -1,57 +0,0 @@
File ../libssh-0.10.4/.git is a regular file while file ./.git is a directory
diff --color -ru ../libssh-0.10.4/src/sftp.c ./src/sftp.c
--- ../libssh-0.10.4/src/sftp.c 2023-05-22 12:45:48.383509085 +0200
+++ ./src/sftp.c 2023-05-22 12:54:31.004037650 +0200
@@ -1755,6 +1755,10 @@
int sftp_close(sftp_file file){
int err = SSH_NO_ERROR;
+ if (file == NULL) {
+ return err;
+ }
+
SAFE_FREE(file->name);
if (file->handle){
err = sftp_handle_close(file->sftp,file->handle);
@@ -1917,7 +1921,7 @@
/* Read from a file using an opened sftp file handle. */
ssize_t sftp_read(sftp_file handle, void *buf, size_t count) {
- sftp_session sftp = handle->sftp;
+ sftp_session sftp;
sftp_message msg = NULL;
sftp_status_message status;
ssh_string datastring;
@@ -1926,6 +1930,11 @@
uint32_t id;
int rc;
+ if (handle == NULL) {
+ return -1;
+ }
+ sftp = handle->sftp;
+
if (handle->eof) {
return 0;
}
@@ -2147,7 +2156,7 @@
}
ssize_t sftp_write(sftp_file file, const void *buf, size_t count) {
- sftp_session sftp = file->sftp;
+ sftp_session sftp;
sftp_message msg = NULL;
sftp_status_message status;
ssh_buffer buffer;
@@ -2156,6 +2165,11 @@
size_t packetlen;
int rc;
+ if (file == NULL) {
+ return -1;
+ }
+ sftp = file->sftp;
+
buffer = ssh_buffer_new();
if (buffer == NULL) {
ssh_set_error_oom(sftp->session);

View File

@ -1,105 +0,0 @@
diff --git a/src/kex.c b/src/kex.c
index 1155b9c7..528cb182 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -101,12 +101,19 @@
#ifdef HAVE_ECDH
#define ECDH "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,"
-#define EC_HOSTKEYS "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,"
-#define EC_PUBLIC_KEY_ALGORITHMS "ecdsa-sha2-nistp521-cert-v01@openssh.com," \
+#define EC_HOSTKEYS "ecdsa-sha2-nistp521," \
+ "ecdsa-sha2-nistp384," \
+ "ecdsa-sha2-nistp256,"
+#define EC_SK_HOSTKEYS "sk-ecdsa-sha2-nistp256@openssh.com,"
+#define EC_FIPS_PUBLIC_KEY_ALGOS "ecdsa-sha2-nistp521-cert-v01@openssh.com," \
"ecdsa-sha2-nistp384-cert-v01@openssh.com," \
"ecdsa-sha2-nistp256-cert-v01@openssh.com,"
+#define EC_PUBLIC_KEY_ALGORITHMS EC_FIPS_PUBLIC_KEY_ALGOS \
+ "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,"
#else
#define EC_HOSTKEYS ""
+#define EC_SK_HOSTKEYS ""
+#define EC_FIPS_PUBLIC_KEY_ALGOS ""
#define EC_PUBLIC_KEY_ALGORITHMS ""
#define ECDH ""
#endif /* HAVE_ECDH */
@@ -127,16 +134,21 @@
#define HOSTKEYS "ssh-ed25519," \
EC_HOSTKEYS \
+ "sk-ssh-ed25519@openssh.com," \
+ EC_SK_HOSTKEYS \
"rsa-sha2-512," \
"rsa-sha2-256," \
"ssh-rsa" \
DSA_HOSTKEYS
#define DEFAULT_HOSTKEYS "ssh-ed25519," \
EC_HOSTKEYS \
+ "sk-ssh-ed25519@openssh.com," \
+ EC_SK_HOSTKEYS \
"rsa-sha2-512," \
"rsa-sha2-256"
#define PUBLIC_KEY_ALGORITHMS "ssh-ed25519-cert-v01@openssh.com," \
+ "sk-ssh-ed25519-cert-v01@openssh.com," \
EC_PUBLIC_KEY_ALGORITHMS \
"rsa-sha2-512-cert-v01@openssh.com," \
"rsa-sha2-256-cert-v01@openssh.com," \
@@ -186,7 +198,7 @@
"rsa-sha2-512," \
"rsa-sha2-256"
-#define FIPS_ALLOWED_PUBLIC_KEY_ALGORITHMS EC_PUBLIC_KEY_ALGORITHMS \
+#define FIPS_ALLOWED_PUBLIC_KEY_ALGORITHMS EC_FIPS_PUBLIC_KEY_ALGOS \
"rsa-sha2-512-cert-v01@openssh.com," \
"rsa-sha2-256-cert-v01@openssh.com," \
FIPS_ALLOWED_HOSTKEYS
diff --git a/src/knownhosts.c b/src/knownhosts.c
index 1f52dedc..94618fe2 100644
--- a/src/knownhosts.c
+++ b/src/knownhosts.c
@@ -480,6 +480,8 @@ static const char *ssh_known_host_sigs_from_hostkey_type(enum ssh_keytypes_e typ
return "rsa-sha2-512,rsa-sha2-256,ssh-rsa";
case SSH_KEYTYPE_ED25519:
return "ssh-ed25519";
+ case SSH_KEYTYPE_SK_ED25519:
+ return "sk-ssh-ed25519@openssh.com";
#ifdef HAVE_DSA
case SSH_KEYTYPE_DSS:
return "ssh-dss";
@@ -494,6 +496,8 @@ static const char *ssh_known_host_sigs_from_hostkey_type(enum ssh_keytypes_e typ
return "ecdsa-sha2-nistp384";
case SSH_KEYTYPE_ECDSA_P521:
return "ecdsa-sha2-nistp521";
+ case SSH_KEYTYPE_SK_ECDSA:
+ return "sk-ecdsa-sha2-nistp256@openssh.com";
#else
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
diff --git a/tests/unittests/torture_knownhosts_parsing.c b/tests/unittests/torture_knownhosts_parsing.c
index fffa8296..7fd21f05 100644
--- a/tests/unittests/torture_knownhosts_parsing.c
+++ b/tests/unittests/torture_knownhosts_parsing.c
@@ -634,7 +634,9 @@ static void torture_knownhosts_algorithms(void **state)
bool process_config = false;
const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,"
"ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,"
- "ecdsa-sha2-nistp256";
+ "ecdsa-sha2-nistp256,"
+ "sk-ssh-ed25519@openssh.com,"
+ "sk-ecdsa-sha2-nistp256@openssh.com";
const char *expect_fips = "rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp521,"
"ecdsa-sha2-nistp384,ecdsa-sha2-nistp256";
@@ -669,7 +671,9 @@ static void torture_knownhosts_algorithms_global(void **state)
bool process_config = false;
const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,"
"ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,"
- "ecdsa-sha2-nistp256";
+ "ecdsa-sha2-nistp256,"
+ "sk-ssh-ed25519@openssh.com,"
+ "sk-ecdsa-sha2-nistp256@openssh.com";
const char *expect_fips = "rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp521,"
"ecdsa-sha2-nistp384,ecdsa-sha2-nistp256";

View File

@ -1,94 +0,0 @@
From bccb8513fa4a836aef0519d65eb33bb212606fe1 Mon Sep 17 00:00:00 2001
From: Thomas Baag <libssh-git@spam.b2ag.de>
Date: Wed, 21 Sep 2022 20:55:27 +0200
Subject: [PATCH] config: Escape brackets in ProxyCommand build from ProxyJump
Missing escaping results in syntax errors in Zsh shell because of square
brackets getting interpreted as being a pattern for globbing.
Signed-off-by: Thomas Baag <libssh-git@spam.b2ag.de>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/config.c | 2 +-
tests/unittests/torture_config.c | 14 +++++++-------
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/config.c b/src/config.c
index c048418ec..308928429 100644
--- a/src/config.c
+++ b/src/config.c
@@ -491,7 +491,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
if (hostname != NULL && do_parsing) {
char com[512] = {0};
- rv = snprintf(com, sizeof(com), "ssh%s%s%s%s%s%s -W [%%h]:%%p %s",
+ rv = snprintf(com, sizeof(com), "ssh%s%s%s%s%s%s -W '[%%h]:%%p' %s",
username ? " -l " : "",
username ? username : "",
port ? " -p " : "",
diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c
index 31dadae37..5ff20c99a 100644
--- a/tests/unittests/torture_config.c
+++ b/tests/unittests/torture_config.c
@@ -649,7 +649,7 @@ static void torture_config_unknown(void **state,
/* test corner cases */
_parse_config(session, file, string, SSH_OK);
assert_string_equal(session->opts.ProxyCommand,
- "ssh -W [%h]:%p many-spaces.com");
+ "ssh -W '[%h]:%p' many-spaces.com");
assert_string_equal(session->opts.host, "equal.sign");
ret = ssh_config_parse_file(session, "/etc/ssh/ssh_config");
@@ -945,28 +945,28 @@ static void torture_config_proxyjump(void **state,
torture_reset_config(session);
ssh_options_set(session, SSH_OPTIONS_HOST, "simple");
_parse_config(session, file, string, SSH_OK);
- assert_string_equal(session->opts.ProxyCommand, "ssh -W [%h]:%p jumpbox");
+ assert_string_equal(session->opts.ProxyCommand, "ssh -W '[%h]:%p' jumpbox");
/* With username */
torture_reset_config(session);
ssh_options_set(session, SSH_OPTIONS_HOST, "user");
_parse_config(session, file, string, SSH_OK);
assert_string_equal(session->opts.ProxyCommand,
- "ssh -l user -W [%h]:%p jumpbox");
+ "ssh -l user -W '[%h]:%p' jumpbox");
/* With port */
torture_reset_config(session);
ssh_options_set(session, SSH_OPTIONS_HOST, "port");
_parse_config(session, file, string, SSH_OK);
assert_string_equal(session->opts.ProxyCommand,
- "ssh -p 2222 -W [%h]:%p jumpbox");
+ "ssh -p 2222 -W '[%h]:%p' jumpbox");
/* Two step jump */
torture_reset_config(session);
ssh_options_set(session, SSH_OPTIONS_HOST, "two-step");
_parse_config(session, file, string, SSH_OK);
assert_string_equal(session->opts.ProxyCommand,
- "ssh -l u1 -p 222 -J u2@second:33 -W [%h]:%p first");
+ "ssh -l u1 -p 222 -J u2@second:33 -W '[%h]:%p' first");
/* none */
torture_reset_config(session);
@@ -985,14 +985,14 @@ static void torture_config_proxyjump(void **state,
ssh_options_set(session, SSH_OPTIONS_HOST, "only-jump");
_parse_config(session, file, string, SSH_OK);
assert_string_equal(session->opts.ProxyCommand,
- "ssh -W [%h]:%p jumpbox");
+ "ssh -W '[%h]:%p' jumpbox");
/* IPv6 address */
torture_reset_config(session);
ssh_options_set(session, SSH_OPTIONS_HOST, "ipv6");
_parse_config(session, file, string, SSH_OK);
assert_string_equal(session->opts.ProxyCommand,
- "ssh -W [%h]:%p 2620:52:0::fed");
+ "ssh -W '[%h]:%p' 2620:52:0::fed");
/* Multiple @ is allowed in second jump */
config = "Host allowed-hostname\n"
--
GitLab

