- clean the data structures in the privileged process

2011-02-02 09:28:26 +01:00 · 2011-02-02 09:28:26 +01:00 · f32d86bd8a
commit f32d86bd8a
parent 6f931660c8
3 changed files with 57 additions and 39 deletions
--- a/openssh-5.6p1-audit5.patch
+++ b/openssh-5.6p1-audit5.patch
@ -1,6 +1,6 @@
 diff -up openssh-5.6p1/audit-bsm.c.audit5 openssh-5.6p1/audit-bsm.c
--- openssh-5.6p1/audit-bsm.c.audit5	2011-01-31 16:03:38.000000000 +0100
-+++ openssh-5.6p1/audit-bsm.c	2011-01-31 16:03:38.000000000 +0100
+--- openssh-5.6p1/audit-bsm.c.audit5	2011-02-02 08:23:04.000000000 +0100
+++ openssh-5.6p1/audit-bsm.c	2011-02-02 08:23:05.000000000 +0100
@@ -401,4 +401,10 @@ audit_session_key_free_body(int ctos)
 {
 	/* not implemented */
@ -13,8 +13,8 @@ diff -up openssh-5.6p1/audit-bsm.c.audit5 openssh-5.6p1/audit-bsm.c
 +}
 #endif /* BSM */
 diff -up openssh-5.6p1/audit.c.audit5 openssh-5.6p1/audit.c
--- openssh-5.6p1/audit.c.audit5	2011-01-31 16:03:38.000000000 +0100
-+++ openssh-5.6p1/audit.c	2011-01-31 16:03:38.000000000 +0100
+--- openssh-5.6p1/audit.c.audit5	2011-02-02 08:23:04.000000000 +0100
+++ openssh-5.6p1/audit.c	2011-02-02 08:23:05.000000000 +0100
@@ -268,5 +268,14 @@ audit_session_key_free_body(int ctos)
 {
 	debug("audit session key discard euid %d direction %d", geteuid(), ctos);
@ -31,8 +31,8 @@ diff -up openssh-5.6p1/audit.c.audit5 openssh-5.6p1/audit.c
 # endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.6p1/audit.h.audit5 openssh-5.6p1/audit.h
--- openssh-5.6p1/audit.h.audit5	2011-01-31 16:03:38.000000000 +0100
-+++ openssh-5.6p1/audit.h	2011-01-31 16:03:38.000000000 +0100
+--- openssh-5.6p1/audit.h.audit5	2011-02-02 08:23:04.000000000 +0100
+++ openssh-5.6p1/audit.h	2011-02-02 08:23:05.000000000 +0100
@@ -62,5 +62,6 @@ void	audit_unsupported_body(int);
 void	audit_kex_body(int, char *, char *, char *);
 void	audit_session_key_free(int ctos);
@ -41,8 +41,8 @@ diff -up openssh-5.6p1/audit.h.audit5 openssh-5.6p1/audit.h
 
