Bump from 0.7.5 to 0.7.6. Upstream changelog: Fixed CVE-2018-10933 Added support for OpenSSL 1.1 Added SHA256 support for ssh_get_publickey_hash() Fixed config parsing Fixed random memory corruption when importing pubkeys Backported upstream patches since 0.7.6 to fix interactive authentication issues amongst other things: 9d5cf209 libcrypto: Fix memory leak in evp_final() 10397321 gssapi: Set correct state after sending GSSAPI_RESPONSE (select mechanism OID) 7ad80ba1 server: Fix compile error acb0e4f4 examples: Explicitly track auth state in samplesshd-kbdint 3fe7510b messages: Check that the requested service is 'ssh-connection' 734e3ce6 server: Set correct state after sending INFO_REQUEST (Kbd Interactive) e4c6d591 packet: Add missing break in ssh_packet_incoming_filter() f81ca616 misc: Add strndup implementation if not provides by the OS Refresh patches. Remove local backport for OpenSSL 1.1 support as is now in release Remove PKG_INSTALL & CMAKE vars that are defaulted anyway Add PKG_CPE_ID:=cpe:/a:libssh:libssh for CVE tracking Remove BROKEN tag as is no longer broken Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>lilik-openwrt-22.03
@ -0,0 +1,83 @@ | |||
From f81ca6161223e3566ce78a427571235fb6848fe9 Mon Sep 17 00:00:00 2001 | |||
From: Andreas Schneider <asn@cryptomilk.org> | |||
Date: Wed, 29 Aug 2018 18:41:15 +0200 | |||
Subject: [PATCH 1/8] misc: Add strndup implementation if not provides by the | |||
OS | |||
Fixes T112 | |||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||
(cherry picked from commit 247983e9820fd264cb5a59c14cc12846c028bd08) | |||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||
--- | |||
ConfigureChecks.cmake | 1 + | |||
config.h.cmake | 3 +++ | |||
include/libssh/priv.h | 4 ++++ | |||
src/misc.c | 21 +++++++++++++++++++++ | |||
4 files changed, 29 insertions(+) | |||
--- a/ConfigureChecks.cmake | |||
+++ b/ConfigureChecks.cmake | |||
@@ -115,6 +115,7 @@ endif (NOT WITH_GCRYPT) | |||
check_function_exists(isblank HAVE_ISBLANK) | |||
check_function_exists(strncpy HAVE_STRNCPY) | |||
+check_function_exists(strndup HAVE_STRNDUP) | |||
check_function_exists(strtoull HAVE_STRTOULL) | |||
if (NOT WIN32) | |||
--- a/config.h.cmake | |||
+++ b/config.h.cmake | |||
@@ -103,6 +103,9 @@ | |||
/* Define to 1 if you have the `strncpy' function. */ | |||
#cmakedefine HAVE_STRNCPY 1 | |||
+/* Define to 1 if you have the `strndup' function. */ | |||
+#cmakedefine HAVE_STRNDUP 1 | |||
+ | |||
/* Define to 1 if you have the `cfmakeraw' function. */ | |||
#cmakedefine HAVE_CFMAKERAW 1 | |||
--- a/include/libssh/priv.h | |||
+++ b/include/libssh/priv.h | |||
@@ -43,6 +43,10 @@ | |||
# endif | |||
#endif /* !defined(HAVE_STRTOULL) */ | |||
+#if !defined(HAVE_STRNDUP) | |||
+char *strndup(const char *s, size_t n); | |||
+#endif /* ! HAVE_STRNDUP */ | |||
+ | |||
#ifdef HAVE_BYTESWAP_H | |||
#include <byteswap.h> | |||
#endif | |||
--- a/src/misc.c | |||
+++ b/src/misc.c | |||
@@ -1028,6 +1028,27 @@ int ssh_match_group(const char *group, c | |||
return 0; | |||
} | |||
+#if !defined(HAVE_STRNDUP) | |||
+char *strndup(const char *s, size_t n) | |||
+{ | |||
+ char *x = NULL; | |||
+ | |||
+ if (n + 1 < n) { | |||
+ return NULL; | |||
+ } | |||
+ | |||
+ x = malloc(n + 1); | |||
+ if (x == NULL) { | |||
+ return NULL; | |||
+ } | |||
+ | |||
+ memcpy(x, s, n); | |||
+ x[n] = '\0'; | |||
+ | |||
+ return x; | |||
+} | |||
+#endif /* ! HAVE_STRNDUP */ | |||
+ | |||
/** @} */ | |||
/* vim: set ts=4 sw=4 et cindent: */ |
@ -0,0 +1,24 @@ | |||
From e4c6d591df6a9c34c1ff3ec9f367c7257122bef3 Mon Sep 17 00:00:00 2001 | |||
From: Andreas Schneider <asn@cryptomilk.org> | |||
Date: Wed, 17 Oct 2018 07:23:10 +0200 | |||