668
SOURCES/fix_tests.patch Normal file
View File

@ -0,0 +1,668 @@
diff --color -ru ../libssh-0.9.6/examples/sshnetcat.c ./examples/sshnetcat.c
--- ../libssh-0.9.6/examples/sshnetcat.c 2021-08-26 14:27:42.000000000 +0200
+++ ./examples/sshnetcat.c 2023-05-02 10:36:00.793381735 +0200
@@ -233,9 +233,10 @@
}
void cleanup_pcap(void);
-void cleanup_pcap(){
+void cleanup_pcap(void)
+{
ssh_pcap_file_free(pcap);
- pcap=NULL;
+ pcap = NULL;
}
#endif
diff --color -ru ../libssh-0.9.6/src/init.c ./src/init.c
--- ../libssh-0.9.6/src/init.c 2021-03-15 08:11:33.000000000 +0100
+++ ./src/init.c 2023-05-02 10:36:00.793381735 +0200
@@ -269,7 +269,7 @@
*
* @see ssh_init()
*/
-bool is_ssh_initialized() {
+bool is_ssh_initialized(void) {
bool is_initialized = false;
diff --color -ru ../libssh-0.9.6/tests/client/torture_auth.c ./tests/client/torture_auth.c
--- ../libssh-0.9.6/tests/client/torture_auth.c 2021-08-26 14:27:42.000000000 +0200
+++ ./tests/client/torture_auth.c 2023-05-02 10:36:00.815381960 +0200
@@ -200,7 +200,8 @@
assert_non_null(ssh_agent_pidfile);
/* kill agent pid */
- torture_terminate_process(ssh_agent_pidfile);
+ rc = torture_terminate_process(ssh_agent_pidfile);
+ assert_return_code(rc, errno);
unlink(ssh_agent_pidfile);
@@ -551,6 +552,7 @@
static void torture_auth_agent_cert(void **state)
{
+#if OPENSSH_VERSION_MAJOR < 8 || (OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR == 0)
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
@@ -570,6 +572,7 @@
"ssh-rsa-cert-v01@openssh.com");
assert_int_equal(rc, SSH_OK);
}
+#endif /* OPENSSH_VERSION_MAJOR < 8.1 */
/* Setup loads a different key, tests are exactly the same. */
torture_auth_agent(state);
@@ -577,6 +580,7 @@
static void torture_auth_agent_cert_nonblocking(void **state)
{
+#if OPENSSH_VERSION_MAJOR < 8 || (OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR == 0)
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
@@ -596,6 +600,7 @@
"ssh-rsa-cert-v01@openssh.com");
assert_int_equal(rc, SSH_OK);
}
+#endif /* OPENSSH_VERSION_MAJOR < 8.1 */
torture_auth_agent_nonblocking(state);
}
diff --color -ru ../libssh-0.9.6/tests/client/torture_rekey.c ./tests/client/torture_rekey.c
--- ../libssh-0.9.6/tests/client/torture_rekey.c 2023-04-28 17:26:41.472315318 +0200
+++ ./tests/client/torture_rekey.c 2023-05-02 10:36:00.805381857 +0200
@@ -38,6 +38,8 @@
#include <fcntl.h>
#include <pwd.h>
+#define KEX_RETRY 32
+
static uint64_t bytes = 2048; /* 2KB (more than the authentication phase) */
static int sshd_setup(void **state)
@@ -190,10 +192,11 @@
rc = ssh_userauth_publickey_auto(s->ssh.session, NULL, NULL);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
- /* send ignore packets of up to 1KB to trigger rekey */
+ /* send ignore packets of up to 1KB to trigger rekey. Send little bit more
+ * to make sure it completes with all different ciphers */
memset(data, 0, sizeof(data));
memset(data, 'A', 128);
- for (i = 0; i < 16; i++) {
+ for (i = 0; i < KEX_RETRY; i++) {
ssh_send_ignore(s->ssh.session, data);
ssh_handle_packets(s->ssh.session, 50);
}
@@ -496,9 +499,15 @@
* to make sure the rekey it completes with all different ciphers (paddings */
memset(data, 0, sizeof(data));
memset(data, 'A', 128);
- for (i = 0; i < 20; i++) {
+ for (i = 0; i < KEX_RETRY; i++) {
ssh_send_ignore(s->ssh.session, data);
- ssh_handle_packets(s->ssh.session, 50);
+ ssh_handle_packets(s->ssh.session, 100);
+
+ c = s->ssh.session->current_crypto;
+ /* SHA256 len */
+ if (c->digest_len != 32) {
+ break;
+ }
}
/* The rekey limit was restored in the new crypto to the same value */
@@ -568,9 +577,15 @@
* to make sure the rekey it completes with all different ciphers (paddings */
memset(data, 0, sizeof(data));
memset(data, 'A', 128);
- for (i = 0; i < 25; i++) {
+ for (i = 0; i < KEX_RETRY; i++) {
ssh_send_ignore(s->ssh.session, data);
- ssh_handle_packets(s->ssh.session, 50);
+ ssh_handle_packets(s->ssh.session, 100);
+
+ c = s->ssh.session->current_crypto;
+ /* SHA256 len */
+ if (c->digest_len != 32) {
+ break;
+ }
}
/* Check that the secret hash is different than initially */
diff --color -ru ../libssh-0.9.6/tests/CMakeLists.txt ./tests/CMakeLists.txt
--- ../libssh-0.9.6/tests/CMakeLists.txt 2021-08-26 14:27:42.000000000 +0200
+++ ./tests/CMakeLists.txt 2023-05-02 10:32:03.964511860 +0200
@@ -153,6 +153,17 @@
execute_process(COMMAND ${ID_EXECUTABLE} -u OUTPUT_VARIABLE LOCAL_UID OUTPUT_STRIP_TRAILING_WHITESPACE)
endif()
+ find_program(TIMEOUT_EXECUTABLE
+ NAME
+ timeout
+ PATHS
+ /bin
+ /usr/bin
+ /usr/local/bin)
+ if (TIMEOUT_EXECUTABLE)
+ set(WITH_TIMEOUT "1")
+ endif()
+
# chroot_wrapper
add_library(chroot_wrapper SHARED chroot_wrapper.c)
set(CHROOT_WRAPPER_LIBRARY ${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}chroot_wrapper${CMAKE_SHARED_LIBRARY_SUFFIX})
diff --color -ru ../libssh-0.9.6/tests/pkd/pkd_keyutil.c ./tests/pkd/pkd_keyutil.c
--- ../libssh-0.9.6/tests/pkd/pkd_keyutil.c 2021-03-15 08:11:33.000000000 +0100
+++ ./tests/pkd/pkd_keyutil.c 2023-05-02 10:36:00.793381735 +0200
@@ -22,7 +22,7 @@
#include "pkd_keyutil.h"
#include "pkd_util.h"
-void setup_rsa_key() {
+void setup_rsa_key(void) {
int rc = 0;
if (access(LIBSSH_RSA_TESTKEY, F_OK) != 0) {
rc = system_checked(OPENSSH_KEYGEN " -t rsa -q -N \"\" -f "
@@ -31,7 +31,7 @@
assert_int_equal(rc, 0);
}
-void setup_ed25519_key() {
+void setup_ed25519_key(void) {
int rc = 0;
if (access(LIBSSH_ED25519_TESTKEY, F_OK) != 0) {
rc = system_checked(OPENSSH_KEYGEN " -t ed25519 -q -N \"\" -f "
@@ -41,7 +41,7 @@
}
#ifdef HAVE_DSA
-void setup_dsa_key() {
+void setup_dsa_key(void) {
int rc = 0;
if (access(LIBSSH_DSA_TESTKEY, F_OK) != 0) {
rc = system_checked(OPENSSH_KEYGEN " -t dsa -q -N \"\" -f "
@@ -51,7 +51,7 @@
}
#endif
-void setup_ecdsa_keys() {
+void setup_ecdsa_keys(void) {
int rc = 0;
if (access(LIBSSH_ECDSA_256_TESTKEY, F_OK) != 0) {
@@ -71,27 +71,27 @@
}
}
-void cleanup_rsa_key() {
+void cleanup_rsa_key(void) {
cleanup_key(LIBSSH_RSA_TESTKEY);
}
-void cleanup_ed25519_key() {
+void cleanup_ed25519_key(void) {
cleanup_key(LIBSSH_ED25519_TESTKEY);
}
#ifdef HAVE_DSA
-void cleanup_dsa_key() {
+void cleanup_dsa_key(void) {
cleanup_key(LIBSSH_DSA_TESTKEY);
}
#endif
-void cleanup_ecdsa_keys() {
+void cleanup_ecdsa_keys(void) {
cleanup_key(LIBSSH_ECDSA_256_TESTKEY);
cleanup_key(LIBSSH_ECDSA_384_TESTKEY);
cleanup_key(LIBSSH_ECDSA_521_TESTKEY);
}
-void setup_openssh_client_keys() {
+void setup_openssh_client_keys(void) {
int rc = 0;
if (access(OPENSSH_CA_TESTKEY, F_OK) != 0) {
@@ -184,7 +184,7 @@
}
}
-void cleanup_openssh_client_keys() {
+void cleanup_openssh_client_keys(void) {
cleanup_key(OPENSSH_CA_TESTKEY);
cleanup_key(OPENSSH_RSA_TESTKEY);
cleanup_file(OPENSSH_RSA_TESTKEY "-sha256-cert.pub");
@@ -199,7 +199,7 @@
}
}
-void setup_dropbear_client_rsa_key() {
+void setup_dropbear_client_rsa_key(void) {
int rc = 0;
if (access(DROPBEAR_RSA_TESTKEY, F_OK) != 0) {
rc = system_checked(DROPBEAR_KEYGEN " -t rsa -f "
@@ -208,6 +208,6 @@
assert_int_equal(rc, 0);
}
-void cleanup_dropbear_client_rsa_key() {
+void cleanup_dropbear_client_rsa_key(void) {
unlink(DROPBEAR_RSA_TESTKEY);
}
diff --color -ru ../libssh-0.9.6/tests/server/torture_server_config.c ./tests/server/torture_server_config.c
--- ../libssh-0.9.6/tests/server/torture_server_config.c 2021-08-26 14:27:42.000000000 +0200
+++ ./tests/server/torture_server_config.c 2023-05-02 10:36:00.815381960 +0200
@@ -285,9 +285,7 @@
assert_non_null(s);
rc = torture_terminate_process(s->srv_pidfile);
- if (rc != 0) {
- fprintf(stderr, "XXXXXX Failed to terminate sshd\n");
- }
+ assert_return_code(rc, errno);
unlink(s->srv_pidfile);
@@ -513,6 +511,12 @@
/* Try each algorithm individually */
j = 0;
while(tokens->tokens[j] != NULL) {
+ char *cmp = strstr(OPENSSH_CIPHERS, tokens->tokens[j]);
+ if (cmp == NULL) {
+ /* This cipher is not supported by the OpenSSH. Skip it */
+ j++;
+ continue;
+ }
snprintf(config_content,
sizeof(config_content),
"HostKey %s\nCiphers %s\n",
diff --color -ru ../libssh-0.9.6/tests/tests_config.h.cmake ./tests/tests_config.h.cmake
--- ../libssh-0.9.6/tests/tests_config.h.cmake 2021-08-26 14:27:42.000000000 +0200
+++ ./tests/tests_config.h.cmake 2023-05-02 10:32:03.964511860 +0200
@@ -66,4 +66,6 @@
#cmakedefine NC_EXECUTABLE "${NC_EXECUTABLE}"
#cmakedefine SSHD_EXECUTABLE "${SSHD_EXECUTABLE}"
-#cmakedefine SSH_EXECUTABLE "${SSH_EXECUTABLE}"
\ No newline at end of file
+#cmakedefine SSH_EXECUTABLE "${SSH_EXECUTABLE}"
+#cmakedefine WITH_TIMEOUT ${WITH_TIMEOUT}
+#cmakedefine TIMEOUT_EXECUTABLE "${TIMEOUT_EXECUTABLE}"
diff --color -ru ../libssh-0.9.6/tests/torture.c ./tests/torture.c
--- ../libssh-0.9.6/tests/torture.c 2021-08-26 14:27:44.000000000 +0200
+++ ./tests/torture.c 2023-05-02 10:36:00.815381960 +0200
@@ -51,6 +51,7 @@
#include "torture.h"
#include "torture_key.h"
#include "libssh/misc.h"
+#include "libssh/token.h"
#define TORTURE_SSHD_SRV_IPV4 "127.0.0.10"
/* socket wrapper IPv6 prefix fd00::5357:5fxx */
@@ -250,8 +251,12 @@
rc = kill(pid, 0);
if (rc != 0) {
- is_running = 0;
- break;
+ /* Process not found */
+ if (errno == ESRCH) {
+ is_running = 0;
+ rc = 0;
+ break;
+ }
}
}
@@ -260,7 +265,7 @@
"WARNING: The process with pid %u is still running!\n", pid);
}
- return 0;
+ return rc;
}
ssh_session torture_ssh_session(struct torture_state *s,
@@ -611,6 +616,112 @@
*state = s;
}
+/**
+ * @brief Create a libssh server configuration file
+ *
+ * It is expected the socket directory to be already created before by calling
+ * torture_setup_socket_dir(). The created configuration file will be stored in
+ * the socket directory and the srv_config pointer in the state will be
+ * initialized.
+ *
+ * @param[in] state A pointer to a pointer to an initialized torture_state
+ * structure
+ */
+void torture_setup_create_libssh_config(void **state)
+{
+ struct torture_state *s = *state;
+ char ed25519_hostkey[1024] = {0};
+#ifdef HAVE_DSA
+ char dsa_hostkey[1024];
+#endif /* HAVE_DSA */
+ char rsa_hostkey[1024];
+ char ecdsa_hostkey[1024];
+ char sshd_config[2048];
+ char sshd_path[1024];
+ const char *additional_config = NULL;
+ struct stat sb;
+ const char config_string[]=
+ "LogLevel DEBUG3\n"
+ "Port 22\n"
+ "ListenAddress 127.0.0.10\n"
+ "%s %s\n"
+ "%s %s\n"
+ "%s %s\n"
+#ifdef HAVE_DSA
+ "%s %s\n"
+#endif /* HAVE_DSA */
+ "%s\n"; /* The space for test-specific options */
+ bool written = false;
+ int rc;
+
+ assert_non_null(s->socket_dir);
+
+ snprintf(sshd_path,
+ sizeof(sshd_path),
+ "%s/sshd",
+ s->socket_dir);
+
+ rc = lstat(sshd_path, &sb);
+ if (rc == 0 ) { /* The directory is already in place */
+ written = true;
+ }
+
+ if (!written) {
+ rc = mkdir(sshd_path, 0755);
+ assert_return_code(rc, errno);
+ }
+
+ snprintf(ed25519_hostkey,
+ sizeof(ed25519_hostkey),
+ "%s/sshd/ssh_host_ed25519_key",
+ s->socket_dir);
+
+ snprintf(rsa_hostkey,
+ sizeof(rsa_hostkey),
+ "%s/sshd/ssh_host_rsa_key",
+ s->socket_dir);
+
+ snprintf(ecdsa_hostkey,
+ sizeof(ecdsa_hostkey),
+ "%s/sshd/ssh_host_ecdsa_key",
+ s->socket_dir);
+
+#ifdef HAVE_DSA
+ snprintf(dsa_hostkey,
+ sizeof(dsa_hostkey),
+ "%s/sshd/ssh_host_dsa_key",
+ s->socket_dir);
+#endif /* HAVE_DSA */
+
+ if (!written) {
+ torture_write_file(ed25519_hostkey,
+ torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
+ torture_write_file(rsa_hostkey,
+ torture_get_testkey(SSH_KEYTYPE_RSA, 0));
+ torture_write_file(ecdsa_hostkey,
+ torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
+#ifdef HAVE_DSA
+ torture_write_file(dsa_hostkey,
+ torture_get_testkey(SSH_KEYTYPE_DSS, 0));
+#endif /* HAVE_DSA */
+ }
+
+ additional_config = (s->srv_additional_config != NULL ?
+ s->srv_additional_config : "");
+
+ snprintf(sshd_config, sizeof(sshd_config),
+ config_string,
+ "HostKey", ed25519_hostkey,
+ "HostKey", rsa_hostkey,
+ "HostKey", ecdsa_hostkey,
+#ifdef HAVE_DSA
+ "HostKey", dsa_hostkey,
+#endif /* HAVE_DSA */
+ additional_config);
+
+ torture_write_file(s->srv_config, sshd_config);
+}
+
static void torture_setup_create_sshd_config(void **state, bool pam)
{
struct torture_state *s = *state;
@@ -856,21 +967,140 @@
return 1;
}
-void torture_setup_sshd_server(void **state, bool pam)
+/**
+ * @brief Run a libssh based server under timeout.
+ *
+ * It is expected that the socket directory and libssh configuration file were
+ * already created before by calling torture_setup_socket_dir() and
+ * torture_setup_create_libssh_config() (or alternatively setup the state with
+ * the correct values).
+ *
+ * @param[in] state The content of the address pointed by this variable must be
+ * a pointer to an initialized instance of torture_state
+ * structure; it can be obtained by calling
+ * torture_setup_socket_dir() and
+ * torture_setup_create_libssh_config().
+ * @param[in] server_path The path to the server executable.
+ *
+ * @note This function will use the state->srv_additional_config field as
+ * additional command line option used when starting the server instead of extra
+ * configuration file options.
+ * */
+void torture_setup_libssh_server(void **state, const char *server_path)
{
struct torture_state *s;
- char sshd_start_cmd[1024];
+ char start_cmd[1024];
+ char timeout_cmd[512];
+ char env[1024];
+ char extra_options[1024];
int rc;
+ char *ld_preload = NULL;
+ const char *force_fips = NULL;
- torture_setup_socket_dir(state);
- torture_setup_create_sshd_config(state, pam);
+ struct ssh_tokens_st *env_tokens;
+ struct ssh_tokens_st *arg_tokens;
+
+ pid_t pid;
+ ssize_t printed;
+
+ s = *state;
+
+ /* Get all the wrapper libraries to be pre-loaded */
+ ld_preload = getenv("LD_PRELOAD");
+
+ if (s->srv_additional_config != NULL) {
+ printed = snprintf(extra_options, sizeof(extra_options), " %s ",
+ s->srv_additional_config);
+ if (printed < 0) {
+ fail_msg("Failed to print additional config!");
+ }
+ } else {
+ printed = snprintf(extra_options, sizeof(extra_options), " ");
+ if (printed < 0) {
+ fail_msg("Failed to print empty additional config!");
+ }
+ }
+
+ if (ssh_fips_mode()) {
+ force_fips = "OPENSSL_FORCE_FIPS_MODE=1 ";
+ } else {
+ force_fips = "";
+ }
+
+ /* Write the environment setting */
+ printed = snprintf(env, sizeof(env),
+ "SOCKET_WRAPPER_DIR=%s "
+ "SOCKET_WRAPPER_DEFAULT_IFACE=10 "
+ "LD_PRELOAD=%s "
+ "%s",
+ s->socket_dir, ld_preload, force_fips);
+ if (printed < 0) {
+ fail_msg("Failed to print env!");
+ }
+
+#ifdef WITH_TIMEOUT
+ snprintf(timeout_cmd, sizeof(timeout_cmd),
+ "%s %s ", TIMEOUT_EXECUTABLE, "5m");
+#else
+ timeout_cmd[0] = '\0';
+#endif
+
+ /* Write the start command */
+ printed = snprintf(start_cmd, sizeof(start_cmd),
+ "%s"
+ "%s -f%s -v4 -p22 -i%s -C%s%s%s",
+ timeout_cmd,
+ server_path, s->pcap_file, s->srv_pidfile,
+ s->srv_config, extra_options, TORTURE_SSH_SERVER);
+ if (printed < 0) {
+ fail_msg("Failed to print start command!");
+ }
+
+ pid = fork();
+ switch(pid) {
+ case 0:
+ env_tokens = ssh_tokenize(env, ' ');
+ if (env_tokens == NULL || env_tokens->tokens == NULL) {
+ fail_msg("Failed to tokenize env!");
+ }
+
+ arg_tokens = ssh_tokenize(start_cmd, ' ');
+ if (arg_tokens == NULL || arg_tokens->tokens == NULL) {
+ ssh_tokens_free(env_tokens);
+ fail_msg("Failed to tokenize args!");
+ }
+
+ rc = execve(arg_tokens->tokens[0], (char **)arg_tokens->tokens,
+ (char **)env_tokens->tokens);
+
+ /* execve returns only in case of error */
+ ssh_tokens_free(env_tokens);
+ ssh_tokens_free(arg_tokens);
+ fail_msg("Error in execve: %s", strerror(errno));
+ case -1:
+ fail_msg("Failed to fork!");
+ default:
+ /* The parent continues the execution of the tests */
+ setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
+ unsetenv("PAM_WRAPPER");
+
+ /* Wait until the server is ready to accept connections */
+ rc = torture_wait_for_daemon(15);
+ assert_int_equal(rc, 0);
+ break;
+ }
+}
+
+static int torture_start_sshd_server(void **state)
+{
+ struct torture_state *s = *state;
+ char sshd_start_cmd[1024];
+ int rc;
/* Set the default interface for the server */
setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1);
setenv("PAM_WRAPPER", "1", 1);
- s = *state;
-
snprintf(sshd_start_cmd, sizeof(sshd_start_cmd),
SSHD_EXECUTABLE " -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",
s->srv_config, s->socket_dir, s->socket_dir);
@@ -882,7 +1112,20 @@
unsetenv("PAM_WRAPPER");
/* Wait until the sshd is ready to accept connections */
- rc = torture_wait_for_daemon(5);
+ rc = torture_wait_for_daemon(15);
+ assert_int_equal(rc, 0);
+
+ return SSH_OK;
+}
+
+void torture_setup_sshd_server(void **state, bool pam)
+{
+ int rc;
+
+ torture_setup_socket_dir(state);
+ torture_setup_create_sshd_config(state, pam);
+
+ rc = torture_start_sshd_server(state);
assert_int_equal(rc, 0);
}
@@ -922,29 +1165,12 @@
torture_reload_sshd_server(void **state)
{
struct torture_state *s = *state;
- pid_t pid;
int rc;
- /* read the pidfile */
- pid = torture_read_pidfile(s->srv_pidfile);
- assert_int_not_equal(pid, -1);
-
- kill(pid, SIGHUP);
-
- /* 10 ms */
- usleep(10 * 1000);
-
- rc = kill(pid, 0);
- if (rc != 0) {
- fprintf(stderr,
- "ERROR: SSHD process %u died during reload!\n", pid);
- return SSH_ERROR;
- }
+ rc = torture_terminate_process(s->srv_pidfile);
+ assert_return_code(rc, errno);
- /* Wait until the sshd is ready to accept connections */
- rc = torture_wait_for_daemon(5);
- assert_int_equal(rc, 0);
- return SSH_OK;
+ return torture_start_sshd_server(state);
}
/* @brief: Updates SSHD server configuration with more options and
@@ -980,9 +1206,7 @@
int rc;
rc = torture_terminate_process(s->srv_pidfile);
- if (rc != 0) {
- fprintf(stderr, "XXXXXX Failed to terminate sshd\n");
- }
+ assert_return_code(rc, errno);
torture_teardown_socket_dir(state);
}
diff --color -ru ../libssh-0.9.6/tests/torture.h ./tests/torture.h
--- ../libssh-0.9.6/tests/torture.h 2021-08-26 14:27:44.000000000 +0200
+++ ./tests/torture.h 2023-05-02 10:32:03.964511860 +0200
@@ -132,6 +132,10 @@
void torture_reset_config(ssh_session session);
+void torture_setup_create_libssh_config(void **state);
+
+void torture_setup_libssh_server(void **state, const char *server_path);
+
/*
* This function must be defined in every unit test file.
*/

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmMYnSEACgkQfuD8TcwB
Tj2qGBAAn/40MU/7PcyCRK9U+MhLo28peRpTF+i1/k0V5czVLiFubeFofsa6sjy8
C6VyQsz0NYiTf6wXLlq9jO1p31LWQ13Z3K0d7Lg2eyftsVrGM1Ue9dTLlJrZ570d
JjcBR/J3dpO9w5fz4HawWE8GIBBstZQnZYdoT75+tIeSMJ/tnovKfE1RGYc4kRJs
quC7tyej7Y+t86U8psFSy2iUCajS82b+ddZEhuxwamel+RBRJZsmi5B2OvhkEaOj
mhJOIkx3UD9XAjxeooVcTlzAaJ5JFZ7Im97o+DRbQYvJYe4ZqDo17lrzBh6wruLC
vBo+/lwh9FbCqxbDpFfqwpf8qYsWu3m0Qlu5f+BZ/9WvjFCVoRmScNHJo42tu18r
xcX2Txis8oWysgqhvIgTFRnLq010ErL8iE9WeZwrNJgcTnf+AQLolKQiVAHumMvk
Djv0No+ZTBG03Hsb0tbvA8kVtxI0ZZtzPcRkRqmUwiLCtcO9oo1hInhu+D1sPZwI
Q1xK6hI6LKsF80yPKGexZxlgV/vZYhIKtD0SIoZCpx7MSBxXqHYZARtTFUAXBSqF
tIn800/pPhGuY1/x3ho4BeWCGj1eWG5zy7dr0q/d/OiqBj3OiUfxtTl4drqrYhca
goNhzNTs0Ps+iYbVQlk4nEAjg54M8ru1jfcuNRgrhTqCI8yiESk=
=AG91
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmEniOkACgkQfuD8TcwB
Tj0TKQ/9HiMAGSMHoQ+iPVLP06iTc6Cy7rNyON2nPDQwAz0V/dfvkrKAAEflfgYd
3pt3dbE/qgh2kgQLb9kpbCUmFoGuLgKz36RPOsggwuOsN+eD1n65q8W39sMOQid3
bjUIOKRdYWC1suZ9fMAO1Ignl69Opd8dAq1Has9YzglaeQaV/lnYQOW4UG0xKHck
ZOp2qLfjmaQiBAI61eRyxqIYC0F67WKd0bo9D2csoocDVvHLq4syPdbMOfDTB+LL
KZSAZVW1R1JUVZMkp/P/HU11jNNy3wKoLafocnq8bXkPVrqhyuo+hDJV/OPUvFLa
VE/BzIRoMNG+1R+GJpwE7ut2DIHPxnZTThRkeVN5qP1+hbhgLJhW62I+HeAnD4s+
+W7fwJovN28I+wqSjVEP8JguprVuoDAX5jVHbeZoMT7p8ATA4Nh3KCbYELEwTtFG
zsEIlBvoNXD3ce7xGXL3MPqfgKqrZQjRG/iOWvKwDV7WrqK1cFFyL7aeBfK2+dQq
1Ew7aYlTsH6Hap7XByeSsy4Z5ts3VXIoFix/h+Br5OTYKYgITM7bijNAQ6A2ZWQN
TxCv8X0sVyaGyXhxG6QhrEWZjFe496MneZkq9e6HKZyaSbzwFwMgOvrUUC7fa8e5
o1Rvozah81U0nsikwTmDrm15RSK3mr2X34zPW2Ahzr1I5tGZzOk=
=cO0k
-----END PGP SIGNATURE-----

