Bump from 0.7.5 to 0.7.6. Upstream changelog: Fixed CVE-2018-10933 Added support for OpenSSL 1.1 Added SHA256 support for ssh_get_publickey_hash() Fixed config parsing Fixed random memory corruption when importing pubkeys Backported upstream patches since 0.7.6 to fix interactive authentication issues amongst other things: 9d5cf209 libcrypto: Fix memory leak in evp_final() 10397321 gssapi: Set correct state after sending GSSAPI_RESPONSE (select mechanism OID) 7ad80ba1 server: Fix compile error acb0e4f4 examples: Explicitly track auth state in samplesshd-kbdint 3fe7510b messages: Check that the requested service is 'ssh-connection' 734e3ce6 server: Set correct state after sending INFO_REQUEST (Kbd Interactive) e4c6d591 packet: Add missing break in ssh_packet_incoming_filter() f81ca616 misc: Add strndup implementation if not provides by the OS Refresh patches. Remove local backport for OpenSSL 1.1 support as is now in release Remove PKG_INSTALL & CMAKE vars that are defaulted anyway Add PKG_CPE_ID:=cpe:/a:libssh:libssh for CVE tracking Remove BROKEN tag as is no longer broken Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>lilik-openwrt-22.03
@ -0,0 +1,83 @@ | |||||
From f81ca6161223e3566ce78a427571235fb6848fe9 Mon Sep 17 00:00:00 2001 | |||||
From: Andreas Schneider <asn@cryptomilk.org> | |||||
Date: Wed, 29 Aug 2018 18:41:15 +0200 | |||||
Subject: [PATCH 1/8] misc: Add strndup implementation if not provides by the | |||||
OS | |||||
Fixes T112 | |||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
(cherry picked from commit 247983e9820fd264cb5a59c14cc12846c028bd08) | |||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||||
--- | |||||
ConfigureChecks.cmake | 1 + | |||||
config.h.cmake | 3 +++ | |||||
include/libssh/priv.h | 4 ++++ | |||||
src/misc.c | 21 +++++++++++++++++++++ | |||||
4 files changed, 29 insertions(+) | |||||
--- a/ConfigureChecks.cmake | |||||
+++ b/ConfigureChecks.cmake | |||||
@@ -115,6 +115,7 @@ endif (NOT WITH_GCRYPT) | |||||
check_function_exists(isblank HAVE_ISBLANK) | |||||
check_function_exists(strncpy HAVE_STRNCPY) | |||||
+check_function_exists(strndup HAVE_STRNDUP) | |||||
check_function_exists(strtoull HAVE_STRTOULL) | |||||
if (NOT WIN32) | |||||
--- a/config.h.cmake | |||||
+++ b/config.h.cmake | |||||
@@ -103,6 +103,9 @@ | |||||
/* Define to 1 if you have the `strncpy' function. */ | |||||
#cmakedefine HAVE_STRNCPY 1 | |||||
+/* Define to 1 if you have the `strndup' function. */ | |||||
+#cmakedefine HAVE_STRNDUP 1 | |||||
+ | |||||
/* Define to 1 if you have the `cfmakeraw' function. */ | |||||
#cmakedefine HAVE_CFMAKERAW 1 | |||||
--- a/include/libssh/priv.h | |||||
+++ b/include/libssh/priv.h | |||||
@@ -43,6 +43,10 @@ | |||||
# endif | |||||
#endif /* !defined(HAVE_STRTOULL) */ | |||||
+#if !defined(HAVE_STRNDUP) | |||||
+char *strndup(const char *s, size_t n); | |||||
+#endif /* ! HAVE_STRNDUP */ | |||||
+ | |||||
#ifdef HAVE_BYTESWAP_H | |||||
#include <byteswap.h> | |||||
#endif | |||||
--- a/src/misc.c | |||||
+++ b/src/misc.c | |||||
@@ -1028,6 +1028,27 @@ int ssh_match_group(const char *group, c | |||||
return 0; | |||||
} | |||||
+#if !defined(HAVE_STRNDUP) | |||||
+char *strndup(const char *s, size_t n) | |||||
+{ | |||||
+ char *x = NULL; | |||||
+ | |||||
+ if (n + 1 < n) { | |||||
+ return NULL; | |||||
+ } | |||||
+ | |||||
+ x = malloc(n + 1); | |||||
+ if (x == NULL) { | |||||
+ return NULL; | |||||
+ } | |||||
+ | |||||
+ memcpy(x, s, n); | |||||
+ x[n] = '\0'; | |||||
+ | |||||
+ return x; | |||||
+} | |||||
+#endif /* ! HAVE_STRNDUP */ | |||||
+ | |||||
/** @} */ | |||||
/* vim: set ts=4 sw=4 et cindent: */ |
@ -0,0 +1,24 @@ | |||||
From e4c6d591df6a9c34c1ff3ec9f367c7257122bef3 Mon Sep 17 00:00:00 2001 | |||||
From: Andreas Schneider <asn@cryptomilk.org> | |||||
Date: Wed, 17 Oct 2018 07:23:10 +0200 | |||||
