Fix CVE-2026-3497

Fix information disclosure or denial of service due to uninitialized variables in gssapi-keyex Resolves: RHEL-155825 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2026-03-16 16:28:51 +01:00 · 2026-03-16 16:28:51 +01:00 · 59346084f6
commit 59346084f6
parent 08d29bf220
2 changed files with 27 additions and 20 deletions
--- a/openssh-9.6p1-gssapi-keyex.patch
+++ b/openssh-9.6p1-gssapi-keyex.patch
@ -1240,7 +1240,7 @@ diff --color -ruNp a/kexgen.c b/kexgen.c
     const struct sshbuf *client_version,
 diff --color -ruNp a/kexgssc.c b/kexgssc.c
 --- a/kexgssc.c	1970-01-01 01:00:00.000000000 +0100
-+++ b/kexgssc.c	2024-10-14 15:18:02.491798105 +0200
+++ b/kexgssc.c	2026-03-13 12:25:23.115812190 +0100
@@ -0,0 +1,706 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
@ -1369,7 +1369,7 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
 +
 +	/* Verify that the hash matches the MIC we just got. */
 +	if (GSS_ERROR(ssh_gssapi_checkmic(gss, &gss->buf, &gss->msg_tok)))
-+		sshpkt_disconnect(ssh, "Hash's MIC didn't verify");
+		ssh_packet_disconnect(ssh, "Hash's MIC didn't verify");
 +
 +	gss_release_buffer(&gss->minor, &gss->msg_tok);
 +
@ -1592,10 +1592,10 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
 +			fatal("Failed to read token: %s", ssh_err(r));
 +		/* If we're already complete - protocol error */
 +		if (gss->major == GSS_S_COMPLETE)
-+			sshpkt_disconnect(ssh, "Protocol error: received token when complete");
+			ssh_packet_disconnect(ssh, "Protocol error: received token when complete");
 +	} else {
 +		if (gss->major != GSS_S_COMPLETE)
-+			sshpkt_disconnect(ssh, "Protocol error: did not receive final token");
+			ssh_packet_disconnect(ssh, "Protocol error: did not receive final token");
 +	}
 +	if ((r = sshpkt_get_end(ssh)) != 0)
 +		fatal("Expecting end of packet.");
@ -1731,7 +1731,7 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
 +
 +	/* Verify that the hash matches the MIC we just got. */
 +	if (GSS_ERROR(ssh_gssapi_checkmic(gss, &gss->buf, &gss->msg_tok)))
-+		sshpkt_disconnect(ssh, "Hash's MIC didn't verify");
+		ssh_packet_disconnect(ssh, "Hash's MIC didn't verify");
 +
 +	gss_release_buffer(&gss->minor, &gss->msg_tok);
 +
@ -1932,10 +1932,10 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
 +			fatal("Failed to read token: %s", ssh_err(r));
 +		/* If we're already complete - protocol error */
 +		if (gss->major == GSS_S_COMPLETE)
-+			sshpkt_disconnect(ssh, "Protocol error: received token when complete");
+			ssh_packet_disconnect(ssh, "Protocol error: received token when complete");
 +	} else {
 +		if (gss->major != GSS_S_COMPLETE)
-+			sshpkt_disconnect(ssh, "Protocol error: did not receive final token");
+			ssh_packet_disconnect(ssh, "Protocol error: did not receive final token");
 +	}
 +	if ((r = sshpkt_get_end(ssh)) != 0)
 +		fatal("Expecting end of packet.");
@ -1950,8 +1950,8 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
 +#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */
 diff --color -ruNp a/kexgsss.c b/kexgsss.c
 --- a/kexgsss.c	1970-01-01 01:00:00.000000000 +0100
-+++ b/kexgsss.c	2024-10-14 15:18:02.491798105 +0200
-@@ -0,0 +1,601 @@
+++ b/kexgsss.c	2026-03-13 12:32:17.556172591 +0100
+@@ -0,0 +1,603 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
