coverity upgrade

wipe off nonfunctional nss
selinux sandbox tweaking
This commit is contained in:
Jan F. Chadima 2011-09-14 17:03:03 +02:00
parent c870e661c7
commit cff1d0c39d
10 changed files with 366 additions and 286 deletions

View File

@ -1,75 +0,0 @@
diff -up openssh-5.8p1/log.h.wIm openssh-5.8p1/log.h
--- openssh-5.8p1/log.h.wIm 2008-06-13 02:22:54.000000000 +0200
+++ openssh-5.8p1/log.h 2011-02-22 09:21:58.000000000 +0100
@@ -63,6 +63,8 @@ void verbose(const char *, ...) __at
void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
void debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
+void _debug_wIm_body(const char *, const char *, const char *, int);
+#define debug_wIm(a) _debug_wIm_body(a,__func__,__FILE__,__LINE__)
void do_log(LogLevel, const char *, va_list);
void cleanup_exit(int) __attribute__((noreturn));
diff -up openssh-5.8p1/Makefile.in.wIm openssh-5.8p1/Makefile.in
--- openssh-5.8p1/Makefile.in.wIm 2011-02-04 01:42:13.000000000 +0100
+++ openssh-5.8p1/Makefile.in 2011-02-22 09:20:18.000000000 +0100
@@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o md-sha256.o moduli.o nchan.o packet.o \
- readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
+ readpass.o rsa.o ttymodes.o whereIam.o xmalloc.o addrmatch.o \
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
diff -up openssh-5.8p1/sshd.c.wIm openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.wIm 2011-01-11 07:20:31.000000000 +0100
+++ openssh-5.8p1/sshd.c 2011-02-22 09:20:18.000000000 +0100
@@ -139,6 +139,9 @@ int deny_severity;
extern char *__progname;
+/* trace of fork processes */
+extern int whereIam;
+
/* Server configuration options. */
ServerOptions options;
@@ -652,6 +655,7 @@ privsep_preauth(Authctxt *authctxt)
} else {
/* child */
+ whereIam = 1;
close(pmonitor->m_sendfd);
/* Demote the child */
@@ -693,6 +697,7 @@ privsep_postauth(Authctxt *authctxt)
exit(0);
}
+ whereIam = 2;
close(pmonitor->m_sendfd);
/* Demote the private keys to public keys. */
@@ -1302,6 +1307,8 @@ main(int ac, char **av)
Key *key;
Authctxt *authctxt;
+ whereIam = 0;
+
#ifdef HAVE_SECUREWARE
(void)set_auth_parameters(ac, av);
#endif
diff -up openssh-5.8p1/whereIam.c.wIm openssh-5.8p1/whereIam.c
--- openssh-5.8p1/whereIam.c.wIm 2011-02-22 09:20:18.000000000 +0100
+++ openssh-5.8p1/whereIam.c 2011-02-22 09:24:01.000000000 +0100
@@ -0,0 +1,9 @@
+
+int whereIam = -1;
+
+void _debug_wIm_body(const char *txt, const char *func, const char *file, int line)
+{
+ debug("%s: %s(%s:%d) wIm = %d, uid=%d, euid=%d", txt, func, file, line, whereIam, getuid(), geteuid());
+}
+
+

View File

@ -1,6 +1,6 @@
diff -up openssh-5.9p0/auth.h.2auth openssh-5.9p0/auth.h
--- openssh-5.9p0/auth.h.2auth 2011-05-29 13:39:38.000000000 +0200
+++ openssh-5.9p0/auth.h 2011-09-05 13:16:00.550626991 +0200
diff -up openssh-5.9p1/auth.h.2auth openssh-5.9p1/auth.h
--- openssh-5.9p1/auth.h.2auth 2011-05-29 13:39:38.000000000 +0200
+++ openssh-5.9p1/auth.h 2011-09-13 20:25:22.250474950 +0200
@@ -149,6 +149,8 @@ int auth_root_allowed(char *);
char *auth2_read_banner(void);
@ -10,9 +10,9 @@ diff -up openssh-5.9p0/auth.h.2auth openssh-5.9p0/auth.h
void privsep_challenge_enable(void);
int auth2_challenge(Authctxt *, char *);
diff -up openssh-5.9p0/auth2.c.2auth openssh-5.9p0/auth2.c
--- openssh-5.9p0/auth2.c.2auth 2011-05-05 06:04:11.000000000 +0200
+++ openssh-5.9p0/auth2.c 2011-09-05 13:16:00.640626827 +0200
diff -up openssh-5.9p1/auth2.c.2auth openssh-5.9p1/auth2.c
--- openssh-5.9p1/auth2.c.2auth 2011-05-05 06:04:11.000000000 +0200
+++ openssh-5.9p1/auth2.c 2011-09-13 20:25:22.348458588 +0200
@@ -290,6 +290,23 @@ input_userauth_request(int type, u_int32
}
@ -61,9 +61,9 @@ diff -up openssh-5.9p0/auth2.c.2auth openssh-5.9p0/auth2.c
methods = authmethods_get();
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);
diff -up openssh-5.9p0/monitor.c.2auth openssh-5.9p0/monitor.c
--- openssh-5.9p0/monitor.c.2auth 2011-08-05 22:15:18.000000000 +0200
+++ openssh-5.9p0/monitor.c 2011-09-05 13:37:35.468502112 +0200
diff -up openssh-5.9p1/monitor.c.2auth openssh-5.9p1/monitor.c
--- openssh-5.9p1/monitor.c.2auth 2011-09-13 20:25:18.031458843 +0200
+++ openssh-5.9p1/monitor.c 2011-09-13 20:53:29.345644462 +0200
@@ -165,6 +165,7 @@ int mm_answer_jpake_step1(int, Buffer *)
int mm_answer_jpake_step2(int, Buffer *);
int mm_answer_jpake_key_confirm(int, Buffer *);
@ -80,7 +80,7 @@ diff -up openssh-5.9p0/monitor.c.2auth openssh-5.9p0/monitor.c
{0, 0, NULL}
};
@@ -378,9 +380,9 @@ monitor_child_preauth(Authctxt *_authctx
@@ -378,7 +380,7 @@ monitor_child_preauth(Authctxt *_authctx
}
/* The first few requests do not require asynchronous access */
@ -89,9 +89,7 @@ diff -up openssh-5.9p0/monitor.c.2auth openssh-5.9p0/monitor.c
auth_method = "unknown";
authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
if (authenticated) {
if (!(ent->flags & MON_AUTHDECIDE))
fatal("%s: unexpected authentication from %d",
@@ -390,7 +393,7 @@ monitor_child_preauth(Authctxt *_authctx
@@ -390,7 +392,7 @@ monitor_child_preauth(Authctxt *_authctx
authenticated = 0;
#ifdef USE_PAM
/* PAM needs to perform account checks after auth */
@ -100,7 +98,7 @@ diff -up openssh-5.9p0/monitor.c.2auth openssh-5.9p0/monitor.c
Buffer m;
buffer_init(&m);
@@ -2000,6 +2006,19 @@ monitor_reinit(struct monitor *mon)
@@ -2001,6 +2003,24 @@ monitor_reinit(struct monitor *mon)
monitor_openfds(mon, 0);
}
@ -114,15 +112,20 @@ diff -up openssh-5.9p0/monitor.c.2auth openssh-5.9p0/monitor.c
+
+ userauth_restart(method);
+
+ xfree(method);
+ buffer_clear(m);
+
+ mm_request_send(sock, MONITOR_ANS_USERAUTH_RESTART, m);
+
+ return (0);
+}
+
#ifdef GSSAPI
int
mm_answer_gss_setup_ctx(int sock, Buffer *m)
diff -up openssh-5.9p0/monitor.h.2auth openssh-5.9p0/monitor.h
--- openssh-5.9p0/monitor.h.2auth 2011-06-20 06:42:23.000000000 +0200
+++ openssh-5.9p0/monitor.h 2011-09-05 13:16:00.855502353 +0200
diff -up openssh-5.9p1/monitor.h.2auth openssh-5.9p1/monitor.h
--- openssh-5.9p1/monitor.h.2auth 2011-06-20 06:42:23.000000000 +0200
+++ openssh-5.9p1/monitor.h 2011-09-13 20:25:22.615458574 +0200
@@ -66,6 +66,7 @@ enum monitor_reqtype {
MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2,
MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM,
@ -131,9 +134,9 @@ diff -up openssh-5.9p0/monitor.h.2auth openssh-5.9p0/monitor.h
};
struct mm_master;
diff -up openssh-5.9p0/monitor_wrap.c.2auth openssh-5.9p0/monitor_wrap.c
--- openssh-5.9p0/monitor_wrap.c.2auth 2011-06-20 06:42:23.000000000 +0200
+++ openssh-5.9p0/monitor_wrap.c 2011-09-05 13:16:00.968503257 +0200
diff -up openssh-5.9p1/monitor_wrap.c.2auth openssh-5.9p1/monitor_wrap.c
--- openssh-5.9p1/monitor_wrap.c.2auth 2011-06-20 06:42:23.000000000 +0200
+++ openssh-5.9p1/monitor_wrap.c 2011-09-13 20:25:22.735468462 +0200
@@ -1173,6 +1173,26 @@ mm_auth_rsa_verify_response(Key *key, BI
return (success);
}
@ -161,9 +164,9 @@ diff -up openssh-5.9p0/monitor_wrap.c.2auth openssh-5.9p0/monitor_wrap.c
#ifdef SSH_AUDIT_EVENTS
void
mm_audit_event(ssh_audit_event_t event)
diff -up openssh-5.9p0/monitor_wrap.h.2auth openssh-5.9p0/monitor_wrap.h
--- openssh-5.9p0/monitor_wrap.h.2auth 2011-06-20 06:42:23.000000000 +0200
+++ openssh-5.9p0/monitor_wrap.h 2011-09-05 13:16:01.074502211 +0200
diff -up openssh-5.9p1/monitor_wrap.h.2auth openssh-5.9p1/monitor_wrap.h
--- openssh-5.9p1/monitor_wrap.h.2auth 2011-06-20 06:42:23.000000000 +0200
+++ openssh-5.9p1/monitor_wrap.h 2011-09-13 20:25:22.847457505 +0200
@@ -53,6 +53,7 @@ int mm_key_verify(Key *, u_char *, u_int
int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *);
@ -172,9 +175,9 @@ diff -up openssh-5.9p0/monitor_wrap.h.2auth openssh-5.9p0/monitor_wrap.h
#ifdef GSSAPI
OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
diff -up openssh-5.9p0/servconf.c.2auth openssh-5.9p0/servconf.c
--- openssh-5.9p0/servconf.c.2auth 2011-06-23 00:30:03.000000000 +0200
+++ openssh-5.9p0/servconf.c 2011-09-05 13:16:01.223441110 +0200
diff -up openssh-5.9p1/servconf.c.2auth openssh-5.9p1/servconf.c
--- openssh-5.9p1/servconf.c.2auth 2011-09-13 20:25:18.836495701 +0200
+++ openssh-5.9p1/servconf.c 2011-09-13 20:25:22.994584169 +0200
@@ -92,6 +92,13 @@ initialize_server_options(ServerOptions
options->hostbased_uses_name_from_packet_only = -1;
options->rsa_authentication = -1;
@ -328,9 +331,9 @@ diff -up openssh-5.9p0/servconf.c.2auth openssh-5.9p0/servconf.c
dump_cfg_fmtint(sPrintMotd, o->print_motd);
dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
diff -up openssh-5.9p0/servconf.h.2auth openssh-5.9p0/servconf.h
--- openssh-5.9p0/servconf.h.2auth 2011-06-23 00:30:03.000000000 +0200
+++ openssh-5.9p0/servconf.h 2011-09-05 13:16:01.352564530 +0200
diff -up openssh-5.9p1/servconf.h.2auth openssh-5.9p1/servconf.h
--- openssh-5.9p1/servconf.h.2auth 2011-06-23 00:30:03.000000000 +0200
+++ openssh-5.9p1/servconf.h 2011-09-13 20:25:23.103459846 +0200
@@ -112,6 +112,14 @@ typedef struct {
/* If true, permit jpake auth */
int permit_empty_passwd; /* If false, do not permit empty
@ -346,9 +349,9 @@ diff -up openssh-5.9p0/servconf.h.2auth openssh-5.9p0/servconf.h
int permit_user_env; /* If true, read ~/.ssh/environment */
int use_login; /* If true, login(1) is used */
int compression; /* If true, compression is allowed */
diff -up openssh-5.9p0/sshd_config.2auth openssh-5.9p0/sshd_config
--- openssh-5.9p0/sshd_config.2auth 2011-05-29 13:39:39.000000000 +0200
+++ openssh-5.9p0/sshd_config 2011-09-05 13:16:01.461565750 +0200
diff -up openssh-5.9p1/sshd_config.2auth openssh-5.9p1/sshd_config
--- openssh-5.9p1/sshd_config.2auth 2011-05-29 13:39:39.000000000 +0200
+++ openssh-5.9p1/sshd_config 2011-09-13 20:25:23.221458447 +0200
@@ -87,6 +87,13 @@ AuthorizedKeysFile .ssh/authorized_keys
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
@ -363,9 +366,9 @@ diff -up openssh-5.9p0/sshd_config.2auth openssh-5.9p0/sshd_config
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
diff -up openssh-5.9p0/sshd_config.5.2auth openssh-5.9p0/sshd_config.5
--- openssh-5.9p0/sshd_config.5.2auth 2011-08-05 22:17:33.000000000 +0200
+++ openssh-5.9p0/sshd_config.5 2011-09-05 13:16:01.572564496 +0200
diff -up openssh-5.9p1/sshd_config.5.2auth openssh-5.9p1/sshd_config.5
--- openssh-5.9p1/sshd_config.5.2auth 2011-08-05 22:17:33.000000000 +0200
+++ openssh-5.9p1/sshd_config.5 2011-09-13 20:25:23.416458539 +0200
@@ -726,6 +726,12 @@ Available keywords are
.Cm PubkeyAuthentication ,
.Cm RhostsRSAAuthentication ,