Subject: [PATCH 2/8] packet: Add missing break in ssh_packet_incoming_filter() | |||||
CID 1396239 | |||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
(cherry picked from commit fe618a35dc4be3e73ddf29d0c4a96b98d3b9c48f) | |||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||||
--- | |||||
src/packet.c | 1 + | |||||
1 file changed, 1 insertion(+) | |||||
--- a/src/packet.c | |||||
+++ b/src/packet.c | |||||
@@ -285,6 +285,7 @@ static enum ssh_packet_filter_result_e s | |||||
(session->dh_handshake_state != DH_STATE_FINISHED)) | |||||
{ | |||||
rc = SSH_PACKET_DENIED; | |||||
+ break; | |||||
} | |||||
rc = SSH_PACKET_ALLOWED; |
@ -0,0 +1,24 @@ | |||||
From 734e3ce6747a5ed120b93a1ff253b3fde5f20024 Mon Sep 17 00:00:00 2001 | |||||
From: Meng Tan <mtan@wallix.com> | |||||
Date: Wed, 17 Oct 2018 14:50:08 +0200 | |||||
Subject: [PATCH 3/8] server: Set correct state after sending INFO_REQUEST (Kbd | |||||
Interactive) | |||||
Signed-off-by: Meng Tan <mtan@wallix.com> | |||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org> | |||||
(cherry picked from commit 4ea46eecce9f4e676150fe27fec34e1570b70ace) | |||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||||
--- | |||||
src/server.c | 1 + | |||||
1 file changed, 1 insertion(+) | |||||
--- a/src/server.c | |||||
+++ b/src/server.c | |||||
@@ -976,6 +976,7 @@ int ssh_message_auth_interactive_request | |||||
msg->session->kbdint->prompts = NULL; | |||||
msg->session->kbdint->echo = NULL; | |||||
} | |||||
+ msg->session->auth.state = SSH_AUTH_STATE_INFO; | |||||
return rc; | |||||
} |
@ -0,0 +1,37 @@ | |||||
From 3fe7510b261098e3937ab5417935916a46e6727b Mon Sep 17 00:00:00 2001 | |||||
From: Andreas Schneider <asn@cryptomilk.org> | |||||
Date: Fri, 19 Oct 2018 11:40:44 +0200 | |||||
Subject: [PATCH 4/8] messages: Check that the requested service is | |||||
'ssh-connection' | |||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
(cherry picked from commit 9c200d3ef4f62d724d3bae2563b81c38cc31e215) | |||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||||
--- | |||||
src/messages.c | 8 ++++++++ | |||||
1 file changed, 8 insertions(+) | |||||
--- a/src/messages.c | |||||
+++ b/src/messages.c | |||||
@@ -649,6 +649,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_ | |||||
ssh_message msg = NULL; | |||||
char *service = NULL; | |||||
char *method = NULL; | |||||
+ int cmp; | |||||
int rc; | |||||
(void)user; | |||||
@@ -675,6 +676,13 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_ | |||||
service, method, | |||||
msg->auth_request.username); | |||||
+ cmp = strcmp(service, "ssh-connection"); | |||||
+ if (cmp != 0) { | |||||
+ SSH_LOG(SSH_LOG_WARNING, | |||||
+ "Invalid service request: %s", | |||||
+ service); | |||||
+ goto end; | |||||
+ } | |||||
if (strcmp(method, "none") == 0) { | |||||
msg->auth_request.method = SSH_AUTH_METHOD_NONE; |
@ -0,0 +1,72 @@ | |||||
From acb0e4f401440ca325e441064d2cb4b896fb9a3d Mon Sep 17 00:00:00 2001 | |||||
From: Andreas Schneider <asn@cryptomilk.org> | |||||
Date: Wed, 17 Oct 2018 17:32:54 +0200 | |||||
Subject: [PATCH 5/8] examples: Explicitly track auth state in | |||||
samplesshd-kbdint | |||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
(cherry picked from commit 0ff566b6dde5cd27653aa35280feceefad5d5224) | |||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||||
--- | |||||
examples/samplesshd-kbdint.c | 20 ++++++++++++++++---- | |||||
1 file changed, 16 insertions(+), 4 deletions(-) | |||||
--- a/examples/samplesshd-kbdint.c | |||||
+++ b/examples/samplesshd-kbdint.c | |||||
@@ -23,6 +23,7 @@ clients must be made or how a client sho | |||||
#include <stdlib.h> | |||||
#include <string.h> | |||||
#include <stdio.h> | |||||
+#include <stdbool.h> | |||||
#define SSHD_USER "libssh" | |||||
#define SSHD_PASSWORD "libssh" | |||||
@@ -36,6 +37,7 @@ clients must be made or how a client sho | |||||
#endif | |||||
