Rebase to latest OpenSSH 7.7p1 (#1563223)

This commit is contained in:
Jakub Jelen 2018-03-27 16:52:07 +02:00
parent 1ce235ac38
commit 3cd4899257
27 changed files with 255 additions and 314 deletions

3
.gitignore vendored
View File

@ -27,3 +27,6 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
/pam_ssh_agent_auth-0.10.3.tar.bz2
/openssh-7.5p1.tar.gz
/openssh-7.6p1.tar.gz
/openssh-7.7p1.tar.gz
/openssh-7.7p1.tar.gz.asc
/DJM-GPG-KEY.gpg

View File

@ -69,7 +69,7 @@ diff -up openssh-7.4p1/servconf.c.vendor openssh-7.4p1/servconf.c
+
case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_allow_users >= MAX_ALLOW_USERS)
if (match_user(NULL, NULL, NULL, arg) == -1)
@@ -2269,6 +2277,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
dump_cfg_fmtint(sCompression, o->compression);
@ -93,8 +93,8 @@ diff -up openssh-7.4p1/sshd_config.0.vendor openssh-7.4p1/sshd_config.0
--- openssh-7.4p1/sshd_config.0.vendor 2016-12-23 13:34:51.695253847 +0100
+++ openssh-7.4p1/sshd_config.0 2016-12-23 13:36:53.146277511 +0100
@@ -792,6 +792,11 @@ DESCRIPTION
ssh-keygen(1). For more information on KRLs, see the KEY
REVOCATION LISTS section in ssh-keygen(1).
rdomain(4). If the routing domain is set to %D, then the domain
in which the incoming connection was received will be applied.
+ ShowPatchLevel
+ Specifies whether sshd will display the specific patch level of
@ -108,9 +108,9 @@ diff -up openssh-7.4p1/sshd_config.5.vendor openssh-7.4p1/sshd_config.5
--- openssh-7.4p1/sshd_config.5.vendor 2016-12-23 13:34:51.695253847 +0100
+++ openssh-7.4p1/sshd_config.5 2016-12-23 13:37:17.482282253 +0100
@@ -1334,6 +1334,13 @@ an OpenSSH Key Revocation List (KRL) as
.Xr ssh-keygen 1 .
For more information on KRLs, see the KEY REVOCATION LISTS section in
.Xr ssh-keygen 1 .
If the routing domain is set to
.Cm \&%D ,
then the domain in which the incoming connection was received will be applied.
+.It Cm ShowPatchLevel
+Specifies whether
+.Nm sshd

View File

@ -1,24 +1,75 @@
diff --git a/misc.c b/misc.c
index 2f11de4..36402d1 100644
index 874dcc8a..7b7f7a58 100644
--- a/misc.c
+++ b/misc.c
@@ -396,7 +396,7 @@ hpdelim(char **cp)
return NULL;
else
s++;
- } else if ((s = strpbrk(s, ":/")) == NULL)
+ } else if ((s = strpbrk(s, ":")) == NULL)
s = *cp + strlen(*cp); /* skip to end (see first case below) */
@@ -466,7 +466,7 @@ put_host_port(const char *host, u_short port)
* The delimiter char, if present, is stored in delim.
* If this is the last field, *cp is set to NULL.
*/
-static char *
+char *
hpdelim2(char **cp, char *delim)
{
char *s, *old;
diff --git a/misc.h b/misc.h
index cdafea73..cf9c8f28 100644
--- a/misc.h
+++ b/misc.h
@@ -54,6 +54,7 @@ int set_rdomain(int, const char *);
int a2port(const char *);
int a2tun(const char *, int *);
char *put_host_port(const char *, u_short);
+char *hpdelim2(char **, char *);
char *hpdelim(char **);
char *cleanhostname(char *);
char *colon(char *);
diff --git a/servconf.c b/servconf.c
index 0f0d0906..1679181e 100644
--- a/servconf.c
+++ b/servconf.c
@@ -821,7 +821,7 @@ process_permitopen(struct ssh *ssh, ServerOptions *options)
{
u_int i;
int port;
- char *host, *arg, *oarg;
+ char *host, *arg, *oarg, ch;
switch (*s) {
@@ -405,7 +405,6 @@ hpdelim(char **cp)
break;
case ':':
- case '/':
*s = '\0'; /* terminate */
*cp = s + 1;
break;
--
2.1.0
channel_clear_adm_permitted_opens(ssh);
if (options->num_permitted_opens == 0)
@@ -839,8 +839,8 @@ process_permitopen(struct ssh *ssh, ServerOptions *options)
/* Otherwise treat it as a list of permitted host:port */
for (i = 0; i < options->num_permitted_opens; i++) {
oarg = arg = xstrdup(options->permitted_opens[i]);
- host = hpdelim(&arg);
- if (host == NULL)
+ host = hpdelim2(&arg, &ch);
+ if (host == NULL || ch == '/')
fatal("%s: missing host in PermitOpen", __func__);
host = cleanhostname(host);
if (arg == NULL || ((port = permitopen_port(arg)) < 0))
@@ -1244,8 +1244,10 @@ process_server_config_line(ServerOptions *options, char *line,
port = 0;
p = arg;
} else {
- p = hpdelim(&arg);
- if (p == NULL)
+ char ch;
+ arg2 = NULL;
+ p = hpdelim2(&arg, &ch);
+ if (p == NULL || ch == '/')
fatal("%s line %d: bad address:port usage",
filename, linenum);
p = cleanhostname(p);
@@ -1815,9 +1817,10 @@ process_server_config_line(ServerOptions *options, char *line,
break;
}
for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
+ char ch;
arg2 = xstrdup(arg);
- p = hpdelim(&arg);
- if (p == NULL)
+ p = hpdelim2(&arg, &ch);
+ if (p == NULL || ch == '/')
fatal("%s line %d: missing host in PermitOpen",
filename, linenum);
p = cleanhostname(p);

View File

@ -41,14 +41,14 @@ diff -up openssh-7.4p1/monitor.c.log-in-chroot openssh-7.4p1/monitor.c
--- openssh-7.4p1/monitor.c.log-in-chroot 2016-12-23 15:14:33.311168085 +0100
+++ openssh-7.4p1/monitor.c 2016-12-23 15:16:42.154193100 +0100
@@ -307,6 +307,8 @@ monitor_child_preauth(Authctxt *_authctx
close(pmonitor->m_log_sendfd);
close(pmonitor->m_log_sendfd);
pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1;
+ pmonitor->m_state = "preauth";
+
authctxt = _authctxt;
memset(authctxt, 0, sizeof(*authctxt));
ssh->authctxt = authctxt;
@@ -405,6 +407,8 @@ monitor_child_postauth(struct monitor *p
close(pmonitor->m_recvfd);
pmonitor->m_recvfd = -1;
@ -165,7 +165,7 @@ diff -up openssh-7.4p1/session.c.log-in-chroot openssh-7.4p1/session.c
- closefrom(STDERR_FILENO + 1);
-
do_rc_files(s, shell);
do_rc_files(ssh, s, shell);
/* restore SIGPIPE for child */
@@ -1653,9 +1649,17 @@ do_child(Session *s, const char *command