View File

@ -1,6 +1,6 @@
diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
--- openssh-5.9p1/auth2-pubkey.c.akc 2011-09-09 19:27:15.369501615 +0200
+++ openssh-5.9p1/auth2-pubkey.c 2011-09-09 19:30:32.958509941 +0200
--- openssh-5.9p1/auth2-pubkey.c.akc 2011-09-14 07:24:40.876512251 +0200
+++ openssh-5.9p1/auth2-pubkey.c 2011-09-14 07:24:43.318458515 +0200
@@ -27,6 +27,7 @@
#include <sys/types.h>
@ -241,8 +241,8 @@ diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
return 0;
if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
--- openssh-5.9p1/configure.ac.akc 2011-08-18 06:48:24.000000000 +0200
+++ openssh-5.9p1/configure.ac 2011-09-09 19:27:17.548440048 +0200
--- openssh-5.9p1/configure.ac.akc 2011-09-14 07:24:42.863494886 +0200
+++ openssh-5.9p1/configure.ac 2011-09-14 07:24:43.441583848 +0200
@@ -1421,6 +1421,18 @@ AC_ARG_WITH([audit],
esac ]
)
@ -262,7 +262,7 @@ diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS([ \
arc4random \
@@ -4235,6 +4247,7 @@ echo " SELinux support
@@ -4239,6 +4251,7 @@ echo " SELinux support
echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
@ -271,8 +271,8 @@ diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG"
diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
--- openssh-5.9p1/servconf.c.akc 2011-09-09 19:27:03.490455245 +0200
+++ openssh-5.9p1/servconf.c 2011-09-09 19:27:17.666565662 +0200
--- openssh-5.9p1/servconf.c.akc 2011-09-14 07:24:29.402475399 +0200
+++ openssh-5.9p1/servconf.c 2011-09-14 07:56:27.158585590 +0200
@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions
options->num_permitted_opens = -1;
options->adm_forced_command = NULL;
@ -304,7 +304,7 @@ diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
{ NULL, sBadOption, 0 }
};
@@ -1462,6 +1472,20 @@ process_server_config_line(ServerOptions
@@ -1462,6 +1472,24 @@ process_server_config_line(ServerOptions
}
break;
@ -318,6 +318,10 @@ diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
+ charptr = &options->authorized_keys_command_runas;
+
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: missing account.",
+ filename, linenum);
+
+ if (*activep && *charptr == NULL)
+ *charptr = xstrdup(arg);
+ break;
@ -325,7 +329,7 @@ diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
@@ -1573,6 +1597,8 @@ copy_set_server_options(ServerOptions *d
@@ -1573,6 +1601,8 @@ copy_set_server_options(ServerOptions *d
M_CP_INTOPT(zero_knowledge_password_authentication);
M_CP_INTOPT(second_zero_knowledge_password_authentication);
M_CP_INTOPT(two_factor_authentication);
@ -334,7 +338,7 @@ diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
M_CP_INTOPT(permit_root_login);
M_CP_INTOPT(permit_empty_passwd);
@@ -1839,6 +1865,8 @@ dump_config(ServerOptions *o)
@@ -1839,6 +1869,8 @@ dump_config(ServerOptions *o)
dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
dump_cfg_string(sAuthorizedPrincipalsFile,
o->authorized_principals_file);
@ -344,8 +348,8 @@ diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
/* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h
--- openssh-5.9p1/servconf.h.akc 2011-09-09 19:27:03.614494286 +0200
+++ openssh-5.9p1/servconf.h 2011-09-09 19:27:18.043502934 +0200
--- openssh-5.9p1/servconf.h.akc 2011-09-14 07:24:29.511480441 +0200
+++ openssh-5.9p1/servconf.h 2011-09-14 07:24:43.678459183 +0200
@@ -174,6 +174,8 @@ typedef struct {
char *revoked_keys_file;
char *trusted_user_ca_keys;
@ -357,7 +361,7 @@ diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h
/*
diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0
--- openssh-5.9p1/sshd_config.0.akc 2011-09-07 01:16:30.000000000 +0200
+++ openssh-5.9p1/sshd_config.0 2011-09-09 19:27:18.168626976 +0200
+++ openssh-5.9p1/sshd_config.0 2011-09-14 07:24:43.791460201 +0200
@@ -71,6 +71,23 @@ DESCRIPTION
See PATTERNS in ssh_config(5) for more information on patterns.
@ -393,8 +397,8 @@ diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0
GSSAPIAuthentication, HostbasedAuthentication,
HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5
--- openssh-5.9p1/sshd_config.5.akc 2011-09-09 19:27:03.912515059 +0200
+++ openssh-5.9p1/sshd_config.5 2011-09-09 19:27:18.292494317 +0200
--- openssh-5.9p1/sshd_config.5.akc 2011-09-14 07:24:29.793520372 +0200
+++ openssh-5.9p1/sshd_config.5 2011-09-14 07:24:43.912583678 +0200
@@ -706,6 +706,8 @@ Available keywords are
.Cm AllowAgentForwarding ,
.Cm AllowTcpForwarding ,
@ -434,8 +438,8 @@ diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed.
diff -up openssh-5.9p1/sshd_config.akc openssh-5.9p1/sshd_config
--- openssh-5.9p1/sshd_config.akc 2011-09-09 19:27:03.754502770 +0200
+++ openssh-5.9p1/sshd_config 2011-09-09 19:27:18.446471121 +0200
--- openssh-5.9p1/sshd_config.akc 2011-09-14 07:24:29.620461608 +0200
+++ openssh-5.9p1/sshd_config 2011-09-14 07:24:44.034462546 +0200
@@ -49,6 +49,9 @@
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys

View File

@ -1,6 +1,6 @@
diff -up openssh-5.9p0/Makefile.in.audit3 openssh-5.9p0/Makefile.in
--- openssh-5.9p0/Makefile.in.audit3 2011-08-05 22:15:18.000000000 +0200
+++ openssh-5.9p0/Makefile.in 2011-09-03 19:28:53.226036039 +0200
diff -up openssh-5.9p1/Makefile.in.audit3 openssh-5.9p1/Makefile.in
--- openssh-5.9p1/Makefile.in.audit3 2011-08-05 22:15:18.000000000 +0200
+++ openssh-5.9p1/Makefile.in 2011-09-14 07:05:58.337520327 +0200
@@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
@ -10,9 +10,9 @@ diff -up openssh-5.9p0/Makefile.in.audit3 openssh-5.9p0/Makefile.in
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect1.o sshconnect2.o mux.o \
diff -up openssh-5.9p0/audit-bsm.c.audit3 openssh-5.9p0/audit-bsm.c
--- openssh-5.9p0/audit-bsm.c.audit3 2011-09-03 19:28:51.922034646 +0200
+++ openssh-5.9p0/audit-bsm.c 2011-09-03 19:28:53.475151642 +0200
diff -up openssh-5.9p1/audit-bsm.c.audit3 openssh-5.9p1/audit-bsm.c
--- openssh-5.9p1/audit-bsm.c.audit3 2011-09-14 07:05:56.719459048 +0200
+++ openssh-5.9p1/audit-bsm.c 2011-09-14 07:05:58.430520147 +0200
@@ -396,4 +396,16 @@ audit_event(ssh_audit_event_t event)
debug("%s: unhandled event %d", __func__, event);
}
@ -30,9 +30,9 @@ diff -up openssh-5.9p0/audit-bsm.c.audit3 openssh-5.9p0/audit-bsm.c
+ /* not implemented */
+}
#endif /* BSM */
diff -up openssh-5.9p0/audit-linux.c.audit3 openssh-5.9p0/audit-linux.c
--- openssh-5.9p0/audit-linux.c.audit3 2011-09-03 19:28:52.053030306 +0200
+++ openssh-5.9p0/audit-linux.c 2011-09-03 19:28:53.583026470 +0200
diff -up openssh-5.9p1/audit-linux.c.audit3 openssh-5.9p1/audit-linux.c
--- openssh-5.9p1/audit-linux.c.audit3 2011-09-14 07:05:56.820460613 +0200
+++ openssh-5.9p1/audit-linux.c 2011-09-14 07:07:29.651459660 +0200
@@ -40,6 +40,8 @@
#include "auth.h"
#include "servconf.h"
@ -42,7 +42,7 @@ diff -up openssh-5.9p0/audit-linux.c.audit3 openssh-5.9p0/audit-linux.c
#define AUDIT_LOG_SIZE 128
@@ -269,4 +271,56 @@ audit_event(ssh_audit_event_t event)
@@ -269,4 +271,60 @@ audit_event(ssh_audit_event_t event)
}
}
@ -52,11 +52,13 @@ diff -up openssh-5.9p0/audit-linux.c.audit3 openssh-5.9p0/audit-linux.c
+#ifdef AUDIT_CRYPTO_SESSION
+ char buf[AUDIT_LOG_SIZE];
+ const static char *name[] = { "cipher", "mac", "comp" };
+ char *s;
+ int audit_fd;
+
+ snprintf(buf, sizeof(buf), "op=unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d ",
+ name[what], get_remote_port(), get_local_ipaddr(packet_get_connection_in()),
+ name[what], get_remote_port(), (s = get_local_ipaddr(packet_get_connection_in())),
+ get_local_port());
+ xfree(s);
+ audit_fd = audit_open();
+ if (audit_fd < 0)
+ /* no problem, the next instruction will be fatal() */
@ -76,11 +78,13 @@ diff -up openssh-5.9p0/audit-linux.c.audit3 openssh-5.9p0/audit-linux.c
+ int audit_fd, audit_ok;
+ const static char *direction[] = { "from-server", "from-client", "both" };
+ Cipher *cipher = cipher_by_name(enc);
+ char *s;
+
+ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
+ direction[ctos], enc, cipher ? 8 * cipher->key_len : 0,
+ (intmax_t)pid, (intmax_t)uid,
+ get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port());
+ get_remote_port(), (s = get_local_ipaddr(packet_get_connection_in())), get_local_port());
+ xfree(s);
+ audit_fd = audit_open();
+ if (audit_fd < 0) {
+ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
@ -99,9 +103,9 @@ diff -up openssh-5.9p0/audit-linux.c.audit3 openssh-5.9p0/audit-linux.c
+}
+
#endif /* USE_LINUX_AUDIT */
diff -up openssh-5.9p0/audit.c.audit3 openssh-5.9p0/audit.c
--- openssh-5.9p0/audit.c.audit3 2011-09-03 19:28:52.166026259 +0200
+++ openssh-5.9p0/audit.c 2011-09-03 19:28:53.673151432 +0200
diff -up openssh-5.9p1/audit.c.audit3 openssh-5.9p1/audit.c
--- openssh-5.9p1/audit.c.audit3 2011-09-14 07:05:56.937585272 +0200
+++ openssh-5.9p1/audit.c 2011-09-14 07:05:58.646521393 +0200
@@ -28,6 +28,7 @@
#include <stdarg.h>
@ -165,9 +169,9 @@ diff -up openssh-5.9p0/audit.c.audit3 openssh-5.9p0/audit.c
+}
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.9p0/audit.h.audit3 openssh-5.9p0/audit.h
--- openssh-5.9p0/audit.h.audit3 2011-09-03 19:28:52.286024211 +0200
+++ openssh-5.9p0/audit.h 2011-09-03 19:28:53.783027870 +0200
diff -up openssh-5.9p1/audit.h.audit3 openssh-5.9p1/audit.h
--- openssh-5.9p1/audit.h.audit3 2011-09-14 07:05:57.391522394 +0200
+++ openssh-5.9p1/audit.h 2011-09-14 07:05:58.766586362 +0200
@@ -58,5 +58,9 @@ void audit_end_command(int, const char
ssh_audit_event_t audit_classify_auth(const char *);
int audit_keyusage(int, const char *, unsigned, char *, int);
@ -178,9 +182,9 @@ diff -up openssh-5.9p0/audit.h.audit3 openssh-5.9p0/audit.h
+void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
#endif /* _SSH_AUDIT_H */
diff -up openssh-5.9p0/auditstub.c.audit3 openssh-5.9p0/auditstub.c
--- openssh-5.9p0/auditstub.c.audit3 2011-09-03 19:28:53.879026270 +0200
+++ openssh-5.9p0/auditstub.c 2011-09-03 19:28:53.882025491 +0200
diff -up openssh-5.9p1/auditstub.c.audit3 openssh-5.9p1/auditstub.c
--- openssh-5.9p1/auditstub.c.audit3 2011-09-14 07:05:58.866461077 +0200
+++ openssh-5.9p1/auditstub.c 2011-09-14 07:05:58.870569033 +0200
@@ -0,0 +1,39 @@
+/* $Id: auditstub.c,v 1.1 jfch Exp $ */
+
@ -221,9 +225,9 @@ diff -up openssh-5.9p0/auditstub.c.audit3 openssh-5.9p0/auditstub.c
+{
+}
+
diff -up openssh-5.9p0/cipher.c.audit3 openssh-5.9p0/cipher.c
--- openssh-5.9p0/cipher.c.audit3 2011-08-30 10:34:01.000000000 +0200
+++ openssh-5.9p0/cipher.c 2011-09-03 19:28:53.966162869 +0200
diff -up openssh-5.9p1/cipher.c.audit3 openssh-5.9p1/cipher.c
