packages/libssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport some patches from upstream community

Browse Source
This commit is contained in:
zengwefeng 2022-10-20 10:25:21 +08:00
parent 8b79c341c4
commit 2198e14060
10 changed files with 453 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
backport-config-Avoid-false-positive-report-from-Cov.patch Normal file
View File

@ -0,0 +1,28 @@
From af85ee8e59798e178a9b2e763eaa5e9d3124eb3b Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 11 Aug 2022 15:46:49 +0200
Subject: [PATCH] config: Avoid false positive report from Coveritt CID 1470006
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/config.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/config.c b/src/config.c
index 8270b3a9..bc7afcc7 100644
--- a/src/config.c
+++ b/src/config.c
@@ -618,7 +618,8 @@ ssh_config_parse_line(ssh_session session,
opcode != SOC_MATCH &&
opcode != SOC_INCLUDE &&
opcode != SOC_IDENTITY &&
- opcode > SOC_UNSUPPORTED) { /* Ignore all unknown types here */
+ opcode > SOC_UNSUPPORTED &&
+ opcode < SOC_MAX) { /* Ignore all unknown types here */
/* Skip all the options that were already applied */
if (seen[opcode] != 0) {
SAFE_FREE(x);
--
2.33.0

125
backport-kdf-Avoid-endianess-issues.patch Normal file
View File

@ -0,0 +1,125 @@
From 915df080588ce815c80da804780438ce9b2ac390 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 7 Sep 2022 12:40:00 +0200
Subject: [PATCH] kdf: Avoid endianess issues
The key_type is only a letter, if we use and `int` and then cast it to
(const char *) we will end up with a 0 value on big endian.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
include/libssh/crypto.h | 2 +-
include/libssh/wrapper.h | 2 +-
src/kdf.c | 5 ++---
src/libcrypto.c | 4 ++--
src/libgcrypt.c | 2 +-
src/libmbedcrypto.c | 2 +-
6 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h
index f40d76b9..1d73613b 100644
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -219,7 +219,7 @@ struct ssh_cipher_struct {
const struct ssh_cipher_struct *ssh_get_chacha20poly1305_cipher(void);
int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
- int key_type, unsigned char *output,
+ uint8_t key_type, unsigned char *output,
size_t requested_len);
#endif /* _CRYPTO_H_ */
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
index fd57cdb1..f4a33d2d 100644
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -103,7 +103,7 @@ size_t hmac_digest_len(enum ssh_hmac_e type);
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
- int key_type, unsigned char *output,
+ uint8_t key_type, unsigned char *output,
size_t requested_len);
int crypt_set_algorithms_client(ssh_session session);
diff --git a/src/kdf.c b/src/kdf.c
index a88c92f8..44f06631 100644
--- a/src/kdf.c
+++ b/src/kdf.c
@@ -116,14 +116,13 @@ static void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx)
int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
- int key_type, unsigned char *output,
+ uint8_t key_type, unsigned char *output,
size_t requested_len)
{
/* Can't use VLAs with Visual Studio, so allocate the biggest
* digest buffer we can possibly need */
unsigned char digest[DIGEST_MAX_LEN];
size_t output_len = crypto->digest_len;
- char letter = key_type;
ssh_mac_ctx ctx;
if (DIGEST_MAX_LEN < crypto->digest_len) {
@@ -137,7 +136,7 @@ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
ssh_mac_update(ctx, key, key_len);
ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
- ssh_mac_update(ctx, &letter, 1);
+ ssh_mac_update(ctx, &key_type, 1);
ssh_mac_update(ctx, crypto->session_id, crypto->session_id_len);
ssh_mac_final(digest, ctx);
diff --git a/src/libcrypto.c b/src/libcrypto.c
index 5fef5209..468b63f0 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -214,7 +214,7 @@ static const char *sshkdf_digest_to_md(enum ssh_kdf_digest digest_type)
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
- int key_type, unsigned char *output,
+ uint8_t key_type, unsigned char *output,
size_t requested_len)
{
EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
@@ -330,7 +330,7 @@ out:
#else
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
- int key_type, unsigned char *output,
+ uint8_t key_type, unsigned char *output,
size_t requested_len)
{
return sshkdf_derive_key(crypto, key, key_len,
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index b8b86593..da5588ad 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -124,7 +124,7 @@ void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
- int key_type, unsigned char *output,
+ uint8_t key_type, unsigned char *output,
size_t requested_len)
{
return sshkdf_derive_key(crypto, key, key_len,
diff --git a/src/libmbedcrypto.c b/src/libmbedcrypto.c
index c8137ce0..6d84bd51 100644
--- a/src/libmbedcrypto.c
+++ b/src/libmbedcrypto.c
@@ -127,7 +127,7 @@ void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
int ssh_kdf(struct ssh_crypto_struct *crypto,
unsigned char *key, size_t key_len,
- int key_type, unsigned char *output,
+ uint8_t key_type, unsigned char *output,
size_t requested_len)
{
return sshkdf_derive_key(crypto, key, key_len,
--
2.33.0