View File

@ -116,38 +116,3 @@ index 2871fe9..39b9c08 100644
#endif
/* Demote the child */
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 12c014e..c5ef2ff 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -35,7 +35,6 @@
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
-#include <selinux/flask.h>
#include <selinux/get_context_list.h>
#ifndef SSH_SELINUX_UNCONFINED_TYPE
@@ -110,6 +109,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
security_context_t new_tty_ctx = NULL;
security_context_t user_ctx = NULL;
security_context_t old_tty_ctx = NULL;
+ security_class_t class;
if (!ssh_selinux_enabled())
return;
@@ -129,8 +129,13 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
goto out;
}
+ class = string_to_security_class("chr_file");
+ if (!class) {
+ error("string_to_security_class failed to translate security class context");
+ goto out;
+ }
if (security_compute_relabel(user_ctx, old_tty_ctx,
- SECCLASS_CHR_FILE, &new_tty_ctx) != 0) {
+ class, &new_tty_ctx) != 0) {
error("%s: security_compute_relabel: %s",
__func__, strerror(errno));
goto out;

View File

@ -10,14 +10,14 @@ diff -up openssh-6.8p1/Makefile.in.ctr-cavs openssh-6.8p1/Makefile.in
PRIVSEP_PATH=@PRIVSEP_PATH@
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
@@ -66,7 +67,7 @@ EXEEXT=@EXEEXT@
MANFMT=@MANFMT@
MKDIR_P=@MKDIR_P@
INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT)
LIBOPENSSH_OBJS=\
ssh_api.o \
XMSS_OBJS=\
ssh-xmss.o \
@@ -194,6 +195,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o
$(LD) -o $@ ssh-keycat.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS)

View File

@ -14,12 +14,13 @@ diff -up openssh-7.4p1/entropy.c.entropy openssh-7.4p1/entropy.c
diff -up openssh-7.4p1/openbsd-compat/Makefile.in.entropy openssh-7.4p1/openbsd-compat/Makefile.in
--- openssh-7.4p1/openbsd-compat/Makefile.in.entropy 2016-12-23 18:34:53.715762155 +0100
+++ openssh-7.4p1/openbsd-compat/Makefile.in 2016-12-23 18:35:15.890769493 +0100
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf
COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-malloc.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o
-PORTS=port-aix.o port-irix.o port-linux.o port-linux-sshd.o port-solaris.o port-tun.o port-uw.o
+PORTS=port-aix.o port-irix.o port-linux.o port-linux-sshd.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o
@@ -20,7 +20,8 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf
port-solaris.o \
port-net.o \
port-uw.o \
- port-linux-sshd.o
+ port-linux-sshd.o \
+ port-linux-prng.o
.c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<

View File

@ -207,7 +207,7 @@ index 28659ec..9c94d8e 100644
--- a/session.c
+++ b/session.c
@@ -789,6 +789,29 @@ do_exec(Session *s, const char *command)
command = forced_command;
command = auth_opts->force_command;
forced = "(key-option)";
}
+#ifdef GSSAPI

View File

@ -1,7 +1,7 @@
diff -up openssh/misc.c.keycat openssh/misc.c
--- openssh/misc.c.keycat 2015-06-24 10:57:50.158849606 +0200
+++ openssh/misc.c 2015-06-24 11:04:23.989868638 +0200
@@ -490,6 +490,14 @@ subprocess(const char *tag, struct passw
diff -up openssh/auth.c.keycat openssh/misc.c
--- openssh/auth.c.keycat 2015-06-24 10:57:50.158849606 +0200
+++ openssh/auth.c 2015-06-24 11:04:23.989868638 +0200
@@ -966,6 +966,14 @@ subprocess(const char *tag, struct passw
_exit(1);
}
@ -52,14 +52,14 @@ diff -up openssh/Makefile.in.keycat openssh/Makefile.in
AR=@AR@
AWK=@AWK@
@@ -65,7 +66,7 @@ EXEEXT=@EXEEXT@
MANFMT=@MANFMT@
MKDIR_P=@MKDIR_P@
INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
LIBOPENSSH_OBJS=\
ssh_api.o \
XMSS_OBJS=\
ssh-xmss.o \
@@ -190,6 +191,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LDAPLIBS)
@ -203,7 +203,7 @@ diff -up openssh/platform.c.keycat openssh/platform.c
diff -up openssh/ssh-keycat.c.keycat openssh/ssh-keycat.c
--- openssh/ssh-keycat.c.keycat 2015-06-24 10:57:50.161849599 +0200
+++ openssh/ssh-keycat.c 2015-06-24 10:57:50.161849599 +0200
@@ -0,0 +1,238 @@
@@ -0,0 +1,241 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
@ -253,6 +253,9 @@ diff -up openssh/ssh-keycat.c.keycat openssh/ssh-keycat.c
+#include <pwd.h>
+#include <fcntl.h>
+#include <unistd.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+
+#include <security/pam_appl.h>
+

View File

@ -192,15 +192,16 @@ diff -up openssh-7.4p1/servconf.c.kuserok openssh-7.4p1/servconf.c
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
@@ -399,7 +402,7 @@ typedef enum {
@@ -399,7 +402,8 @@ typedef enum {
sPermitRootLogin, sLogFacility, sLogLevel,
sRhostsRSAAuthentication, sRSAAuthentication,
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
- sKerberosGetAFSToken,
- sKerberosGetAFSToken, sChallengeResponseAuthentication,
+ sKerberosGetAFSToken, sKerberosUseKuserok,
sKerberosTgtPassing, sChallengeResponseAuthentication,
+ sChallengeResponseAuthentication,
sPasswordAuthentication, sKbdInteractiveAuthentication,
sListenAddress, sAddressFamily,
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
@@ -478,11 +481,13 @@ static struct {
#else
{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },

View File

@ -64,7 +64,7 @@ diff -up openssh-7.4p1/sshd_config.5.redhat openssh-7.4p1/sshd_config.5
diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
--- openssh-7.4p1/sshd_config.redhat 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/sshd_config 2016-12-23 13:33:05.386233133 +0100
@@ -10,21 +10,35 @@
@@ -10,20 +10,34 @@
# possible, but leave them commented. Uncommented options override the
# default value.
@ -79,7 +79,6 @@ diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config
-#HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_ecdsa_key