File diff suppressed because it is too large Load Diff

View File

@ -1,514 +0,0 @@
From 8795d8912c8a83aaf900c0260e252a35f64eb200 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Fri, 18 Nov 2022 17:22:46 +0100
Subject: [PATCH] Fix memory leaks of bignums when openssl >= 3.0
The openssl 3.0 support has introduced some memory leaks at key build as
OSSL_PARAM_BLD_push_BN duplicates the bignum and does not save the pointer
itself.
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
include/libssh/dh.h | 2 +-
src/dh_crypto.c | 28 ++---
src/pki_crypto.c | 262 ++++++++++++++++++++++++--------------------
3 files changed, 151 insertions(+), 141 deletions(-)
diff --git a/include/libssh/dh.h b/include/libssh/dh.h
index 353dc233..9b9bb472 100644
--- a/include/libssh/dh.h
+++ b/include/libssh/dh.h
@@ -53,7 +53,7 @@ int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
bignum *priv, bignum *pub);
#endif /* OPENSSL_VERSION_NUMBER */
int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
- const bignum priv, const bignum pub);
+ bignum priv, bignum pub);
int ssh_dh_compute_shared_secret(struct dh_ctx *ctx, int local, int remote,
bignum *dest);
diff --git a/src/dh_crypto.c b/src/dh_crypto.c
index a847c6a2..b578ddec 100644
--- a/src/dh_crypto.c
+++ b/src/dh_crypto.c
@@ -154,12 +154,9 @@ int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
#endif /* OPENSSL_VERSION_NUMBER */
int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
- const bignum priv, const bignum pub)
+ bignum priv, bignum pub)
{
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
- bignum priv_key = NULL;
- bignum pub_key = NULL;
-#else
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
int rc;
OSSL_PARAM *params = NULL, *out_params = NULL, *merged_params = NULL;
OSSL_PARAM_BLD *param_bld = NULL;
@@ -172,7 +169,11 @@ int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
return SSH_ERROR;
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ (void)DH_set0_key(ctx->keypair[peer], pub, priv);
+
+ return SSH_OK;
+#else
rc = EVP_PKEY_todata(ctx->keypair[peer], EVP_PKEY_KEYPAIR, &out_params);
if (rc != 1) {
return SSH_ERROR;
@@ -195,35 +196,22 @@ int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
rc = SSH_ERROR;
goto out;
}
-#endif /* OPENSSL_VERSION_NUMBER */
if (priv) {
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
- priv_key = priv;
-#else
rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, priv);
if (rc != 1) {
rc = SSH_ERROR;
goto out;
}
-#endif /* OPENSSL_VERSION_NUMBER */
}
if (pub) {
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
- pub_key = pub;
-#else
rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PUB_KEY, pub);
if (rc != 1) {
rc = SSH_ERROR;
goto out;
}
-#endif /* OPENSSL_VERSION_NUMBER */
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
- (void)DH_set0_key(ctx->keypair[peer], pub_key, priv_key);
- return SSH_OK;
-#else
params = OSSL_PARAM_BLD_to_param(param_bld);
if (params == NULL) {
rc = SSH_ERROR;
@@ -248,6 +236,8 @@ int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
rc = SSH_OK;
out:
+ bignum_safe_free(priv);
+ bignum_safe_free(pub);
EVP_PKEY_CTX_free(evp_ctx);
OSSL_PARAM_free(out_params);
OSSL_PARAM_free(params);
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 0a5003da..d3359e2d 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1492,18 +1492,18 @@ int pki_privkey_build_dss(ssh_key key,
ssh_string privkey)
{
int rc;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
BIGNUM *bp, *bq, *bg, *bpub_key, *bpriv_key;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ OSSL_PARAM_BLD *param_bld = OSSL_PARAM_BLD_new();
+ if (param_bld == NULL) {
+ return SSH_ERROR;
+ }
#else
- const BIGNUM *pb, *qb, *gb, *pubb, *privb;
- OSSL_PARAM_BLD *param_bld;
-#endif /* OPENSSL_VERSION_NUMBER */
-
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
key->dsa = DSA_new();
if (key->dsa == NULL) {
return SSH_ERROR;
}
+#endif /* OPENSSL_VERSION_NUMBER */
bp = ssh_make_string_bn(p);
bq = ssh_make_string_bn(q);
@@ -1512,9 +1512,11 @@ int pki_privkey_build_dss(ssh_key key,
bpriv_key = ssh_make_string_bn(privkey);
if (bp == NULL || bq == NULL ||
bg == NULL || bpub_key == NULL) {
+ rc = SSH_ERROR;
goto fail;
}
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
/* Memory management of bp, qq and bg is transferred to DSA object */
rc = DSA_set0_pqg(key->dsa, bp, bq, bg);
if (rc == 0) {
@@ -1532,39 +1534,43 @@ fail:
DSA_free(key->dsa);
return SSH_ERROR;
#else
- param_bld = OSSL_PARAM_BLD_new();
- if (param_bld == NULL)
- goto err;
-
- pb = ssh_make_string_bn(p);
- qb = ssh_make_string_bn(q);
- gb = ssh_make_string_bn(g);
- pubb = ssh_make_string_bn(pubkey);
- privb = ssh_make_string_bn(privkey);
-
- rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, pb);
- if (rc != 1)
- goto err;
- rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, qb);
- if (rc != 1)
- goto err;
- rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, gb);
- if (rc != 1)
- goto err;
- rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PUB_KEY, pubb);
- if (rc != 1)
- goto err;
- rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, privb);
- if (rc != 1)
- goto err;
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, bp);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, bq);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, bg);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PUB_KEY, bpub_key);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, bpriv_key);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
rc = evp_build_pkey("DSA", param_bld, &(key->key), EVP_PKEY_KEYPAIR);
+
+fail:
OSSL_PARAM_BLD_free(param_bld);
+ bignum_safe_free(bp);
+ bignum_safe_free(bq);
+ bignum_safe_free(bg);
+ bignum_safe_free(bpub_key);
+ bignum_safe_free(bpriv_key);
return rc;
-err:
- OSSL_PARAM_BLD_free(param_bld);
- return -1;
#endif /* OPENSSL_VERSION_NUMBER */
}
@@ -1574,18 +1580,18 @@ int pki_pubkey_build_dss(ssh_key key,
ssh_string g,
ssh_string pubkey) {
int rc;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
BIGNUM *bp = NULL, *bq = NULL, *bg = NULL, *bpub_key = NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ OSSL_PARAM_BLD *param_bld = OSSL_PARAM_BLD_new();
+ if (param_bld == NULL) {
+ return SSH_ERROR;
+ }
#else
- const BIGNUM *pb, *qb, *gb, *pubb;
- OSSL_PARAM_BLD *param_bld;
-#endif /* OPENSSL_VERSION_NUMBER */
-
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
key->dsa = DSA_new();
if (key->dsa == NULL) {
return SSH_ERROR;
}
+#endif /* OPENSSL_VERSION_NUMBER */
bp = ssh_make_string_bn(p);
bq = ssh_make_string_bn(q);
@@ -1593,9 +1599,11 @@ int pki_pubkey_build_dss(ssh_key key,
bpub_key = ssh_make_string_bn(pubkey);
if (bp == NULL || bq == NULL ||
bg == NULL || bpub_key == NULL) {
+ rc = SSH_ERROR;
goto fail;
}
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
/* Memory management of bp, bq and bg is transferred to DSA object */
rc = DSA_set0_pqg(key->dsa, bp, bq, bg);
if (rc == 0) {
@@ -1613,35 +1621,37 @@ fail:
DSA_free(key->dsa);
return SSH_ERROR;
#else
- param_bld = OSSL_PARAM_BLD_new();
- if (param_bld == NULL)
- goto err;
-
- pb = ssh_make_string_bn(p);
- qb = ssh_make_string_bn(q);
- gb = ssh_make_string_bn(g);
- pubb = ssh_make_string_bn(pubkey);
-
- rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, pb);
- if (rc != 1)
- goto err;
- rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, qb);
- if (rc != 1)
- goto err;
- rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, gb);
- if (rc != 1)
- goto err;
- rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PUB_KEY, pubb);
- if (rc != 1)
- goto err;
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, bp);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, bq);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, bg);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PUB_KEY, bpub_key);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
rc = evp_build_pkey("DSA", param_bld, &(key->key), EVP_PKEY_PUBLIC_KEY);
+
+fail:
OSSL_PARAM_BLD_free(param_bld);
+ bignum_safe_free(bp);
+ bignum_safe_free(bq);
+ bignum_safe_free(bg);
+ bignum_safe_free(bpub_key);
return rc;
-err:
- OSSL_PARAM_BLD_free(param_bld);
- return -1;
#endif /* OPENSSL_VERSION_NUMBER */
}
@@ -1654,18 +1664,18 @@ int pki_privkey_build_rsa(ssh_key key,
ssh_string q)
{
int rc;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
BIGNUM *be, *bn, *bd/*, *biqmp*/, *bp, *bq;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ OSSL_PARAM_BLD *param_bld = OSSL_PARAM_BLD_new();
+ if (param_bld == NULL) {
+ return SSH_ERROR;
+ }
#else
- const BIGNUM *nb, *eb, *db, *pb, *qb;
- OSSL_PARAM_BLD *param_bld;
-#endif /* OPENSSL_VERSION_NUMBER */
-
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
key->rsa = RSA_new();
if (key->rsa == NULL) {
return SSH_ERROR;
}
+#endif /* OPENSSL_VERSION_NUMBER */
bn = ssh_make_string_bn(n);
be = ssh_make_string_bn(e);
@@ -1675,9 +1685,11 @@ int pki_privkey_build_rsa(ssh_key key,
bq = ssh_make_string_bn(q);
if (be == NULL || bn == NULL || bd == NULL ||
/*biqmp == NULL ||*/ bp == NULL || bq == NULL) {
+ rc = SSH_ERROR;
goto fail;
}
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
/* Memory management of be, bn and bd is transferred to RSA object */
rc = RSA_set0_key(key->rsa, bn, be, bd);
if (rc == 0) {
@@ -1702,41 +1714,49 @@ fail:
RSA_free(key->rsa);
return SSH_ERROR;
#else
- param_bld = OSSL_PARAM_BLD_new();
- if (param_bld == NULL)
- goto err;
-
- nb = ssh_make_string_bn(n);
- eb = ssh_make_string_bn(e);
- db = ssh_make_string_bn(d);
- pb = ssh_make_string_bn(p);
- qb = ssh_make_string_bn(q);
-
- rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, nb);
- if (rc != 1)
- goto err;
- rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, eb);
- if (rc != 1)
- goto err;
- rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_D, db);
- if (rc != 1)
- goto err;
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, bn);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, be);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_D, bd);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
rc = evp_build_pkey("RSA", param_bld, &(key->key), EVP_PKEY_KEYPAIR);
- OSSL_PARAM_BLD_free(param_bld);
+ if (rc != SSH_OK) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
- rc = EVP_PKEY_set_bn_param(key->key, OSSL_PKEY_PARAM_RSA_FACTOR1, pb);
- if (rc != 1)
- goto err;
+ rc = EVP_PKEY_set_bn_param(key->key, OSSL_PKEY_PARAM_RSA_FACTOR1, bp);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
- rc = EVP_PKEY_set_bn_param(key->key, OSSL_PKEY_PARAM_RSA_FACTOR2, qb);
- if (rc != 1)
- goto err;
+ rc = EVP_PKEY_set_bn_param(key->key, OSSL_PKEY_PARAM_RSA_FACTOR2, bq);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
- return rc;
-err:
+fail:
OSSL_PARAM_BLD_free(param_bld);
- return -1;
+ bignum_safe_free(bn);
+ bignum_safe_free(be);
+ bignum_safe_free(bd);
+ bignum_safe_free(bp);
+ bignum_safe_free(bq);
+
+ return rc;
#endif /* OPENSSL_VERSION_NUMBER */
}
@@ -1744,25 +1764,27 @@ int pki_pubkey_build_rsa(ssh_key key,
ssh_string e,
ssh_string n) {
int rc;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
BIGNUM *be = NULL, *bn = NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ OSSL_PARAM_BLD *param_bld = OSSL_PARAM_BLD_new();
+ if (param_bld == NULL) {
+ return SSH_ERROR;
+ }
#else
- const BIGNUM *eb, *nb;
- OSSL_PARAM_BLD *param_bld;
-#endif /* OPENSSL_VERSION_NUMBER */
-
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
key->rsa = RSA_new();
if (key->rsa == NULL) {
return SSH_ERROR;
}
+#endif /* OPENSSL_VERSION_NUMBER */
be = ssh_make_string_bn(e);
bn = ssh_make_string_bn(n);
if (be == NULL || bn == NULL) {
+ rc = SSH_ERROR;
goto fail;
}
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
/* Memory management of bn and be is transferred to RSA object */
rc = RSA_set0_key(key->rsa, bn, be, NULL);
if (rc == 0) {
@@ -1774,27 +1796,25 @@ fail:
RSA_free(key->rsa);
return SSH_ERROR;
#else
- nb = ssh_make_string_bn(n);
- eb = ssh_make_string_bn(e);
-
- param_bld = OSSL_PARAM_BLD_new();
- if (param_bld == NULL)
- goto err;
-
- rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, nb);
- if (rc != 1)
- goto err;
- rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, eb);
- if (rc != 1)
- goto err;
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, bn);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
+ rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, be);
+ if (rc != 1) {
+ rc = SSH_ERROR;
+ goto fail;
+ }
rc = evp_build_pkey("RSA", param_bld, &(key->key), EVP_PKEY_PUBLIC_KEY);
+
+fail:
OSSL_PARAM_BLD_free(param_bld);
+ bignum_safe_free(bn);
+ bignum_safe_free(be);
return rc;
-err:
- OSSL_PARAM_BLD_free(param_bld);
- return -1;
#endif /* OPENSSL_VERSION_NUMBER */
}
--
2.38.1

