Avoid remote code execution in ssh-agent PKCS#11 support

Resolves: CVE-2023-38408
This commit is contained in:
Dmitry Belyavskiy 2023-07-20 12:10:35 +02:00
parent c7f769eede
commit 105578d3c8
2 changed files with 27 additions and 1 deletions

View File

@ -0,0 +1,17 @@
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index 6be647ec..ebddf6c3 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1537,10 +1537,8 @@ pkcs11_register_provider(char *provider_id, char *pin,
error("dlopen %s failed: %s", provider_module, dlerror());
goto fail;
}
- if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
- error("dlsym(C_GetFunctionList) failed: %s", dlerror());
- goto fail;
- }
+ if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
+ fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
p->module->handle = handle;
/* setup the pkcs11 callbacks */

View File

@ -66,7 +66,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.0p1
%global openssh_rel 17
%global openssh_rel 18
%global pam_ssh_agent_ver 0.10.3
%global pam_ssh_agent_rel 7
@ -277,6 +277,9 @@ Patch985: openssh-8.7p1-minimize-sha1-use.patch
Patch986: openssh-9.1p1-sshbanner.patch
# Upstream 25e3bccbaa63d27b9d5e09c123f1eb28594d2bd6
Patch987: openssh-8.0p1-ipv6-process.patch
# upsream commit
# b23fe83f06ee7e721033769cfa03ae840476d280
Patch1015: openssh-9.3p1-upstream-cve-2023-38408.patch
License: BSD
Group: Applications/Internet
@ -517,6 +520,8 @@ popd
%patch100 -p1 -b .coverity
%patch1015 -p1 -b .cve-2023-38408
autoreconf
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
autoreconf
@ -801,6 +806,10 @@ getent passwd sshd >/dev/null || \
%endif
%changelog
* Thu Jul 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-18
- Avoid remote code execution in ssh-agent PKCS#11 support
Resolves: CVE-2023-38408
* Tue Dec 20 2022 Dmitry Belyavskiy - 8.0p1-17
- Fix parsing of IPv6 IPs in sftp client (#2151334)
- Avoid ssh banner one-byte overflow (#2138344)