View File

@ -93,7 +93,7 @@ diff -up openssh-7.4p1/auth2-hostbased.c.role-mls openssh-7.4p1/auth2-hostbased.
+#else
+ (r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
+#endif
(r = sshbuf_put_cstring(b, service)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
(r = sshbuf_put_cstring(b, "hostbased")) != 0 ||
(r = sshbuf_put_string(b, pkalg, alen)) != 0 ||
diff -up openssh-7.4p1/auth2-pubkey.c.role-mls openssh-7.4p1/auth2-pubkey.c
@ -116,7 +116,7 @@ diff -up openssh-7.4p1/auth2-pubkey.c.role-mls openssh-7.4p1/auth2-pubkey.c
+#endif
if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
(r = sshbuf_put_cstring(b, userstyle)) != 0 ||
(r = sshbuf_put_cstring(b, ssh->compat & SSH_BUG_PKSERVICE ?
(r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
diff -up openssh-7.4p1/auth.h.role-mls openssh-7.4p1/auth.h
--- openssh-7.4p1/auth.h.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/auth.h 2016-12-23 12:19:43.478510375 +0100
@ -146,7 +146,7 @@ diff -up openssh-7.4p1/auth-pam.h.role-mls openssh-7.4p1/auth-pam.h
--- openssh-7.4p1/auth-pam.h.role-mls 2016-12-23 12:19:43.478510375 +0100
+++ openssh-7.4p1/auth-pam.h 2016-12-23 12:21:44.698101234 +0100
@@ -31,7 +31,7 @@ u_int do_pam_account(void);
void do_pam_session(void);
void do_pam_session(struct ssh *);
void do_pam_setcred(int );
void do_pam_chauthtok(void);
-int do_pam_putenv(char *, char *);
@ -316,7 +316,7 @@ diff -up openssh-7.4p1/monitor_wrap.c.role-mls openssh-7.4p1/monitor_wrap.c
+
/* Do the password authentication */
int
mm_auth_password(Authctxt *authctxt, char *password)
mm_auth_password(struct ssh *ssh, char *password)
diff -up openssh-7.4p1/monitor_wrap.h.role-mls openssh-7.4p1/monitor_wrap.h
--- openssh-7.4p1/monitor_wrap.h.role-mls 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/monitor_wrap.h 2016-12-23 12:19:58.588459376 +0100
@ -329,16 +329,17 @@ diff -up openssh-7.4p1/monitor_wrap.h.role-mls openssh-7.4p1/monitor_wrap.h
+#endif
struct passwd *mm_getpwnamallow(const char *);
char *mm_auth2_read_banner(void);
int mm_auth_password(struct Authctxt *, char *);
int mm_auth_password(struct ssh *, char *);
diff -up openssh-7.4p1/openbsd-compat/Makefile.in.role-mls openssh-7.4p1/openbsd-compat/Makefile.in
--- openssh-7.4p1/openbsd-compat/Makefile.in.role-mls 2016-12-23 12:19:58.588459376 +0100
+++ openssh-7.4p1/openbsd-compat/Makefile.in 2016-12-23 12:24:06.042643938 +0100
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf
COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-malloc.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o
-PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
+PORTS=port-aix.o port-irix.o port-linux.o port-linux-sshd.o port-solaris.o port-tun.o port-uw.o
@@ -20,7 +20,8 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf
port-linux.o \
port-solaris.o \
port-net.o \
- port-uw.o
+ port-uw.o \
+ port-linux-sshd.o
.c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<

View File

@ -27,7 +27,7 @@ diff -up openssh-7.4p1/monitor.c.coverity openssh-7.4p1/monitor.c
+ while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
;
close(pmonitor->m_sendfd);
if (pmonitor->m_recvfd >= 0)
diff -up openssh-7.4p1/monitor_wrap.c.coverity openssh-7.4p1/monitor_wrap.c
--- openssh-7.4p1/monitor_wrap.c.coverity 2016-12-23 16:40:26.892788689 +0100
+++ openssh-7.4p1/monitor_wrap.c 2016-12-23 16:40:26.900788691 +0100
@ -127,11 +127,11 @@ diff -up openssh-7.4p1/serverloop.c.coverity openssh-7.4p1/serverloop.c
}
tun = packet_get_int();
- if (forced_tun_device != -1) {
+ if (forced_tun_device >= 0) {
if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
- if (auth_opts->force_tun_device != -1) {
+ if (auth_opts->force_tun_device >= 0) {
if (tun != SSH_TUNID_ANY && auth_opts->force_tun_device != tun)
goto done;
tun = forced_tun_device;
tun = auth_opts->force_tun_device;
diff -up openssh-7.4p1/sftp.c.coverity openssh-7.4p1/sftp.c
--- openssh-7.4p1/sftp.c.coverity 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/sftp.c 2016-12-23 16:40:26.903788691 +0100

View File

@ -10,14 +10,14 @@ diff -up openssh-6.8p1/Makefile.in.kdf-cavs openssh-6.8p1/Makefile.in
PRIVSEP_PATH=@PRIVSEP_PATH@
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
@@ -67,7 +68,7 @@ EXEEXT=@EXEEXT@
MANFMT=@MANFMT@
MKDIR_P=@MKDIR_P@
INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT)
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT) ssh-cavs$(EXEEXT)
LIBOPENSSH_OBJS=\
ssh_api.o \
XMSS_OBJS=\
ssh-xmss.o \
@@ -198,6 +199,9 @@ ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHD
ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)

View File

@ -145,16 +145,16 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
GSSLIBS=@GSSLIBS@
SSHLIBS=@SSHLIBS@
@@ -61,8 +63,9 @@ XAUTH_PATH=@XAUTH_PATH@
LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
EXEEXT=@EXEEXT@
MANFMT=@MANFMT@
MKDIR_P=@MKDIR_P@
+INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
LIBOPENSSH_OBJS=\
ssh_api.o \
XMSS_OBJS=\
ssh-xmss.o \
@@ -112,8 +115,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
sandbox-solaris.o
@ -197,7 +197,7 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
+ fi
install-sysconf:
if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
$(MKDIR_P) $(DESTDIR)$(sysconfdir)
@@ -356,6 +370,13 @@ install-sysconf:
else \
echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
@ -228,7 +228,7 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8
regress-prep:
[ -d `pwd`/regress ] || mkdir -p `pwd`/regress
$(MKDIR_P) `pwd`/regress/unittests/test_helper
diff -up openssh-6.8p1/configure.ac.ldap openssh-6.8p1/configure.ac
--- openssh-6.8p1/configure.ac.ldap 2015-03-17 06:49:20.000000000 +0100
+++ openssh-6.8p1/configure.ac 2015-03-18 11:11:29.030801464 +0100

View File

@ -1,24 +0,0 @@
diff -up openssh-7.4p1/servconf.c.memory openssh-7.4p1/servconf.c
--- openssh-7.4p1/servconf.c.memory 2016-12-23 15:37:48.181422360 +0100
+++ openssh-7.4p1/servconf.c 2016-12-23 15:38:30.189429116 +0100
@@ -2006,6 +2006,8 @@ copy_set_server_options(ServerOptions *d
dst->n = src->n; \
} while (0)
+ u_int i;
+
M_CP_INTOPT(password_authentication);
M_CP_INTOPT(gss_authentication);
M_CP_INTOPT(pubkey_authentication);
@@ -2058,8 +2060,10 @@ copy_set_server_options(ServerOptions *d
} while(0)
#define M_CP_STRARRAYOPT(n, num_n) do {\
if (src->num_n != 0) { \
+ for (i = 0; i < dst->num_n; i++) \
+ free(dst->n[i]); \
for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
- dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
+ dst->n[dst->num_n] = src->n[dst->num_n]; \
} \
} while(0)
#define M_CP_STRARRAYOPT_ALLOC(n, num_n) do { \