View File

@ -1,6 +1,6 @@
diff --color -ru ../libssh-0.10.4/include/libssh/curve25519.h ./include/libssh/curve25519.h diff --color -ru ../libssh-0.9.6/include/libssh/curve25519.h ./include/libssh/curve25519.h
--- ../libssh-0.10.4/include/libssh/curve25519.h 2022-07-07 15:53:51.000000000 +0200 --- ../libssh-0.9.6/include/libssh/curve25519.h 2021-03-15 08:11:33.000000000 +0100
+++ ./include/libssh/curve25519.h 2023-04-27 14:35:27.030113530 +0200 +++ ./include/libssh/curve25519.h 2023-04-27 12:21:30.257820636 +0200
@@ -48,6 +48,7 @@ @@ -48,6 +48,7 @@
@ -9,9 +9,9 @@ diff --color -ru ../libssh-0.10.4/include/libssh/curve25519.h ./include/libssh/c
#ifdef WITH_SERVER #ifdef WITH_SERVER
void ssh_server_curve25519_init(ssh_session session); void ssh_server_curve25519_init(ssh_session session);
diff --color -ru ../libssh-0.10.4/include/libssh/dh-gex.h ./include/libssh/dh-gex.h diff --color -ru ../libssh-0.9.6/include/libssh/dh-gex.h ./include/libssh/dh-gex.h
--- ../libssh-0.10.4/include/libssh/dh-gex.h 2022-07-07 15:53:51.000000000 +0200 --- ../libssh-0.9.6/include/libssh/dh-gex.h 2021-03-15 08:11:33.000000000 +0100
+++ ./include/libssh/dh-gex.h 2023-04-27 14:35:27.030113530 +0200 +++ ./include/libssh/dh-gex.h 2023-04-27 12:21:30.257820636 +0200
@@ -24,6 +24,7 @@ @@ -24,6 +24,7 @@
#define SRC_DH_GEX_H_ #define SRC_DH_GEX_H_
@ -20,10 +20,10 @@ diff --color -ru ../libssh-0.10.4/include/libssh/dh-gex.h ./include/libssh/dh-ge
#ifdef WITH_SERVER #ifdef WITH_SERVER
void ssh_server_dhgex_init(ssh_session session); void ssh_server_dhgex_init(ssh_session session);
diff --color -ru ../libssh-0.10.4/include/libssh/dh.h ./include/libssh/dh.h diff --color -ru ../libssh-0.9.6/include/libssh/dh.h ./include/libssh/dh.h
--- ../libssh-0.10.4/include/libssh/dh.h 2023-04-27 14:25:46.353381599 +0200 --- ../libssh-0.9.6/include/libssh/dh.h 2021-03-15 08:11:33.000000000 +0100
+++ ./include/libssh/dh.h 2023-04-27 14:36:02.691475297 +0200 +++ ./include/libssh/dh.h 2023-04-27 12:21:30.257820636 +0200
@@ -73,8 +73,10 @@ @@ -63,8 +63,10 @@
ssh_key ssh_dh_get_next_server_publickey(ssh_session session); ssh_key ssh_dh_get_next_server_publickey(ssh_session session);
int ssh_dh_get_next_server_publickey_blob(ssh_session session, int ssh_dh_get_next_server_publickey_blob(ssh_session session,
ssh_string *pubkey_blob); ssh_string *pubkey_blob);
@ -34,9 +34,9 @@ diff --color -ru ../libssh-0.10.4/include/libssh/dh.h ./include/libssh/dh.h
#ifdef WITH_SERVER #ifdef WITH_SERVER
void ssh_server_dh_init(ssh_session session); void ssh_server_dh_init(ssh_session session);
#endif /* WITH_SERVER */ #endif /* WITH_SERVER */
diff --color -ru ../libssh-0.10.4/include/libssh/ecdh.h ./include/libssh/ecdh.h diff --color -ru ../libssh-0.9.6/include/libssh/ecdh.h ./include/libssh/ecdh.h
--- ../libssh-0.10.4/include/libssh/ecdh.h 2022-07-07 15:53:51.000000000 +0200 --- ../libssh-0.9.6/include/libssh/ecdh.h 2021-03-15 08:11:33.000000000 +0100
+++ ./include/libssh/ecdh.h 2023-04-27 14:35:27.030113530 +0200 +++ ./include/libssh/ecdh.h 2023-04-27 12:21:30.257820636 +0200
@@ -45,6 +45,7 @@ @@ -45,6 +45,7 @@
extern struct ssh_packet_callbacks_struct ssh_ecdh_client_callbacks; extern struct ssh_packet_callbacks_struct ssh_ecdh_client_callbacks;
/* Backend-specific functions. */ /* Backend-specific functions. */
@ -45,9 +45,9 @@ diff --color -ru ../libssh-0.10.4/include/libssh/ecdh.h ./include/libssh/ecdh.h
int ecdh_build_k(ssh_session session); int ecdh_build_k(ssh_session session);
#ifdef WITH_SERVER #ifdef WITH_SERVER
diff --color -ru ../libssh-0.10.4/include/libssh/kex.h ./include/libssh/kex.h diff --color -ru ../libssh-0.9.6/include/libssh/kex.h ./include/libssh/kex.h
--- ../libssh-0.10.4/include/libssh/kex.h 2023-04-27 14:25:46.346381527 +0200 --- ../libssh-0.9.6/include/libssh/kex.h 2021-03-15 08:11:33.000000000 +0100
+++ ./include/libssh/kex.h 2023-04-27 14:34:36.438602800 +0200 +++ ./include/libssh/kex.h 2023-04-27 12:21:30.257820636 +0200
@@ -33,7 +33,7 @@ @@ -33,7 +33,7 @@
SSH_PACKET_CALLBACK(ssh_packet_kexinit); SSH_PACKET_CALLBACK(ssh_packet_kexinit);
@ -57,10 +57,10 @@ diff --color -ru ../libssh-0.10.4/include/libssh/kex.h ./include/libssh/kex.h
void ssh_list_kex(struct ssh_kex_struct *kex); void ssh_list_kex(struct ssh_kex_struct *kex);
int ssh_set_client_kex(ssh_session session); int ssh_set_client_kex(ssh_session session);
int ssh_kex_select_methods(ssh_session session); int ssh_kex_select_methods(ssh_session session);
diff --color -ru ../libssh-0.10.4/include/libssh/session.h ./include/libssh/session.h diff --color -ru ../libssh-0.9.6/include/libssh/session.h ./include/libssh/session.h
--- ../libssh-0.10.4/include/libssh/session.h 2023-04-27 14:25:46.361381682 +0200 --- ../libssh-0.9.6/include/libssh/session.h 2021-08-26 14:27:42.000000000 +0200
+++ ./include/libssh/session.h 2023-04-27 14:36:02.692475307 +0200 +++ ./include/libssh/session.h 2023-04-27 12:24:04.679475777 +0200
@@ -76,6 +76,11 @@ @@ -75,6 +75,11 @@
/* Client successfully authenticated */ /* Client successfully authenticated */
#define SSH_SESSION_FLAG_AUTHENTICATED 2 #define SSH_SESSION_FLAG_AUTHENTICATED 2
@ -72,7 +72,7 @@ diff --color -ru ../libssh-0.10.4/include/libssh/session.h ./include/libssh/sess
/* codes to use with ssh_handle_packets*() */ /* codes to use with ssh_handle_packets*() */
/* Infinite timeout */ /* Infinite timeout */
#define SSH_TIMEOUT_INFINITE -1 #define SSH_TIMEOUT_INFINITE -1
@@ -138,10 +143,8 @@ @@ -131,10 +136,8 @@
/* Extensions negotiated using RFC 8308 */ /* Extensions negotiated using RFC 8308 */
uint32_t extensions; uint32_t extensions;
@ -82,10 +82,10 @@ diff --color -ru ../libssh-0.10.4/include/libssh/session.h ./include/libssh/sess
- the remote host */ - the remote host */
+ ssh_string banner; /* that's the issue banner from the server */ + ssh_string banner; /* that's the issue banner from the server */
+ char *discon_msg; /* disconnect message from the remote host */ + char *discon_msg; /* disconnect message from the remote host */
char *disconnect_message; /* disconnect message to be set */
ssh_buffer in_buffer; ssh_buffer in_buffer;
PACKET in_packet; PACKET in_packet;
@@ -166,25 +169,33 @@ ssh_buffer out_buffer;
@@ -158,25 +161,33 @@
uint32_t current_method; uint32_t current_method;
} auth; } auth;
@ -116,7 +116,7 @@ diff --color -ru ../libssh-0.10.4/include/libssh/session.h ./include/libssh/sess
+ struct ssh_crypto_struct *next_crypto; + struct ssh_crypto_struct *next_crypto;
struct ssh_list *channels; /* linked list of channels */ struct ssh_list *channels; /* linked list of channels */
uint32_t maxchannel; int maxchannel;
ssh_agent agent; /* ssh agent */ ssh_agent agent; /* ssh agent */
-/* keyb interactive data */ -/* keyb interactive data */
@ -124,7 +124,7 @@ diff --color -ru ../libssh-0.10.4/include/libssh/session.h ./include/libssh/sess
struct ssh_kbdint_struct *kbdint; struct ssh_kbdint_struct *kbdint;
struct ssh_gssapi_struct *gssapi; struct ssh_gssapi_struct *gssapi;
@@ -201,7 +212,8 @@ @@ -193,7 +204,8 @@
/* auths accepted by server */ /* auths accepted by server */
struct ssh_list *ssh_message_list; /* list of delayed SSH messages */ struct ssh_list *ssh_message_list; /* list of delayed SSH messages */
@ -134,16 +134,17 @@ diff --color -ru ../libssh-0.10.4/include/libssh/session.h ./include/libssh/sess
void *ssh_message_callback_data; void *ssh_message_callback_data;
ssh_server_callbacks server_callbacks; ssh_server_callbacks server_callbacks;
void (*ssh_connection_callback)( struct ssh_session_struct *session); void (*ssh_connection_callback)( struct ssh_session_struct *session);
diff --color -ru ../libssh-0.10.4/src/client.c ./src/client.c diff --color -ru ../libssh-0.9.6/src/client.c ./src/client.c
--- ../libssh-0.10.4/src/client.c 2023-04-27 14:25:46.339381455 +0200 --- ../libssh-0.9.6/src/client.c 2023-04-27 12:22:39.797925403 +0200
+++ ./src/client.c 2023-04-27 14:36:02.692475307 +0200 +++ ./src/client.c 2023-04-27 12:24:04.680475778 +0200
@@ -246,10 +246,13 @@ @@ -243,10 +243,13 @@
* @warning this function returning is no proof that DH handshake is * @warning this function returning is no proof that DH handshake is
* completed * completed
*/ */
-static int dh_handshake(ssh_session session) -static int dh_handshake(ssh_session session) {
-
+int dh_handshake(ssh_session session) +int dh_handshake(ssh_session session)
{ +{
int rc = SSH_AGAIN; int rc = SSH_AGAIN;
+ SSH_LOG(SSH_LOG_TRACE, "dh_handshake_state = %d, kex_type = %d", + SSH_LOG(SSH_LOG_TRACE, "dh_handshake_state = %d, kex_type = %d",
@ -152,7 +153,7 @@ diff --color -ru ../libssh-0.10.4/src/client.c ./src/client.c
switch (session->dh_handshake_state) { switch (session->dh_handshake_state) {
case DH_STATE_INIT: case DH_STATE_INIT:
switch(session->next_crypto->kex_type){ switch(session->next_crypto->kex_type){
@@ -392,96 +395,103 @@ @@ -386,96 +389,102 @@
{ {
int rc; int rc;
@ -207,10 +208,10 @@ diff --color -ru ../libssh-0.10.4/src/client.c ./src/client.c
+ session->serverbanner); + session->serverbanner);
+ goto error; + goto error;
+ } + }
+
+ ssh_packet_register_socket_callback(session, session->socket);
- ssh_packet_register_socket_callback(session, session->socket); - ssh_packet_register_socket_callback(session, session->socket);
+ ssh_packet_register_socket_callback(session, session->socket);
+
+ ssh_packet_set_default_callbacks(session); + ssh_packet_set_default_callbacks(session);
+ session->session_state = SSH_SESSION_STATE_INITIAL_KEX; + session->session_state = SSH_SESSION_STATE_INITIAL_KEX;
+ rc = ssh_set_client_kex(session); + rc = ssh_set_client_kex(session);
@ -321,15 +322,15 @@ diff --color -ru ../libssh-0.10.4/src/client.c ./src/client.c
ssh_socket_close(session->socket); ssh_socket_close(session->socket);
session->alive = 0; session->alive = 0;
- session->session_state=SSH_SESSION_STATE_ERROR; - session->session_state=SSH_SESSION_STATE_ERROR;
- SSH_LOG(SSH_LOG_WARN, "%s", ssh_get_error(session));
+ session->session_state = SSH_SESSION_STATE_ERROR; + session->session_state = SSH_SESSION_STATE_ERROR;
SSH_LOG(SSH_LOG_WARN, "%s", ssh_get_error(session));
+ +
} }
/** @internal /** @internal
diff --color -ru ../libssh-0.10.4/src/curve25519.c ./src/curve25519.c diff --color -ru ../libssh-0.9.6/src/curve25519.c ./src/curve25519.c
--- ../libssh-0.10.4/src/curve25519.c 2023-04-27 14:25:46.333381393 +0200 --- ../libssh-0.9.6/src/curve25519.c 2023-04-27 12:22:39.797925403 +0200
+++ ./src/curve25519.c 2023-04-27 14:35:27.031113541 +0200 +++ ./src/curve25519.c 2023-04-27 12:24:04.680475778 +0200
@@ -172,6 +172,11 @@ @@ -172,6 +172,11 @@
return rc; return rc;
} }
@ -351,10 +352,10 @@ diff --color -ru ../libssh-0.10.4/src/curve25519.c ./src/curve25519.c
pubkey_blob = ssh_buffer_get_ssh_string(packet); pubkey_blob = ssh_buffer_get_ssh_string(packet);
if (pubkey_blob == NULL) { if (pubkey_blob == NULL) {
diff --color -ru ../libssh-0.10.4/src/dh.c ./src/dh.c diff --color -ru ../libssh-0.9.6/src/dh.c ./src/dh.c
--- ../libssh-0.10.4/src/dh.c 2023-04-27 14:25:46.333381393 +0200 --- ../libssh-0.9.6/src/dh.c 2023-04-27 12:22:39.798925404 +0200
+++ ./src/dh.c 2023-04-27 14:35:27.032113551 +0200 +++ ./src/dh.c 2023-04-27 12:24:04.680475778 +0200
@@ -352,6 +352,11 @@ @@ -342,6 +342,11 @@
return SSH_ERROR; return SSH_ERROR;
} }
@ -366,7 +367,7 @@ diff --color -ru ../libssh-0.10.4/src/dh.c ./src/dh.c
SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
struct ssh_crypto_struct *crypto=session->next_crypto; struct ssh_crypto_struct *crypto=session->next_crypto;
ssh_string pubkey_blob = NULL; ssh_string pubkey_blob = NULL;
@@ -361,7 +366,7 @@ @@ -351,7 +356,7 @@
(void)type; (void)type;
(void)user; (void)user;
@ -375,10 +376,10 @@ diff --color -ru ../libssh-0.10.4/src/dh.c ./src/dh.c
rc = ssh_buffer_unpack(packet, "SBS", &pubkey_blob, &server_pubkey, rc = ssh_buffer_unpack(packet, "SBS", &pubkey_blob, &server_pubkey,
&crypto->dh_server_signature); &crypto->dh_server_signature);
diff --color -ru ../libssh-0.10.4/src/dh-gex.c ./src/dh-gex.c diff --color -ru ../libssh-0.9.6/src/dh-gex.c ./src/dh-gex.c
--- ../libssh-0.10.4/src/dh-gex.c 2023-04-27 14:25:46.333381393 +0200 --- ../libssh-0.9.6/src/dh-gex.c 2023-04-27 12:22:39.797925403 +0200
+++ ./src/dh-gex.c 2023-04-27 14:35:27.031113541 +0200 +++ ./src/dh-gex.c 2023-04-27 12:24:04.680475778 +0200
@@ -248,6 +248,11 @@ @@ -238,6 +238,11 @@
return SSH_PACKET_USED; return SSH_PACKET_USED;
} }
@ -390,7 +391,7 @@ diff --color -ru ../libssh-0.10.4/src/dh-gex.c ./src/dh-gex.c
static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply) static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
{ {
struct ssh_crypto_struct *crypto=session->next_crypto; struct ssh_crypto_struct *crypto=session->next_crypto;
@@ -258,7 +263,7 @@ @@ -248,7 +253,7 @@
(void)user; (void)user;
SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_KEX_DH_GEX_REPLY received"); SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_KEX_DH_GEX_REPLY received");
@ -399,9 +400,9 @@ diff --color -ru ../libssh-0.10.4/src/dh-gex.c ./src/dh-gex.c
rc = ssh_buffer_unpack(packet, rc = ssh_buffer_unpack(packet,
"SBS", "SBS",
&pubkey_blob, &server_pubkey, &pubkey_blob, &server_pubkey,
diff --color -ru ../libssh-0.10.4/src/ecdh.c ./src/ecdh.c diff --color -ru ../libssh-0.9.6/src/ecdh.c ./src/ecdh.c
--- ../libssh-0.10.4/src/ecdh.c 2023-04-27 14:25:46.333381393 +0200 --- ../libssh-0.9.6/src/ecdh.c 2023-04-27 12:22:39.798925404 +0200
+++ ./src/ecdh.c 2023-04-27 14:35:27.032113551 +0200 +++ ./src/ecdh.c 2023-04-27 12:24:04.680475778 +0200
@@ -43,6 +43,11 @@ @@ -43,6 +43,11 @@
.user = NULL .user = NULL
}; };
@ -423,10 +424,10 @@ diff --color -ru ../libssh-0.10.4/src/ecdh.c ./src/ecdh.c
pubkey_blob = ssh_buffer_get_ssh_string(packet); pubkey_blob = ssh_buffer_get_ssh_string(packet);
if (pubkey_blob == NULL) { if (pubkey_blob == NULL) {
ssh_set_error(session,SSH_FATAL, "No public key in packet"); ssh_set_error(session,SSH_FATAL, "No public key in packet");
diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c diff --color -ru ../libssh-0.9.6/src/gssapi.c ./src/gssapi.c
--- ../libssh-0.10.4/src/gssapi.c 2023-04-27 14:25:46.333381393 +0200 --- ../libssh-0.9.6/src/gssapi.c 2023-04-27 12:22:39.798925404 +0200
+++ ./src/gssapi.c 2023-04-27 14:29:22.606512115 +0200 +++ ./src/gssapi.c 2023-04-27 12:24:04.681475778 +0200
@@ -229,6 +229,7 @@ @@ -223,6 +223,7 @@
"indicate mechs", "indicate mechs",
maj_stat, maj_stat,
min_stat); min_stat);
@ -434,7 +435,7 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
return SSH_ERROR; return SSH_ERROR;
} }
@@ -265,8 +266,10 @@ @@ -259,8 +260,10 @@
return SSH_OK; return SSH_OK;
} }
/* from now we have room for context */ /* from now we have room for context */
@ -446,7 +447,7 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
name_buf.value = service_name; name_buf.value = service_name;
name_buf.length = strlen(name_buf.value) + 1; name_buf.length = strlen(name_buf.value) + 1;
@@ -278,6 +281,7 @@ @@ -272,6 +275,7 @@
"importing name", "importing name",
maj_stat, maj_stat,
min_stat); min_stat);
@ -454,7 +455,7 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
return -1; return -1;
} }
@@ -345,6 +349,7 @@ @@ -338,6 +342,7 @@
min_stat); min_stat);
ptr = malloc(buffer.length + 1); ptr = malloc(buffer.length + 1);
if (ptr == NULL) { if (ptr == NULL) {
@ -462,7 +463,7 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
return NULL; return NULL;
} }
memcpy(ptr, buffer.value, buffer.length); memcpy(ptr, buffer.value, buffer.length);
@@ -428,6 +433,7 @@ @@ -421,6 +426,7 @@
"Gssapi error", "Gssapi error",
maj_stat, maj_stat,
min_stat); min_stat);
@ -470,7 +471,7 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
ssh_auth_reply_default(session,0); ssh_auth_reply_default(session,0);
ssh_gssapi_free(session); ssh_gssapi_free(session);
session->gssapi=NULL; session->gssapi=NULL;
@@ -445,6 +451,9 @@ @@ -438,6 +444,9 @@
(size_t)output_token.length, output_token.value); (size_t)output_token.length, output_token.value);
ssh_packet_send(session); ssh_packet_send(session);
} }
@ -480,7 +481,7 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
if(maj_stat == GSS_S_COMPLETE){ if(maj_stat == GSS_S_COMPLETE){
session->gssapi->state = SSH_GSSAPI_STATE_RCV_MIC; session->gssapi->state = SSH_GSSAPI_STATE_RCV_MIC;
} }
@@ -648,7 +657,7 @@ @@ -638,7 +647,7 @@
static int ssh_gssapi_match(ssh_session session, gss_OID_set *valid_oids) static int ssh_gssapi_match(ssh_session session, gss_OID_set *valid_oids)
{ {
OM_uint32 maj_stat, min_stat, lifetime; OM_uint32 maj_stat, min_stat, lifetime;
@ -489,7 +490,7 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
gss_buffer_desc namebuf; gss_buffer_desc namebuf;
gss_name_t client_id = GSS_C_NO_NAME; gss_name_t client_id = GSS_C_NO_NAME;
gss_OID oid; gss_OID oid;
@@ -710,6 +719,7 @@ @@ -700,6 +709,7 @@
ret = SSH_OK; ret = SSH_OK;
end: end:
@ -497,16 +498,16 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
gss_release_name(&min_stat, &client_id); gss_release_name(&min_stat, &client_id);
return ret; return ret;
} }
@@ -724,7 +734,7 @@ @@ -713,7 +723,7 @@
int ssh_gssapi_auth_mic(ssh_session session) */
{ int ssh_gssapi_auth_mic(ssh_session session){
size_t i; size_t i;
- gss_OID_set selected; /* oid selected for authentication */ - gss_OID_set selected; /* oid selected for authentication */
+ gss_OID_set selected = GSS_C_NO_OID_SET; /* oid selected for authentication */ + gss_OID_set selected = GSS_C_NO_OID_SET; /* oid selected for authentication */
ssh_string *oids = NULL; ssh_string *oids = NULL;
int rc; int rc;
size_t n_oids = 0; size_t n_oids = 0;
@@ -801,6 +811,8 @@ @@ -790,6 +800,8 @@
SSH_STRING_FREE(oids[i]); SSH_STRING_FREE(oids[i]);
} }
free(oids); free(oids);
@ -515,7 +516,7 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
if (rc != SSH_ERROR) { if (rc != SSH_ERROR) {
return SSH_AUTH_AGAIN; return SSH_AUTH_AGAIN;
} }
@@ -904,6 +916,8 @@ @@ -893,6 +905,8 @@
ssh_packet_send(session); ssh_packet_send(session);
session->auth.state = SSH_AUTH_STATE_GSSAPI_TOKEN; session->auth.state = SSH_AUTH_STATE_GSSAPI_TOKEN;
} }
@ -524,7 +525,7 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
return SSH_PACKET_USED; return SSH_PACKET_USED;
error: error:
@@ -933,8 +947,10 @@ @@ -921,8 +935,10 @@
maj_stat = gss_get_mic(&min_stat,session->gssapi->ctx, GSS_C_QOP_DEFAULT, maj_stat = gss_get_mic(&min_stat,session->gssapi->ctx, GSS_C_QOP_DEFAULT,
&mic_buf, &mic_token_buf); &mic_buf, &mic_token_buf);
@ -536,7 +537,7 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
ssh_gssapi_log_error(SSH_LOG_DEBUG, ssh_gssapi_log_error(SSH_LOG_DEBUG,
"generating MIC", "generating MIC",
maj_stat, maj_stat,
@@ -947,8 +963,10 @@ @@ -935,8 +951,10 @@
SSH2_MSG_USERAUTH_GSSAPI_MIC, SSH2_MSG_USERAUTH_GSSAPI_MIC,
mic_token_buf.length, mic_token_buf.length,
(size_t)mic_token_buf.length, mic_token_buf.value); (size_t)mic_token_buf.length, mic_token_buf.value);
@ -548,7 +549,7 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
ssh_set_error_oom(session); ssh_set_error_oom(session);
return SSH_ERROR; return SSH_ERROR;
} }
@@ -1017,6 +1035,8 @@ @@ -1005,6 +1023,8 @@
ssh_packet_send(session); ssh_packet_send(session);
} }
@ -557,9 +558,9 @@ diff --color -ru ../libssh-0.10.4/src/gssapi.c ./src/gssapi.c
if (maj_stat == GSS_S_COMPLETE) { if (maj_stat == GSS_S_COMPLETE) {
ssh_gssapi_send_mic(session); ssh_gssapi_send_mic(session);
session->auth.state = SSH_AUTH_STATE_GSSAPI_MIC_SENT; session->auth.state = SSH_AUTH_STATE_GSSAPI_MIC_SENT;
diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c diff --color -ru ../libssh-0.9.6/src/kex.c ./src/kex.c
--- ../libssh-0.10.4/src/kex.c 2023-04-27 14:25:46.368381754 +0200 --- ../libssh-0.9.6/src/kex.c 2023-04-27 12:22:39.798925404 +0200
+++ ./src/kex.c 2023-04-27 14:36:02.692475307 +0200 +++ ./src/kex.c 2023-04-27 12:24:08.450478574 +0200
@@ -28,6 +28,7 @@ @@ -28,6 +28,7 @@
#include <stdio.h> #include <stdio.h>
#include <stdbool.h> #include <stdbool.h>
@ -568,7 +569,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
#include "libssh/priv.h" #include "libssh/priv.h"
#include "libssh/buffer.h" #include "libssh/buffer.h"
#include "libssh/dh.h" #include "libssh/dh.h"
@@ -328,6 +329,10 @@ @@ -305,6 +306,10 @@
int is_wrong = 1; int is_wrong = 1;
@ -579,7 +580,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
colon = strchr(client_str, ','); colon = strchr(client_str, ',');
if (colon == NULL) { if (colon == NULL) {
client_kex_len = strlen(client_str); client_kex_len = strlen(client_str);
@@ -354,6 +359,7 @@ @@ -331,6 +336,7 @@
SSH_PACKET_CALLBACK(ssh_packet_kexinit) SSH_PACKET_CALLBACK(ssh_packet_kexinit)
{ {
int i, ok; int i, ok;
@ -587,7 +588,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
int server_kex = session->server; int server_kex = session->server;
ssh_string str = NULL; ssh_string str = NULL;
char *strings[SSH_KEX_METHODS] = {0}; char *strings[SSH_KEX_METHODS] = {0};
@@ -367,35 +373,67 @@ @@ -344,35 +350,67 @@
(void)type; (void)type;
(void)user; (void)user;
@ -665,7 +666,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
goto error; goto error;
} }
} }
@@ -408,7 +446,8 @@ @@ -385,7 +423,8 @@
rc = ssh_buffer_add_ssh_string(session->in_hashbuf, str); rc = ssh_buffer_add_ssh_string(session->in_hashbuf, str);
if (rc < 0) { if (rc < 0) {
@ -675,7 +676,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
goto error; goto error;
} }
@@ -421,14 +460,14 @@ @@ -398,14 +437,14 @@
str = NULL; str = NULL;
} }
@ -693,7 +694,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
} }
} }
@@ -442,30 +481,48 @@ @@ -419,30 +458,48 @@
* that its value is included when computing the session ID (see * that its value is included when computing the session ID (see
* 'make_sessionid'). * 'make_sessionid').
*/ */
@ -757,7 +758,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