 #endif /* _SSH_AUDIT_H */
 diff -up openssh-5.6p1/audit-linux.c.audit5 openssh-5.6p1/audit-linux.c
--- openssh-5.6p1/audit-linux.c.audit5	2011-01-31 16:03:38.000000000 +0100
-+++ openssh-5.6p1/audit-linux.c	2011-01-31 16:03:38.000000000 +0100
+--- openssh-5.6p1/audit-linux.c.audit5	2011-02-02 08:23:04.000000000 +0100
+++ openssh-5.6p1/audit-linux.c	2011-02-02 08:23:05.000000000 +0100
@@ -226,4 +226,26 @@ audit_session_key_free_body(int ctos)
 		error("cannot write into audit");
 }
@ -71,8 +71,8 @@ diff -up openssh-5.6p1/audit-linux.c.audit5 openssh-5.6p1/audit-linux.c
 +
 #endif /* USE_LINUX_AUDIT */
 diff -up openssh-5.6p1/kex.c.audit5 openssh-5.6p1/kex.c
--- openssh-5.6p1/kex.c.audit5	2011-01-31 16:03:37.000000000 +0100
-+++ openssh-5.6p1/kex.c	2011-01-31 16:03:38.000000000 +0100
+--- openssh-5.6p1/kex.c.audit5	2011-02-02 08:23:04.000000000 +0100
+++ openssh-5.6p1/kex.c	2011-02-02 08:36:45.000000000 +0100
@@ -592,3 +592,34 @@ dump_digest(char *msg, u_char *digest, i
 	fprintf(stderr, "\n");
 }
@ -110,7 +110,7 @@ diff -up openssh-5.6p1/kex.c.audit5 openssh-5.6p1/kex.c
 +
 diff -up openssh-5.6p1/kex.h.audit5 openssh-5.6p1/kex.h
 --- openssh-5.6p1/kex.h.audit5	2010-02-26 21:55:05.000000000 +0100
-+++ openssh-5.6p1/kex.h	2011-01-31 16:03:38.000000000 +0100
+++ openssh-5.6p1/kex.h	2011-02-02 08:23:05.000000000 +0100
@@ -146,6 +146,8 @@ void	 kexdh_server(Kex *);
 void	 kexgex_client(Kex *);
 void	 kexgex_server(Kex *);
@ -122,8 +122,8 @@ diff -up openssh-5.6p1/kex.h.audit5 openssh-5.6p1/kex.h
     BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
 diff -up openssh-5.6p1/mac.c.audit5 openssh-5.6p1/mac.c
 --- openssh-5.6p1/mac.c.audit5	2008-06-13 02:58:50.000000000 +0200
-+++ openssh-5.6p1/mac.c	2011-01-31 16:03:38.000000000 +0100
-@@ -162,6 +162,22 @@ mac_clear(Mac *mac)
+++ openssh-5.6p1/mac.c	2011-02-02 08:25:02.000000000 +0100
+@@ -162,6 +162,20 @@ mac_clear(Mac *mac)
 	mac->umac_ctx = NULL;
 }
 
@ -133,8 +133,6 @@ diff -up openssh-5.6p1/mac.c.audit5 openssh-5.6p1/mac.c
 +	if (mac == NULL)
 +		return;
 +
-+	mac_clear(mac);
-+
 +	if (mac->key) {
 +		memset(mac->key, 0, mac->key_len);
 +		xfree(mac->key);
@ -148,15 +146,15 @@ diff -up openssh-5.6p1/mac.c.audit5 openssh-5.6p1/mac.c
 int
 diff -up openssh-5.6p1/mac.h.audit5 openssh-5.6p1/mac.h
 --- openssh-5.6p1/mac.h.audit5	2007-06-11 06:01:42.000000000 +0200
-+++ openssh-5.6p1/mac.h	2011-01-31 16:03:38.000000000 +0100
+++ openssh-5.6p1/mac.h	2011-02-02 08:23:05.000000000 +0100
@@ -28,3 +28,4 @@ int	 mac_setup(Mac *, char *);
 int	 mac_init(Mac *);
 u_char	*mac_compute(Mac *, u_int32_t, u_char *, int);
 void	 mac_clear(Mac *);
 +void	 mac_destroy(Mac *);
 diff -up openssh-5.6p1/monitor.c.audit5 openssh-5.6p1/monitor.c
--- openssh-5.6p1/monitor.c.audit5	2011-01-31 16:03:38.000000000 +0100
-+++ openssh-5.6p1/monitor.c	2011-01-31 16:03:38.000000000 +0100
+--- openssh-5.6p1/monitor.c.audit5	2011-02-02 08:23:05.000000000 +0100
+++ openssh-5.6p1/monitor.c	2011-02-02 08:23:05.000000000 +0100
@@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer 
 int mm_answer_audit_unsupported_body(int, Buffer *);
 int mm_answer_audit_kex_body(int, Buffer *);
@ -214,8 +212,8 @@ diff -up openssh-5.6p1/monitor.c.audit5 openssh-5.6p1/monitor.c
 +}
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.6p1/monitor.h.audit5 openssh-5.6p1/monitor.h
--- openssh-5.6p1/monitor.h.audit5	2011-01-31 16:03:38.000000000 +0100
-+++ openssh-5.6p1/monitor.h	2011-01-31 16:03:38.000000000 +0100
+--- openssh-5.6p1/monitor.h.audit5	2011-02-02 08:23:05.000000000 +0100
+++ openssh-5.6p1/monitor.h	2011-02-02 08:23:05.000000000 +0100
@@ -69,6 +69,7 @@ enum monitor_reqtype {
 	MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
 	MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
@ -225,8 +223,8 @@ diff -up openssh-5.6p1/monitor.h.audit5 openssh-5.6p1/monitor.h
 