View File

@ -238,8 +238,8 @@ diff -up openssh-7.0p1/servconf.c.gsskexalg openssh-7.0p1/servconf.c
#include "digest.h"
+#include "ssh-gss.h"
static void add_listen_addr(ServerOptions *, char *, int);
static void add_one_listen_addr(ServerOptions *, char *, int);
static void add_listen_addr(ServerOptions *, const char *,
const char *, int);
@@ -121,6 +122,7 @@ initialize_server_options(ServerOptions
options->gss_cleanup_creds = -1;
options->gss_strict_acceptor = -1;

View File

@ -86,7 +86,7 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
/*
* This is called to fork and execute a command when we have no tty. This
@@ -424,6 +430,8 @@ do_exec_no_pty(Session *s, const char *c
cray_init_job(s->pw); /* set up cray jid and tmpdir */
close(err[0]);
#endif
+ child_destory_sensitive_data();
@ -102,8 +102,8 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
+ child_destory_sensitive_data();
+
/* record login, etc. similar to login(1) */
#ifdef _UNICOS
cray_init_job(s->pw); /* set up cray jid and tmpdir */
#ifndef HAVE_OSF_SIA
do_login(ssh, s, command);
@@ -717,6 +728,8 @@ do_exec(Session *s, const char *command)
}
if (s->command != NULL && s->ptyfd == -1)

View File

@ -673,13 +673,13 @@ diff -up openssh-7.5p1/sshkey.c.fips openssh-7.5p1/sshkey.c
#include "crypto_api.h"
@@ -58,6 +59,7 @@
#define SSHKEY_INTERNAL
#include "sshkey.h"
#include "sshkey-xmss.h"
#include "match.h"
+#include "log.h"
/* openssh private key file format */
#define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n"
#include "xmss_fast.h"
@@ -1587,6 +1589,8 @@ rsa_generate_private_key(u_int bits, RSA
}
if (!BN_set_word(f4, RSA_F4) ||

View File

@ -1729,7 +1729,7 @@ diff -up openssh/monitor.c.gsskex openssh/monitor.c
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
+#endif
if (!no_pty_flag) {
if (auth_opts->permit_pty_flag) {
monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
@@ -1656,6 +1673,13 @@ monitor_apply_keystate(struct monitor *p
# endif
@ -2086,6 +2086,7 @@ diff -up openssh/regress/cert-userkey.sh.gsskex openssh/regress/cert-userkey.sh
-PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
+PLAIN_TYPES=`$SSH -Q key-plain | grep -v null | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
EXTRA_TYPES=""
if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512"
@ -2624,7 +2625,7 @@ diff -up openssh/sshd.c.gsskex openssh/sshd.c
@@ -871,8 +871,9 @@ notify_hostkeys(struct ssh *ssh)
}
debug3("%s: sent %d hostkeys", __func__, nkeys);
debug3("%s: sent %u hostkeys", __func__, nkeys);
if (nkeys == 0)
- fatal("%s: no hostkeys", __func__);
- packet_send();
@ -2864,9 +2865,9 @@ diff -up openssh/sshkey.h.gsskex openssh/sshkey.h
--- openssh/sshkey.h.gsskex 2017-09-25 01:48:10.000000000 +0200
+++ openssh/sshkey.h 2017-09-27 13:54:53.602534414 +0200
@@ -61,6 +61,7 @@ enum sshkey_types {
KEY_DSA_CERT,
KEY_ECDSA_CERT,
KEY_ED25519_CERT,
KEY_XMSS,
KEY_XMSS_CERT,
+ KEY_NULL,
KEY_UNSPEC
};