/* The client supports extension negotiation */ /* The client supports extension negotiation */
session->extensions |= SSH_EXT_NEGOTIATION; session->extensions |= SSH_EXT_NEGOTIATION;
@@ -475,14 +532,14 @@ @@ -452,14 +509,14 @@
* by the client and enable the respective extensions to provide * by the client and enable the respective extensions to provide
* correct signature in the next packet if RSA is negotiated * correct signature in the next packet if RSA is negotiated
*/ */
@ -777,7 +778,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
if (is_allowed != NULL) { if (is_allowed != NULL) {
session->extensions |= SSH_EXT_SIG_RSA_SHA512; session->extensions |= SSH_EXT_SIG_RSA_SHA512;
} }
@@ -492,10 +549,9 @@ @@ -469,10 +526,9 @@
ok = ssh_match_group(hostkeys, "rsa-sha2-256"); ok = ssh_match_group(hostkeys, "rsa-sha2-256");
if (ok) { if (ok) {
/* Check if rsa-sha2-256 is allowed by config */ /* Check if rsa-sha2-256 is allowed by config */
@ -791,7 +792,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
if (is_allowed != NULL) { if (is_allowed != NULL) {
session->extensions |= SSH_EXT_SIG_RSA_SHA256; session->extensions |= SSH_EXT_SIG_RSA_SHA256;
} }
@@ -511,7 +567,7 @@ @@ -488,7 +544,7 @@
(session->extensions & SSH_EXT_SIG_RSA_SHA512)) { (session->extensions & SSH_EXT_SIG_RSA_SHA512)) {
session->extensions &= ~(SSH_EXT_SIG_RSA_SHA256 | SSH_EXT_SIG_RSA_SHA512); session->extensions &= ~(SSH_EXT_SIG_RSA_SHA256 | SSH_EXT_SIG_RSA_SHA512);
rsa_sig_ext = ssh_find_matching("rsa-sha2-512,rsa-sha2-256", rsa_sig_ext = ssh_find_matching("rsa-sha2-512,rsa-sha2-256",
@ -800,7 +801,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
if (rsa_sig_ext == NULL) { if (rsa_sig_ext == NULL) {
goto error; /* should never happen */ goto error; /* should never happen */
} else if (strcmp(rsa_sig_ext, "rsa-sha2-512") == 0) { } else if (strcmp(rsa_sig_ext, "rsa-sha2-512") == 0) {
@@ -530,24 +586,16 @@ @@ -507,24 +563,16 @@
session->extensions & SSH_EXT_SIG_RSA_SHA256 ? "SHA256" : "", session->extensions & SSH_EXT_SIG_RSA_SHA256 ? "SHA256" : "",
session->extensions & SSH_EXT_SIG_RSA_SHA512 ? " SHA512" : ""); session->extensions & SSH_EXT_SIG_RSA_SHA512 ? " SHA512" : "");
} }
@ -831,7 +832,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
session->ssh_connection_callback(session); session->ssh_connection_callback(session);
return SSH_PACKET_USED; return SSH_PACKET_USED;
@@ -695,14 +743,18 @@ @@ -672,14 +720,18 @@
int i; int i;
size_t kex_len, len; size_t kex_len, len;
@ -852,7 +853,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
/* Set the list of allowed algorithms in order of preference, if it hadn't /* Set the list of allowed algorithms in order of preference, if it hadn't
* been set yet. */ * been set yet. */
for (i = 0; i < SSH_KEX_METHODS; i++) { for (i = 0; i < SSH_KEX_METHODS; i++) {
@@ -772,15 +824,89 @@ @@ -749,15 +801,89 @@
return NULL; return NULL;
} }
@ -944,7 +945,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
int i; int i;
/* Here we should drop the ext-info-c from the list so we avoid matching. /* Here we should drop the ext-info-c from the list so we avoid matching.
@@ -791,52 +917,41 @@ @@ -768,52 +894,41 @@
} }
for (i = 0; i < SSH_KEX_METHODS; i++) { for (i = 0; i < SSH_KEX_METHODS; i++) {
@ -1022,7 +1023,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
session->next_crypto->kex_methods[SSH_KEX], session->next_crypto->kex_methods[SSH_KEX],
session->next_crypto->kex_methods[SSH_HOSTKEYS], session->next_crypto->kex_methods[SSH_HOSTKEYS],
session->next_crypto->kex_methods[SSH_CRYPT_C_S], session->next_crypto->kex_methods[SSH_CRYPT_C_S],
@@ -853,63 +968,116 @@ @@ -830,63 +945,116 @@
/* this function only sends the predefined set of kex methods */ /* this function only sends the predefined set of kex methods */
@ -1184,7 +1185,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
} }
/* /*
@@ -952,7 +1120,7 @@ @@ -929,7 +1097,7 @@
} }
session->dh_handshake_state = DH_STATE_INIT; session->dh_handshake_state = DH_STATE_INIT;
@ -1193,7 +1194,7 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
if (rc < 0) { if (rc < 0) {
SSH_LOG(SSH_LOG_PACKET, "Failed to send kex"); SSH_LOG(SSH_LOG_PACKET, "Failed to send kex");
return rc; return rc;
@@ -1142,33 +1310,6 @@ @@ -1006,33 +1174,6 @@
client_hash = session->in_hashbuf; client_hash = session->in_hashbuf;
} }
@ -1227,11 +1228,11 @@ diff --color -ru ../libssh-0.10.4/src/kex.c ./src/kex.c
rc = ssh_dh_get_next_server_publickey_blob(session, &server_pubkey_blob); rc = ssh_dh_get_next_server_publickey_blob(session, &server_pubkey_blob);
if (rc != SSH_OK) { if (rc != SSH_OK) {
goto error; goto error;
diff --color -ru ../libssh-0.10.4/src/packet.c ./src/packet.c diff --color -ru ../libssh-0.9.6/src/packet.c ./src/packet.c
--- ../libssh-0.10.4/src/packet.c 2023-04-27 14:25:46.334381403 +0200 --- ../libssh-0.9.6/src/packet.c 2023-04-27 12:22:39.811925413 +0200
+++ ./src/packet.c 2023-04-27 14:34:36.432602740 +0200 +++ ./src/packet.c 2023-04-27 12:24:04.682475779 +0200
@@ -366,6 +366,11 @@ @@ -366,6 +366,11 @@
* - session->dh_handshake_state = DH_STATE_NEWKEYS_SENT * - session->dh_handhsake_state = DH_STATE_NEWKEYS_SENT
* */ * */
+ if (!session->server) { + if (!session->server) {
@ -1308,7 +1309,7 @@ diff --color -ru ../libssh-0.10.4/src/packet.c ./src/packet.c
} }
/** @internal /** @internal
@@ -1930,7 +1946,7 @@ @@ -1928,7 +1944,7 @@
memcpy(session->next_crypto->session_id, memcpy(session->next_crypto->session_id,
session->current_crypto->session_id, session->current_crypto->session_id,
session_id_len); session_id_len);
@ -1317,9 +1318,9 @@ diff --color -ru ../libssh-0.10.4/src/packet.c ./src/packet.c
return SSH_OK; return SSH_OK;
} }
diff --color -ru ../libssh-0.10.4/src/packet_cb.c ./src/packet_cb.c diff --color -ru ../libssh-0.9.6/src/packet_cb.c ./src/packet_cb.c
--- ../libssh-0.10.4/src/packet_cb.c 2023-04-27 14:25:46.334381403 +0200 --- ../libssh-0.9.6/src/packet_cb.c 2023-04-27 12:22:39.799925404 +0200
+++ ./src/packet_cb.c 2023-04-27 14:34:36.428602699 +0200 +++ ./src/packet_cb.c 2023-04-27 12:24:04.682475779 +0200
@@ -156,6 +156,9 @@ @@ -156,6 +156,9 @@
session->next_crypto->digest_len); session->next_crypto->digest_len);
SSH_SIGNATURE_FREE(sig); SSH_SIGNATURE_FREE(sig);
@ -1330,9 +1331,9 @@ diff --color -ru ../libssh-0.10.4/src/packet_cb.c ./src/packet_cb.c
goto error; goto error;
} }
SSH_LOG(SSH_LOG_DEBUG,"Signature verified and valid"); SSH_LOG(SSH_LOG_DEBUG,"Signature verified and valid");
diff --color -ru ../libssh-0.10.4/src/server.c ./src/server.c diff --color -ru ../libssh-0.9.6/src/server.c ./src/server.c
--- ../libssh-0.10.4/src/server.c 2023-04-27 14:25:46.347381537 +0200 --- ../libssh-0.9.6/src/server.c 2023-04-27 12:22:39.800925405 +0200
+++ ./src/server.c 2023-04-27 14:35:27.041113642 +0200 +++ ./src/server.c 2023-04-27 12:24:04.683475780 +0200
@@ -92,7 +92,11 @@ @@ -92,7 +92,11 @@
size_t len; size_t len;
int ok; int ok;
@ -1346,7 +1347,7 @@ diff --color -ru ../libssh-0.10.4/src/server.c ./src/server.c
ok = ssh_get_random(server->cookie, 16, 0); ok = ssh_get_random(server->cookie, 16, 0);
if (!ok) { if (!ok) {
@@ -336,116 +340,119 @@ @@ -335,117 +339,121 @@
* @brief A function to be called each time a step has been done in the * @brief A function to be called each time a step has been done in the
* connection. * connection.
*/ */
@ -1362,20 +1363,6 @@ diff --color -ru ../libssh-0.10.4/src/server.c ./src/server.c
- break; - break;
- case SSH_SESSION_STATE_BANNER_RECEIVED: - case SSH_SESSION_STATE_BANNER_RECEIVED:
- if (session->clientbanner == NULL) { - if (session->clientbanner == NULL) {
- goto error;
- }
- set_status(session, 0.4f);
- SSH_LOG(SSH_LOG_DEBUG,
- "SSH client banner: %s", session->clientbanner);
-
- /* Here we analyze the different protocols the server allows. */
- rc = ssh_analyze_banner(session, 1);
- if (rc < 0) {
- ssh_set_error(session, SSH_FATAL,
- "No version of SSH protocol usable (banner: %s)",
- session->clientbanner);
- goto error;
- }
+ switch (session->session_state) { + switch (session->session_state) {
+ case SSH_SESSION_STATE_NONE: + case SSH_SESSION_STATE_NONE:
+ case SSH_SESSION_STATE_CONNECTING: + case SSH_SESSION_STATE_CONNECTING:
@ -1397,16 +1384,11 @@ diff --color -ru ../libssh-0.10.4/src/server.c ./src/server.c
+ session->clientbanner); + session->clientbanner);
+ goto error; + goto error;
+ } + }
+
- /* from now, the packet layer is handling incoming packets */
- ssh_packet_register_socket_callback(session, session->socket);
+ /* from now, the packet layer is handling incoming packets */ + /* from now, the packet layer is handling incoming packets */
+ session->socket_callbacks.data = ssh_packet_socket_callback;
+ ssh_packet_register_socket_callback(session, session->socket); + ssh_packet_register_socket_callback(session, session->socket);
+
- ssh_packet_set_default_callbacks(session);
- set_status(session, 0.5f);
- session->session_state=SSH_SESSION_STATE_INITIAL_KEX;
- if (ssh_send_kex(session, 1) < 0) {
+ ssh_packet_set_default_callbacks(session); + ssh_packet_set_default_callbacks(session);
+ set_status(session, 0.5f); + set_status(session, 0.5f);
+ session->session_state = SSH_SESSION_STATE_INITIAL_KEX; + session->session_state = SSH_SESSION_STATE_INITIAL_KEX;
@ -1423,6 +1405,43 @@ diff --color -ru ../libssh-0.10.4/src/server.c ./src/server.c
+ if (server_set_kex(session) == SSH_ERROR) + if (server_set_kex(session) == SSH_ERROR)
goto error; goto error;
- } - }
- set_status(session, 0.4f);
- SSH_LOG(SSH_LOG_DEBUG,
- "SSH client banner: %s", session->clientbanner);
-
- /* Here we analyze the different protocols the server allows. */
- rc = ssh_analyze_banner(session, 1);
- if (rc < 0) {
- ssh_set_error(session, SSH_FATAL,
- "No version of SSH protocol usable (banner: %s)",
- session->clientbanner);
+ /* We are in a rekeying, so we need to send the server kex */
+ if (ssh_send_kex(session) < 0)
goto error;
- }
+ }
+ ssh_list_kex(&session->next_crypto->client_kex); // log client kex
+ if (ssh_kex_select_methods(session) < 0) {
+ goto error;
+ }
+ if (crypt_set_algorithms_server(session) == SSH_ERROR)
+ goto error;
+ set_status(session, 0.8f);
+ session->session_state = SSH_SESSION_STATE_DH;
+ break;
+ case SSH_SESSION_STATE_DH:
+ if (session->dh_handshake_state == DH_STATE_FINISHED) {
- /* from now, the packet layer is handling incoming packets */
- session->socket_callbacks.data=ssh_packet_socket_callback;
- ssh_packet_register_socket_callback(session, session->socket);
-
- ssh_packet_set_default_callbacks(session);
- set_status(session, 0.5f);
- session->session_state=SSH_SESSION_STATE_INITIAL_KEX;
- if (ssh_send_kex(session, 1) < 0) {
- goto error;
- }
- break; - break;
- case SSH_SESSION_STATE_INITIAL_KEX: - case SSH_SESSION_STATE_INITIAL_KEX:
- /* TODO: This state should disappear in favor of get_key handle */ - /* TODO: This state should disappear in favor of get_key handle */
@ -1438,27 +1457,12 @@ diff --color -ru ../libssh-0.10.4/src/server.c ./src/server.c
- } - }
- ssh_list_kex(&session->next_crypto->client_kex); // log client kex - ssh_list_kex(&session->next_crypto->client_kex); // log client kex
- if (ssh_kex_select_methods(session) < 0) { - if (ssh_kex_select_methods(session) < 0) {
+ /* We are in a rekeying, so we need to send the server kex */
+ if (ssh_send_kex(session) < 0)
goto error;
- }
- if (crypt_set_algorithms_server(session) == SSH_ERROR)
+ }
+ ssh_list_kex(&session->next_crypto->client_kex); // log client kex
+ if (ssh_kex_select_methods(session) < 0) {
+ goto error;
+ }
+ if (crypt_set_algorithms_server(session) == SSH_ERROR)
+ goto error;
+ set_status(session, 0.8f);
+ session->session_state = SSH_SESSION_STATE_DH;
+ break;
+ case SSH_SESSION_STATE_DH:
+ if (session->dh_handshake_state == DH_STATE_FINISHED) {
+
+ rc = ssh_packet_set_newkeys(session, SSH_DIRECTION_IN); + rc = ssh_packet_set_newkeys(session, SSH_DIRECTION_IN);
+ if (rc != SSH_OK) { + if (rc != SSH_OK) {
goto error; goto error;
}
- if (crypt_set_algorithms_server(session) == SSH_ERROR)
- goto error;
- set_status(session,0.8f); - set_status(session,0.8f);
- session->session_state=SSH_SESSION_STATE_DH; - session->session_state=SSH_SESSION_STATE_DH;
- break; - break;
@ -1469,8 +1473,7 @@ diff --color -ru ../libssh-0.10.4/src/server.c ./src/server.c
- if (rc != SSH_OK) { - if (rc != SSH_OK) {
- goto error; - goto error;
- } - }
+ } +
+ /* + /*
+ * If the client supports extension negotiation, we will send + * If the client supports extension negotiation, we will send
+ * our supported extensions now. This is the first message after + * our supported extensions now. This is the first message after
@ -1478,6 +1481,7 @@ diff --color -ru ../libssh-0.10.4/src/server.c ./src/server.c
+ */ + */
+ if (session->extensions & SSH_EXT_NEGOTIATION && + if (session->extensions & SSH_EXT_NEGOTIATION &&
+ session->session_state != SSH_SESSION_STATE_AUTHENTICATED) { + session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
/* /*
- * If the client supports extension negotiation, we will send - * If the client supports extension negotiation, we will send
- * our supported extensions now. This is the first message after - * our supported extensions now. This is the first message after
@ -1557,20 +1561,20 @@ diff --color -ru ../libssh-0.10.4/src/server.c ./src/server.c
} }
/** /**
@@ -459,16 +466,17 @@ @@ -459,16 +467,17 @@
* @param user is a pointer to session * @param user is a pointer to session
* @returns Number of bytes processed, or zero if the banner is not complete. * @returns Number of bytes processed, or zero if the banner is not complete.
*/ */
-static size_t callback_receive_banner(const void *data, size_t len, void *user) { -static int callback_receive_banner(const void *data, size_t len, void *user) {
- char *buffer = (char *) data; - char *buffer = (char *) data;
- ssh_session session = (ssh_session) user; - ssh_session session = (ssh_session) user;
+static size_t callback_receive_banner(const void *data, size_t len, void *user) +static int callback_receive_banner(const void *data, size_t len, void *user)
+{ +{
+ char *buffer = (char *)data; + char *buffer = (char *)data;
+ ssh_session session = (ssh_session)user; + ssh_session session = (ssh_session)user;
char *str = NULL; char *str = NULL;
size_t i; size_t i;
size_t processed = 0; int ret=0;
for (i = 0; i < len; i++) { for (i = 0; i < len; i++) {
#ifdef WITH_PCAP #ifdef WITH_PCAP
@ -1579,7 +1583,7 @@ diff --color -ru ../libssh-0.10.4/src/server.c ./src/server.c
ssh_pcap_context_write(session->pcap_ctx, ssh_pcap_context_write(session->pcap_ctx,
SSH_PCAP_DIR_IN, SSH_PCAP_DIR_IN,
buffer, buffer,
@@ -477,11 +485,11 @@ @@ -477,11 +486,11 @@
} }
#endif #endif
if (buffer[i] == '\r') { if (buffer[i] == '\r') {
@ -1593,8 +1597,8 @@ diff --color -ru ../libssh-0.10.4/src/server.c ./src/server.c
str = strdup(buffer); str = strdup(buffer);
/* number of bytes read */ /* number of bytes read */
@@ -494,10 +502,11 @@ @@ -494,10 +503,11 @@
return processed; return ret;
} }
- if(i > 127) { - if(i > 127) {
@ -1607,7 +1611,7 @@ diff --color -ru ../libssh-0.10.4/src/server.c ./src/server.c
return 0; return 0;
} }
@@ -549,10 +558,14 @@ @@ -525,10 +535,14 @@
} }
/* Do the banner and key exchange */ /* Do the banner and key exchange */
@ -1625,7 +1629,7 @@ diff --color -ru ../libssh-0.10.4/src/server.c ./src/server.c
rc = ssh_send_banner(session, 1); rc = ssh_send_banner(session, 1);
if (rc < 0) { if (rc < 0) {
return SSH_ERROR; return SSH_ERROR;
@@ -563,27 +576,28 @@ @@ -539,27 +553,28 @@
session->ssh_connection_callback = ssh_server_connection_callback; session->ssh_connection_callback = ssh_server_connection_callback;
session->session_state = SSH_SESSION_STATE_SOCKET_CONNECTED; session->session_state = SSH_SESSION_STATE_SOCKET_CONNECTED;
ssh_socket_set_callbacks(session->socket,&session->socket_callbacks); ssh_socket_set_callbacks(session->socket,&session->socket_callbacks);
@ -1664,9 +1668,9 @@ diff --color -ru ../libssh-0.10.4/src/server.c ./src/server.c
} }
/* messages */ /* messages */
diff --color -ru ../libssh-0.10.4/src/token.c ./src/token.c diff --color -ru ../libssh-0.9.6/src/token.c ./src/token.c
--- ../libssh-0.10.4/src/token.c 2023-04-27 14:25:46.346381527 +0200 --- ../libssh-0.9.6/src/token.c 2021-03-15 08:11:33.000000000 +0100
+++ ./src/token.c 2023-04-27 14:34:36.426602679 +0200 +++ ./src/token.c 2023-04-27 12:21:30.260820657 +0200
@@ -87,7 +87,7 @@ @@ -87,7 +87,7 @@
return NULL; return NULL;
} }
@ -1676,10 +1680,10 @@ diff --color -ru ../libssh-0.10.4/src/token.c ./src/token.c
if (tokens->buffer == NULL) { if (tokens->buffer == NULL) {
goto error; goto error;
} }
diff --color -ru ../libssh-0.10.4/src/wrapper.c ./src/wrapper.c diff --color -ru ../libssh-0.9.6/src/wrapper.c ./src/wrapper.c
--- ../libssh-0.10.4/src/wrapper.c 2022-08-30 13:26:05.000000000 +0200 --- ../libssh-0.9.6/src/wrapper.c 2021-08-26 14:27:44.000000000 +0200
+++ ./src/wrapper.c 2023-04-27 14:31:16.130584204 +0200 +++ ./src/wrapper.c 2023-04-27 12:21:30.260820657 +0200
@@ -150,15 +150,16 @@ @@ -147,15 +147,16 @@
SAFE_FREE(cipher); SAFE_FREE(cipher);
} }
@ -1704,24 +1708,10 @@ diff --color -ru ../libssh-0.10.4/src/wrapper.c ./src/wrapper.c
} }
void crypto_free(struct ssh_crypto_struct *crypto) void crypto_free(struct ssh_crypto_struct *crypto)
diff --color -ru ../libssh-0.10.4/tests/client/torture_rekey.c ./tests/client/torture_rekey.c diff --color -ru ../libssh-0.9.6/tests/client/torture_rekey.c ./tests/client/torture_rekey.c
--- ../libssh-0.10.4/tests/client/torture_rekey.c 2022-09-02 09:56:54.000000000 +0200 --- ../libssh-0.9.6/tests/client/torture_rekey.c 2021-08-26 14:27:44.000000000 +0200
+++ ./tests/client/torture_rekey.c 2023-04-27 14:38:20.352896968 +0200 +++ ./tests/client/torture_rekey.c 2023-04-27 12:24:04.684475780 +0200
@@ -192,10 +192,11 @@ @@ -651,6 +651,92 @@
rc = ssh_userauth_publickey_auto(s->ssh.session, NULL, NULL);
assert_int_equal(rc, SSH_AUTH_SUCCESS);
- /* send ignore packets of up to 1KB to trigger rekey */
+ /* send ignore packets of up to 1KB to trigger rekey. Send little bit more
+ * to make sure it completes with all different ciphers */
memset(data, 0, sizeof(data));
memset(data, 'A', 128);
- for (i = 0; i < 16; i++) {
+ for (i = 0; i < KEX_RETRY; i++) {
ssh_send_ignore(s->ssh.session, data);
ssh_handle_packets(s->ssh.session, 50);
}
@@ -671,6 +672,92 @@
#endif /* WITH_SFTP */ #endif /* WITH_SFTP */
@ -1814,10 +1804,12 @@ diff --color -ru ../libssh-0.10.4/tests/client/torture_rekey.c ./tests/client/to
int torture_run_tests(void) { int torture_run_tests(void) {
int rc; int rc;
struct CMUnitTest tests[] = { struct CMUnitTest tests[] = {
@@ -704,6 +791,33 @@ @@ -671,19 +757,34 @@
cmocka_unit_test_setup_teardown(torture_rekey_different_kex,
session_setup, session_setup,
session_teardown), session_teardown),
/* TODO verify the two rekey are possible and the states are not broken after rekey */ - /* Note, that this modifies the sshd_config */
+ /* TODO verify the two rekey are possible and the states are not broken after rekey */
+ +
+ cmocka_unit_test_setup_teardown(torture_rekey_server_different_kex, + cmocka_unit_test_setup_teardown(torture_rekey_server_different_kex,
+ session_setup, + session_setup,
@ -1825,22 +1817,25 @@ diff --color -ru ../libssh-0.10.4/tests/client/torture_rekey.c ./tests/client/to
+ /* Note, that these tests modify the sshd_config so follow-up tests + /* Note, that these tests modify the sshd_config so follow-up tests
+ * might get unexpected behavior if they do not update the server with + * might get unexpected behavior if they do not update the server with
+ * torture_update_sshd_config() too */ + * torture_update_sshd_config() too */
+ cmocka_unit_test_setup_teardown(torture_rekey_server_send, cmocka_unit_test_setup_teardown(torture_rekey_server_send,
+ session_setup, session_setup,
+ session_teardown), session_teardown),
+ cmocka_unit_test_setup_teardown(torture_rekey_guess_send, + cmocka_unit_test_setup_teardown(torture_rekey_guess_send,
+ session_setup, + session_setup,
+ session_teardown), + session_teardown),
+ cmocka_unit_test_setup_teardown(torture_rekey_guess_wrong_send, + cmocka_unit_test_setup_teardown(torture_rekey_guess_wrong_send,
+ session_setup, + session_setup,
+ session_teardown), + session_teardown),
+#ifdef WITH_SFTP #ifdef WITH_SFTP
+ cmocka_unit_test_setup_teardown(torture_rekey_server_recv, cmocka_unit_test_setup_teardown(torture_rekey_server_recv,
+ session_setup_sftp_server, session_setup_sftp_server,
+ session_teardown), session_teardown),
-#endif /* WITH_SFTP */
- cmocka_unit_test_setup_teardown(torture_rekey_server_different_kex,
+ cmocka_unit_test_setup_teardown(torture_rekey_guess_recv, + cmocka_unit_test_setup_teardown(torture_rekey_guess_recv,
+ session_setup, session_setup,
+ session_teardown), session_teardown),
- /* TODO verify the two rekey are possible and the states are not broken after rekey */
+ cmocka_unit_test_setup_teardown(torture_rekey_guess_wrong_recv, + cmocka_unit_test_setup_teardown(torture_rekey_guess_wrong_recv,
+ session_setup, + session_setup,
+ session_teardown), + session_teardown),
@ -1848,14 +1843,3 @@ diff --color -ru ../libssh-0.10.4/tests/client/torture_rekey.c ./tests/client/to
}; };
ssh_init(); ssh_init();
diff --color -ru ../libssh-0.10.4/tests/fuzz/ssh_server_fuzzer.c ./tests/fuzz/ssh_server_fuzzer.c
--- ../libssh-0.10.4/tests/fuzz/ssh_server_fuzzer.c 2022-07-07 15:53:51.000000000 +0200
+++ ./tests/fuzz/ssh_server_fuzzer.c 2023-04-27 14:28:50.620219301 +0200
@@ -186,6 +186,7 @@
ssh_set_auth_methods(session, SSH_AUTH_METHOD_NONE);
ssh_callbacks_init(&server_cb);
+ ssh_set_server_callbacks(session, &server_cb);
rc = ssh_bind_accept_fd(sshbind, session, socket_fds[0]);
assert(rc == SSH_OK);