--- openssh-5.9p1/cipher.c.audit3 2011-09-07 15:05:09.000000000 +0200
+++ openssh-5.9p1/cipher.c 2011-09-14 07:05:58.955582581 +0200
@@ -60,15 +60,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX
extern const EVP_CIPHER *evp_aes_128_ctr(void);
extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
@ -241,9 +245,9 @@ diff -up openssh-5.9p0/cipher.c.audit3 openssh-5.9p0/cipher.c
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
{ "des", SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
diff -up openssh-5.9p0/cipher.h.audit3 openssh-5.9p0/cipher.h
--- openssh-5.9p0/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100
+++ openssh-5.9p0/cipher.h 2011-09-03 19:28:54.068070077 +0200
diff -up openssh-5.9p1/cipher.h.audit3 openssh-5.9p1/cipher.h
--- openssh-5.9p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100
+++ openssh-5.9p1/cipher.h 2011-09-14 07:05:59.063459363 +0200
@@ -61,7 +61,16 @@
typedef struct Cipher Cipher;
typedef struct CipherContext CipherContext;
@ -262,9 +266,9 @@ diff -up openssh-5.9p0/cipher.h.audit3 openssh-5.9p0/cipher.h
struct CipherContext {
int plaintext;
EVP_CIPHER_CTX evp;
diff -up openssh-5.9p0/kex.c.audit3 openssh-5.9p0/kex.c
--- openssh-5.9p0/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200
+++ openssh-5.9p0/kex.c 2011-09-03 19:28:54.177212272 +0200
diff -up openssh-5.9p1/kex.c.audit3 openssh-5.9p1/kex.c
--- openssh-5.9p1/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200
+++ openssh-5.9p1/kex.c 2011-09-14 07:05:59.171457800 +0200
@@ -49,6 +49,7 @@
#include "dispatch.h"
#include "monitor.h"
@ -327,9 +331,9 @@ diff -up openssh-5.9p0/kex.c.audit3 openssh-5.9p0/kex.c
}
choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
diff -up openssh-5.9p0/monitor.c.audit3 openssh-5.9p0/monitor.c
--- openssh-5.9p0/monitor.c.audit3 2011-09-03 19:28:52.851088094 +0200
+++ openssh-5.9p0/monitor.c 2011-09-03 19:28:54.298087612 +0200
diff -up openssh-5.9p1/monitor.c.audit3 openssh-5.9p1/monitor.c
--- openssh-5.9p1/monitor.c.audit3 2011-09-14 07:05:57.952459820 +0200
+++ openssh-5.9p1/monitor.c 2011-09-14 07:05:59.272520466 +0200
@@ -97,6 +97,7 @@
#include "ssh2.h"
#include "jpake.h"
@ -383,7 +387,7 @@ diff -up openssh-5.9p0/monitor.c.audit3 openssh-5.9p0/monitor.c
#endif
{0, 0, NULL}
};
@@ -2380,3 +2391,44 @@ mm_answer_jpake_check_confirm(int sock,
@@ -2383,3 +2394,47 @@ mm_answer_jpake_check_confirm(int sock,
}
#endif /* JPAKE */
@ -421,6 +425,9 @@ diff -up openssh-5.9p0/monitor.c.audit3 openssh-5.9p0/monitor.c
+
+ audit_kex_body(ctos, cipher, mac, compress, pid, uid);
+
+ xfree(cipher);
+ xfree(mac);
+ xfree(compress);
+ buffer_clear(m);
+
+ mm_request_send(sock, MONITOR_ANS_AUDIT_KEX, m);
@ -428,9 +435,9 @@ diff -up openssh-5.9p0/monitor.c.audit3 openssh-5.9p0/monitor.c
+}
+
+#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.9p0/monitor.h.audit3 openssh-5.9p0/monitor.h
--- openssh-5.9p0/monitor.h.audit3 2011-09-03 19:28:51.000000000 +0200
+++ openssh-5.9p0/monitor.h 2011-09-03 19:29:52.565211520 +0200
diff -up openssh-5.9p1/monitor.h.audit3 openssh-5.9p1/monitor.h
--- openssh-5.9p1/monitor.h.audit3 2011-09-14 07:05:55.510580908 +0200
+++ openssh-5.9p1/monitor.h 2011-09-14 07:05:59.378647273 +0200
@@ -61,6 +61,8 @@ enum monitor_reqtype {
MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
@ -440,9 +447,9 @@ diff -up openssh-5.9p0/monitor.h.audit3 openssh-5.9p0/monitor.h
MONITOR_REQ_TERM,
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
diff -up openssh-5.9p0/monitor_wrap.c.audit3 openssh-5.9p0/monitor_wrap.c
--- openssh-5.9p0/monitor_wrap.c.audit3 2011-09-03 19:28:52.963088596 +0200
+++ openssh-5.9p0/monitor_wrap.c 2011-09-03 19:28:54.602024893 +0200
diff -up openssh-5.9p1/monitor_wrap.c.audit3 openssh-5.9p1/monitor_wrap.c
--- openssh-5.9p1/monitor_wrap.c.audit3 2011-09-14 07:05:58.059501118 +0200
+++ openssh-5.9p1/monitor_wrap.c 2011-09-14 07:05:59.511503364 +0200
@@ -1505,3 +1505,41 @@ mm_jpake_check_confirm(const BIGNUM *k,
return success;
}
@ -485,9 +492,9 @@ diff -up openssh-5.9p0/monitor_wrap.c.audit3 openssh-5.9p0/monitor_wrap.c
+ buffer_free(&m);
+}
+#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.9p0/monitor_wrap.h.audit3 openssh-5.9p0/monitor_wrap.h
--- openssh-5.9p0/monitor_wrap.h.audit3 2011-09-03 19:28:53.069087341 +0200
+++ openssh-5.9p0/monitor_wrap.h 2011-09-03 19:28:54.704055439 +0200
diff -up openssh-5.9p1/monitor_wrap.h.audit3 openssh-5.9p1/monitor_wrap.h
--- openssh-5.9p1/monitor_wrap.h.audit3 2011-09-14 07:05:58.171521245 +0200
+++ openssh-5.9p1/monitor_wrap.h 2011-09-14 07:05:59.624646515 +0200
@@ -78,6 +78,8 @@ void mm_sshpam_free_ctx(void *);
void mm_audit_event(ssh_audit_event_t);
int mm_audit_run_command(const char *);
@ -497,9 +504,9 @@ diff -up openssh-5.9p0/monitor_wrap.h.audit3 openssh-5.9p0/monitor_wrap.h
#endif
struct Session;
diff -up openssh-5.9p0/sshd.c.audit3 openssh-5.9p0/sshd.c
--- openssh-5.9p0/sshd.c.audit3 2011-09-03 19:28:51.758025429 +0200
+++ openssh-5.9p0/sshd.c 2011-09-03 19:28:54.835049403 +0200
diff -up openssh-5.9p1/sshd.c.audit3 openssh-5.9p1/sshd.c
--- openssh-5.9p1/sshd.c.audit3 2011-09-14 07:05:56.554583874 +0200
+++ openssh-5.9p1/sshd.c 2011-09-14 07:05:59.828466112 +0200
@@ -118,6 +118,7 @@
#endif
#include "monitor_wrap.h"
@ -508,7 +515,7 @@ diff -up openssh-5.9p0/sshd.c.audit3 openssh-5.9p0/sshd.c
#include "ssh-sandbox.h"
#include "version.h"
@@ -2204,6 +2205,10 @@ do_ssh1_kex(void)
@@ -2209,6 +2210,10 @@ do_ssh1_kex(void)
if (cookie[i] != packet_get_char())
packet_disconnect("IP Spoofing check bytes do not match.");