View File

@ -471,7 +471,7 @@ diff -up openssh/kexgexc.c.openssl openssh/kexgexc.c
debug("got SSH2_MSG_KEX_DH_GEX_GROUP");
@@ -119,26 +120,30 @@ input_kex_dh_gex_group(int type, u_int32
@@ -119,24 +120,30 @@ input_kex_dh_gex_group(int type, u_int32
p = g = NULL; /* belong to kex->dh now */
/* generate and send 'e', client DH public key */
@ -497,12 +497,8 @@ diff -up openssh/kexgexc.c.openssl openssh/kexgexc.c
ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply);
r = 0;
out:
- if (p)
- BN_clear_free(p);
- if (g)
- BN_clear_free(g);
+ BN_clear_free(p);
+ BN_clear_free(g);
BN_clear_free(p);
BN_clear_free(g);
+ if (r != 0) {
+ DH_free(kex->dh);
+ kex->dh = NULL;
@ -1419,17 +1415,6 @@ diff -up openssh/sshconnect2.c.openssl openssh/sshconnect2.c
}
/*
diff -up openssh/sshconnect.c.openssl openssh/sshconnect.c
--- openssh/sshconnect.c.openssl 2017-09-26 13:19:31.759249464 +0200
+++ openssh/sshconnect.c 2017-09-26 13:19:31.800249715 +0200
@@ -1316,6 +1316,7 @@ ssh_login(Sensitive *sensitive, const ch
char *server_user, *local_user;
local_user = xstrdup(pw->pw_name);
+ free(pw);
server_user = options.user ? options.user : local_user;
/* Convert the user-supplied hostname into all lowercase. */
diff -up openssh/ssh.c.openssl openssh/ssh.c
--- openssh/ssh.c.openssl 2017-09-26 13:19:31.786249629 +0200
+++ openssh/ssh.c 2017-09-26 13:19:31.800249715 +0200
@ -1443,14 +1428,6 @@ diff -up openssh/ssh.c.openssl openssh/ssh.c
if (access("/etc/system-fips", F_OK) == 0)
if (! FIPSCHECK_verify(NULL, NULL)){
if (FIPS_mode())
@@ -1263,6 +1265,7 @@ main(int ac, char **av)
free(cp);
}
free(conn_hash_hex);
+ free(host_arg);
if (config_test) {
dump_client_config(&options, host);
diff -up openssh/sshd.c.openssl openssh/sshd.c
--- openssh/sshd.c.openssl 2017-09-26 13:19:31.792249666 +0200
+++ openssh/sshd.c 2017-09-26 13:19:31.801249721 +0200
@ -1493,8 +1470,8 @@ diff -up openssh/ssh-dss.c.openssl openssh/ssh-dss.c
+ BN_bn2bin(r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
+ BN_bn2bin(s, sigblob + SIGBLOB_LEN - slen);
if (compat & SSH_BUG_SIGBLOB) {
if (sigp != NULL) {
if ((b = sshbuf_new()) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
@@ -137,6 +139,7 @@ ssh_dss_verify(const struct sshkey *key,
int ret = SSH_ERR_INTERNAL_ERROR;
struct sshbuf *b = NULL;
@ -1527,15 +1504,13 @@ diff -up openssh/ssh-dss.c.openssl openssh/ssh-dss.c
/* sha1 the data */
if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
@@ -207,8 +213,9 @@ ssh_dss_verify(const struct sshkey *key,
@@ -207,7 +213,9 @@ ssh_dss_verify(const struct sshkey *key,
out:
explicit_bzero(digest, sizeof(digest));
- if (sig != NULL)
- DSA_SIG_free(sig);
+ BN_free(r);
+ BN_free(s);
+ DSA_SIG_free(sig);
DSA_SIG_free(sig);
sshbuf_free(b);
free(ktype);
if (sigblob != NULL) {
@ -1597,15 +1572,13 @@ diff -up openssh/ssh-ecdsa.c.openssl openssh/ssh-ecdsa.c
if (sshbuf_len(sigbuf) != 0) {
ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
goto out;
@@ -180,8 +191,9 @@ ssh_ecdsa_verify(const struct sshkey *ke
@@ -180,7 +191,9 @@ ssh_ecdsa_verify(const struct sshkey *ke
explicit_bzero(digest, sizeof(digest));
sshbuf_free(sigbuf);
sshbuf_free(b);
- if (sig != NULL)
- ECDSA_SIG_free(sig);
+ BN_free(r);
+ BN_free(s);
+ ECDSA_SIG_free(sig);
ECDSA_SIG_free(sig);
free(ktype);
return ret;
}
@ -1647,20 +1620,19 @@ diff -up openssh/sshkey.c.openssl openssh/sshkey.c
#ifdef OPENSSL_HAS_ECC
case KEY_ECDSA_CERT:
case KEY_ECDSA:
@@ -496,11 +501,7 @@ sshkey_new(int type)
@@ -496,10 +501,7 @@ sshkey_new(int type)
#ifdef WITH_OPENSSL
case KEY_RSA:
case KEY_RSA_CERT:
- if ((rsa = RSA_new()) == NULL ||
- (rsa->n = BN_new()) == NULL ||
- (rsa->e = BN_new()) == NULL) {
- if (rsa != NULL)
- RSA_free(rsa);
- RSA_free(rsa);
+ if ((rsa = RSA_new()) == NULL) {
free(k);
return NULL;
}
@@ -508,13 +509,7 @@ sshkey_new(int type)
@@ -508,12 +509,7 @@ sshkey_new(int type)
break;
case KEY_DSA:
case KEY_DSA_CERT:
@ -1669,8 +1641,7 @@ diff -up openssh/sshkey.c.openssl openssh/sshkey.c
- (dsa->q = BN_new()) == NULL ||
- (dsa->g = BN_new()) == NULL ||
- (dsa->pub_key = BN_new()) == NULL) {
- if (dsa != NULL)
- DSA_free(dsa);
- DSA_free(dsa);
+ if ((dsa = DSA_new()) == NULL) {
free(k);
return NULL;
@ -2491,8 +2462,8 @@ diff -up openssh/sshkey.h.openssl openssh/sshkey.h
-int ssh_rsa_generate_additional_parameters(struct sshkey *);
+int ssh_rsa_generate_additional_parameters(struct sshkey *, BIGNUM *iqmp);
#ifdef SSHKEY_INTERNAL
int ssh_rsa_sign(const struct sshkey *key,
/* stateful keys (e.g. XMSS) */
#ifdef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS
diff -up openssh/ssh-pkcs11-client.c.openssl openssh/ssh-pkcs11-client.c
--- openssh/ssh-pkcs11-client.c.openssl 2017-09-19 06:26:43.000000000 +0200
+++ openssh/ssh-pkcs11-client.c 2017-09-26 13:19:31.803249734 +0200
@ -2594,7 +2565,7 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c
}
} else {
cp = attribs[2].pValue;
@@ -525,17 +538,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
@@ -525,16 +538,18 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
== NULL) {
error("d2i_X509 failed");
} else if ((evp = X509_get_pubkey(x509)) == NULL ||
@ -2608,8 +2579,7 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c
== NULL) {
error("RSAPublicKey_dup");
}
if (x509)
X509_free(x509);
X509_free(x509);
}
- if (rsa && rsa->n && rsa->e &&
+ if (rsa)
@ -2621,21 +2591,19 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c
diff -up openssh/ssh-rsa.c.openssl openssh/ssh-rsa.c
--- openssh/ssh-rsa.c.openssl 2017-09-19 06:26:43.000000000 +0200
+++ openssh/ssh-rsa.c 2017-09-26 13:19:31.803249734 +0200
@@ -78,37 +78,46 @@ rsa_hash_alg_nid(int type)
}
@@ -78,38 +78,50 @@ rsa_hash_alg_nid(int type)
}
-/* calculate p-1 and q-1 */
+/* calculate d mod p-1 and d mod q-1 */
int
-ssh_rsa_generate_additional_parameters(struct sshkey *key)
+ssh_rsa_generate_additional_parameters(struct sshkey *key, BIGNUM *iqmp)
{
- RSA *rsa;
BIGNUM *aux = NULL;
BN_CTX *ctx = NULL;
- BIGNUM d;
+ BIGNUM *d = NULL;
int r;
+ const BIGNUM *p, *q, *d;
+ const BIGNUM *p, *q, *rsa_d;
+ BIGNUM *dmp1 = NULL, *dmq1 = NULL;
if (key == NULL || key->rsa == NULL ||
@ -2646,21 +2614,26 @@ diff -up openssh/ssh-rsa.c.openssl openssh/ssh-rsa.c
- return SSH_ERR_ALLOC_FAIL;
- if ((aux = BN_new()) == NULL) {
+ RSA_get0_factors(key->rsa, &p, &q);
+ RSA_get0_key(key->rsa, NULL, NULL, &d);
+ RSA_get0_key(key->rsa, NULL, NULL, &rsa_d);
+
+ if ((ctx = BN_CTX_new()) == NULL ||
+ (aux = BN_new()) == NULL ||
+ (d = BN_new()) == NULL ||
+ (dmp1 = BN_new()) == NULL ||
+ (dmq1 = BN_new()) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
- rsa = key->rsa;
BN_set_flags(aux, BN_FLG_CONSTTIME);
- if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
- (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
- (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
- (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
- BN_init(&d);
- BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME);
+ BN_with_flags(d, rsa_d, BN_FLG_CONSTTIME);
- if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) ||
- (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) ||
- (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) ||
- (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) {
+ if ((BN_sub(aux, q, BN_value_one()) == 0) ||
+ (BN_mod(dmq1, d, aux, ctx) == 0) ||
+ (BN_sub(aux, p, BN_value_one()) == 0) ||
@ -2673,6 +2646,7 @@ diff -up openssh/ssh-rsa.c.openssl openssh/ssh-rsa.c
+ dmq1 = NULL;
r = 0;
out:
+ BN_free(d);
BN_clear_free(aux);
+ BN_clear_free(dmp1);
+ BN_clear_free(dmq1);