View File

@ -1,842 +0,0 @@
From 11c0d687a081fe64501e21c95def7f893611d029 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Wed, 16 Nov 2022 10:40:38 +0100
Subject: [PATCH 1/5] Add a placehohlder for non-expanded identities
Expanding a string twice could lead to unwanted behaviour.
This solution creates a ssh_list (`opts.identites_non_exp`) to store the strings
before expansion and by using ssh_apply it moves the string to the
`opts.identities`. This way the expanded strings are separated.
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
include/libssh/session.h | 1 +
src/options.c | 86 +++++++++++++++++++++++++---------------
src/session.c | 23 +++++++++--
3 files changed, 75 insertions(+), 35 deletions(-)
diff --git a/include/libssh/session.h b/include/libssh/session.h
index d3e5787c..e22b0d67 100644
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -209,6 +209,7 @@ struct ssh_session_struct {
#endif
struct {
struct ssh_list *identity;
+ struct ssh_list *identity_non_exp;
char *username;
char *host;
char *bindaddr; /* bind the client to an ip addr */
diff --git a/src/options.c b/src/options.c
index 56e09c65..bb085384 100644
--- a/src/options.c
+++ b/src/options.c
@@ -52,7 +52,7 @@
* @brief Duplicate the options of a session structure.
*
* If you make several sessions with the same options this is useful. You
- * cannot use twice the same option structure in ssh_session_connect.
+ * cannot use twice the same option structure in ssh_connect.
*
* @param src The session to use to copy the options.
*
@@ -61,13 +61,14 @@
*
* @returns 0 on success, -1 on error with errno set.
*
- * @see ssh_session_connect()
+ * @see ssh_connect()
* @see ssh_free()
*/
int ssh_options_copy(ssh_session src, ssh_session *dest)
{
ssh_session new;
struct ssh_iterator *it = NULL;
+ struct ssh_list *list = NULL;
char *id = NULL;
int i;
@@ -105,14 +106,15 @@ int ssh_options_copy(ssh_session src, ssh_session *dest)
}
/* Remove the default identities */
- for (id = ssh_list_pop_head(char *, new->opts.identity);
+ for (id = ssh_list_pop_head(char *, new->opts.identity_non_exp);
id != NULL;
- id = ssh_list_pop_head(char *, new->opts.identity)) {
+ id = ssh_list_pop_head(char *, new->opts.identity_non_exp)) {
SAFE_FREE(id);
}
/* Copy the new identities from the source list */
- if (src->opts.identity != NULL) {
- it = ssh_list_get_iterator(src->opts.identity);
+ list = new->opts.identity_non_exp;
+ it = ssh_list_get_iterator(src->opts.identity_non_exp);
+ for (i = 0; i < 2; i++) {
while (it) {
int rc;
@@ -122,7 +124,7 @@ int ssh_options_copy(ssh_session src, ssh_session *dest)
return -1;
}
- rc = ssh_list_append(new->opts.identity, id);
+ rc = ssh_list_append(list, id);
if (rc < 0) {
free(id);
ssh_free(new);
@@ -130,6 +132,10 @@ int ssh_options_copy(ssh_session src, ssh_session *dest)
}
it = it->next;
}
+
+ /* copy the identity list if there is any already */
+ list = new->opts.identity;
+ it = ssh_list_get_iterator(src->opts.identity);
}
if (src->opts.sshdir != NULL) {
@@ -331,7 +337,7 @@ int ssh_options_set_algo(ssh_session session,
* Add a new identity file (const char *, format string) to
* the identity list.\n
* \n
- * By default identity, id_dsa and id_rsa are checked.\n
+ * By default id_rsa, id_ecdsa and id_ed25519 files are used.\n
* \n
* The identity used to authenticate with public key will be
* prepended to the list.
@@ -700,7 +706,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
if (q == NULL) {
return -1;
}
- rc = ssh_list_prepend(session->opts.identity, q);
+ if (session->opts.exp_flags & SSH_OPT_EXP_FLAG_IDENTITY) {
+ rc = ssh_list_append(session->opts.identity_non_exp, q);
+ } else {
+ rc = ssh_list_prepend(session->opts.identity_non_exp, q);
+ }
if (rc < 0) {
free(q);
return -1;
@@ -1202,7 +1212,7 @@ int ssh_options_get_port(ssh_session session, unsigned int* port_target) {
* - SSH_OPTIONS_IDENTITY:
* Get the first identity file name (const char *).\n
* \n
- * By default identity, id_dsa and id_rsa are checked.
+ * By default id_rsa, id_ecdsa and id_ed25519 files are used.
*
* - SSH_OPTIONS_PROXYCOMMAND:
* Get the proxycommand necessary to log into the
@@ -1246,7 +1256,11 @@ int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
break;
}
case SSH_OPTIONS_IDENTITY: {
- struct ssh_iterator *it = ssh_list_get_iterator(session->opts.identity);
+ struct ssh_iterator *it;
+ it = ssh_list_get_iterator(session->opts.identity);
+ if (it == NULL) {
+ it = ssh_list_get_iterator(session->opts.identity_non_exp);
+ }
if (it == NULL) {
return SSH_ERROR;
}
@@ -1541,7 +1555,6 @@ out:
int ssh_options_apply(ssh_session session)
{
- struct ssh_iterator *it;
char *tmp;
int rc;
@@ -1586,15 +1599,17 @@ int ssh_options_apply(ssh_session session)
size_t plen = strlen(session->opts.ProxyCommand) +
5 /* strlen("exec ") */;
- p = malloc(plen + 1 /* \0 */);
- if (p == NULL) {
- return -1;
- }
+ if (strncmp(session->opts.ProxyCommand, "exec ", 5) != 0) {
+ p = malloc(plen + 1 /* \0 */);
+ if (p == NULL) {
+ return -1;
+ }
- rc = snprintf(p, plen + 1, "exec %s", session->opts.ProxyCommand);
- if ((size_t)rc != plen) {
- free(p);
- return -1;
+ rc = snprintf(p, plen + 1, "exec %s", session->opts.ProxyCommand);
+ if ((size_t)rc != plen) {
+ free(p);
+ return -1;
+ }
}
tmp = ssh_path_expand_escape(session, p);
@@ -1606,24 +1621,33 @@ int ssh_options_apply(ssh_session session)
session->opts.ProxyCommand = tmp;
}
- for (it = ssh_list_get_iterator(session->opts.identity);
- it != NULL;
- it = it->next) {
- char *id = (char *) it->data;
- if (strncmp(id, "pkcs11:", 6) == 0) {
+ for (tmp = ssh_list_pop_head(char *, session->opts.identity_non_exp);
+ tmp != NULL;
+ tmp = ssh_list_pop_head(char *, session->opts.identity_non_exp)) {
+ char *id = tmp;
+ if (strncmp(id, "pkcs11:", 6) != 0) {
/* PKCS#11 URIs are using percent-encoding so we can not mix
* it with ssh expansion of ssh escape characters.
- * Skip these identities now, before we will have PKCS#11 support
*/
- continue;
+ tmp = ssh_path_expand_escape(session, id);
+ if (tmp == NULL) {
+ return -1;
+ }
+ free(id);
}
- tmp = ssh_path_expand_escape(session, id);
- if (tmp == NULL) {
+
+ /* use append to keep the order at first call and use prepend
+ * to put anything that comes on the nth calls to the beginning */
+ if (session->opts.exp_flags & SSH_OPT_EXP_FLAG_IDENTITY) {
+ rc = ssh_list_prepend(session->opts.identity, tmp);
+ } else {
+ rc = ssh_list_append(session->opts.identity, tmp);
+ }
+ if (rc != SSH_OK) {
return -1;
}
- free(id);
- it->data = tmp;
}
+ session->opts.exp_flags |= SSH_OPT_EXP_FLAG_IDENTITY;
return 0;
}
diff --git a/src/session.c b/src/session.c
index 64e54957..34a492e4 100644
--- a/src/session.c
+++ b/src/session.c
@@ -118,13 +118,17 @@ ssh_session ssh_new(void)
if (session->opts.identity == NULL) {
goto err;
}
+ session->opts.identity_non_exp = ssh_list_new();
+ if (session->opts.identity_non_exp == NULL) {
+ goto err;
+ }
id = strdup("%d/id_ed25519");
if (id == NULL) {
goto err;
}
- rc = ssh_list_append(session->opts.identity, id);
+ rc = ssh_list_append(session->opts.identity_non_exp, id);
if (rc == SSH_ERROR) {
goto err;
}
@@ -134,7 +138,7 @@ ssh_session ssh_new(void)
if (id == NULL) {
goto err;
}
- rc = ssh_list_append(session->opts.identity, id);
+ rc = ssh_list_append(session->opts.identity_non_exp, id);
if (rc == SSH_ERROR) {
goto err;
}
@@ -144,7 +148,7 @@ ssh_session ssh_new(void)
if (id == NULL) {
goto err;
}
- rc = ssh_list_append(session->opts.identity, id);
+ rc = ssh_list_append(session->opts.identity_non_exp, id);
if (rc == SSH_ERROR) {
goto err;
}
@@ -154,7 +158,7 @@ ssh_session ssh_new(void)
if (id == NULL) {
goto err;
}
- rc = ssh_list_append(session->opts.identity, id);
+ rc = ssh_list_append(session->opts.identity_non_exp, id);
if (rc == SSH_ERROR) {
goto err;
}
@@ -284,6 +288,17 @@ void ssh_free(ssh_session session)
ssh_list_free(session->opts.identity);
}
+ if (session->opts.identity_non_exp) {
+ char *id;
+
+ for (id = ssh_list_pop_head(char *, session->opts.identity_non_exp);
+ id != NULL;
+ id = ssh_list_pop_head(char *, session->opts.identity_non_exp)) {
+ SAFE_FREE(id);
+ }
+ ssh_list_free(session->opts.identity_non_exp);
+ }
+
while ((b = ssh_list_pop_head(struct ssh_buffer_struct *,
session->out_queue)) != NULL) {
SSH_BUFFER_FREE(b);
--
2.38.1
From 4cb84b99fdb1ffd26c0241f5809e4f67ddd407c6 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Wed, 16 Nov 2022 11:03:30 +0100
Subject: [PATCH 2/5] tests: Use opts.identites_non_exp not opts.identities
The configuration of identities are first saved to `opts.identities_non_exp`,
then moved to `opts.identities` after calling ssh_options_apply and expanding
the identity strings. These tests are testing against the proper configuration
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
tests/client/torture_auth_pkcs11.c | 2 +-
tests/unittests/torture_config.c | 3 ++-
tests/unittests/torture_options.c | 14 +++++++-------
3 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/tests/client/torture_auth_pkcs11.c b/tests/client/torture_auth_pkcs11.c
index ee97bff4..e75fea0e 100644
--- a/tests/client/torture_auth_pkcs11.c
+++ b/tests/client/torture_auth_pkcs11.c
@@ -196,7 +196,7 @@ static void torture_auth_autopubkey(void **state, const char *obj_name, const ch
rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, priv_uri);
assert_int_equal(rc, SSH_OK);
- assert_string_equal(session->opts.identity->root->data, priv_uri);
+ assert_string_equal(session->opts.identity_non_exp->root->data, priv_uri);
rc = ssh_connect(session);
assert_int_equal(rc, SSH_OK);
diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c
index 354adc2f..100e68f6 100644
--- a/tests/unittests/torture_config.c
+++ b/tests/unittests/torture_config.c
@@ -2078,7 +2078,8 @@ static void torture_config_identity(void **state)
_parse_config(session, NULL, LIBSSH_TESTCONFIG_STRING13, SSH_OK);
- it = ssh_list_get_iterator(session->opts.identity);
+ /* The identities are first added to this temporary list before expanding */
+ it = ssh_list_get_iterator(session->opts.identity_non_exp);
assert_non_null(it);
id = it->data;
/* The identities are prepended to the list so we start with second one */
diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c
index dc4df383..3be2de8a 100644
--- a/tests/unittests/torture_options.c
+++ b/tests/unittests/torture_options.c
@@ -406,12 +406,12 @@ static void torture_options_set_identity(void **state) {
rc = ssh_options_set(session, SSH_OPTIONS_ADD_IDENTITY, "identity1");
assert_true(rc == 0);
- assert_string_equal(session->opts.identity->root->data, "identity1");
+ assert_string_equal(session->opts.identity_non_exp->root->data, "identity1");
rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, "identity2");
assert_true(rc == 0);
- assert_string_equal(session->opts.identity->root->data, "identity2");
- assert_string_equal(session->opts.identity->root->next->data, "identity1");
+ assert_string_equal(session->opts.identity_non_exp->root->data, "identity2");
+ assert_string_equal(session->opts.identity_non_exp->root->next->data, "identity1");
}
static void torture_options_get_identity(void **state) {
@@ -429,7 +429,7 @@ static void torture_options_get_identity(void **state) {
rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, "identity2");
assert_int_equal(rc, SSH_OK);
- assert_string_equal(session->opts.identity->root->data, "identity2");
+ assert_string_equal(session->opts.identity_non_exp->root->data, "identity2");
rc = ssh_options_get(session, SSH_OPTIONS_IDENTITY, &identity);
assert_int_equal(rc, SSH_OK);
assert_non_null(identity);
@@ -867,9 +867,9 @@ static void torture_options_copy(void **state)
assert_non_null(new);
/* Check the identities match */
- it = ssh_list_get_iterator(session->opts.identity);
+ it = ssh_list_get_iterator(session->opts.identity_non_exp);
assert_non_null(it);
- it2 = ssh_list_get_iterator(new->opts.identity);
+ it2 = ssh_list_get_iterator(new->opts.identity_non_exp);
assert_non_null(it2);
while (it != NULL && it2 != NULL) {
assert_string_equal(it->data, it2->data);
@@ -956,7 +956,7 @@ static void torture_options_getopt(void **state)
"aes128-ctr");
assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_S_C],
"aes128-ctr");
- assert_string_equal(session->opts.identity->root->data, "id_rsa");
+ assert_string_equal(session->opts.identity_non_exp->root->data, "id_rsa");
#ifdef WITH_ZLIB
assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
"zlib@openssh.com,zlib,none");
--
2.38.1
From cd30217c9032419ebcf722c0bfc6b5ebfa3518d0 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Wed, 16 Nov 2022 16:51:02 +0100
Subject: [PATCH 3/5] Add flags for escape expand operation
Calling `ssh_options_apply` more times can result in an unwanted behaviour of
expanding the escape characters more times. Adding flags to check if the
expansion was already done on the current string variables.
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
include/libssh/session.h | 7 ++++
src/options.c | 91 ++++++++++++++++++++++++----------------
src/session.c | 2 +
3 files changed, 63 insertions(+), 37 deletions(-)
diff --git a/include/libssh/session.h b/include/libssh/session.h
index e22b0d67..cf219c2a 100644
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -93,6 +93,12 @@ enum ssh_pending_call_e {
#define SSH_OPT_FLAG_KBDINT_AUTH 0x4
#define SSH_OPT_FLAG_GSSAPI_AUTH 0x8
+/* Escape expansion of different variables */
+#define SSH_OPT_EXP_FLAG_KNOWNHOSTS 0x1
+#define SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS 0x2
+#define SSH_OPT_EXP_FLAG_PROXYCOMMAND 0x4
+#define SSH_OPT_EXP_FLAG_IDENTITY 0x8
+
/* extensions flags */
/* negotiation enabled */
#define SSH_EXT_NEGOTIATION 0x01
@@ -232,6 +238,7 @@ struct ssh_session_struct {
char *gss_client_identity;
int gss_delegate_creds;
int flags;
+ int exp_flags;
int nodelay;
bool config_processed;
uint8_t options_seen[SOC_MAX];
diff --git a/src/options.c b/src/options.c
index bb085384..c566244b 100644
--- a/src/options.c
+++ b/src/options.c
@@ -730,6 +730,7 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
ssh_set_error_oom(session);
return -1;
}
+ session->opts.exp_flags &= ~SSH_OPT_EXP_FLAG_KNOWNHOSTS;
}
break;
case SSH_OPTIONS_GLOBAL_KNOWNHOSTS:
@@ -751,6 +752,7 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
ssh_set_error_oom(session);
return -1;
}
+ session->opts.exp_flags &= ~SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS;
}
break;
case SSH_OPTIONS_TIMEOUT:
@@ -1014,6 +1016,7 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
return -1;
}
session->opts.ProxyCommand = q;
+ session->opts.exp_flags &= ~SSH_OPT_EXP_FLAG_PROXYCOMMAND;
}
}
break;
@@ -1572,53 +1575,67 @@ int ssh_options_apply(ssh_session session)
}
}
- if (session->opts.knownhosts == NULL) {
- tmp = ssh_path_expand_escape(session, "%d/known_hosts");
- } else {
- tmp = ssh_path_expand_escape(session, session->opts.knownhosts);
- }
- if (tmp == NULL) {
- return -1;
+ if ((session->opts.exp_flags & SSH_OPT_EXP_FLAG_KNOWNHOSTS) == 0) {
+ if (session->opts.knownhosts == NULL) {
+ tmp = ssh_path_expand_escape(session, "%d/known_hosts");
+ } else {
+ tmp = ssh_path_expand_escape(session, session->opts.knownhosts);
+ }
+ if (tmp == NULL) {
+ return -1;
+ }
+ free(session->opts.knownhosts);
+ session->opts.knownhosts = tmp;
+ session->opts.exp_flags |= SSH_OPT_EXP_FLAG_KNOWNHOSTS;
}
- free(session->opts.knownhosts);
- session->opts.knownhosts = tmp;
- if (session->opts.global_knownhosts == NULL) {
- tmp = strdup("/etc/ssh/ssh_known_hosts");
- } else {
- tmp = ssh_path_expand_escape(session, session->opts.global_knownhosts);
- }
- if (tmp == NULL) {
- return -1;
+ if ((session->opts.exp_flags & SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS) == 0) {
+ if (session->opts.global_knownhosts == NULL) {
+ tmp = strdup("/etc/ssh/ssh_known_hosts");
+ } else {
+ tmp = ssh_path_expand_escape(session,
+ session->opts.global_knownhosts);
+ }
+ if (tmp == NULL) {
+ return -1;
+ }
+ free(session->opts.global_knownhosts);
+ session->opts.global_knownhosts = tmp;
+ session->opts.exp_flags |= SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS;
}
- free(session->opts.global_knownhosts);
- session->opts.global_knownhosts = tmp;
- if (session->opts.ProxyCommand != NULL) {
- char *p = NULL;
- size_t plen = strlen(session->opts.ProxyCommand) +
- 5 /* strlen("exec ") */;
- if (strncmp(session->opts.ProxyCommand, "exec ", 5) != 0) {
- p = malloc(plen + 1 /* \0 */);
- if (p == NULL) {
- return -1;
- }
+ if ((session->opts.exp_flags & SSH_OPT_EXP_FLAG_PROXYCOMMAND) == 0) {
+ if (session->opts.ProxyCommand != NULL) {
+ char *p = NULL;
+ size_t plen = strlen(session->opts.ProxyCommand) +
+ 5 /* strlen("exec ") */;
+
+ if (strncmp(session->opts.ProxyCommand, "exec ", 5) != 0) {
+ p = malloc(plen + 1 /* \0 */);
+ if (p == NULL) {
+ return -1;
+ }
- rc = snprintf(p, plen + 1, "exec %s", session->opts.ProxyCommand);
- if ((size_t)rc != plen) {
+ rc = snprintf(p, plen + 1, "exec %s", session->opts.ProxyCommand);
+ if ((size_t)rc != plen) {
+ free(p);
+ return -1;
+ }
+ tmp = ssh_path_expand_escape(session, p);
free(p);
- return -1;
+ } else {
+ tmp = ssh_path_expand_escape(session,
+ session->opts.ProxyCommand);
}
- }
- tmp = ssh_path_expand_escape(session, p);
- free(p);
- if (tmp == NULL) {
- return -1;
+ if (tmp == NULL) {
+ return -1;
+ }
+ free(session->opts.ProxyCommand);
+ session->opts.ProxyCommand = tmp;
+ session->opts.exp_flags |= SSH_OPT_EXP_FLAG_PROXYCOMMAND;
}
- free(session->opts.ProxyCommand);
- session->opts.ProxyCommand = tmp;
}
for (tmp = ssh_list_pop_head(char *, session->opts.identity_non_exp);
diff --git a/src/session.c b/src/session.c
index 34a492e4..06f6a26f 100644
--- a/src/session.c
+++ b/src/session.c
@@ -114,6 +114,8 @@ ssh_session ssh_new(void)
SSH_OPT_FLAG_KBDINT_AUTH |
SSH_OPT_FLAG_GSSAPI_AUTH;
+ session->opts.exp_flags = 0;
+
session->opts.identity = ssh_list_new();
if (session->opts.identity == NULL) {
goto err;
--
2.38.1
From ed58082f9706f2ab3bdeca24f632356b9bc325e6 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Wed, 16 Nov 2022 17:17:14 +0100
Subject: [PATCH 4/5] torture_options.c: Add identity test for ssh_options_copy
Test if the ssh_options_apply is called on session before ssh_options_copy,
then `opts.identity` ssh_list will be copied
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
tests/unittests/torture_options.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c
index 3be2de8a..907cc8df 100644
--- a/tests/unittests/torture_options.c
+++ b/tests/unittests/torture_options.c
@@ -918,6 +918,34 @@ static void torture_options_copy(void **state)
sizeof(session->opts.options_seen));
ssh_free(new);
+
+ /* test if ssh_options_apply was called before ssh_options_copy
+ * the opts.identity list gets copied (percent expanded list) */
+ rv = ssh_options_apply(session);
+ assert_ssh_return_code(session, rv);
+
+ rv = ssh_options_copy(session, &new);
+ assert_ssh_return_code(session, rv);
+ assert_non_null(new);
+
+ it = ssh_list_get_iterator(session->opts.identity_non_exp);
+ assert_null(it);
+ it2 = ssh_list_get_iterator(new->opts.identity_non_exp);
+ assert_null(it2);
+
+ it = ssh_list_get_iterator(session->opts.identity);
+ assert_non_null(it);
+ it2 = ssh_list_get_iterator(new->opts.identity);
+ assert_non_null(it2);
+ while (it != NULL && it2 != NULL) {
+ assert_string_equal(it->data, it2->data);
+ it = it->next;
+ it2 = it2->next;
+ }
+ assert_null(it);
+ assert_null(it2);
+
+ ssh_free(new);
}
#define EXECUTABLE_NAME "test-exec"
--
2.38.1
From 89dd4a927b946d4df5c48073ca25cd843e0acde0 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <npocs@redhat.com>
Date: Wed, 16 Nov 2022 17:18:49 +0100
Subject: [PATCH 5/5] torture_options.c: Add test for ssh_options_apply
Test that ssh_options_apply can be called multiple times without expanding
escape characters more than once. If the options are updated after calling
ssh_options_apply keep the last options.
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
tests/unittests/torture_options.c | 165 ++++++++++++++++++++++++++++++
1 file changed, 165 insertions(+)
diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c
index 907cc8df..ea63b45e 100644
--- a/tests/unittests/torture_options.c
+++ b/tests/unittests/torture_options.c
@@ -1332,6 +1332,170 @@ static void torture_options_caret_sign(void **state)
free(awaited);
}
+static void torture_options_apply (void **state) {
+ ssh_session session = *state;
+ struct ssh_list *awaited_list = NULL;
+ struct ssh_iterator *it1 = NULL, *it2 = NULL;
+ char *id = NULL;
+ int rc;
+
+ rc = ssh_options_set(session,
+ SSH_OPTIONS_KNOWNHOSTS,
+ "%%d/.ssh/known_hosts");
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_options_set(session,
+ SSH_OPTIONS_GLOBAL_KNOWNHOSTS,
+ "/etc/%%u/libssh/known_hosts");
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_options_set(session,
+ SSH_OPTIONS_PROXYCOMMAND,
+ "exec echo \"Hello libssh %%d!\"");
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_options_set(session,
+ SSH_OPTIONS_ADD_IDENTITY,
+ "%%d/do_not_expand");
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_options_apply(session);
+ assert_ssh_return_code(session, rc);
+
+ /* check that the values got expanded */
+ assert_true(session->opts.exp_flags & SSH_OPT_EXP_FLAG_KNOWNHOSTS);
+ assert_true(session->opts.exp_flags & SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS);
+ assert_true(session->opts.exp_flags & SSH_OPT_EXP_FLAG_PROXYCOMMAND);
+ assert_true(ssh_list_count(session->opts.identity_non_exp) == 0);
+ assert_true(ssh_list_count(session->opts.identity) > 0);
+
+ /* should not change anything calling it again */
+ rc = ssh_options_apply(session);
+ assert_ssh_return_code(session, rc);
+
+ /* check that the expansion was done only once */
+ assert_string_equal(session->opts.knownhosts, "%d/.ssh/known_hosts");
+ assert_string_equal(session->opts.global_knownhosts,
+ "/etc/%u/libssh/known_hosts");
+ /* no exec should be added if there already is one */
+ assert_string_equal(session->opts.ProxyCommand,
+ "exec echo \"Hello libssh %d!\"");
+ assert_string_equal(session->opts.identity->root->data,
+ "%d/do_not_expand");
+
+ /* apply should keep the freshest setting */
+ rc = ssh_options_set(session,
+ SSH_OPTIONS_KNOWNHOSTS,
+ "hello there");
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_options_set(session,
+ SSH_OPTIONS_GLOBAL_KNOWNHOSTS,
+ "lorem ipsum");
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_options_set(session,
+ SSH_OPTIONS_PROXYCOMMAND,
+ "mission_impossible");
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_options_set(session,
+ SSH_OPTIONS_ADD_IDENTITY,
+ "007");
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_options_set(session,
+ SSH_OPTIONS_ADD_IDENTITY,
+ "3");
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_options_set(session,
+ SSH_OPTIONS_ADD_IDENTITY,
+ "2");
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_options_set(session,
+ SSH_OPTIONS_ADD_IDENTITY,
+ "1");
+ assert_ssh_return_code(session, rc);
+
+ /* check that flags show need of escape expansion */
+ assert_false(session->opts.exp_flags & SSH_OPT_EXP_FLAG_KNOWNHOSTS);
+ assert_false(session->opts.exp_flags & SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS);
+ assert_false(session->opts.exp_flags & SSH_OPT_EXP_FLAG_PROXYCOMMAND);
+ assert_false(ssh_list_count(session->opts.identity_non_exp) == 0);
+
+ rc = ssh_options_apply(session);
+ assert_ssh_return_code(session, rc);
+
+ /* check that the values got expanded */
+ assert_true(session->opts.exp_flags & SSH_OPT_EXP_FLAG_KNOWNHOSTS);
+ assert_true(session->opts.exp_flags & SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS);
+ assert_true(session->opts.exp_flags & SSH_OPT_EXP_FLAG_PROXYCOMMAND);
+ assert_true(ssh_list_count(session->opts.identity_non_exp) == 0);
+
+ assert_string_equal(session->opts.knownhosts, "hello there");
+ assert_string_equal(session->opts.global_knownhosts, "lorem ipsum");
+ /* check that the "exec " was added at the beginning */
+ assert_string_equal(session->opts.ProxyCommand, "exec mission_impossible");
+ assert_string_equal(session->opts.identity->root->data, "1");
+
+ /* check the order of the identity files after double expansion */
+ awaited_list = ssh_list_new();
+ /* append the new data in order */
+ id = strdup("1");
+ rc = ssh_list_append(awaited_list, id);
+ assert_int_equal(rc, SSH_OK);
+ id = strdup("2");
+ rc = ssh_list_append(awaited_list, id);
+ assert_int_equal(rc, SSH_OK);
+ id = strdup("3");
+ rc = ssh_list_append(awaited_list, id);
+ assert_int_equal(rc, SSH_OK);
+ id = strdup("007");
+ rc = ssh_list_append(awaited_list, id);
+ assert_int_equal(rc, SSH_OK);
+ id = strdup("%d/do_not_expand");
+ rc = ssh_list_append(awaited_list, id);
+ assert_int_equal(rc, SSH_OK);
+ /* append the defaults; this list is copied from ssh_new@src/session.c */
+ id = ssh_path_expand_escape(session, "%d/id_ed25519");
+ rc = ssh_list_append(awaited_list, id);
+ assert_int_equal(rc, SSH_OK);
+#ifdef HAVE_ECC
+ id = ssh_path_expand_escape(session, "%d/id_ecdsa");
+ rc = ssh_list_append(awaited_list, id);
+ assert_int_equal(rc, SSH_OK);
+#endif
+ id = ssh_path_expand_escape(session, "%d/id_rsa");
+ rc = ssh_list_append(awaited_list, id);
+ assert_int_equal(rc, SSH_OK);
+#ifdef HAVE_DSA
+ id = ssh_path_expand_escape(session, "%d/id_dsa");
+ rc = ssh_list_append(awaited_list, id);
+ assert_int_equal(rc, SSH_OK);
+#endif
+
+ assert_int_equal(ssh_list_count(awaited_list),
+ ssh_list_count(session->opts.identity));
+
+ it1 = ssh_list_get_iterator(awaited_list);
+ assert_non_null(it1);
+ it2 = ssh_list_get_iterator(session->opts.identity);
+ assert_non_null(it2);
+ while (it1 != NULL && it2 != NULL) {
+ assert_string_equal(it1->data, it2->data);
+
+ free((void*)it1->data);
+ it1 = it1->next;
+ it2 = it2->next;
+ }
+ assert_null(it1);
+ assert_null(it2);
+
+ ssh_list_free(awaited_list);
+}
+
#ifdef WITH_SERVER
const char template[] = "temp_dir_XXXXXX";
@@ -2132,6 +2296,7 @@ int torture_run_tests(void) {
setup, teardown),
cmocka_unit_test_setup_teardown(torture_options_caret_sign,
setup, teardown),
+ cmocka_unit_test_setup_teardown(torture_options_apply, setup, teardown),
};
#ifdef WITH_SERVER
--
2.38.1

