From 59346084f64e90fdc48d31f60323abc9b576f790 Mon Sep 17 00:00:00 2001
From: Zoltan Fridrich <zfridric@redhat.com>
Date: Mon, 16 Mar 2026 16:28:51 +0100
Subject: [PATCH] Fix CVE-2026-3497

Fix information disclosure or denial of service due
to uninitialized variables in gssapi-keyex

Resolves: RHEL-155825

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
---
 openssh-9.6p1-gssapi-keyex.patch | 40 +++++++++++++++++---------------
 openssh.spec                     |  7 +++++-
 2 files changed, 27 insertions(+), 20 deletions(-)

diff --git a/openssh-9.6p1-gssapi-keyex.patch b/openssh-9.6p1-gssapi-keyex.patch
index ef1f97e..16892ac 100644
--- a/openssh-9.6p1-gssapi-keyex.patch
+++ b/openssh-9.6p1-gssapi-keyex.patch
@@ -1240,7 +1240,7 @@ diff --color -ruNp a/kexgen.c b/kexgen.c
      const struct sshbuf *client_version,
 diff --color -ruNp a/kexgssc.c b/kexgssc.c
 --- a/kexgssc.c	1970-01-01 01:00:00.000000000 +0100
-+++ b/kexgssc.c	2024-10-14 15:18:02.491798105 +0200
++++ b/kexgssc.c	2026-03-13 12:25:23.115812190 +0100
 @@ -0,0 +1,706 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
@@ -1369,7 +1369,7 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
 +
 +	/* Verify that the hash matches the MIC we just got. */
 +	if (GSS_ERROR(ssh_gssapi_checkmic(gss, &gss->buf, &gss->msg_tok)))
-+		sshpkt_disconnect(ssh, "Hash's MIC didn't verify");
++		ssh_packet_disconnect(ssh, "Hash's MIC didn't verify");
 +
 +	gss_release_buffer(&gss->minor, &gss->msg_tok);
 +
@@ -1592,10 +1592,10 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
 +			fatal("Failed to read token: %s", ssh_err(r));
 +		/* If we're already complete - protocol error */
 +		if (gss->major == GSS_S_COMPLETE)
-+			sshpkt_disconnect(ssh, "Protocol error: received token when complete");
++			ssh_packet_disconnect(ssh, "Protocol error: received token when complete");
 +	} else {
 +		if (gss->major != GSS_S_COMPLETE)
-+			sshpkt_disconnect(ssh, "Protocol error: did not receive final token");
++			ssh_packet_disconnect(ssh, "Protocol error: did not receive final token");
 +	}
 +	if ((r = sshpkt_get_end(ssh)) != 0)
 +		fatal("Expecting end of packet.");
@@ -1731,7 +1731,7 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
 +
 +	/* Verify that the hash matches the MIC we just got. */
 +	if (GSS_ERROR(ssh_gssapi_checkmic(gss, &gss->buf, &gss->msg_tok)))
-+		sshpkt_disconnect(ssh, "Hash's MIC didn't verify");
++		ssh_packet_disconnect(ssh, "Hash's MIC didn't verify");
 +
 +	gss_release_buffer(&gss->minor, &gss->msg_tok);
 +
@@ -1932,10 +1932,10 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
 +			fatal("Failed to read token: %s", ssh_err(r));
 +		/* If we're already complete - protocol error */
 +		if (gss->major == GSS_S_COMPLETE)
-+			sshpkt_disconnect(ssh, "Protocol error: received token when complete");
++			ssh_packet_disconnect(ssh, "Protocol error: received token when complete");
 +	} else {
 +		if (gss->major != GSS_S_COMPLETE)
-+			sshpkt_disconnect(ssh, "Protocol error: did not receive final token");
++			ssh_packet_disconnect(ssh, "Protocol error: did not receive final token");
 +	}
 +	if ((r = sshpkt_get_end(ssh)) != 0)
 +		fatal("Expecting end of packet.");
@@ -1950,8 +1950,8 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
 +#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */
 diff --color -ruNp a/kexgsss.c b/kexgsss.c
 --- a/kexgsss.c	1970-01-01 01:00:00.000000000 +0100
-+++ b/kexgsss.c	2024-10-14 15:18:02.491798105 +0200