View File

@ -756,7 +756,7 @@ diff -up openssh-7.6p1/auth2-hostbased.c.audit openssh-7.6p1/auth2-hostbased.c
if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
- PRIVSEP(sshkey_verify(key, sig, slen,
+ PRIVSEP(hostbased_key_verify(key, sig, slen,
sshbuf_ptr(b), sshbuf_len(b), ssh->compat)) == 0)
sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat)) == 0)
authenticated = 1;
@@ -169,6 +169,19 @@ done:
@ -765,11 +765,11 @@ diff -up openssh-7.6p1/auth2-hostbased.c.audit openssh-7.6p1/auth2-hostbased.c
+int
+hostbased_key_verify(const struct sshkey *key, const u_char *sig, size_t slen,
+ const u_char *data, size_t datalen, u_int compat)
+ const u_char *data, size_t datalen, const char *pkalg, u_int compat)
+{
+ int rv;
+
+ rv = sshkey_verify(key, sig, slen, data, datalen, compat);
+ rv = sshkey_verify(key, sig, slen, data, datalen, pkalg, compat);
+#ifdef SSH_AUDIT_EVENTS
+ audit_key(0, &rv, key);
+#endif
@ -785,10 +785,10 @@ diff -up openssh-7.6p1/auth2-pubkey.c.audit openssh-7.6p1/auth2-pubkey.c
@@ -206,7 +206,7 @@ userauth_pubkey(struct ssh *ssh)
/* test for correct signature */
authenticated = 0;
if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) &&
if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
- PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b),
+ PRIVSEP(user_key_verify(key, sig, slen, sshbuf_ptr(b),
sshbuf_len(b), ssh->compat)) == 0) {
sshbuf_len(b), NULL, ssh->compat)) == 0) {
authenticated = 1;
}
@@ -250,6 +250,19 @@ done:
@ -797,11 +797,11 @@ diff -up openssh-7.6p1/auth2-pubkey.c.audit openssh-7.6p1/auth2-pubkey.c
+int
+user_key_verify(const struct sshkey *key, const u_char *sig, size_t slen,
+ const u_char *data, size_t datalen, u_int compat)
+ const u_char *data, size_t datalen, const char *pkalg, u_int compat)
+{
+ int rv;
+
+ rv = sshkey_verify(key, sig, slen, data, datalen, compat);
+ rv = sshkey_verify(key, sig, slen, data, datalen, pkalg, compat);
+#ifdef SSH_AUDIT_EVENTS
+ audit_key(1, &rv, key);
+#endif
@ -836,22 +836,24 @@ diff -up openssh-7.6p1/auth.c.audit openssh-7.6p1/auth.c
diff -up openssh-7.6p1/auth.h.audit openssh-7.6p1/auth.h
--- openssh-7.6p1/auth.h.audit 2017-10-04 17:18:32.768504711 +0200
+++ openssh-7.6p1/auth.h 2017-10-04 17:18:32.836505059 +0200
@@ -198,6 +198,7 @@ struct passwd * getpwnamallow(const char
@@ -198,6 +198,8 @@ struct passwd * getpwnamallow(const char
char *expand_authorized_keys(const char *, struct passwd *pw);
char *authorized_principals_file(struct passwd *);
+int user_key_verify(const struct sshkey *, const u_char *, size_t, const u_char *, size_t, u_int);
+int user_key_verify(const struct sshkey *, const u_char *, size_t,
+ const u_char *, size_t, const char *, u_int);
FILE *auth_openkeyfile(const char *, struct passwd *, int);
FILE *auth_openprincipals(const char *, struct passwd *, int);
@@ -217,6 +218,7 @@ struct sshkey *get_hostkey_private_by_ty
@@ -217,6 +218,8 @@ struct sshkey *get_hostkey_private_by_ty
int get_hostkey_index(struct sshkey *, int, struct ssh *);
int sshd_hostkey_sign(struct sshkey *, struct sshkey *, u_char **,
size_t *, const u_char *, size_t, const char *, u_int);
+int hostbased_key_verify(const struct sshkey *, const u_char *, size_t, const u_char *, size_t, u_int);
+int hostbased_key_verify(const struct sshkey *, const u_char *, size_t,
+ const u_char *, size_t, const char *, u_int);
/* debug messages during authentication */
void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
/* Key / cert options linkage to auth layer */
const struct sshauthopt *auth_options(struct ssh *);
diff -up openssh-7.6p1/cipher.c.audit openssh-7.6p1/cipher.c
--- openssh-7.6p1/cipher.c.audit 2017-10-02 21:34:26.000000000 +0200
+++ openssh-7.6p1/cipher.c 2017-10-04 17:18:32.836505059 +0200
@ -1100,8 +1102,8 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
#include "ssherr.h"
@@ -117,6 +118,8 @@ extern Buffer auth_debug;
extern int auth_debug_init;
extern Buffer loginmsg;
extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */
+extern void destroy_sensitive_data(int);
+
@ -1144,7 +1146,7 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
{0, 0, NULL}
};
@@ -1396,7 +1413,9 @@ mm_answer_keyverify(int sock, struct ssh
u_char *signature, *data, *blob;
char *sigalg;
size_t signaturelen, datalen, bloblen;
int r, ret, valid_data = 0, encoded_ret;
+ int type = 0;
@ -1152,7 +1154,7 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
+ type = buffer_get_int(m);
if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
(r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
(r = sshbuf_get_string(m, &data, &datalen)) != 0)
(r = sshbuf_get_string(m, &data, &datalen)) != 0 ||
@@ -1405,6 +1424,8 @@ mm_answer_keyverify(int sock, struct ssh
if (hostbased_cuser == NULL || hostbased_chost == NULL ||
!monitor_allowed_key(blob, bloblen))
@ -1160,20 +1162,20 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
+ if (type != key_blobtype)
+ fatal("%s: bad key type", __func__);
/* XXX use sshkey_froms here; need to change key_blob, etc. */
if ((r = sshkey_from_blob(blob, bloblen, &key)) != 0)
/* Empty signature algorithm means NULL. */
if (*sigalg == '\0') {
@@ -1414,21 +1435,24 @@ mm_answer_keyverify(int sock, struct ssh
case MM_USERKEY:
valid_data = monitor_valid_userblob(data, datalen);
auth_method = "publickey";
+ ret = user_key_verify(key, signature, signaturelen, data,
+ datalen, active_state->compat);
+ datalen, sigalg, active_state->compat);
break;
case MM_HOSTKEY:
valid_data = monitor_valid_hostbasedblob(data, datalen,
hostbased_cuser, hostbased_chost);
+ ret = hostbased_key_verify(key, signature, signaturelen, data,
+ datalen, active_state->compat);
+ datalen, sigalg, active_state->compat);
auth_method = "hostbased";
break;
default:
@ -1185,7 +1187,7 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
fatal("%s: bad signature data blob", __func__);
- ret = sshkey_verify(key, signature, signaturelen, data, datalen,
- active_state->compat);
- sigalg, active_state->compat);
debug3("%s: %s %p signature %s", __func__, auth_method, key,
(ret == 0) ? "verified" : "unverified");
auth2_record_key(authctxt, ret == 0, key);
@ -1400,7 +1402,7 @@ diff -up openssh-7.6p1/monitor_wrap.c.audit openssh-7.6p1/monitor_wrap.c
int
-mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen,
+mm_sshkey_verify(enum mm_keytype type, const struct sshkey *key, const u_char *sig, size_t siglen,
const u_char *data, size_t datalen, u_int compat)
const u_char *data, size_t datalen, const char *sigalg, u_int compat)
{
Buffer m;
@@ -478,6 +478,7 @@ mm_sshkey_verify(const struct sshkey *ke
@ -1417,16 +1419,16 @@ diff -up openssh-7.6p1/monitor_wrap.c.audit openssh-7.6p1/monitor_wrap.c
+int
+mm_hostbased_key_verify(const struct sshkey *key, const u_char *sig, size_t siglen,
+ const u_char *data, size_t datalen, u_int compat)
+ const u_char *data, size_t datalen, const char *pkalg, u_int compat)
+{
+ return mm_sshkey_verify(MM_HOSTKEY, key, sig, siglen, data, datalen, compat);
+ return mm_sshkey_verify(MM_HOSTKEY, key, sig, siglen, data, datalen, pkalg, compat);
+}
+
+int
+mm_user_key_verify(const struct sshkey *key, const u_char *sig, size_t siglen,
+ const u_char *data, size_t datalen, u_int compat)
+ const u_char *data, size_t datalen, const char *pkalg, u_int compat)
+{
+ return mm_sshkey_verify(MM_USERKEY, key, sig, siglen, data, datalen, compat);
+ return mm_sshkey_verify(MM_USERKEY, key, sig, siglen, data, datalen, pkalg, compat);
+}
+
void
@ -1547,14 +1549,14 @@ diff -up openssh-7.6p1/monitor_wrap.h.audit openssh-7.6p1/monitor_wrap.h
--- openssh-7.6p1/monitor_wrap.h.audit 2017-10-04 17:18:32.750504619 +0200
+++ openssh-7.6p1/monitor_wrap.h 2017-10-04 17:18:32.838505069 +0200
@@ -53,7 +53,9 @@ int mm_key_allowed(enum mm_keytype, cons
int mm_user_key_allowed(struct passwd *, struct sshkey *, int);
struct sshauthopt **);
int mm_hostbased_key_allowed(struct passwd *, const char *,
const char *, struct sshkey *);
-int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t,
+int mm_hostbased_key_verify(const struct sshkey *, const u_char *, size_t,
+ const u_char *, size_t, u_int);
+ const u_char *, size_t, const char *, u_int);
+int mm_user_key_verify(const struct sshkey *, const u_char *, size_t,
const u_char *, size_t, u_int);
const u_char *, size_t, const char *, u_int);
#ifdef GSSAPI
@@ -78,7 +80,12 @@ void mm_sshpam_free_ctx(void *);
@ -1743,8 +1745,8 @@ diff -up openssh-7.6p1/session.c.audit openssh-7.6p1/session.c
-extern void destroy_sensitive_data(void);
+extern void destroy_sensitive_data(int);
extern Buffer loginmsg;
/* original command from peer. */
extern struct sshauthopt *auth_opts;
char *tun_fwd_ifnames; /* serverloop.c */
@@ -605,6 +605,14 @@ do_exec_pty(struct ssh *ssh, Session *s,
/* Parent. Close the slave side of the pseudo tty. */
close(ttyfd);
@ -1930,8 +1932,8 @@ diff -up openssh-7.6p1/sshd.c.audit openssh-7.6p1/sshd.c
#include "monitor_wrap.h"
+#include "audit.h"
#include "ssh-sandbox.h"
#include "auth-options.h"
#include "version.h"
#include "ssherr.h"
@@ -248,7 +249,7 @@ Buffer loginmsg;
struct passwd *privsep_pw = NULL;
@ -1970,7 +1972,7 @@ diff -up openssh-7.6p1/sshd.c.audit openssh-7.6p1/sshd.c
-destroy_sensitive_data(void)
+destroy_sensitive_data(int privsep)
{
int i;
u_int i;
+#ifdef SSH_AUDIT_EVENTS
+ pid_t pid;
+ uid_t uid;
@ -2009,7 +2011,7 @@ diff -up openssh-7.6p1/sshd.c.audit openssh-7.6p1/sshd.c
@@ -499,12 +536,30 @@ demote_sensitive_data(void)
{
struct sshkey *tmp;
int i;
u_int i;
+#ifdef SSH_AUDIT_EVENTS
+ pid_t pid;
+ uid_t uid;

