Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.4:Update
openssh.18131
openssh-7.6p1-CVE-2018-15473.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssh-7.6p1-CVE-2018-15473.patch of Package openssh.18131
From 779974d35b4859c07bc3cb8a12c74b43b0a7d1e0 Mon Sep 17 00:00:00 2001 From: djm <djm@openbsd.org> Date: Tue, 31 Jul 2018 03:10:27 +0000 Subject: [PATCH] =?UTF-8?q?delay=20bailout=20for=20invalid=20authenticatin?= =?UTF-8?q?g=20user=20until=20after=20the=20packet=20containing=20the=20re?= =?UTF-8?q?quest=20has=20been=20fully=20parsed.=20Reported=20by=20Dariusz?= =?UTF-8?q?=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- usr.bin/ssh/auth2-gss.c | 11 +++++++---- usr.bin/ssh/auth2-hostbased.c | 11 ++++++----- usr.bin/ssh/auth2-pubkey.c | 25 +++++++++++++++---------- 3 files changed, 28 insertions(+), 19 deletions(-) Index: openssh-7.6p1/auth2-gss.c =================================================================== --- openssh-7.6p1.orig/auth2-gss.c 2019-03-12 14:38:32.420914340 +0100 +++ openssh-7.6p1/auth2-gss.c 2019-03-12 14:38:37.116940749 +0100 @@ -105,9 +105,6 @@ userauth_gssapi(struct ssh *ssh) u_int len; u_char *doid = NULL; - if (!authctxt->valid || authctxt->user == NULL) - return (0); - mechs = packet_get_int(); if (mechs == 0) { debug("Mechanism negotiation is not supported"); @@ -138,6 +135,12 @@ userauth_gssapi(struct ssh *ssh) return (0); } + if (!authctxt->valid || authctxt->user == NULL) { + debug2("%s: disabled because of invalid user", __func__); + free(doid); + return (0); + } + if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { if (ctxt != NULL) ssh_gssapi_delete_ctx(&ctxt); Index: openssh-7.6p1/auth2-hostbased.c =================================================================== --- openssh-7.6p1.orig/auth2-hostbased.c 2019-03-12 14:38:33.264919086 +0100 +++ openssh-7.6p1/auth2-hostbased.c 2019-03-12 14:38:37.116940749 +0100 @@ -67,10 +67,6 @@ userauth_hostbased(struct ssh *ssh) size_t alen, blen, slen; int r, pktype, authenticated = 0; - if (!authctxt->valid) { - debug2("%s: disabled because of invalid user", __func__); - return 0; - } /* XXX use sshkey_froms() */ if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 || (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 || @@ -117,6 +113,10 @@ userauth_hostbased(struct ssh *ssh) __func__, sshkey_type(key)); goto done; } + if (!authctxt->valid || authctxt->user == NULL) { + debug2("%s: disabled because of invalid user", __func__); + goto done; + } service = ssh->compat & SSH_BUG_HBSERVICE ? "ssh-userauth" : authctxt->service; Index: openssh-7.6p1/auth2-pubkey.c =================================================================== --- openssh-7.6p1.orig/auth2-pubkey.c 2019-03-12 14:38:33.264919086 +0100 +++ openssh-7.6p1/auth2-pubkey.c 2019-03-12 14:38:37.120940772 +0100 @@ -77,18 +77,15 @@ static int userauth_pubkey(struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; - struct sshbuf *b; + struct sshbuf *b = NULL; struct sshkey *key = NULL; - char *pkalg, *userstyle = NULL, *fp = NULL; - u_char *pkblob, *sig, have_sig; + char *pkalg = NULL, *userstyle = NULL, *key_s = NULL; + char *fp = NULL; + u_char *pkblob = NULL, *sig = NULL, have_sig; size_t blen, slen; int r, pktype; int authenticated = 0; - if (!authctxt->valid) { - debug2("%s: disabled because of invalid user", __func__); - return 0; - } if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0) fatal("%s: sshpkt_get_u8 failed: %s", __func__, ssh_err(r)); if (ssh->compat & SSH_BUG_PKAUTH) { @@ -166,6 +163,11 @@ userauth_pubkey(struct ssh *ssh) fatal("%s: sshbuf_put_string session id: %s", __func__, ssh_err(r)); } + if (!authctxt->valid || authctxt->user == NULL) { + debug2("%s: disabled because of invalid user", + __func__); + goto done; + } /* reconstruct packet */ xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", @@ -193,7 +195,6 @@ userauth_pubkey(struct ssh *ssh) #ifdef DEBUG_PK sshbuf_dump(b, stderr); #endif - /* test for correct signature */ authenticated = 0; if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) && @@ -202,7 +203,6 @@ userauth_pubkey(struct ssh *ssh) authenticated = 1; } sshbuf_free(b); - free(sig); auth2_record_key(authctxt, authenticated, key); } else { debug("%s: test whether pkalg/pkblob are acceptable for %s %s", @@ -210,6 +210,11 @@ userauth_pubkey(struct ssh *ssh) if ((r = sshpkt_get_end(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); + if (!authctxt->valid || authctxt->user == NULL) { + debug2("%s: disabled because of invalid user", + __func__); + goto done; + } /* XXX fake reply and always send PK_OK ? */ /* * XXX this allows testing whether a user is allowed @@ -237,6 +242,7 @@ done: free(userstyle); free(pkalg); free(pkblob); + free(sig); free(fp); return authenticated; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor