Fix issue with read-only ssh buffer during gssapi key exchange

(rhbz#1938224)
https://github.com/openssh-gsskex/openssh-gsskex/pull/19

openssh-6.7p1-coverity.patch

@@ -42,21 +42,6 @@ diff -up openssh-8.5p1/gss-genr.c.coverity openssh-8.5p1/gss-genr.c
  			for ((p = strsep(&cp, ",")); p && *p != '\0';
  				(p = strsep(&cp, ","))) {
  				if (sshbuf_len(buf) != 0 &&
-diff -up openssh-8.5p1/kexgssc.c.coverity openssh-8.5p1/kexgssc.c
---- openssh-8.5p1/kexgssc.c.coverity	2021-03-24 12:03:33.711967665 +0100
-+++ openssh-8.5p1/kexgssc.c	2021-03-24 12:03:33.783968166 +0100
-@@ -98,8 +98,10 @@ kexgss_client(struct ssh *ssh)
- 	default:
- 		fatal_f("Unexpected KEX type %d", kex->kex_type);
- 	}
--	if (r != 0)
-+	if (r != 0) {
-+		ssh_gssapi_delete_ctx(&ctxt);
- 		return r;
-+	}
- 
- 	token_ptr = GSS_C_NO_BUFFER;
- 
 diff -up openssh-8.5p1/krl.c.coverity openssh-8.5p1/krl.c
 --- openssh-8.5p1/krl.c.coverity	2021-03-02 11:31:47.000000000 +0100
 +++ openssh-8.5p1/krl.c	2021-03-24 12:03:33.783968166 +0100

openssh-8.0p1-gssapi-keyex.patch

@@ -1488,7 +1488,7 @@ new file mode 100644
 index 00000000..f6e1405e
 --- /dev/null
 +++ b/kexgssc.c
-@@ -0,0 +1,600 @@
+@@ -0,0 +1,612 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
 + *
@@ -1589,8 +1589,10 @@ index 00000000..f6e1405e
 +	default:
 +		fatal_f("Unexpected KEX type %d", kex->kex_type);
 +	}
-+	if (r != 0)
++	if (r != 0) {
++		ssh_gssapi_delete_ctx(&ctxt);
 +		return r;
++	}
 +
 +	token_ptr = GSS_C_NO_BUFFER;
 +
@@ -1653,11 +1655,16 @@ index 00000000..f6e1405e
 +			do {
 +				type = ssh_packet_read(ssh);
 +				if (type == SSH2_MSG_KEXGSS_HOSTKEY) {
++					char *tmp = NULL;
++					size_t tmp_len = 0;
++
 +					debug("Received KEXGSS_HOSTKEY");
 +					if (server_host_key_blob)
 +						fatal("Server host key received more than once");
-+					if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0)
++					if ((r = sshpkt_get_string(ssh, &tmp, &tmp_len)) != 0)
 +						fatal("Failed to read server host key: %s", ssh_err(r));
++					if ((server_host_key_blob = sshbuf_from(tmp, tmp_len)) == NULL)
++						fatal("sshbuf_from failed");
 +				}
 +			} while (type == SSH2_MSG_KEXGSS_HOSTKEY);
 +
@@ -1944,11 +1951,16 @@ index 00000000..f6e1405e
 +			do {
 +				type = ssh_packet_read(ssh);
 +				if (type == SSH2_MSG_KEXGSS_HOSTKEY) {
++					char *tmp = NULL;
++					size_t tmp_len = 0;
++
 +					debug("Received KEXGSS_HOSTKEY");
 +					if (server_host_key_blob)
 +						fatal("Server host key received more than once");
-+					if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0)
++					if ((r = sshpkt_get_string(ssh, &tmp, &tmp_len)) != 0)
 +						fatal("sshpkt failed: %s", ssh_err(r));
++					if ((server_host_key_blob = sshbuf_from(tmp, tmp_len)) == NULL)
++						fatal("sshbuf_from failed");
 +				}
 +			} while (type == SSH2_MSG_KEXGSS_HOSTKEY);
 +
@@ -2094,7 +2106,7 @@ new file mode 100644
 index 00000000..60bc02de
 --- /dev/null
 +++ b/kexgsss.c
-@@ -0,0 +1,474 @@
+@@ -0,0 +1,482 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
 + *
@@ -2161,7 +2173,7 @@ index 00000000..60bc02de
 +	 */
 +
 +	OM_uint32 ret_flags = 0;
-+	gss_buffer_desc gssbuf, recv_tok, msg_tok;
++	gss_buffer_desc gssbuf = {0, NULL}, recv_tok, msg_tok;
 +	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
 +	Gssctxt *ctxt = NULL;
 +	struct sshbuf *shared_secret = NULL;
@@ -2201,7 +2213,7 @@ index 00000000..60bc02de
 +		type = ssh_packet_read(ssh);
 +		switch(type) {
 +		case SSH2_MSG_KEXGSS_INIT:
-+			if (client_pubkey != NULL)
++			if (gssbuf.value != NULL)
 +				fatal("Received KEXGSS_INIT after initialising");
 +			if ((r = ssh_gssapi_sshpkt_get_buffer_desc(ssh,
 +			        &recv_tok)) != 0 ||
@@ -2232,6 +2244,31 @@ index 00000000..60bc02de
 +				goto out;
 +
 +			/* Send SSH_MSG_KEXGSS_HOSTKEY here, if we want */
++
++			/* Calculate the hash early so we can free the
++			* client_pubkey, which has reference to the parent
++			* buffer state->incoming_packet
++			*/
++			hashlen = sizeof(hash);
++			if ((r = kex_gen_hash(
++			    kex->hash_alg,
++			    kex->client_version,
++			    kex->server_version,
++			    kex->peer,
++			    kex->my,
++			    empty,
++			    client_pubkey,
++			    server_pubkey,
++			    shared_secret,
++			    hash, &hashlen)) != 0)
++				goto out;
++
++			gssbuf.value = hash;
++			gssbuf.length = hashlen;
++
++			sshbuf_free(client_pubkey);
++			client_pubkey = NULL;
++
 +			break;
 +		case SSH2_MSG_KEXGSS_CONTINUE:
 +			if ((r = ssh_gssapi_sshpkt_get_buffer_desc(ssh,
@@ -2253,7 +2290,7 @@ index 00000000..60bc02de
 +		if (maj_status != GSS_S_COMPLETE && send_tok.length == 0)
 +			fatal("Zero length token output when incomplete");
 +
-+		if (client_pubkey == NULL)
++		if (gssbuf.value == NULL)
 +			fatal("No client public key");
 +
 +		if (maj_status & GSS_S_CONTINUE_NEEDED) {
@@ -2282,23 +2319,6 @@ index 00000000..60bc02de
 +	if (!(ret_flags & GSS_C_INTEG_FLAG))
 +		fatal("Integrity flag wasn't set");
 +
-+	hashlen = sizeof(hash);
-+	if ((r = kex_gen_hash(
-+	    kex->hash_alg,
-+	    kex->client_version,
-+	    kex->server_version,
-+	    kex->peer,
-+	    kex->my,
-+	    empty,
-+	    client_pubkey,
-+	    server_pubkey,
-+	    shared_secret,
-+	    hash, &hashlen)) != 0)
-+		goto out;
-+
-+	gssbuf.value = hash;
-+	gssbuf.length = hashlen;
-+
 +	if (GSS_ERROR(PRIVSEP(ssh_gssapi_sign(ctxt, &gssbuf, &msg_tok))))
 +		fatal("Couldn't get MIC");
 +

openssh.spec

@@ -47,7 +47,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 9.3p1
-%global openssh_rel 12
+%global openssh_rel 13
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 9
 
@@ -744,6 +744,10 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Mon Oct 16 2023 Mattias Ellert <mattias.ellert@physics.uu.se> - 9.3p1-13
+- Fix issue with read-only ssh buffer during gssapi key exchange (rhbz#1938224)
+- https://github.com/openssh-gsskex/openssh-gsskex/pull/19
+
 * Sun Oct 15 2023 Mattias Ellert <mattias.ellert@physics.uu.se> - 9.3p1-12
 - Fix FTBFS due to implicit declarations (rhbz#2241211)