View File

@ -1,98 +0,0 @@
diff --git a/tests/pkcs11/setup-softhsm-tokens.sh b/tests/pkcs11/setup-softhsm-tokens.sh
index 532c86a7..9050cea6 100755
--- a/tests/pkcs11/setup-softhsm-tokens.sh
+++ b/tests/pkcs11/setup-softhsm-tokens.sh
@@ -17,10 +17,10 @@ echo "OBJNAME: $OBJNAME"
echo "LOADPUBLIC: $LOADPUBLIC"
# Create temporary directory for tokens
-install -d -m 0755 $TESTDIR/db
+install -d -m 0755 "$TESTDIR/db"
# Create SoftHSM configuration file
-cat >$TESTDIR/softhsm.conf <<EOF
+cat >"$TESTDIR/softhsm.conf" <<EOF
directories.tokendir = $TESTDIR/db
objectstore.backend = file
log.level = DEBUG
@@ -28,12 +28,12 @@ EOF
export SOFTHSM2_CONF=$TESTDIR/softhsm.conf
-cat $TESTDIR/softhsm.conf
+cat "$TESTDIR/softhsm.conf"
#init
-cmd='softhsm2-util --init-token --label "$OBJNAME" --free --pin 1234 --so-pin 1234'
+cmd="softhsm2-util --init-token --label $OBJNAME --free --pin 1234 --so-pin 1234"
eval echo "$cmd"
-out=$(eval $cmd)
+out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "Init token failed"
@@ -41,10 +41,29 @@ if [ $ret -ne 0 ]; then
exit 1
fi
+find_library_path() {
+ echo "$@"
+ for _lib in "$@" ; do
+ if test -f "$_lib" ; then
+ LIBSOFTHSM_PATH="$_lib"
+ echo "Using libsofthsm path: $LIBSOFTHSM_PATH"
+ return
+ fi
+ done
+ echo "libsofthsm2.so not found"
+ exit 1
+}
+
+find_library_path \
+ /usr/lib64/libsofthsm2.so \
+ /usr/lib/libsofthsm2.so \
+ /usr/local/lib/softhsm/libsofthsm2.so \
+ /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
+
#load private key
-cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-privkey "$PRIVKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
+cmd="p11tool --provider $LIBSOFTHSM_PATH --write --load-privkey $PRIVKEY --label $OBJNAME --login --set-pin=1234 \"pkcs11:token=$OBJNAME\""
eval echo "$cmd"
-out=$(eval $cmd)
+out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "Loading privkey failed"
@@ -52,15 +71,15 @@ if [ $ret -ne 0 ]; then
exit 1
fi
-cat $PUBKEY
+cat "$PUBKEY"
-ls -l $TESTDIR
+ls -l "$TESTDIR"
-if [ $LOADPUBLIC -ne 0 ]; then
+if [ "$LOADPUBLIC" -ne 0 ]; then
#load public key
- cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-pubkey "$PUBKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
+ cmd="p11tool --provider $LIBSOFTHSM_PATH --write --load-pubkey $PUBKEY --label $OBJNAME --login --set-pin=1234 \"pkcs11:token=$OBJNAME\""
eval echo "$cmd"
- out=$(eval $cmd)
+ out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "Loading pubkey failed"
@@ -69,9 +88,9 @@ if [ $LOADPUBLIC -ne 0 ]; then
fi
fi
-cmd='p11tool --list-all --login "pkcs11:token="$OBJNAME"" --set-pin=1234'
+cmd="p11tool --list-all --login \"pkcs11:token=$OBJNAME\" --set-pin=1234"
eval echo "$cmd"
-out=$(eval $cmd)
+out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "Loging failed"

File diff suppressed because it is too large Load Diff

View File

@ -1,21 +0,0 @@
diff --color -ru ../libssh-0.10.4/tests/client/torture_rekey.c ./tests/client/torture_rekey.c
--- ../libssh-0.10.4/tests/client/torture_rekey.c 2023-05-17 10:55:23.384684129 +0200
+++ ./tests/client/torture_rekey.c 2023-05-17 10:56:29.819334665 +0200
@@ -504,7 +504,7 @@
memset(data, 'A', 128);
for (i = 0; i < KEX_RETRY; i++) {
ssh_send_ignore(s->ssh.session, data);
- ssh_handle_packets(s->ssh.session, 100);
+ ssh_handle_packets(s->ssh.session, 1000);
c = s->ssh.session->current_crypto;
/* SHA256 len */
@@ -582,7 +582,7 @@
memset(data, 'A', 128);
for (i = 0; i < KEX_RETRY; i++) {
ssh_send_ignore(s->ssh.session, data);
- ssh_handle_packets(s->ssh.session, 100);
+ ssh_handle_packets(s->ssh.session, 1000);
c = s->ssh.session->current_crypto;
/* SHA256 len */

19
SOURCES/s390x_fix.patch Normal file
View File

@ -0,0 +1,19 @@
diff --git a/src/packet.c b/src/packet.c
index ec4a7203..a81eb8e3 100644
--- a/src/packet.c
+++ b/src/packet.c
@@ -1752,10 +1752,12 @@ static bool
ssh_packet_in_rekey(ssh_session session)
{
/* We know we are rekeying if we are authenticated and the DH
- * status is not finished
+ * status is not finished, but we only queue packets until we've
+ * sent our NEWKEYS.
*/
return (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) &&
- (session->dh_handshake_state != DH_STATE_FINISHED);
+ (session->dh_handshake_state != DH_STATE_FINISHED) &&
+ (session->dh_handshake_state != DH_STATE_NEWKEYS_SENT);
}
int ssh_packet_send(ssh_session session)