 + *
@ -2083,7 +2083,7 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
 +{
 +	struct kex *kex = ssh->kex;
 +	Gssctxt *gss = kex->gss;
-+	gss_buffer_desc msg_tok;
+	gss_buffer_desc msg_tok = GSS_C_EMPTY_BUFFER;
 +	u_char hash[SSH_DIGEST_MAX_LENGTH];
 +	size_t hashlen;
 +	struct sshbuf *shared_secret = NULL;
@ -2167,7 +2167,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
 +	Gssctxt *gss = kex->gss;
 +	struct sshbuf *empty;
 +	struct sshbuf *client_pubkey = NULL;
-+	gss_buffer_desc recv_tok, send_tok = GSS_C_EMPTY_BUFFER;
+	gss_buffer_desc recv_tok = GSS_C_EMPTY_BUFFER;
+	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
 +	OM_uint32 ret_flags = 0;
 +	int r;
 +
@ -2243,7 +2244,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
 +		      struct ssh *ssh)
 +{
 +	Gssctxt *gss = ssh->kex->gss;
-+	gss_buffer_desc recv_tok, send_tok = GSS_C_EMPTY_BUFFER;
+	gss_buffer_desc recv_tok = GSS_C_EMPTY_BUFFER;
+	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
 +	OM_uint32 ret_flags = 0;
 +	int r;
 +
@ -2334,7 +2336,7 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
 +{
 +	struct kex *kex = ssh->kex;
 +	Gssctxt *gss = kex->gss;
-+	gss_buffer_desc msg_tok;
+	gss_buffer_desc msg_tok = GSS_C_EMPTY_BUFFER;
 +	u_char hash[SSH_DIGEST_MAX_LENGTH];
 +	size_t hashlen;
 +	const BIGNUM *pub_key, *dh_p, *dh_g;
@ -2475,10 +2477,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
 +		fatal("GSS_GEX, bad parameters: %d !< %d !< %d", min, nbits, max);
 +
 +	kex->dh = mm_choose_dh(min, nbits, max);
-+	if (kex->dh == NULL) {
-+		sshpkt_disconnect(ssh, "Protocol error: no matching group found");
-+		fatal("Protocol error: no matching group found");
-+	}
+	if (kex->dh == NULL)
+		ssh_packet_disconnect(ssh, "Protocol error: no matching group found");
 +
 +	DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
 +	if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_GROUP)) != 0 ||
@ -2510,7 +2510,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
 +		     struct ssh *ssh)
 +{
 +	Gssctxt *gss = ssh->kex->gss;
-+	gss_buffer_desc recv_tok, send_tok = GSS_C_EMPTY_BUFFER;
+	gss_buffer_desc recv_tok = GSS_C_EMPTY_BUFFER;
+	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
 +	OM_uint32 ret_flags = 0;
 +	int r;
 +
@ -2537,7 +2538,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
 +			 struct ssh *ssh)
 +{
 +	Gssctxt *gss = ssh->kex->gss;
-+	gss_buffer_desc recv_tok, send_tok = GSS_C_EMPTY_BUFFER;
+	gss_buffer_desc recv_tok = GSS_C_EMPTY_BUFFER;
+	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
 +	OM_uint32 ret_flags = 0;
 +	int r;
 +
--- a/openssh.spec
+++ b/openssh.spec
@ -47,7 +47,7 @@

 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 9.9p1
-%global openssh_rel 4
+%global openssh_rel 5
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 7

@ -748,6 +748,11 @@ test -f %{sysconfig_anaconda} && \
 %endif

 %changelog
+* Mon Mar 16 2026 Zoltan Fridrich <zfridric@redhat.com> - 9.9p1-5
+- CVE-2026-3497: Fix information disclosure or denial of service due
+  to uninitialized variables in gssapi-keyex
+  Resolves: RHEL-155825
+
 * Wed Feb 25 2026 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-4
 - Provide a way to skip unsupported ML-KEM hybrid algorithms in FIPS mode
  Resolves: RHEL-151580