Subject: [PATCH 2/8] packet: Add missing break in ssh_packet_incoming_filter() | |||
CID 1396239 | |||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||
(cherry picked from commit fe618a35dc4be3e73ddf29d0c4a96b98d3b9c48f) | |||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||
--- | |||
src/packet.c | 1 + | |||
1 file changed, 1 insertion(+) | |||
--- a/src/packet.c | |||
+++ b/src/packet.c | |||
@@ -285,6 +285,7 @@ static enum ssh_packet_filter_result_e s | |||
(session->dh_handshake_state != DH_STATE_FINISHED)) | |||
{ | |||
rc = SSH_PACKET_DENIED; | |||
+ break; | |||
} | |||
rc = SSH_PACKET_ALLOWED; |
@ -0,0 +1,24 @@ | |||
From 734e3ce6747a5ed120b93a1ff253b3fde5f20024 Mon Sep 17 00:00:00 2001 | |||
From: Meng Tan <mtan@wallix.com> | |||
Date: Wed, 17 Oct 2018 14:50:08 +0200 | |||
Subject: [PATCH 3/8] server: Set correct state after sending INFO_REQUEST (Kbd | |||
Interactive) | |||
Signed-off-by: Meng Tan <mtan@wallix.com> | |||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org> | |||
(cherry picked from commit 4ea46eecce9f4e676150fe27fec34e1570b70ace) | |||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||
--- | |||
src/server.c | 1 + | |||
1 file changed, 1 insertion(+) | |||
--- a/src/server.c | |||
+++ b/src/server.c | |||
@@ -976,6 +976,7 @@ int ssh_message_auth_interactive_request | |||
msg->session->kbdint->prompts = NULL; | |||
msg->session->kbdint->echo = NULL; | |||
} | |||
+ msg->session->auth.state = SSH_AUTH_STATE_INFO; | |||
return rc; | |||
} |
@ -0,0 +1,37 @@ | |||
From 3fe7510b261098e3937ab5417935916a46e6727b Mon Sep 17 00:00:00 2001 | |||
From: Andreas Schneider <asn@cryptomilk.org> | |||
Date: Fri, 19 Oct 2018 11:40:44 +0200 | |||
Subject: [PATCH 4/8] messages: Check that the requested service is | |||
'ssh-connection' | |||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||
(cherry picked from commit 9c200d3ef4f62d724d3bae2563b81c38cc31e215) | |||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||
--- | |||
src/messages.c | 8 ++++++++ | |||
1 file changed, 8 insertions(+) | |||
--- a/src/messages.c | |||
+++ b/src/messages.c | |||
@@ -649,6 +649,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_ | |||
ssh_message msg = NULL; | |||
char *service = NULL; | |||
char *method = NULL; | |||
+ int cmp; | |||
int rc; | |||
(void)user; | |||
@@ -675,6 +676,13 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_ | |||
service, method, | |||
msg->auth_request.username); | |||
+ cmp = strcmp(service, "ssh-connection"); | |||
+ if (cmp != 0) { | |||
+ SSH_LOG(SSH_LOG_WARNING, | |||
+ "Invalid service request: %s", | |||
+ service); | |||
+ goto end; | |||
+ } | |||
if (strcmp(method, "none") == 0) { | |||
msg->auth_request.method = SSH_AUTH_METHOD_NONE; |
@ -0,0 +1,72 @@ | |||
From acb0e4f401440ca325e441064d2cb4b896fb9a3d Mon Sep 17 00:00:00 2001 | |||
From: Andreas Schneider <asn@cryptomilk.org> | |||
Date: Wed, 17 Oct 2018 17:32:54 +0200 | |||
Subject: [PATCH 5/8] examples: Explicitly track auth state in | |||
samplesshd-kbdint | |||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||
(cherry picked from commit 0ff566b6dde5cd27653aa35280feceefad5d5224) | |||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||
--- | |||
examples/samplesshd-kbdint.c | 20 ++++++++++++++++---- | |||
1 file changed, 16 insertions(+), 4 deletions(-) | |||
--- a/examples/samplesshd-kbdint.c | |||
+++ b/examples/samplesshd-kbdint.c | |||
@@ -23,6 +23,7 @@ clients must be made or how a client sho | |||
#include <stdlib.h> | |||
#include <string.h> | |||
#include <stdio.h> | |||
+#include <stdbool.h> | |||
#define SSHD_USER "libssh" | |||
#define SSHD_PASSWORD "libssh" | |||
@@ -36,6 +37,7 @@ clients must be made or how a client sho | |||