View File

@ -1,6 +1,6 @@
diff -up openssh-5.9p1/audit-bsm.c.audit4 openssh-5.9p1/audit-bsm.c
--- openssh-5.9p1/audit-bsm.c.audit4 2011-09-13 07:36:58.921674464 +0200
+++ openssh-5.9p1/audit-bsm.c 2011-09-13 07:36:59.171674206 +0200
--- openssh-5.9p1/audit-bsm.c.audit4 2011-09-14 07:20:13.580471755 +0200
+++ openssh-5.9p1/audit-bsm.c 2011-09-14 07:20:15.087521491 +0200
@@ -408,4 +408,10 @@ audit_kex_body(int ctos, char *enc, char
{
/* not implemented */
@ -13,9 +13,9 @@ diff -up openssh-5.9p1/audit-bsm.c.audit4 openssh-5.9p1/audit-bsm.c
+}
#endif /* BSM */
diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c
--- openssh-5.9p1/audit-linux.c.audit4 2011-09-13 07:36:58.938720835 +0200
+++ openssh-5.9p1/audit-linux.c 2011-09-13 07:36:59.187673990 +0200
@@ -292,6 +292,8 @@ audit_unsupported_body(int what)
--- openssh-5.9p1/audit-linux.c.audit4 2011-09-14 07:20:13.692465249 +0200
+++ openssh-5.9p1/audit-linux.c 2011-09-14 07:21:51.559462876 +0200
@@ -294,6 +294,8 @@ audit_unsupported_body(int what)
#endif
}
@ -24,15 +24,15 @@ diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c
void
audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
uid_t uid)
@@ -299,7 +301,6 @@ audit_kex_body(int ctos, char *enc, char
@@ -301,7 +303,6 @@ audit_kex_body(int ctos, char *enc, char
#ifdef AUDIT_CRYPTO_SESSION
char buf[AUDIT_LOG_SIZE];
int audit_fd, audit_ok;
- const static char *direction[] = { "from-server", "from-client", "both" };
Cipher *cipher = cipher_by_name(enc);
char *s;
snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
@@ -323,4 +324,30 @@ audit_kex_body(int ctos, char *enc, char
@@ -327,4 +328,32 @@ audit_kex_body(int ctos, char *enc, char
#endif
}
@ -41,12 +41,14 @@ diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c
+{
+ char buf[AUDIT_LOG_SIZE];
+ int audit_fd, audit_ok;
+ char *s;
+
+ snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
+ direction[ctos], (intmax_t)pid, (intmax_t)uid,
+ get_remote_port(),
+ get_local_ipaddr(packet_get_connection_in()),
+ (s = get_local_ipaddr(packet_get_connection_in())),
+ get_local_port());
+ xfree(s);
+ audit_fd = audit_open();
+ if (audit_fd < 0) {
+ if (errno != EINVAL && errno != EPROTONOSUPPORT &&
@ -64,8 +66,8 @@ diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c
+
#endif /* USE_LINUX_AUDIT */
diff -up openssh-5.9p1/audit.c.audit4 openssh-5.9p1/audit.c
--- openssh-5.9p1/audit.c.audit4 2011-09-13 07:36:58.954674484 +0200
+++ openssh-5.9p1/audit.c 2011-09-13 07:36:59.202799426 +0200
--- openssh-5.9p1/audit.c.audit4 2011-09-14 07:20:13.787520896 +0200
+++ openssh-5.9p1/audit.c 2011-09-14 07:20:15.619521843 +0200
@@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac
PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
}
@ -96,8 +98,8 @@ diff -up openssh-5.9p1/audit.c.audit4 openssh-5.9p1/audit.c
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.9p1/audit.h.audit4 openssh-5.9p1/audit.h
--- openssh-5.9p1/audit.h.audit4 2011-09-13 07:36:58.971799421 +0200
+++ openssh-5.9p1/audit.h 2011-09-13 07:36:59.216674281 +0200
--- openssh-5.9p1/audit.h.audit4 2011-09-14 07:20:13.893524944 +0200
+++ openssh-5.9p1/audit.h 2011-09-14 07:20:15.739523476 +0200
@@ -62,5 +62,7 @@ void audit_unsupported(int);
void audit_kex(int, char *, char *, char *);
void audit_unsupported_body(int);
@ -107,8 +109,8 @@ diff -up openssh-5.9p1/audit.h.audit4 openssh-5.9p1/audit.h
#endif /* _SSH_AUDIT_H */
diff -up openssh-5.9p1/auditstub.c.audit4 openssh-5.9p1/auditstub.c
--- openssh-5.9p1/auditstub.c.audit4 2011-09-13 07:36:58.986674407 +0200
+++ openssh-5.9p1/auditstub.c 2011-09-13 07:36:59.230674500 +0200
--- openssh-5.9p1/auditstub.c.audit4 2011-09-14 07:20:13.993523515 +0200
+++ openssh-5.9p1/auditstub.c 2011-09-14 07:20:15.843531733 +0200
@@ -27,6 +27,8 @@
* Red Hat author: Jan F. Chadima <jchadima@redhat.com>
*/
@ -132,8 +134,8 @@ diff -up openssh-5.9p1/auditstub.c.audit4 openssh-5.9p1/auditstub.c
+{
+}
diff -up openssh-5.9p1/kex.c.audit4 openssh-5.9p1/kex.c
--- openssh-5.9p1/kex.c.audit4 2011-09-13 07:36:59.032798982 +0200
+++ openssh-5.9p1/kex.c 2011-09-13 07:36:59.243799057 +0200
--- openssh-5.9p1/kex.c.audit4 2011-09-14 07:20:14.294645864 +0200
+++ openssh-5.9p1/kex.c 2011-09-14 07:20:15.948646500 +0200
@@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i
fprintf(stderr, "\n");
}
@ -171,7 +173,7 @@ diff -up openssh-5.9p1/kex.c.audit4 openssh-5.9p1/kex.c
+
diff -up openssh-5.9p1/kex.h.audit4 openssh-5.9p1/kex.h
--- openssh-5.9p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200
+++ openssh-5.9p1/kex.h 2011-09-13 07:36:59.259674391 +0200
+++ openssh-5.9p1/kex.h 2011-09-14 07:20:16.045521582 +0200
@@ -156,6 +156,8 @@ void kexgex_server(Kex *);
void kexecdh_client(Kex *);
void kexecdh_server(Kex *);
@ -183,7 +185,7 @@ diff -up openssh-5.9p1/kex.h.audit4 openssh-5.9p1/kex.h
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
diff -up openssh-5.9p1/mac.c.audit4 openssh-5.9p1/mac.c
--- openssh-5.9p1/mac.c.audit4 2011-08-17 02:29:03.000000000 +0200
+++ openssh-5.9p1/mac.c 2011-09-13 07:36:59.273799275 +0200
+++ openssh-5.9p1/mac.c 2011-09-14 07:20:16.173477847 +0200
@@ -168,6 +168,20 @@ mac_clear(Mac *mac)
mac->umac_ctx = NULL;
}
@ -207,15 +209,15 @@ diff -up openssh-5.9p1/mac.c.audit4 openssh-5.9p1/mac.c
int
diff -up openssh-5.9p1/mac.h.audit4 openssh-5.9p1/mac.h
--- openssh-5.9p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200
+++ openssh-5.9p1/mac.h 2011-09-13 07:36:59.286674543 +0200
+++ openssh-5.9p1/mac.h 2011-09-14 07:20:16.287522108 +0200
@@ -28,3 +28,4 @@ int mac_setup(Mac *, char *);
int mac_init(Mac *);
u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
void mac_clear(Mac *);
+void mac_destroy(Mac *);
diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
--- openssh-5.9p1/monitor.c.audit4 2011-09-13 07:36:59.058688802 +0200
+++ openssh-5.9p1/monitor.c 2011-09-13 07:38:37.825674060 +0200
--- openssh-5.9p1/monitor.c.audit4 2011-09-14 07:20:14.404521153 +0200
+++ openssh-5.9p1/monitor.c 2011-09-14 07:20:16.400462714 +0200
@@ -190,6 +190,7 @@ int mm_answer_audit_command(int, Buffer
int mm_answer_audit_end_command(int, Buffer *);
int mm_answer_audit_unsupported_body(int, Buffer *);
@ -261,7 +263,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
}
- /* Drain any buffered messages from the child */
- while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
- while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
- ;
-
if (!authctxt->valid)
@ -297,13 +299,13 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
+#endif
+
+ /* Drain any buffered messages from the child */
+ while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
+ while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
+ ;
+
}
@@ -2429,4 +2447,22 @@ mm_answer_audit_kex_body(int sock, Buffe
@@ -2437,4 +2455,22 @@ mm_answer_audit_kex_body(int sock, Buffe
return 0;
}
@ -327,8 +329,8 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
+}
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.9p1/monitor.h.audit4 openssh-5.9p1/monitor.h
--- openssh-5.9p1/monitor.h.audit4 2011-09-13 07:36:59.076799458 +0200
+++ openssh-5.9p1/monitor.h 2011-09-13 07:36:59.322799576 +0200
--- openssh-5.9p1/monitor.h.audit4 2011-09-14 07:20:14.518521791 +0200
+++ openssh-5.9p1/monitor.h 2011-09-14 07:20:16.512585387 +0200
@@ -63,6 +63,7 @@ enum monitor_reqtype {
MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
@ -338,8 +340,8 @@ diff -up openssh-5.9p1/monitor.h.audit4 openssh-5.9p1/monitor.h
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c
--- openssh-5.9p1/monitor_wrap.c.audit4 2011-09-13 07:36:59.100724984 +0200
+++ openssh-5.9p1/monitor_wrap.c 2011-09-13 07:36:59.339674340 +0200
--- openssh-5.9p1/monitor_wrap.c.audit4 2011-09-14 07:20:14.713521378 +0200
+++ openssh-5.9p1/monitor_wrap.c 2011-09-14 07:20:16.640587362 +0200
@@ -653,12 +653,14 @@ mm_send_keystate(struct monitor *monitor
fatal("%s: conversion of newkeys failed", __func__);
@ -376,8 +378,8 @@ diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c
+}
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.9p1/monitor_wrap.h.audit4 openssh-5.9p1/monitor_wrap.h
--- openssh-5.9p1/monitor_wrap.h.audit4 2011-09-13 07:36:59.118674223 +0200
+++ openssh-5.9p1/monitor_wrap.h 2011-09-13 07:36:59.353674499 +0200
--- openssh-5.9p1/monitor_wrap.h.audit4 2011-09-14 07:20:14.821520100 +0200
+++ openssh-5.9p1/monitor_wrap.h 2011-09-14 07:20:16.749585355 +0200
@@ -80,6 +80,7 @@ int mm_audit_run_command(const char *);
void mm_audit_end_command(int, const char *);
void mm_audit_unsupported_body(int);
@ -387,8 +389,8 @@ diff -up openssh-5.9p1/monitor_wrap.h.audit4 openssh-5.9p1/monitor_wrap.h
struct Session;
diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
--- openssh-5.9p1/packet.c.audit4 2011-09-13 07:36:58.244674109 +0200
+++ openssh-5.9p1/packet.c 2011-09-13 07:36:59.373710318 +0200
--- openssh-5.9p1/packet.c.audit4 2011-09-14 07:20:09.337458270 +0200
+++ openssh-5.9p1/packet.c 2011-09-14 07:20:16.892461022 +0200
@@ -60,6 +60,7 @@
#include <signal.h>
@ -582,7 +584,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
+
diff -up openssh-5.9p1/packet.h.audit4 openssh-5.9p1/packet.h
--- openssh-5.9p1/packet.h.audit4 2011-05-15 00:43:13.000000000 +0200
+++ openssh-5.9p1/packet.h 2011-09-13 07:36:59.390799281 +0200
+++ openssh-5.9p1/packet.h 2011-09-14 07:20:17.003583853 +0200
@@ -124,4 +124,5 @@ void packet_restore_state(void);
void *packet_get_input(void);
void *packet_get_output(void);
@ -590,8 +592,8 @@ diff -up openssh-5.9p1/packet.h.audit4 openssh-5.9p1/packet.h
+void packet_destroy_all(int, int);
#endif /* PACKET_H */
diff -up openssh-5.9p1/session.c.audit4 openssh-5.9p1/session.c
--- openssh-5.9p1/session.c.audit4 2011-09-13 07:36:58.637798995 +0200
+++ openssh-5.9p1/session.c 2011-09-13 07:36:59.411690264 +0200
--- openssh-5.9p1/session.c.audit4 2011-09-14 07:20:11.774521404 +0200
+++ openssh-5.9p1/session.c 2011-09-14 07:20:17.134462420 +0200
@@ -1634,6 +1634,9 @@ do_child(Session *s, const char *command
/* remove hostkey from the child's memory */
@ -603,9 +605,9 @@ diff -up openssh-5.9p1/session.c.audit4 openssh-5.9p1/session.c
/* Force a password change */
if (s->authctxt->force_pwchange) {
diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
--- openssh-5.9p1/sshd.c.audit4 2011-09-13 07:36:59.143674103 +0200
+++ openssh-5.9p1/sshd.c 2011-09-13 07:39:06.125718627 +0200
@@ -684,6 +684,8 @@ privsep_preauth(Authctxt *authctxt)
--- openssh-5.9p1/sshd.c.audit4 2011-09-14 07:20:14.946521214 +0200
+++ openssh-5.9p1/sshd.c 2011-09-14 07:20:17.258458657 +0200
@@ -686,6 +686,8 @@ privsep_preauth(Authctxt *authctxt)
}
}
@ -614,7 +616,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
static void
privsep_postauth(Authctxt *authctxt)
{
@@ -708,6 +710,10 @@ privsep_postauth(Authctxt *authctxt)
@@ -710,6 +712,10 @@ privsep_postauth(Authctxt *authctxt)
else if (pmonitor->m_pid != 0) {
verbose("User child is on pid %ld", (long)pmonitor->m_pid);
buffer_clear(&loginmsg);
@ -625,7 +627,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
monitor_child_postauth(pmonitor);
/* NEVERREACHED */
@@ -1999,6 +2005,7 @@ main(int ac, char **av)
@@ -2001,6 +2007,7 @@ main(int ac, char **av)
*/
if (use_privsep) {
mm_send_keystate(pmonitor);
@ -633,7 +635,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
exit(0);
}
@@ -2051,6 +2058,8 @@ main(int ac, char **av)
@@ -2053,6 +2060,8 @@ main(int ac, char **av)
do_authenticated(authctxt);
/* The connection has been terminated. */
@ -642,7 +644,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
verbose("Transferred: sent %llu, received %llu bytes",
@@ -2368,8 +2377,20 @@ do_ssh2_kex(void)
@@ -2370,8 +2379,20 @@ do_ssh2_kex(void)
void
cleanup_exit(int i)
{