View File

@ -9,11 +9,11 @@ diff -up openssh/auth2-pubkey.c.refactor openssh/auth2-pubkey.c
+extern int rexeced_flag;
+extern Authctxt *the_authctxt;
static int
userauth_pubkey(struct ssh *ssh)
static char *
format_key(const struct sshkey *key)
@@ -432,7 +435,8 @@ match_principals_command(struct passwd *
if ((pid = subprocess("AuthorizedPrincipalsCommand", pw, command,
if ((pid = subprocess("AuthorizedPrincipalsCommand", runas_pw, command,
ac, av, &f,
- SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)
+ SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD,
@ -23,7 +23,7 @@ diff -up openssh/auth2-pubkey.c.refactor openssh/auth2-pubkey.c
uid_swapped = 1;
@@ -762,7 +766,8 @@ user_key_command_allowed2(struct passwd
if ((pid = subprocess("AuthorizedKeysCommand", pw, command,
if ((pid = subprocess("AuthorizedKeysCommand", runas_pw, command,
ac, av, &f,
- SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)
+ SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD,
@ -31,9 +31,9 @@ diff -up openssh/auth2-pubkey.c.refactor openssh/auth2-pubkey.c
goto out;
uid_swapped = 1;
diff -up openssh/misc.c.refactor openssh/misc.c
--- openssh/misc.c.refactor 2017-09-27 13:10:19.640831071 +0200
+++ openssh/misc.c 2017-09-27 13:10:19.678831279 +0200
diff -up openssh/auth.c.refactor openssh/auth.c
--- openssh/auth.c.refactor 2017-09-27 13:10:19.640831071 +0200
+++ openssh/auth.c 2017-09-27 13:10:19.678831279 +0200
@@ -1435,7 +1435,8 @@ argv_assemble(int argc, char **argv)
*/
pid_t
@ -53,18 +53,18 @@ diff -up openssh/misc.c.refactor openssh/misc.c
error ("failed to copy environment: %s",
strerror(errno));
_exit(127);
diff -up openssh/misc.h.refactor openssh/misc.h
--- openssh/misc.h.refactor 2017-09-25 01:48:10.000000000 +0200
+++ openssh/misc.h 2017-09-27 13:10:19.678831279 +0200
diff -up openssh/auth.h.refactor openssh/auth.h
--- openssh/auth.h.refactor 2017-09-25 01:48:10.000000000 +0200
+++ openssh/auth.h 2017-09-27 13:10:19.678831279 +0200
@@ -144,7 +144,7 @@ int exited_cleanly(pid_t, const char *,
#define SSH_SUBPROCESS_STDOUT_CAPTURE (1<<1) /* Redirect stdout */
#define SSH_SUBPROCESS_STDERR_DISCARD (1<<2) /* Discard stderr */
pid_t subprocess(const char *, struct passwd *,
#define SSH_SUBPROCESS_STDOUT_CAPTURE (1<<1) /* Redirect stdout */
#define SSH_SUBPROCESS_STDERR_DISCARD (1<<2) /* Discard stderr */
pid_t subprocess(const char *, struct passwd *,
- const char *, int, char **, FILE **, u_int flags);
+ const char *, int, char **, FILE **, u_int flags, int, void *);
struct stat;
int safe_path(const char *, struct stat *, const char *, uid_t,
int sys_auth_passwd(struct ssh *, const char *);
diff -up openssh/openbsd-compat/port-linux.h.refactor openssh/openbsd-compat/port-linux.h
--- openssh/openbsd-compat/port-linux.h.refactor 2017-09-27 13:10:19.634831038 +0200
+++ openssh/openbsd-compat/port-linux.h 2017-09-27 13:10:54.954025248 +0200