#endif | |||
static int port = 22; | |||
+static bool authenticated = false; | |||
#ifdef WITH_PCAP | |||
static const char *pcap_file = "debug.server.pcap"; | |||
@@ -61,11 +63,20 @@ static void cleanup_pcap(void) { | |||
#endif | |||
-static int auth_password(const char *user, const char *password){ | |||
- if(strcmp(user, SSHD_USER)) | |||
+static int auth_password(const char *user, const char *password) | |||
+{ | |||
+ int cmp; | |||
+ | |||
+ cmp = strcmp(user, SSHD_USER); | |||
+ if (cmp != 0) { | |||
return 0; | |||
- if(strcmp(password, SSHD_PASSWORD)) | |||
+ } | |||
+ cmp = strcmp(password, SSHD_PASSWORD); | |||
+ if (cmp != 0) { | |||
return 0; | |||
+ } | |||
+ | |||
+ authenticated = true; | |||
return 1; // authenticated | |||
} | |||
#ifdef HAVE_ARGP_H | |||
@@ -200,6 +211,7 @@ static int kbdint_check_response(ssh_ses | |||
return 0; | |||
} | |||
+ authenticated = true; | |||
return 1; | |||
} | |||
@@ -328,7 +340,7 @@ int main(int argc, char **argv){ | |||
/* proceed to authentication */ | |||
auth = authenticate(session); | |||
- if(!auth){ | |||
+ if (!auth || !authenticated) { | |||
printf("Authentication error: %s\n", ssh_get_error(session)); | |||
ssh_disconnect(session); | |||
return 1; |
@ -0,0 +1,22 @@ | |||
From 7ad80ba1cc48f7af1f192692d100a6255d97b843 Mon Sep 17 00:00:00 2001 | |||
From: Andreas Schneider <asn@cryptomilk.org> | |||
Date: Wed, 24 Oct 2018 19:57:17 +0200 | |||
Subject: [PATCH 6/8] server: Fix compile error | |||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||
--- | |||
src/server.c | 2 +- | |||
1 file changed, 1 insertion(+), 1 deletion(-) | |||
--- a/src/server.c | |||
+++ b/src/server.c | |||
@@ -976,7 +976,7 @@ int ssh_message_auth_interactive_request | |||
msg->session->kbdint->prompts = NULL; | |||
msg->session->kbdint->echo = NULL; | |||
} | |||
- msg->session->auth.state = SSH_AUTH_STATE_INFO; | |||
+ msg->session->auth_state = SSH_AUTH_STATE_INFO; | |||
return rc; | |||
} |
@ -0,0 +1,24 @@ | |||
From 103973215443f6e02e010114a3f7ac19eb6f3c8c Mon Sep 17 00:00:00 2001 | |||
From: Meng Tan <mtan@wallix.com> | |||
Date: Thu, 25 Oct 2018 17:06:06 +0200 | |||
Subject: [PATCH 7/8] gssapi: Set correct state after sending GSSAPI_RESPONSE | |||
(select mechanism OID) | |||
Signed-off-by: Meng Tan <mtan@wallix.com> | |||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org> | |||
(cherry picked from commit bce8d567053232debd6ec490af5a7d27e1160f39) | |||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||
--- | |||
src/gssapi.c | 1 + | |||
1 file changed, 1 insertion(+) | |||
--- a/src/gssapi.c | |||
+++ b/src/gssapi.c | |||
@@ -120,6 +120,7 @@ static int ssh_gssapi_send_response(ssh_ | |||
ssh_set_error_oom(session); | |||
return SSH_ERROR; | |||
} | |||
+ session->auth_state = SSH_AUTH_STATE_GSSAPI_TOKEN; | |||
packet_send(session); | |||
SSH_LOG(SSH_LOG_PACKET, |
@ -0,0 +1,24 @@ | |||
From 9d5cf209df4c260546e1468cc15fbbbfba3097c6 Mon Sep 17 00:00:00 2001 | |||
From: Andreas Schneider <asn@cryptomilk.org> | |||
Date: Sat, 27 Oct 2018 22:15:56 +0200 | |||
Subject: [PATCH 8/8] libcrypto: Fix memory leak in evp_final() | |||
Fixes T116 | |||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||
(cherry picked from commit a2807474621e51b386ea26ce2a01d2b1aa295c7b) | |||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||
--- | |||
src/libcrypto.c | 1 + | |||
1 file changed, 1 insertion(+) | |||
--- a/src/libcrypto.c | |||
+++ b/src/libcrypto.c | |||
@@ -165,6 +165,7 @@ void evp_update(EVPCTX ctx, const void * | |||
void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen) | |||
{ | |||
EVP_DigestFinal(ctx, md, mdlen); | |||
+ EVP_MD_CTX_free(ctx); | |||
} | |||
#endif | |||