View File

@ -1,6 +1,6 @@
diff -up openssh-5.9p1/audit-bsm.c.audit5 openssh-5.9p1/audit-bsm.c
--- openssh-5.9p1/audit-bsm.c.audit5 2011-09-10 19:40:19.638521318 +0200
+++ openssh-5.9p1/audit-bsm.c 2011-09-10 19:40:21.675487204 +0200
--- openssh-5.9p1/audit-bsm.c.audit5 2011-09-13 22:07:31.262575526 +0200
+++ openssh-5.9p1/audit-bsm.c 2011-09-13 22:07:33.268491813 +0200
@@ -414,4 +414,22 @@ audit_session_key_free_body(int ctos, pi
{
/* not implemented */
@ -25,8 +25,8 @@ diff -up openssh-5.9p1/audit-bsm.c.audit5 openssh-5.9p1/audit-bsm.c
+}
#endif /* BSM */
diff -up openssh-5.9p1/audit-linux.c.audit5 openssh-5.9p1/audit-linux.c
--- openssh-5.9p1/audit-linux.c.audit5 2011-09-10 19:40:19.713521349 +0200
+++ openssh-5.9p1/audit-linux.c 2011-09-10 19:40:21.765473529 +0200
--- openssh-5.9p1/audit-linux.c.audit5 2011-09-13 22:07:31.400584308 +0200
+++ openssh-5.9p1/audit-linux.c 2011-09-13 22:07:33.357460348 +0200
@@ -350,4 +350,50 @@ audit_session_key_free_body(int ctos, pi
error("cannot write into audit");
}
@ -79,8 +79,8 @@ diff -up openssh-5.9p1/audit-linux.c.audit5 openssh-5.9p1/audit-linux.c
+}
#endif /* USE_LINUX_AUDIT */
diff -up openssh-5.9p1/audit.c.audit5 openssh-5.9p1/audit.c
--- openssh-5.9p1/audit.c.audit5 2011-09-10 19:40:19.814646179 +0200
+++ openssh-5.9p1/audit.c 2011-09-10 19:40:21.872459880 +0200
--- openssh-5.9p1/audit.c.audit5 2011-09-13 22:07:31.495458797 +0200
+++ openssh-5.9p1/audit.c 2011-09-13 22:07:33.478458341 +0200
@@ -290,5 +290,24 @@ audit_session_key_free_body(int ctos, pi
debug("audit session key discard euid %u direction %d from pid %ld uid %u",
(unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
@ -107,8 +107,8 @@ diff -up openssh-5.9p1/audit.c.audit5 openssh-5.9p1/audit.c
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.9p1/audit.h.audit5 openssh-5.9p1/audit.h
--- openssh-5.9p1/audit.h.audit5 2011-09-10 19:40:19.945521685 +0200
+++ openssh-5.9p1/audit.h 2011-09-10 19:40:21.990457118 +0200
--- openssh-5.9p1/audit.h.audit5 2011-09-13 22:07:31.616459125 +0200
+++ openssh-5.9p1/audit.h 2011-09-13 22:07:33.612458074 +0200
@@ -48,6 +48,8 @@ enum ssh_audit_event_type {
};
typedef enum ssh_audit_event_type ssh_audit_event_t;
@ -127,8 +127,8 @@ diff -up openssh-5.9p1/audit.h.audit5 openssh-5.9p1/audit.h
#endif /* _SSH_AUDIT_H */
diff -up openssh-5.9p1/key.c.audit5 openssh-5.9p1/key.c
--- openssh-5.9p1/key.c.audit5 2011-09-10 19:40:11.396460430 +0200
+++ openssh-5.9p1/key.c 2011-09-10 19:40:22.096459112 +0200
--- openssh-5.9p1/key.c.audit5 2011-09-13 22:07:23.054490740 +0200
+++ openssh-5.9p1/key.c 2011-09-13 22:07:33.721583661 +0200
@@ -1799,6 +1799,30 @@ key_demote(const Key *k)
}
@ -161,8 +161,8 @@ diff -up openssh-5.9p1/key.c.audit5 openssh-5.9p1/key.c
{
if (k == NULL)
diff -up openssh-5.9p1/key.h.audit5 openssh-5.9p1/key.h
--- openssh-5.9p1/key.h.audit5 2011-09-10 19:40:11.510460018 +0200
+++ openssh-5.9p1/key.h 2011-09-10 19:40:22.208459363 +0200
--- openssh-5.9p1/key.h.audit5 2011-09-13 22:07:23.160459285 +0200
+++ openssh-5.9p1/key.h 2011-09-13 22:07:33.847459341 +0200
@@ -109,6 +109,7 @@ Key *key_generate(int, u_int);
Key *key_from_private(const Key *);
int key_type_from_name(char *);
@ -172,8 +172,8 @@ diff -up openssh-5.9p1/key.h.audit5 openssh-5.9p1/key.h
int key_to_certified(Key *, int);
int key_drop_cert(Key *);
diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
--- openssh-5.9p1/monitor.c.audit5 2011-09-10 19:40:20.635514835 +0200
+++ openssh-5.9p1/monitor.c 2011-09-10 19:40:22.327585849 +0200
--- openssh-5.9p1/monitor.c.audit5 2011-09-13 22:07:32.285495537 +0200
+++ openssh-5.9p1/monitor.c 2011-09-13 22:10:04.148554239 +0200
@@ -114,6 +114,8 @@ extern Buffer auth_debug;
extern int auth_debug_init;
extern Buffer loginmsg;
@ -223,7 +223,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
#endif
{0, 0, NULL}
};
@@ -1720,6 +1727,8 @@ mm_answer_term(int sock, Buffer *req)
@@ -1716,6 +1723,8 @@ mm_answer_term(int sock, Buffer *req)
sshpam_cleanup();
#endif
@ -232,7 +232,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
if (errno != EINTR)
exit(1);
@@ -2466,4 +2475,24 @@ mm_answer_audit_session_key_free_body(in
@@ -2470,4 +2479,25 @@ mm_answer_audit_session_key_free_body(in
mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m);
return 0;
}
@ -251,6 +251,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
+
+ audit_destroy_sensitive_data(fp, pid, uid);
+
+ xfree(fp);
+ buffer_clear(m);
+
+ mm_request_send(sock, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, m);
@ -258,8 +259,8 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
+}
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.9p1/monitor.h.audit5 openssh-5.9p1/monitor.h
--- openssh-5.9p1/monitor.h.audit5 2011-09-10 19:40:20.741522656 +0200
+++ openssh-5.9p1/monitor.h 2011-09-10 19:40:22.440461159 +0200
--- openssh-5.9p1/monitor.h.audit5 2011-09-13 22:07:32.385522626 +0200
+++ openssh-5.9p1/monitor.h 2011-09-13 22:07:34.098459356 +0200
@@ -64,6 +64,7 @@ enum monitor_reqtype {
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
@ -269,8 +270,8 @@ diff -up openssh-5.9p1/monitor.h.audit5 openssh-5.9p1/monitor.h
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
diff -up openssh-5.9p1/monitor_wrap.c.audit5 openssh-5.9p1/monitor_wrap.c
--- openssh-5.9p1/monitor_wrap.c.audit5 2011-09-10 19:40:20.871609482 +0200
+++ openssh-5.9p1/monitor_wrap.c 2011-09-10 19:40:22.559458727 +0200
--- openssh-5.9p1/monitor_wrap.c.audit5 2011-09-13 22:07:32.510521163 +0200
+++ openssh-5.9p1/monitor_wrap.c 2011-09-13 22:07:34.610458275 +0200
@@ -1559,4 +1559,20 @@ mm_audit_session_key_free_body(int ctos,
&m);
buffer_free(&m);
@ -293,8 +294,8 @@ diff -up openssh-5.9p1/monitor_wrap.c.audit5 openssh-5.9p1/monitor_wrap.c
+}
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.9p1/monitor_wrap.h.audit5 openssh-5.9p1/monitor_wrap.h
--- openssh-5.9p1/monitor_wrap.h.audit5 2011-09-10 19:40:20.983521729 +0200
+++ openssh-5.9p1/monitor_wrap.h 2011-09-10 19:40:22.730460011 +0200
--- openssh-5.9p1/monitor_wrap.h.audit5 2011-09-13 22:07:32.607520810 +0200
+++ openssh-5.9p1/monitor_wrap.h 2011-09-13 22:07:34.716458214 +0200
@@ -81,6 +81,7 @@ void mm_audit_end_command(int, const cha
void mm_audit_unsupported_body(int);
void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
@ -304,8 +305,8 @@ diff -up openssh-5.9p1/monitor_wrap.h.audit5 openssh-5.9p1/monitor_wrap.h
struct Session;
diff -up openssh-5.9p1/session.c.audit5 openssh-5.9p1/session.c
--- openssh-5.9p1/session.c.audit5 2011-09-10 19:40:21.385531298 +0200
+++ openssh-5.9p1/session.c 2011-09-10 19:40:22.903583654 +0200
--- openssh-5.9p1/session.c.audit5 2011-09-13 22:07:32.973544819 +0200
+++ openssh-5.9p1/session.c 2011-09-13 22:07:34.849585578 +0200
@@ -136,7 +136,7 @@ extern int log_stderr;
extern int debug_flag;
extern u_int utmp_len;
@ -325,8 +326,8 @@ diff -up openssh-5.9p1/session.c.audit5 openssh-5.9p1/session.c
monitor over a single socket, with no synchronization. */
packet_destroy_all(0, 1);
diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
--- openssh-5.9p1/sshd.c.audit5 2011-09-10 19:40:21.520510716 +0200
+++ openssh-5.9p1/sshd.c 2011-09-10 19:42:06.573520393 +0200
--- openssh-5.9p1/sshd.c.audit5 2011-09-13 22:07:33.106516378 +0200
+++ openssh-5.9p1/sshd.c 2011-09-13 22:07:34.989470331 +0200
@@ -254,7 +254,7 @@ Buffer loginmsg;
struct passwd *privsep_pw = NULL;
@ -440,7 +441,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
}
/* Certs do not need demotion */
}
@@ -1143,6 +1193,7 @@ server_accept_loop(int *sock_in, int *so
@@ -1145,6 +1195,7 @@ server_accept_loop(int *sock_in, int *so
if (received_sigterm) {
logit("Received signal %d; terminating.",
(int) received_sigterm);

