fix several issues with empty MAC in openssh-6.2p1-audit.patch

This commit is contained in:
Petr Lautrbach 2013-04-08 18:44:17 +02:00
parent d3d59da0b5
commit 014fe81ce3

View File

@ -95,7 +95,7 @@ index 6135591..5160869 100644
+}
#endif /* BSM */
diff --git a/audit-linux.c b/audit-linux.c
index b3ee2f4..115e2be 100644
index b3ee2f4..43904ee 100644
--- a/audit-linux.c
+++ b/audit-linux.c
@@ -35,13 +35,24 @@
@ -387,8 +387,8 @@ index b3ee2f4..115e2be 100644
+ Cipher *cipher = cipher_by_name(enc);
+ char *s;
+
+ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
+ direction[ctos], enc, cipher ? 8 * cipher->key_len : 0,
+ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d mac=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
+ direction[ctos], enc, cipher ? 8 * cipher->key_len : 0, mac,
+ (intmax_t)pid, (intmax_t)uid,
+ get_remote_port(), (s = get_local_ipaddr(packet_get_connection_in())), get_local_port());
+ xfree(s);
@ -1464,7 +1464,7 @@ index 2caa469..1a15066 100644
};
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 350c960..5f32844 100644
index 350c960..8c3599d 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -431,7 +431,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
@ -1504,6 +1504,15 @@ index 350c960..5f32844 100644
/* Export key state after authentication */
Newkeys *
mm_newkeys_from_blob(u_char *blob, int blen)
@@ -480,7 +494,7 @@ mm_newkeys_from_blob(u_char *blob, int blen)
buffer_init(&b);
buffer_append(&b, blob, blen);
- newkey = xmalloc(sizeof(*newkey));
+ newkey = xcalloc(1, sizeof(*newkey));
enc = &newkey->enc;
mac = &newkey->mac;
comp = &newkey->comp;
@@ -640,12 +654,14 @@ mm_send_keystate(struct monitor *monitor)
fatal("%s: conversion of newkeys failed", __func__);
@ -1589,7 +1598,7 @@ index 350c960..5f32844 100644
+ buffer_init(&m);
+ buffer_put_int(&m, ctos);
+ buffer_put_cstring(&m, cipher);
+ buffer_put_cstring(&m, mac);
+ buffer_put_cstring(&m, (mac ? mac : ""));
+ buffer_put_cstring(&m, compress);
+ buffer_put_int64(&m, pid);
+ buffer_put_int64(&m, uid);
@ -1661,7 +1670,7 @@ index 0c7f2e3..f47c7df 100644
struct Session;
diff --git a/packet.c b/packet.c
index a51c1f2..0756a59 100644
index a51c1f2..faa3a85 100644
--- a/packet.c
+++ b/packet.c
@@ -60,6 +60,7 @@
@ -1721,7 +1730,7 @@ index a51c1f2..0756a59 100644
}
/* Sets remote side protocol flags. */
@@ -729,6 +740,23 @@ packet_send1(void)
@@ -729,6 +740,25 @@ packet_send1(void)
*/
}
@ -1733,8 +1742,10 @@ index a51c1f2..0756a59 100644
+
+ xfree(newkeys->enc.name);
+
+ mac_clear(&newkeys->mac);
+ xfree(newkeys->mac.name);
+ if (newkeys->mac.enabled) {
+ mac_clear(&newkeys->mac);
+ xfree(newkeys->mac.name);
+ }
+
+ xfree(newkeys->comp.name);
+
@ -1745,7 +1756,7 @@ index a51c1f2..0756a59 100644
void
set_newkeys(int mode)
{
@@ -754,21 +782,9 @@ set_newkeys(int mode)
@@ -754,21 +784,9 @@ set_newkeys(int mode)
}
if (active_state->newkeys[mode] != NULL) {
debug("set_newkeys: rekeying");
@ -1769,7 +1780,7 @@ index a51c1f2..0756a59 100644
}
active_state->newkeys[mode] = kex_get_newkeys(mode);
if (active_state->newkeys[mode] == NULL)
@@ -1971,6 +1987,47 @@ packet_get_newkeys(int mode)
@@ -1971,6 +1989,47 @@ packet_get_newkeys(int mode)
return (void *)active_state->newkeys[mode];
}
@ -1817,7 +1828,7 @@ index a51c1f2..0756a59 100644
/*
* Save the state for the real connection, and use a separate state when
* resuming a suspended connection.
@@ -1978,18 +2035,12 @@ packet_get_newkeys(int mode)
@@ -1978,18 +2037,12 @@ packet_get_newkeys(int mode)
void
packet_backup_state(void)
{
@ -1837,7 +1848,7 @@ index a51c1f2..0756a59 100644
}
/*
@@ -2006,9 +2057,7 @@ packet_restore_state(void)
@@ -2006,9 +2059,7 @@ packet_restore_state(void)
backup_state = active_state;
active_state = tmp;
active_state->connection_in = backup_state->connection_in;
@ -1847,7 +1858,7 @@ index a51c1f2..0756a59 100644
len = buffer_len(&backup_state->input);
if (len > 0) {
buf = buffer_ptr(&backup_state->input);
@@ -2016,4 +2065,10 @@ packet_restore_state(void)
@@ -2016,4 +2067,10 @@ packet_restore_state(void)
buffer_clear(&backup_state->input);
add_recv_bytes(len);
}