-@@ -0,0 +1,601 @@
++++ b/kexgsss.c	2026-03-13 12:32:17.556172591 +0100
+@@ -0,0 +1,603 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
 + *
@@ -2083,7 +2083,7 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
 +{
 +	struct kex *kex = ssh->kex;
 +	Gssctxt *gss = kex->gss;
-+	gss_buffer_desc msg_tok;
++	gss_buffer_desc msg_tok = GSS_C_EMPTY_BUFFER;
 +	u_char hash[SSH_DIGEST_MAX_LENGTH];
 +	size_t hashlen;
 +	struct sshbuf *shared_secret = NULL;
@@ -2167,7 +2167,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
 +	Gssctxt *gss = kex->gss;
 +	struct sshbuf *empty;
 +	struct sshbuf *client_pubkey = NULL;
-+	gss_buffer_desc recv_tok, send_tok = GSS_C_EMPTY_BUFFER;
++	gss_buffer_desc recv_tok = GSS_C_EMPTY_BUFFER;
++	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
 +	OM_uint32 ret_flags = 0;
 +	int r;
 +
@@ -2243,7 +2244,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
 +		      struct ssh *ssh)
 +{
 +	Gssctxt *gss = ssh->kex->gss;
-+	gss_buffer_desc recv_tok, send_tok = GSS_C_EMPTY_BUFFER;
++	gss_buffer_desc recv_tok = GSS_C_EMPTY_BUFFER;
++	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
 +	OM_uint32 ret_flags = 0;
 +	int r;
 +
@@ -2334,7 +2336,7 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
 +{
 +	struct kex *kex = ssh->kex;
 +	Gssctxt *gss = kex->gss;
-+	gss_buffer_desc msg_tok;
++	gss_buffer_desc msg_tok = GSS_C_EMPTY_BUFFER;
 +	u_char hash[SSH_DIGEST_MAX_LENGTH];
 +	size_t hashlen;
 +	const BIGNUM *pub_key, *dh_p, *dh_g;
@@ -2475,10 +2477,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
 +		fatal("GSS_GEX, bad parameters: %d !< %d !< %d", min, nbits, max);
 +
 +	kex->dh = mm_choose_dh(min, nbits, max);
-+	if (kex->dh == NULL) {
-+		sshpkt_disconnect(ssh, "Protocol error: no matching group found");
-+		fatal("Protocol error: no matching group found");
-+	}
++	if (kex->dh == NULL)
++		ssh_packet_disconnect(ssh, "Protocol error: no matching group found");
 +
 +	DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
 +	if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_GROUP)) != 0 ||
@@ -2510,7 +2510,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
 +		     struct ssh *ssh)
 +{
 +	Gssctxt *gss = ssh->kex->gss;
-+	gss_buffer_desc recv_tok, send_tok = GSS_C_EMPTY_BUFFER;
++	gss_buffer_desc recv_tok = GSS_C_EMPTY_BUFFER;
++	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
 +	OM_uint32 ret_flags = 0;
 +	int r;
 +
@@ -2537,7 +2538,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
 +			 struct ssh *ssh)
 +{
 +	Gssctxt *gss = ssh->kex->gss;
-+	gss_buffer_desc recv_tok, send_tok = GSS_C_EMPTY_BUFFER;
++	gss_buffer_desc recv_tok = GSS_C_EMPTY_BUFFER;
++	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
 +	OM_uint32 ret_flags = 0;
 +	int r;
 +
diff --git a/openssh.spec b/openssh.spec
index 5477a86..e3fffe7 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -47,7 +47,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 9.9p1
-%global openssh_rel 4
+%global openssh_rel 5
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 7
 
@@ -748,6 +748,11 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Mon Mar 16 2026 Zoltan Fridrich <zfridric@redhat.com> - 9.9p1-5
+- CVE-2026-3497: Fix information disclosure or denial of service due
+  to uninitialized variables in gssapi-keyex
+  Resolves: RHEL-155825
+
 * Wed Feb 25 2026 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-4
 - Provide a way to skip unsupported ML-KEM hybrid algorithms in FIPS mode
   Resolves: RHEL-151580