static int port = 22; | |||||
+static bool authenticated = false; | |||||
#ifdef WITH_PCAP | |||||
static const char *pcap_file = "debug.server.pcap"; | |||||
@@ -61,11 +63,20 @@ static void cleanup_pcap(void) { | |||||
#endif | |||||
-static int auth_password(const char *user, const char *password){ | |||||
- if(strcmp(user, SSHD_USER)) | |||||
+static int auth_password(const char *user, const char *password) | |||||
+{ | |||||
+ int cmp; | |||||
+ | |||||
+ cmp = strcmp(user, SSHD_USER); | |||||
+ if (cmp != 0) { | |||||
return 0; | |||||
- if(strcmp(password, SSHD_PASSWORD)) | |||||
+ } | |||||
+ cmp = strcmp(password, SSHD_PASSWORD); | |||||
+ if (cmp != 0) { | |||||
return 0; | |||||
+ } | |||||
+ | |||||
+ authenticated = true; | |||||
return 1; // authenticated | |||||
} | |||||
#ifdef HAVE_ARGP_H | |||||
@@ -200,6 +211,7 @@ static int kbdint_check_response(ssh_ses | |||||
return 0; | |||||
} | |||||
+ authenticated = true; | |||||
return 1; | |||||
} | |||||
@@ -328,7 +340,7 @@ int main(int argc, char **argv){ | |||||
/* proceed to authentication */ | |||||
auth = authenticate(session); | |||||
- if(!auth){ | |||||
+ if (!auth || !authenticated) { | |||||
printf("Authentication error: %s\n", ssh_get_error(session)); | |||||
ssh_disconnect(session); | |||||
return 1; |
@ -0,0 +1,22 @@ | |||||
From 7ad80ba1cc48f7af1f192692d100a6255d97b843 Mon Sep 17 00:00:00 2001 | |||||
From: Andreas Schneider <asn@cryptomilk.org> | |||||
Date: Wed, 24 Oct 2018 19:57:17 +0200 | |||||
Subject: [PATCH 6/8] server: Fix compile error | |||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||||
--- | |||||
src/server.c | 2 +- | |||||
1 file changed, 1 insertion(+), 1 deletion(-) | |||||
--- a/src/server.c | |||||
+++ b/src/server.c | |||||
@@ -976,7 +976,7 @@ int ssh_message_auth_interactive_request | |||||
msg->session->kbdint->prompts = NULL; | |||||
msg->session->kbdint->echo = NULL; | |||||
} | |||||
- msg->session->auth.state = SSH_AUTH_STATE_INFO; | |||||
+ msg->session->auth_state = SSH_AUTH_STATE_INFO; | |||||
return rc; | |||||
} |
@ -0,0 +1,24 @@ | |||||
From 103973215443f6e02e010114a3f7ac19eb6f3c8c Mon Sep 17 00:00:00 2001 | |||||
From: Meng Tan <mtan@wallix.com> | |||||
Date: Thu, 25 Oct 2018 17:06:06 +0200 | |||||
Subject: [PATCH 7/8] gssapi: Set correct state after sending GSSAPI_RESPONSE | |||||
(select mechanism OID) | |||||
Signed-off-by: Meng Tan <mtan@wallix.com> | |||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org> | |||||
(cherry picked from commit bce8d567053232debd6ec490af5a7d27e1160f39) | |||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||||
--- | |||||
src/gssapi.c | 1 + | |||||
1 file changed, 1 insertion(+) | |||||
--- a/src/gssapi.c | |||||
+++ b/src/gssapi.c | |||||
@@ -120,6 +120,7 @@ static int ssh_gssapi_send_response(ssh_ | |||||
ssh_set_error_oom(session); | |||||
return SSH_ERROR; | |||||
} | |||||
+ session->auth_state = SSH_AUTH_STATE_GSSAPI_TOKEN; | |||||
packet_send(session); | |||||
SSH_LOG(SSH_LOG_PACKET, |
@ -0,0 +1,24 @@ | |||||
From 9d5cf209df4c260546e1468cc15fbbbfba3097c6 Mon Sep 17 00:00:00 2001 | |||||
From: Andreas Schneider <asn@cryptomilk.org> | |||||
Date: Sat, 27 Oct 2018 22:15:56 +0200 | |||||
Subject: [PATCH 8/8] libcrypto: Fix memory leak in evp_final() | |||||
Fixes T116 | |||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | |||||
(cherry picked from commit a2807474621e51b386ea26ce2a01d2b1aa295c7b) | |||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | |||||
--- | |||||
src/libcrypto.c | 1 + | |||||
1 file changed, 1 insertion(+) | |||||
--- a/src/libcrypto.c | |||||
+++ b/src/libcrypto.c | |||||
@@ -165,6 +165,7 @@ void evp_update(EVPCTX ctx, const void * | |||||
void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen) | |||||
{ | |||||
EVP_DigestFinal(ctx, md, mdlen); | |||||
+ EVP_MD_CTX_free(ctx); | |||||
} | |||||
#endif | |||||