View File

@ -1,6 +1,6 @@
diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
--- openssh-5.9p1/auth-pam.c.coverity 2009-07-12 14:07:21.000000000 +0200
+++ openssh-5.9p1/auth-pam.c 2011-09-13 08:41:24.635521346 +0200
+++ openssh-5.9p1/auth-pam.c 2011-09-14 08:09:47.074520582 +0200
@@ -216,7 +216,12 @@ pthread_join(sp_pthread_t thread, void *
if (sshpam_thread_status != -1)
return (sshpam_thread_status);
@ -17,7 +17,7 @@ diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
#endif
diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
--- openssh-5.9p1/channels.c.coverity 2011-06-23 00:31:57.000000000 +0200
+++ openssh-5.9p1/channels.c 2011-09-13 08:26:11.771584519 +0200
+++ openssh-5.9p1/channels.c 2011-09-14 08:09:47.556582810 +0200
@@ -229,11 +229,11 @@ channel_register_fds(Channel *c, int rfd
channel_max_fd = MAX(channel_max_fd, wfd);
channel_max_fd = MAX(channel_max_fd, efd);
@ -50,8 +50,8 @@ diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
}
diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
--- openssh-5.9p1/clientloop.c.coverity 2011-06-23 00:31:58.000000000 +0200
+++ openssh-5.9p1/clientloop.c 2011-09-13 08:26:11.889458598 +0200
@@ -1970,6 +1970,7 @@ client_input_global_request(int type, u_
+++ openssh-5.9p1/clientloop.c 2011-09-14 08:17:41.556521887 +0200
@@ -1970,14 +1970,15 @@ client_input_global_request(int type, u_
char *rtype;
int want_reply;
int success = 0;
@ -59,9 +59,19 @@ diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
rtype = packet_get_string(NULL);
want_reply = packet_get_char();
debug("client_input_global_request: rtype %s want_reply %d",
rtype, want_reply);
if (want_reply) {
- packet_start(success ?
- SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
+ packet_start(/*success ?
+ SSH2_MSG_REQUEST_SUCCESS :*/ SSH2_MSG_REQUEST_FAILURE);
packet_send();
packet_write_wait();
}
diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
--- openssh-5.9p1/key.c.coverity 2011-05-20 11:03:08.000000000 +0200
+++ openssh-5.9p1/key.c 2011-09-13 08:26:12.000459857 +0200
+++ openssh-5.9p1/key.c 2011-09-14 08:09:47.803458435 +0200
@@ -803,8 +803,10 @@ key_read(Key *ret, char **cpp)
success = 1;
/*XXXX*/
@ -73,9 +83,19 @@ diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
/* advance cp: skip whitespace and data */
while (*cp == ' ' || *cp == '\t')
cp++;
diff -up openssh-5.9p1/misc.c.coverity openssh-5.9p1/misc.c
diff -up openssh-5.9p1/monitor.c.coverity openssh-5.9p1/monitor.c
--- openssh-5.9p1/monitor.c.coverity 2011-08-05 22:15:18.000000000 +0200
+++ openssh-5.9p1/monitor.c 2011-09-13 08:26:12.132583409 +0200
+++ openssh-5.9p1/monitor.c 2011-09-14 08:09:47.914584009 +0200
@@ -420,7 +420,7 @@ monitor_child_preauth(Authctxt *_authctx
}
/* Drain any buffered messages from the child */
- while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
+ while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
;
if (!authctxt->valid)
@@ -1161,6 +1161,10 @@ mm_answer_keyallowed(int sock, Buffer *m
break;
}
@ -97,9 +117,26 @@ diff -up openssh-5.9p1/monitor.c.coverity openssh-5.9p1/monitor.c
buffer_clear(m);
buffer_put_int(m, allowed);
buffer_put_int(m, forced_command != NULL);
diff -up openssh-5.9p1/monitor_wrap.c.coverity openssh-5.9p1/monitor_wrap.c
--- openssh-5.9p1/monitor_wrap.c.coverity 2011-09-14 08:11:36.480500123 +0200
+++ openssh-5.9p1/monitor_wrap.c 2011-09-14 08:14:11.279520598 +0200
@@ -707,10 +707,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd,
if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
(tmp2 = dup(pmonitor->m_recvfd)) == -1) {
error("%s: cannot allocate fds for pty", __func__);
- if (tmp1 > 0)
+ if (tmp1 >= 0)
close(tmp1);
- if (tmp2 > 0)
- close(tmp2);
+ /*DEAD CODE if (tmp2 >= 0)
+ close(tmp2);*/
return 0;
}
close(tmp1);
diff -up openssh-5.9p1/openbsd-compat/bindresvport.c.coverity openssh-5.9p1/openbsd-compat/bindresvport.c
--- openssh-5.9p1/openbsd-compat/bindresvport.c.coverity 2010-12-03 00:50:26.000000000 +0100
+++ openssh-5.9p1/openbsd-compat/bindresvport.c 2011-09-13 08:26:12.298464549 +0200
+++ openssh-5.9p1/openbsd-compat/bindresvport.c 2011-09-14 08:09:48.084459344 +0200
@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
struct sockaddr_in6 *in6;
u_int16_t *portp;
@ -111,7 +148,7 @@ diff -up openssh-5.9p1/openbsd-compat/bindresvport.c.coverity openssh-5.9p1/open
if (sa == NULL) {
diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
--- openssh-5.9p1/packet.c.coverity 2011-05-15 00:58:15.000000000 +0200
+++ openssh-5.9p1/packet.c 2011-09-13 08:26:12.405461249 +0200
+++ openssh-5.9p1/packet.c 2011-09-14 08:09:48.184587842 +0200
@@ -1177,6 +1177,7 @@ packet_read_poll1(void)
case DEATTACK_DETECTED:
packet_disconnect("crc32 compensation attack: "
@ -131,7 +168,7 @@ diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
--- openssh-5.9p1/progressmeter.c.coverity 2006-08-05 04:39:40.000000000 +0200
+++ openssh-5.9p1/progressmeter.c 2011-09-13 08:26:12.511520013 +0200
+++ openssh-5.9p1/progressmeter.c 2011-09-14 08:09:48.300586004 +0200
@@ -65,7 +65,7 @@ static void update_progress_meter(int);
static time_t start; /* start progress */
@ -152,7 +189,7 @@ diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
file = f;
diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
--- openssh-5.9p1/progressmeter.h.coverity 2006-03-26 05:30:02.000000000 +0200
+++ openssh-5.9p1/progressmeter.h 2011-09-13 08:26:12.630521541 +0200
+++ openssh-5.9p1/progressmeter.h 2011-09-14 08:09:48.420645724 +0200
@@ -23,5 +23,5 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
@ -162,7 +199,7 @@ diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
void stop_progress_meter(void);
diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
--- openssh-5.9p1/scp.c.coverity 2011-01-06 12:41:21.000000000 +0100
+++ openssh-5.9p1/scp.c 2011-09-13 08:26:12.748520967 +0200
+++ openssh-5.9p1/scp.c 2011-09-14 08:09:48.531505457 +0200
@@ -155,7 +155,7 @@ killchild(int signo)
{
if (do_cmd_pid > 1) {
@ -174,7 +211,16 @@ diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
if (signo)
diff -up openssh-5.9p1/servconf.c.coverity openssh-5.9p1/servconf.c
--- openssh-5.9p1/servconf.c.coverity 2011-06-23 00:30:03.000000000 +0200
+++ openssh-5.9p1/servconf.c 2011-09-13 08:26:12.854521290 +0200
+++ openssh-5.9p1/servconf.c 2011-09-14 08:30:17.557468182 +0200
@@ -609,7 +609,7 @@ match_cfg_line(char **condition, int lin
debug3("checking syntax for 'Match %s'", cp);
else
debug3("checking match for '%s' user %s host %s addr %s", cp,
- user ? user : "(null)", host ? host : "(null)",
+ user /* User is not NULL ? user : "(null)" */, host ? host : "(null)",
address ? address : "(null)");
while ((attrib = strdelim(&cp)) && *attrib != '\0') {
@@ -1171,7 +1171,7 @@ process_server_config_line(ServerOptions
fatal("%s line %d: Missing subsystem name.",
filename, linenum);
@ -184,9 +230,21 @@ diff -up openssh-5.9p1/servconf.c.coverity openssh-5.9p1/servconf.c
break;
}
for (i = 0; i < options->num_subsystems; i++)
@@ -1262,8 +1262,9 @@ process_server_config_line(ServerOptions
if (*activep && *charptr == NULL) {
*charptr = tilde_expand_filename(arg, getuid());
/* increase optional counter */
- if (intptr != NULL)
- *intptr = *intptr + 1;
+ /* DEAD CODE intptr is still NULL ;)
+ if (intptr != NULL)
+ *intptr = *intptr + 1; */
}
break;
diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
--- openssh-5.9p1/serverloop.c.coverity 2011-05-20 11:02:50.000000000 +0200
+++ openssh-5.9p1/serverloop.c 2011-09-13 08:26:12.968645756 +0200
+++ openssh-5.9p1/serverloop.c 2011-09-14 08:09:48.793586380 +0200
@@ -147,13 +147,13 @@ notify_setup(void)
static void
notify_parent(void)
@ -298,7 +356,7 @@ diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
tun = forced_tun_device;
diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
--- openssh-5.9p1/sftp-client.c.coverity 2010-12-04 23:02:48.000000000 +0100
+++ openssh-5.9p1/sftp-client.c 2011-09-13 08:26:13.083520760 +0200
+++ openssh-5.9p1/sftp-client.c 2011-09-14 08:09:48.910470343 +0200
@@ -149,7 +149,7 @@ get_msg(struct sftp_conn *conn, Buffer *
}
@ -523,7 +581,7 @@ diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
size_t len = strlen(p1) + strlen(p2) + 2;
diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
--- openssh-5.9p1/sftp-client.h.coverity 2010-12-04 23:02:48.000000000 +0100
+++ openssh-5.9p1/sftp-client.h 2011-09-13 08:26:13.181525164 +0200
+++ openssh-5.9p1/sftp-client.h 2011-09-14 08:09:49.021583940 +0200
@@ -56,49 +56,49 @@ struct sftp_conn *do_init(int, int, u_in
u_int sftp_proto_version(struct sftp_conn *);
@ -623,7 +681,7 @@ diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
#endif
diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
--- openssh-5.9p1/sftp.c.coverity 2010-12-04 23:02:48.000000000 +0100
+++ openssh-5.9p1/sftp.c 2011-09-13 08:26:13.311521187 +0200
+++ openssh-5.9p1/sftp.c 2011-09-14 08:09:49.468493585 +0200
@@ -206,7 +206,7 @@ killchild(int signo)
{
if (sshpid > 1) {
@ -738,7 +796,7 @@ diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
char s_used[FMT_SCALED_STRSIZE];
diff -up openssh-5.9p1/ssh-agent.c.coverity openssh-5.9p1/ssh-agent.c
--- openssh-5.9p1/ssh-agent.c.coverity 2011-06-03 06:14:16.000000000 +0200
+++ openssh-5.9p1/ssh-agent.c 2011-09-13 08:26:13.416521025 +0200
+++ openssh-5.9p1/ssh-agent.c 2011-09-14 08:09:49.572460295 +0200
@@ -1147,8 +1147,8 @@ main(int ac, char **av)
sanitise_stdfd();
@ -752,8 +810,20 @@ diff -up openssh-5.9p1/ssh-agent.c.coverity openssh-5.9p1/ssh-agent.c
/* Disable ptrace on Linux without sgid bit */
diff -up openssh-5.9p1/sshd.c.coverity openssh-5.9p1/sshd.c
--- openssh-5.9p1/sshd.c.coverity 2011-06-23 11:45:51.000000000 +0200
+++ openssh-5.9p1/sshd.c 2011-09-13 08:26:13.565519531 +0200
@@ -1302,6 +1302,9 @@ server_accept_loop(int *sock_in, int *so
+++ openssh-5.9p1/sshd.c 2011-09-14 08:09:49.687509968 +0200
@@ -676,8 +676,10 @@ privsep_preauth(Authctxt *authctxt)
if (getuid() == 0 || geteuid() == 0)
privsep_preauth_child();
setproctitle("%s", "[net]");
- if (box != NULL)
+ if (box != NULL) {
ssh_sandbox_child(box);
+ xfree(box);
+ }
return 0;
}
@@ -1302,6 +1304,9 @@ server_accept_loop(int *sock_in, int *so
if (num_listen_socks < 0)
break;
}
@ -763,7 +833,7 @@ diff -up openssh-5.9p1/sshd.c.coverity openssh-5.9p1/sshd.c
}
@@ -1774,7 +1777,7 @@ main(int ac, char **av)
@@ -1774,7 +1779,7 @@ main(int ac, char **av)
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */

View File

@ -26,7 +26,7 @@ diff -up openssh-5.9p1/configure.ac.sesandbox openssh-5.9p1/configure.ac
AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
SANDBOX_STYLE="darwin"
AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
+elif test "x$sandbox_arg" = "xselinux" \\
+elif test "x$sandbox_arg" = "xselinux" || \
+ test "x$WITH_SELINUX" = "x1"; then
+ SANDBOX_STYLE="selinux"
+ AC_DEFINE([SANDBOX_SELINUX], [1], [Sandbox using selinux(8)])
@ -105,7 +105,7 @@ diff -up openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox openssh-5.9p1/openb
diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux.c
--- openssh-5.9p1/sandbox-selinux.c.sesandbox 2011-09-13 16:01:08.715520826 +0200
+++ openssh-5.9p1/sandbox-selinux.c 2011-09-13 16:20:02.463511312 +0200
@@ -0,0 +1,120 @@
@@ -0,0 +1,121 @@
+/* $Id: sandbox-selinux.c,v 1.0 2011/01/17 10:15:30 jfch Exp $ */
+
+/*
@ -148,11 +148,12 @@ diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/resource.h>
+
+#include "log.h"
+#include "ssh-sandbox.h"
+#include "xmalloc.h"
+#include "openbsd-comnpat/port-linux.h"
+#include "openbsd-compat/port-linux.h"
+
+/* selinux based sandbox */
+

78
openssh-5.9p1-wIm.patch Normal file
View File

@ -0,0 +1,78 @@
diff -up openssh-5.9p1/Makefile.in.wIm openssh-5.9p1/Makefile.in
--- openssh-5.9p1/Makefile.in.wIm 2011-08-05 22:15:18.000000000 +0200
+++ openssh-5.9p1/Makefile.in 2011-09-12 16:24:18.643674014 +0200
@@ -66,7 +66,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o md-sha256.o moduli.o nchan.o packet.o \
- readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
+ readpass.o rsa.o ttymodes.o whereIam.o xmalloc.o addrmatch.o \
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
diff -up openssh-5.9p1/log.h.wIm openssh-5.9p1/log.h
--- openssh-5.9p1/log.h.wIm 2011-06-20 06:42:23.000000000 +0200
+++ openssh-5.9p1/log.h 2011-09-12 16:34:52.984674326 +0200
@@ -65,6 +65,8 @@ void verbose(const char *, ...) __at
void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
void debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
+void _debug_wIm_body(const char *, int, const char *, const char *, int);
+#define debug_wIm(a,b) _debug_wIm_body(a,b,__func__,__FILE__,__LINE__)
void set_log_handler(log_handler_fn *, void *);
diff -up openssh-5.9p1/sshd.c.wIm openssh-5.9p1/sshd.c
--- openssh-5.9p1/sshd.c.wIm 2011-06-23 11:45:51.000000000 +0200
+++ openssh-5.9p1/sshd.c 2011-09-12 16:38:35.787816490 +0200
@@ -140,6 +140,9 @@ int deny_severity;
extern char *__progname;
+/* trace of fork processes */
+extern int whereIam;
+
/* Server configuration options. */
ServerOptions options;
@@ -666,6 +669,7 @@ privsep_preauth(Authctxt *authctxt)
return 1;
} else {
/* child */
+ whereIam = 1;
close(pmonitor->m_sendfd);
close(pmonitor->m_log_recvfd);
@@ -715,6 +719,7 @@ privsep_postauth(Authctxt *authctxt)
/* child */
+ whereIam = 2;
close(pmonitor->m_sendfd);
pmonitor->m_sendfd = -1;
@@ -1325,6 +1330,8 @@ main(int ac, char **av)
Key *key;
Authctxt *authctxt;
+ whereIam = 0;
+
#ifdef HAVE_SECUREWARE
(void)set_auth_parameters(ac, av);
#endif
diff -up openssh-5.9p1/whereIam.c.wIm openssh-5.9p1/whereIam.c
--- openssh-5.9p1/whereIam.c.wIm 2011-09-12 16:24:18.722674167 +0200
+++ openssh-5.9p1/whereIam.c 2011-09-12 16:24:18.724674418 +0200
@@ -0,0 +1,12 @@
+
+int whereIam = -1;
+
+void _debug_wIm_body(const char *txt, int val, const char *func, const char *file, int line)
+{
+ if (txt)
+ debug("%s=%d, %s(%s:%d) wIm = %d, uid=%d, euid=%d", txt, val, func, file, line, whereIam, getuid(), geteuid());
+ else
+ debug("%s(%s:%d) wIm = %d, uid=%d, euid=%d", func, file, line, whereIam, getuid(), geteuid());
+}
+
+

View File

@ -34,10 +34,6 @@
# Do we want LDAP support
%define ldap 1
# Do we want NSS tokens support
# NSS support is broken from 5.4p1
%define nss 0
# Whether or not /sbin/nologin exists.
%define nologin 1
@ -79,7 +75,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%define openssh_ver 5.9p1
%define openssh_rel 8
%define openssh_rel 9
%define pam_ssh_agent_ver 0.9.2
%define pam_ssh_agent_rel 32
@ -109,7 +105,7 @@ Source11: sshd.service
Source13: sshd-keygen
# Internal debug
Patch0: openssh-5.8p1-wIm.patch
Patch0: openssh-5.9p1-wIm.patch
#?
Patch100: openssh-5.9p1-coverity.patch
@ -251,10 +247,6 @@ BuildRequires: krb5-devel
BuildRequires: libedit-devel ncurses-devel
%endif
%if %{nss}
BuildRequires: nss-devel
%endif
%if %{WITH_SELINUX}
Requires: libselinux >= 1.27.7
BuildRequires: libselinux-devel >= 1.27.7
@ -505,9 +497,6 @@ fi
--with-ssl-engine \
--with-authorized-keys-command \
--with-ipaddr-display \
%if %{nss}
--with-nss \
%endif
%if %{scard}
--with-smartcard \
%endif
@ -520,7 +509,7 @@ fi
--with-pam \
%endif
%if %{WITH_SELINUX}
--with-selinux --with-audit=linux --with-sandbox-style=selinux \
--with-selinux --with-audit=linux --with-sandbox=selinux \
%endif
%if %{kerberos5}
--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
@ -622,11 +611,6 @@ rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.*
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
rm -f README.nss.nss-keys
%if ! %{nss}
rm -f README.nss
%endif
%if %{pam_ssh_agent}
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
make install DESTDIR=$RPM_BUILD_ROOT
@ -789,6 +773,11 @@ fi
%endif
%changelog
* Wed Sep 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-9 + 0.9.2-32
- coverity upgrade
- wipe off nonfunctional nss
- selinux sandbox tweaking
* Tue Sep 13 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-8 + 0.9.2-32
- coverity upgrade
- experimental selinux sandbox