View File

@ -1,61 +1,54 @@
Name: libssh Name: libssh
Version: 0.10.4 Version: 0.9.6
Release: 13%{?dist} Release: 14%{?dist}
Summary: A library implementing the SSH protocol Summary: A library implementing the SSH protocol
License: LGPLv2+ License: LGPLv2+
URL: http://www.libssh.org URL: http://www.libssh.org
Source0: https://www.libssh.org/files/0.10/%{name}-%{version}.tar.xz Source0: https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz
Source1: https://www.libssh.org/files/0.10/%{name}-%{version}.tar.xz.asc Source1: https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz.asc
Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring
Source3: libssh_client.config Source3: libssh_client.config
Source4: libssh_server.config Source4: libssh_server.config
Patch0: loglevel.patch
Patch1: s390x_fix.patch
Patch2: null_dereference_rekey.patch
Patch3: auth_bypass.patch
Patch4: fix_tests.patch
Patch5: covscan23.patch
Patch6: CVE-2023-48795.patch
Patch7: CVE-2023-6004.patch
Patch8: CVE-2023-6918.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: doxygen
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: gnupg2 BuildRequires: gnupg2
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: openssl-pkcs11
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: zlib-devel BuildRequires: zlib-devel
BuildRequires: krb5-devel BuildRequires: krb5-devel
BuildRequires: libcmocka-devel BuildRequires: libcmocka-devel
BuildRequires: openssh-clients
BuildRequires: openssh-server
BuildRequires: pam_wrapper BuildRequires: pam_wrapper
BuildRequires: socket_wrapper BuildRequires: socket_wrapper
BuildRequires: nss_wrapper BuildRequires: nss_wrapper
BuildRequires: uid_wrapper BuildRequires: uid_wrapper
BuildRequires: openssh-clients
BuildRequires: openssh-server
BuildRequires: nmap-ncat BuildRequires: nmap-ncat
BuildRequires: softhsm
BuildRequires: gnutls-utils
Requires: %{name}-config = %{version}-%{release}
Requires: crypto-policies Requires: crypto-policies
Requires: %{name}-config = %{version}-%{release}
%ifarch aarch64 ppc64 ppc64le s390x x86_64 %ifarch aarch64 ppc64 ppc64le s390x x86_64
Provides: libssh_threads.so()(64bit)
Provides: libssh_threads.so.4()(64bit) Provides: libssh_threads.so.4()(64bit)
%else %else
Provides: libssh_threads.so
Provides: libssh_threads.so.4 Provides: libssh_threads.so.4
%endif %endif
Patch1: coverity_scan.patch
Patch2: pkcs11_test_fix.patch
Patch3: loglevel.patch
Patch4: plus_sign.patch
Patch5: memory_leak.patch
Patch6: options_apply.patch
Patch7: enable_sk_keys_by_config.patch
Patch8: null_dereference_rekey.patch
Patch9: auth_bypass.patch
Patch10: covscan23.patch
Patch11: rekey_test_fixup.patch
Patch12: covscan23_1.patch
Patch13: CVE-2023-6004.patch
Patch14: CVE-2023-48795.patch
Patch15: CVE-2023-6918.patch
Patch16: escape-brackets-in-proxycommand.patch
%description %description
The ssh library was designed to be used by programmers needing a working SSH The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client is implementation by the mean of a library. The complete control of the client is
@ -75,7 +68,7 @@ applications that use %{name}.
%package config %package config
Summary: Configuration files for %{name} Summary: Configuration files for %{name}
BuildArch: noarch BuildArch: noarch
Obsoletes: %{name} < 0.9.0-3 Obsoletes: %{name} < 0.9.0-1
%description config %description config
The %{name}-config package provides the default configuration files for %{name}. The %{name}-config package provides the default configuration files for %{name}.
@ -85,18 +78,26 @@ gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
%autosetup -p1 %autosetup -p1
%build %build
%cmake \ if test ! -e "obj"; then
mkdir obj
fi
pushd obj
%cmake .. \
-DUNIT_TESTING=ON \ -DUNIT_TESTING=ON \
-DCLIENT_TESTING=ON \ -DCLIENT_TESTING=ON \
-DSERVER_TESTING=ON \ -DSERVER_TESTING=ON \
-DWITH_PKCS11_URI=ON \
-DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \ -DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \
-DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config" -DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config"
%cmake_build
%make_build VERBOSE=1
make docs
popd
%install %install
%cmake_install make DESTDIR=%{buildroot} install/fast -C obj
install -d -m755 %{buildroot}%{_sysconfdir}/libssh install -d -m755 %{buildroot}%{_sysconfdir}/libssh
install -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/libssh/libssh_client.config install -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/libssh/libssh_client.config
install -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/libssh/libssh_server.config install -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/libssh/libssh_server.config
@ -108,7 +109,7 @@ install -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/libssh/libssh_server.config
# requiring it to continue working. # requiring it to continue working.
# #
pushd %{buildroot}%{_libdir} pushd %{buildroot}%{_libdir}
for i in libssh.so*; for i in libssh.so.4*;
do do
_target="${i}" _target="${i}"
_link_name="${i%libssh*}libssh_threads${i##*libssh}" _link_name="${i%libssh*}libssh_threads${i##*libssh}"
@ -122,24 +123,24 @@ popd
%ldconfig_scriptlets %ldconfig_scriptlets
%check %check
# Tests are randomly failing when run in parallel pushd obj
%global _smp_build_ncpus 1 ctest --output-on-failure
%ctest popd
%files %files
%doc AUTHORS BSD CHANGELOG README %doc AUTHORS BSD ChangeLog README
%license COPYING %license COPYING
%{_libdir}/libssh.so.4* %{_libdir}/libssh.so.4*
%{_libdir}/libssh_threads.so.4* %{_libdir}/libssh_threads.so.4*
%files devel %files devel
%doc obj/doc/html
%{_includedir}/libssh/ %{_includedir}/libssh/
# own this to avoid dep on cmake -- rex # own this to avoid dep on cmake -- rex
%dir %{_libdir}/cmake/ %dir %{_libdir}/cmake/
%{_libdir}/cmake/libssh/ %{_libdir}/cmake/libssh/
%{_libdir}/pkgconfig/libssh.pc %{_libdir}/pkgconfig/libssh.pc
%{_libdir}/libssh.so %{_libdir}/libssh.so
%{_libdir}/libssh_threads.so
%files config %files config
%attr(0755,root,root) %dir %{_sysconfdir}/libssh %attr(0755,root,root) %dir %{_sysconfdir}/libssh
@ -147,233 +148,168 @@ popd
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
%changelog %changelog
* Mon Feb 19 2024 Sahana Prasad <sahana@redhat.com> - 0.10.4-13 * Mon Feb 26 2024 Sahana Prasad <sahana@redhat.com> - 0.9.6-14
- Bump up the version so that the version in 9.3 is lower.
- Resolves: RHEL-19310, RHEL-19691, RHEL-17245
* Tue Jan 09 2024 Sahana Prasad <sahana@redhat.com> - 0.10.4-12
- Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP) - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP)
- Fix CVE-2023-6918 Missing checks for return values for digests - Fix CVE-2023-6918 Missing checks for return values for digests
- Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection - Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection
of malicious code through hostname of malicious code through hostname
- Resolves: RHEL-19310, RHEL-19691, RHEL-17245 - Note: version is bumped from 12 to 14 directly, as the z-stream
version in 8.9 also has 13. So bumping it to 14, will prevent
upgrade conflicts.
- Resolves:RHEL-19690, RHEL-17244, RHEL-19312
* Wed Jun 21 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4-11 * Mon May 15 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-12
- Fix loglevel regression - Fix loglevel regression
- Related: rhbz#2182252, rhbz#2189740 - Related: rhbz#2182251, rhbz#2189742
* Mon May 22 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4.10 * Thu May 04 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-11
- Fix null dereference issues found by covscan - .fmf/version is needed to run the tests
- Related: rhbz#2182252, rhbz#2189740 - Related: rhbz#2182251, rhbz#2189742
* Wed May 10 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4-9 * Wed May 03 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-10
- Fix CVE-2023-1667 and CVE-2023-2283 - Add missing ci.fmf file
- Fix issues found by cosvcan - Related: rhbz#2182251, rhbz#2189742
- Resolves: rhbz#2182252, rhbz#2189740
* Mon Jan 23 2023 Stanislav Zidek <szidek@redhat.com> - 0.10.4-8 * Wed May 03 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-9
+ libssh-0.10.4-8 - Fix covscan errors found at gating
- Extended CI to run internal tests in RHEL - Related: rhbz#2182251, rhbz#2189742
- Related: rhbz#2160080
* Wed Jan 4 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4-7 * Tue May 02 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-8
- Add sk-keys to configuration parsing allowing to turn on-off by config - Backport test fixing commits to make the build pass
- Related: rhbz#2026449 - Related: rhbz#2182251, rhbz#2189742
* Thu Dec 1 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-6 * Thu Apr 27 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-7
- Fix covscan error - Fix NULL dereference during rekeying with algorithm guessing
- Remove unwanted test with yet unimplemented feature GHSL-2023-032 / CVE-2023-1667
- Related: rhbz#2137839, rhbz#2136824 - Fix possible authentication bypass
GHSL 2023-085 / CVE-2023-2283
- Resolves: rhbz#2182251, rhbz#2189742
* Thu Dec 01 2022 Stanislav Zidek <szidek@redhat.com> - 0.10.4-5 * Fri Jan 06 2023 Norbert Pocs <npocs@redhat.com> - 0.9.6-6
+ libssh-0.10.4-5 - Enable client and server testing build time
- Fixed CI configuration due to TMT changes - Fix failing rekey test on arch s390x
- Resolves: rhbz#2126342
* Wed Nov 30 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-4 * Mon Dec 05 2022 Stanislav Zidek <szidek@redhat.com> - 0.9.6-5
- Move loglevel closer to openssh loglevel - Fix CI configuration for new TMT
- Add openssh config feature of +,-,^ for algorithm lists - Resolves: rhbz#2149910
- Fix memory leaks of bignum
- Prevent multiple expansion of escape characters
- Resolves: rhbz#2132407, rhbz#2137839, rhbz#2144795, rhbz#2136824
* Tue Oct 4 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-3 * Mon Nov 28 2022 Norbert Pocs <npocs@redhat.com> - 0.9.6-4
- Enable pkcs11 support - Make VERBOSE and lower log levels less verbose
- Fix broken libsofthsm path on i686 - Resolves: rhbz#2091512
- Add missing bugzilla references from the rebase commit
- Related: rhbz#2026449
- Resolves: rhbz#1977913, rhbz#1975500
* Tue Sep 27 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-2 * Fri Nov 05 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-3
- Fix coverity scan issues - Remove STI tests
- Resolves: rhbz#2130126
* Mon Sep 19 2022 Norbert pocs <npocs@redhat.com> - 0.10.4-1 * Thu Oct 21 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-2
- Rebase to version 0.10.4 - Remove bad patch causing errors
- Add pkcs11 support - Adding BuildRequires for openssh (SSHD support)
- Disallow ssh-rsa key in FIPS mode
- Fix openssl KDF check at build
- ChangeLog was renamed to CHANGELOG
- Resolves: rhbz#2068475, rhbz#2026449, rhbz#2004021,
rhbz#1977913, rhbz#1975500
* Fri Nov 12 2021 Stanislav Zidek <szidek@redhat.com> - 0.9.6-3 * Thu Oct 14 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-1
+ libssh-0.9.6-3 - Fix CVE-2021-3634: Fix possible heap-buffer overflow when
- Disabled gating on osci.brew-build.revdeps.integration rekeying with different key exchange mechanism
Related: rhbz#2022034
* Thu Nov 11 2021 Stanislav Zidek <szidek@redhat.com> - 0.9.6-2
- STI, FMF, and gating fixes
Resolves: rhbz#2022034
* Tue Oct 05 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-1
- Fix CVE-CVE-2021-3634 libssh: possible heap-based buffer
overflow when rekeying
- Fix static analyzer issues in rhbz#1938795
- Rebase to version 0.9.6 - Rebase to version 0.9.6
- Resolves: rhbz#1994607, rhbz#1938795, rhbz#2009669 - Rename SSHD_EXECUTABLE to SSH_EXECUTABLE in tests/torture.c
- Resolves: rhbz#1896651, rhbz#1994600
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.9.5-6 * Thu Oct 14 2021 Sahana Prasad <sahana@redhat.com> - 0.9.4-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Revert previous commit as it is incorrect.
Related: rhbz#1991688
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.9.5-5 * Thu Oct 14 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-1
- Rebuilt for RHEL 9 BETA for openssl 3.0 - Fix CVE-2021-3634: Fix possible heap-buffer overflow when
Related: rhbz#1971065 rekeying with different key exchange mechanism (#1978810)
* Tue Apr 27 2021 Sahana Prasad <sahana@redhat.com> - 0.9.5-4 * Wed Apr 21 2021 Sahana Prasad <sahana@redhat.com> - 0.9.4-3
- Change crypto-policies from recommends to requires - Fix CVE-2020-16135 NULL pointer dereference in sftpserver.c if
Resolves: rhbz#1947863 ssh_buffer_new returns NULL (#1862646)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.9.5-3 * Wed Jun 24 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.4-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Do not return error when server properly closed the channel (#1849071)
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Sep 10 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.5-1
- Update to version 0.9.5
https://www.libssh.org/2020/09/10/libssh-0-9-5/
- Removed patch to re-enable algorithms using sha1 in sshd for testing
- The algorithms supported by sshd are now automatically detected for testing
- Resolves: #1862457 - CVE-2020-16135
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-5
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jun 22 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.4-3
- Do not return error when server properly closed the channel (#1849069)
- Add a test for CVE-2019-14889 - Add a test for CVE-2019-14889
- Do not parse configuration file in torture_knownhosts test - Do not parse configuration file in torture_knownhosts test
* Wed Apr 15 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.4-2 * Tue May 26 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.4-1
- Added patch to fix returned version
* Thu Apr 09 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.4-1
- Update to version 0.9.4 - Update to version 0.9.4
https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
- Fixed CVE-2019-14889 (#1781782)
- Fixed CVE-2020-1730 (#1802422)
- Create missing directories in the path provided for known_hosts files (#1733914)
- Removed inclusion of OpenSSH server configuration file from - Removed inclusion of OpenSSH server configuration file from
libssh_server.config libssh_server.config (#1821339)
- Added patch to re-enable algorithms using sha1 in sshd for testing
- resolves: #1822529 - CVE-2020-1730
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.3-2 * Mon Aug 05 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - Skip 1024 bits RSA key generation test in FIPS mode (#1734485)
* Tue Dec 10 2019 Andreas Schneider <asn@redhat.com> - 0.9.3-1 * Thu Jul 11 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-3
- Update to version 0.9.3
- resolves: #1781780 - Fixes CVE-2019-14889
* Thu Nov 07 2019 Andreas Schneider <asn@redhat.com> - 0.9.2-1
- Upate to version 0.9.2
- resolves #1769370 - Remove the docs, they can be found on https://api.libssh.org/
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jul 11 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-5
- Add Obsoletes in libssh-config to avoid conflict with old libssh which - Add Obsoletes in libssh-config to avoid conflict with old libssh which
installed the configuration files. installed the configuration files.
* Wed Jul 10 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-4 * Wed Jul 10 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-2
- Eliminate circular dependency with libssh-config subpackage - Eliminate circular dependency with libssh-config subpackage
* Wed Jul 10 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-3 * Wed Jul 10 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-1
- Provide the configuration files in a separate libssh-config subpackage
* Thu Jul 04 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-2
- Do not ignore keys from known_hosts when SSH_OPTIONS_HOSTKEYS is set
* Fri Jun 28 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-1
- Fixed Release number to released format
* Fri Jun 28 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-0.1
- Update to version 0.9.0 - Update to version 0.9.0
https://www.libssh.org/2019/06/28/libssh-0-9-0/ https://www.libssh.org/2019/06/28/libssh-0-9-0/
- Added explicit Requires for crypto-policies
- Do not ignore known_hosts keys when SSH_OPTIONS_HOSTKEYS is set
- Provide the configuration files in a separate libssh-config subpackage
* Wed Jun 19 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.91-0.1 * Mon Jun 17 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.91-0.1
- Update to 0.9.0 pre release version (0.8.91) - Update to 0.9.0 pre release version (0.8.91)
- Added default configuration files for client and server - Added default configuration files for client and server
- Follow system-wide crypto configuration (crypto-policies) - Removed unused patch files left behind
- Added Recommends for crypto-policies - Fixed issues found to run upstream test suite with SELinux
- Use OpenSSL implementation for KDF, DH, and signatures.
- Detect FIPS mode and use only allowed algorithms
- Run client and server tests during build
* Mon Feb 25 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.7-1 * Fri Dec 14 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.5-2
- Update to version 0.8.7 - Fix more regressions introduced by the fixes for CVE-2018-10933
https://www.libssh.org/2019/02/25/libssh-0-8-7/
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.6-3 * Thu Nov 29 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.5-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Jan 15 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.6-2
- Fix rsa-sha2 extension handling (#1666342)
* Thu Jan 03 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.6-1
- Update to version 0.8.6
https://www.libssh.org/2018/12/24/libssh-0-8-6-xmas-edition/
* Mon Oct 29 2018 Andreas Schneider <asn@redhat.com> - 0.8.5-1
- Update to version 0.8.5 - Update to version 0.8.5
https://www.libssh.org/2018/10/29/libssh-0-8-5-and-libssh-0-7-7/ * Fixed an issue where global known_hosts file was ignored (#1649321)
* Fixed ssh_get_fd() to return writable file descriptor (#1649319)
* Fixed regression introduced in known_hosts parsing (#1649315)
* Fixed a regression which caused only the first algorithm in known_hosts to
be considered (#1638790)
* Tue Oct 16 2018 Andreas Schneider <asn@redhat.com> - 0.8.4-1 * Thu Nov 08 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.3-5
- Update to version 0.8.4 - Fix regressions introduced by the fixes for CVE-2018-10933
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release
- Fixes CVE-2018-10933
* Mon Oct 01 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.3-3 * Wed Oct 17 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.3-4
- Fixed errors found by static code analysis - Fix for authentication bypass issue in server implementation (#1639926)
* Tue Sep 25 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.3-2 * Tue Oct 02 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.3-3
- Add missing libssh_threads.so link to libssh-devel package - Fixed errors found by static code analysis (#1602594)
* Fri Sep 21 2018 Andreas Schneider <asn@redhat.com> - 0.8.3-1 * Fri Sep 21 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.3-1
- Update to version 0.8.3 - Update to version 0.8.3
https://www.libssh.org/2018/09/21/libssh-0-8-3/ * Added support for rsa-sha2 (#1610882)
* Added support to parse private keys in openssh container format (other than
ed25519) (#1622983)
* Added support for diffie-hellman-group18-sha512 and
diffie-hellman-group16-sha512 (#1610885)
* Added ssh_get_fingerprint_hash()
* Added ssh_pki_export_privkey_base64()
* Added support for Match keyword in config file
* Improved performance and reduced memory footprint for sftp
* Fixed ecdsa publickey auth
* Fixed reading a closed channel
* Added support to announce posix-rename@openssh.com and hardlink@openssh.com
in the sftp server
* Use -fstack-protector-strong if possible (#1624135)
* Thu Aug 30 2018 Andreas Schneider <asn@redhat.com> - 0.8.2-1 * Wed Aug 15 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.1-4
- Update to version 0.8.2 - Fix the creation of symbolic links for libssh_threads.so.4
https://www.libssh.org/2018/08/30/libssh-0-8-2
* Thu Aug 16 2018 Andreas Schneider <asn@redhat.com> - 0.8.1-4 * Wed Aug 15 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.1-3
- Fix link creation or RPM doesn't install it - Add missing Provides for libssh_threads.so.4
* Wed Aug 15 2018 Andreas Schneider <asn@redhat.com> - 0.8.1-3 * Tue Aug 14 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.1-2
- Add missing so version for libssh_threads.so.4
* Tue Aug 14 2018 Andreas Schneider <asn@redhat.com> - 0.8.1-2
- Add Provides for libssh_threads.so to unbreak applications - Add Provides for libssh_threads.so to unbreak applications
- Fix ABIMap detection to not depend on python to build
* Mon Aug 13 2018 Andreas Schneider <asn@redhat.com> - 0.8.1-1 * Mon Aug 13 2018 Andreas Schneider <asn@redhat.com> - 0.8.1-1
- Update to version 0.8.1 - Update to version 0.8.1
https://www.libssh.org/2018/08/13/libssh-0-8-1 https://www.libssh.org/2018/08/13/libssh-0-8-1/
- resolves: #1615248 - pkg-config --modversion
- resolves: #1615132 - library initialization
* Fri Aug 10 2018 Andreas Schneider <asn@redhat.com> - 0.8.0-1 * Fri Aug 10 2018 Andreas Schneider <asn@redhat.com> - 0.8.0-1
- Update to version 0.8.0 - Update to version 0.8.0
@ -387,6 +323,7 @@ popd
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.5-7 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
- Related: bug#1614611
* Thu Feb 01 2018 Andreas Schneider <asn@redhat.com> - 0.7.5-6 * Thu Feb 01 2018 Andreas Schneider <asn@redhat.com> - 0.7.5-6
- resolves: #1540021 - Build against OpenSSL 1.1 - resolves: #1540021 - Build against OpenSSL 1.1