View File

@ -1,47 +0,0 @@
From 7c9613fac3371cf65fb07739212cdd1ebf6575da Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 4 Oct 2017 18:49:30 +0000
Subject: [PATCH] upstream commit
fix (another) problem in PermitOpen introduced during the
channels.c refactor: the third and subsequent arguments to PermitOpen were
being silently ignored; ok markus@
Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd
---
servconf.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/servconf.c b/servconf.c
index 2c321a4ad..956862959 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.312 2017/10/02 19:33:20 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.313 2017/10/04 18:49:30 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -1663,9 +1663,9 @@ process_server_config_line(ServerOptions *options, char *line,
if (!arg || *arg == '\0')
fatal("%s line %d: missing PermitOpen specification",
filename, linenum);
- i = options->num_permitted_opens; /* modified later */
+ value = options->num_permitted_opens; /* modified later */
if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
- if (*activep && i == 0) {
+ if (*activep && value == 0) {
options->num_permitted_opens = 1;
options->permitted_opens = xcalloc(1,
sizeof(*options->permitted_opens));
@@ -1683,7 +1683,7 @@ process_server_config_line(ServerOptions *options, char *line,
if (arg == NULL || ((port = permitopen_port(arg)) < 0))
fatal("%s line %d: bad port number in "
"PermitOpen", filename, linenum);
- if (*activep && i == 0) {
+ if (*activep && value == 0) {
options->permitted_opens = xrecallocarray(
options->permitted_opens,
options->num_permitted_opens,

View File

@ -65,10 +65,10 @@
%endif
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 7.6p1
%global openssh_rel 7
%global openssh_ver 7.7p1
%global openssh_rel 1
%global pam_ssh_agent_ver 0.10.3
%global pam_ssh_agent_rel 3
%global pam_ssh_agent_rel 4
Summary: An open source implementation of SSH protocol version 2
Name: openssh
@ -77,8 +77,9 @@ Release: %{openssh_rel}%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html
#URL1: http://pamsshagentauth.sourceforge.net
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
Source2: sshd.pam
Source3: DJM-GPG-KEY.gpg
Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
Source5: pam_ssh_agent-rmheaders
Source6: ssh-keycat.pam
@ -209,9 +210,6 @@ Patch920: openssh-6.6.1p1-ip-port-config-parser.patch
Patch922: openssh-6.8p1-sshdT-output.patch
# Add sftp option to force mode of created files (#1191055)
Patch926: openssh-6.7p1-sftp-force-permission.patch
# Memory problems
# https://bugzilla.mindrot.org/show_bug.cgi?id=2401
Patch928: openssh-6.8p1-memory-problems.patch
# Restore compatible default (#89216)
Patch929: openssh-6.9p1-permit-root-login.patch
# Add GSSAPIKexAlgorithms option for server and client application
@ -228,8 +226,6 @@ Patch948: openssh-7.4p1-systemd.patch
Patch949: openssh-7.6p1-cleanup-selinux.patch
# Sandbox adjustments for s390 and audit
Patch950: openssh-7.5p1-sandbox.patch
# PermitOpen bug in OpenSSH 7.6:
Patch951: openssh-7.6p1-permitopen-bug.patch
License: BSD
@ -276,6 +272,8 @@ BuildRequires: audit-libs >= 1.0.8
%endif
BuildRequires: xauth
# for tarball signature verification
BuildRequires: gnupg2
%package clients
Summary: An open source SSH client applications
@ -378,6 +376,7 @@ remote ssh-agent instance.
The module is most useful for su and sudo service stacks.
%prep
gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
%setup -q -a 4
#Do not enable by default
%if 0
@ -441,7 +440,6 @@ popd
%patch802 -p1 -b .GSSAPIEnablek5users
%patch922 -p1 -b .sshdt
%patch926 -p1 -b .sftp-force-mode
%patch928 -p1 -b .memory
%patch929 -p1 -b .root-login
%patch932 -p1 -b .gsskexalg
%patch933 -p1 -b .fingerprint
@ -451,7 +449,6 @@ popd
%patch807 -p1 -b .gsskex-ec
%patch949 -p1 -b .refactor
%patch950 -p1 -b .sandbox
%patch951 -p1 -b .permitOpen
%patch200 -p1 -b .audit
%patch201 -p1 -b .audit-race

View File

@ -154,3 +154,15 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent
goto user_auth_clean_exit;
/* test for correct signature */
diff -up openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-sshkey openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
--- openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-sshkey 2018-04-04 13:55:02.383899631 +0200
+++ openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c 2018-04-04 13:58:36.759339845 +0200
@@ -89,7 +89,7 @@ userauth_pubkey_from_id(const char *ruse
goto user_auth_clean_exit;
/* test for correct signature */
- if(key_verify(id->key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
+ if(sshkey_verify(id->key, sig, slen, buffer_ptr(&b), buffer_len(&b), NULL, 0) == 0)
authenticated = 1;
user_auth_clean_exit:

View File

@ -1,2 +1,4 @@
SHA512 (openssh-7.6p1.tar.gz) = de17fdcb8239401f76740c8d689a8761802f6df94e68d953f3c70b9f4f8bdb403617c48c1d01cc8c368d88e9d50aee540bf03d5a36687dfb39dfd28d73029d72
SHA512 (openssh-7.7p1.tar.gz) = 597252cb48209a0cb98ca1928a67e8d63e4275252f25bc37269204c108f034baade6ba0634e32ae63422fddd280f73096a6b31ad2f2e7a848dde75ca30e14261
SHA512 (openssh-7.7p1.tar.gz.asc) = 9445a589a84538fb0b4eae0f7bf6ce46def51b09254d6fffcc6ed64472f10ccf9e4d5d200387725043039d77ca886e2c8e8f3128e7969c582156fafb0783988d
SHA512 (DJM-GPG-KEY.gpg) = db1191ed9b6495999e05eed2ef863fb5179bdb63e94850f192dad68eed8579836f88fbcfffd9f28524fe1457aff8cd248ee3e0afc112c8f609b99a34b80ecc0d
SHA512 (pam_ssh_agent_auth-0.10.3.tar.bz2) = d75062c4e46b0b011f46aed9704a99049995fea8b5115ff7ee26dad7e93cbcf54a8af7efc6b521109d77dc03c6f5284574d2e1b84c6829cec25610f24fb4bd66