 struct mm_master;
 diff -up openssh-5.6p1/monitor_wrap.c.audit5 openssh-5.6p1/monitor_wrap.c
--- openssh-5.6p1/monitor_wrap.c.audit5	2011-01-31 16:03:38.000000000 +0100
-+++ openssh-5.6p1/monitor_wrap.c	2011-01-31 16:03:38.000000000 +0100
+--- openssh-5.6p1/monitor_wrap.c.audit5	2011-02-02 08:23:05.000000000 +0100
+++ openssh-5.6p1/monitor_wrap.c	2011-02-02 08:23:05.000000000 +0100
@@ -1458,4 +1458,16 @@ mm_audit_session_key_free_body(int ctos)
 				  &m);
 	buffer_free(&m);
@ -245,8 +243,8 @@ diff -up openssh-5.6p1/monitor_wrap.c.audit5 openssh-5.6p1/monitor_wrap.c
 +}
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.6p1/monitor_wrap.h.audit5 openssh-5.6p1/monitor_wrap.h
--- openssh-5.6p1/monitor_wrap.h.audit5	2011-01-31 16:03:38.000000000 +0100
-+++ openssh-5.6p1/monitor_wrap.h	2011-01-31 16:03:38.000000000 +0100
+--- openssh-5.6p1/monitor_wrap.h.audit5	2011-02-02 08:23:05.000000000 +0100
+++ openssh-5.6p1/monitor_wrap.h	2011-02-02 08:23:05.000000000 +0100
@@ -77,6 +77,7 @@ void mm_audit_run_command(const char *);
 void mm_audit_unsupported_body(int);
 void mm_audit_kex_body(int, char *, char *, char *);
@ -256,8 +254,8 @@ diff -up openssh-5.6p1/monitor_wrap.h.audit5 openssh-5.6p1/monitor_wrap.h
 
 struct Session;
 diff -up openssh-5.6p1/packet.c.audit5 openssh-5.6p1/packet.c
--- openssh-5.6p1/packet.c.audit5	2011-01-31 16:03:38.000000000 +0100
-+++ openssh-5.6p1/packet.c	2011-01-31 16:03:38.000000000 +0100
+--- openssh-5.6p1/packet.c.audit5	2011-02-02 08:23:05.000000000 +0100
+++ openssh-5.6p1/packet.c	2011-02-02 08:23:05.000000000 +0100
@@ -60,6 +60,7 @@
 #include <signal.h>
 
@ -316,7 +314,7 @@ diff -up openssh-5.6p1/packet.c.audit5 openssh-5.6p1/packet.c
 +}
 diff -up openssh-5.6p1/packet.h.audit5 openssh-5.6p1/packet.h
 --- openssh-5.6p1/packet.h.audit5	2009-07-05 23:11:13.000000000 +0200
-+++ openssh-5.6p1/packet.h	2011-01-31 16:03:38.000000000 +0100
+++ openssh-5.6p1/packet.h	2011-02-02 08:23:05.000000000 +0100
@@ -115,4 +115,5 @@ void	 packet_restore_state(void);
 void	*packet_get_input(void);
 void	*packet_get_output(void);
@ -325,7 +323,7 @@ diff -up openssh-5.6p1/packet.h.audit5 openssh-5.6p1/packet.h
 #endif				/* PACKET_H */
 diff -up openssh-5.6p1/session.c.audit5 openssh-5.6p1/session.c
 --- openssh-5.6p1/session.c.audit5	2010-06-26 02:00:15.000000000 +0200
-+++ openssh-5.6p1/session.c	2011-01-31 16:03:38.000000000 +0100
+++ openssh-5.6p1/session.c	2011-02-02 08:23:05.000000000 +0100
@@ -1677,6 +1677,7 @@ do_child(Session *s, const char *command
 
 	/* remove hostkey from the child's memory */
@ -335,9 +333,9 @@ diff -up openssh-5.6p1/session.c.audit5 openssh-5.6p1/session.c
 	/* Force a password change */
 	if (s->authctxt->force_pwchange) {
 diff -up openssh-5.6p1/sshd.c.audit5 openssh-5.6p1/sshd.c
--- openssh-5.6p1/sshd.c.audit5	2011-01-31 16:03:38.000000000 +0100
-+++ openssh-5.6p1/sshd.c	2011-01-31 16:12:52.000000000 +0100
-@@ -582,6 +582,7 @@ demote_sensitive_data(void)
+--- openssh-5.6p1/sshd.c.audit5	2011-02-02 08:23:04.000000000 +0100
+++ openssh-5.6p1/sshd.c	2011-02-02 08:35:25.000000000 +0100
+@@ -579,6 +579,7 @@ demote_sensitive_data(void)
 		}
 		/* Certs do not need demotion */
 	}
@ -345,25 +343,45 @@ diff -up openssh-5.6p1/sshd.c.audit5 openssh-5.6p1/sshd.c
 
 	/* We do not clear ssh1_host key and cookie.  XXX - Okay Niels? */
 }
-@@ -692,6 +693,8 @@ privsep_postauth(Authctxt *authctxt)
+@@ -663,6 +664,8 @@ privsep_preauth(Authctxt *authctxt)
+ 	return (0);
+ }
+ 
+extern Newkeys *current_keys[];
+
+ static void
+ privsep_postauth(Authctxt *authctxt)
+ {
+@@ -688,6 +691,10 @@ privsep_postauth(Authctxt *authctxt)
 		verbose("User child is on pid %ld", (long)pmonitor->m_pid);
 		close(pmonitor->m_recvfd);
 		buffer_clear(&loginmsg);
+ 		newkeys_destroy(current_keys[MODE_OUT]);
+		newkeys_destroy(current_keys[MODE_IN]);
 +		packet_destroy_all();
-+		audit_destroy_sensitive_data();
+		audit_session_key_free_body(2);
 		monitor_child_postauth(pmonitor);
 
 		/* NEVERREACHED */
-@@ -1977,6 +1980,8 @@ main(int ac, char **av)
+@@ -709,6 +716,7 @@ privsep_postauth(Authctxt *authctxt)
+  skip:
+ 	/* It is safe now to apply the key state */
+ 	monitor_apply_keystate(pmonitor);
+//drop here ??
+ 
+ 	/*
+ 	 * Tell the packet layer that authentication was successful, since
+@@ -1970,6 +1978,9 @@ main(int ac, char **av)
 	 */
 	if (use_privsep) {
 		mm_send_keystate(pmonitor);
+//umac_clear
 +		packet_destroy_all();
 +		audit_session_key_free(2);
 		exit(0);
 	}
 
-@@ -2018,8 +2023,10 @@ main(int ac, char **av)
+@@ -2011,8 +2022,10 @@ main(int ac, char **av)
 	if (use_privsep) {
 		privsep_postauth(authctxt);
 		/* the monitor process [priv] will not return */
@ -375,7 +393,7 @@ diff -up openssh-5.6p1/sshd.c.audit5 openssh-5.6p1/sshd.c
 	}
 
 	packet_set_timeout(options.client_alive_interval,
-@@ -2256,6 +2263,7 @@ do_ssh1_kex(void)
+@@ -2249,6 +2262,7 @@ do_ssh1_kex(void)
 	}
 	/* Destroy the private and public keys. No longer. */
 	destroy_sensitive_data();
--- a/openssh-5.6p1-wIm.patch
+++ b/openssh-5.6p1-wIm.patch
@ -68,7 +68,7 @@ diff -up openssh-5.6p1/whereIam.c.wIm openssh-5.6p1/whereIam.c
 +
 +void debug_wIm(const char *txt)
 +{
-+	debug("%s wIm = %d, euid=%d", txt, whereIam, geteuid());
+	debug("%s: %s wIm = %d, euid=%d", txt, __func__, whereIam, geteuid());
 +}
 +
 +
--- a/openssh.spec
+++ b/openssh.spec
@ -71,7 +71,7 @@

 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.6p1
-%define openssh_rel 26
+%define openssh_rel 27
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 29

@ -603,7 +603,7 @@ fi
 %endif

 %changelog
-* Mon Jan 31 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-26 + 0.9.2-29
+* Tue Feb  1 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-27 + 0.9.2-29
 - clean the data structures in the privileged process

 * Tue Jan 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-25 + 0.9.2-29