27
backport-misc-Fix-expanding-port-numbers.patch Normal file
View File

@ -0,0 +1,27 @@
From 648baf0f3c567280e6decfa49ebc6fa01b635bdd Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Mon, 29 Aug 2022 10:03:40 +0200
Subject: [PATCH] misc: Fix expanding port numbers
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/misc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/misc.c b/src/misc.c
index a2fdf31a..11a7479c 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -1237,7 +1237,7 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
x = strdup(session->opts.username);
break;
case 'p':
- if (session->opts.port > 0) {
+ {
char tmp[6];
snprintf(tmp, sizeof(tmp), "%hu",
--
2.33.0

60
backport-misc-Fix-format-truncation-in-ssh_path_expa.patch Normal file
View File

@ -0,0 +1,60 @@
From 20406e51c9e1e096dc8ba47975abad448a51bfc1 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Fri, 26 Aug 2022 13:07:28 +0200
Subject: [PATCH] misc: Fix format truncation in ssh_path_expand_escape()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
error: %u directive output may be truncated writing between 1 and 10
bytes into a region of size 6.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
include/libssh/session.h | 2 +-
src/misc.c | 15 +++++++--------
2 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/include/libssh/session.h b/include/libssh/session.h
index 0a6fb080..d3e5787c 100644
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -223,7 +223,7 @@ struct ssh_session_struct {
char *custombanner;
unsigned long timeout; /* seconds */
unsigned long timeout_usec;
- unsigned int port;
+ uint16_t port;
socket_t fd;
int StrictHostKeyChecking;
char compressionlevel;
diff --git a/src/misc.c b/src/misc.c
index e6264101..a2fdf31a 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -1237,14 +1237,13 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
x = strdup(session->opts.username);
break;
case 'p':
- if (session->opts.port < 65536) {
- char tmp[6];
-
- snprintf(tmp,
- sizeof(tmp),
- "%u",
- session->opts.port > 0 ? session->opts.port : 22);
- x = strdup(tmp);
+ if (session->opts.port > 0) {
+ char tmp[6];
+
+ snprintf(tmp, sizeof(tmp), "%hu",
+ (uint16_t)(session->opts.port > 0 ? session->opts.port
+ : 22));
+ x = strdup(tmp);
}
break;
default:
--
2.33.0

47
backport-misc-rename-gettimeofday-symbol.patch Normal file
View File

@ -0,0 +1,47 @@
From 17aec429f539517468446191e3da91df40e352d1 Mon Sep 17 00:00:00 2001
From: Timo Rothenpieler <timo@rothenpieler.org>
Date: Sat, 20 Aug 2022 16:00:15 +0200
Subject: [PATCH] misc: rename gettimeofday symbol
mingw does have this function, even though it appears to be deprecated.
So the symbol has to have a different name, or linking becomes
impossible.
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
include/libssh/priv.h | 4 +++-
src/misc.c | 2 +-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/include/libssh/priv.h b/include/libssh/priv.h
index ad932d2f..bab761b0 100644
--- a/include/libssh/priv.h
+++ b/include/libssh/priv.h
@@ -152,7 +152,9 @@ char *strndup(const char *s, size_t n);
# endif /* _MSC_VER */
struct timeval;
-int gettimeofday(struct timeval *__p, void *__t);
+int ssh_gettimeofday(struct timeval *__p, void *__t);
+
+#define gettimeofday ssh_gettimeofday
#define _XCLOSESOCKET closesocket
diff --git a/src/misc.c b/src/misc.c
index 81b23f25..e6264101 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -160,7 +160,7 @@ int ssh_dir_writeable(const char *path)
#define SSH_USEC_IN_SEC 1000000LL
#define SSH_SECONDS_SINCE_1601 11644473600LL
-int gettimeofday(struct timeval *__p, void *__t) {
+int ssh_gettimeofday(struct timeval *__p, void *__t) {
union {
unsigned long long ns100; /* time since 1 Jan 1601 in 100ns units */
FILETIME ft;
--
2.33.0

27
backport-session-Initialize-the-port-with-the-standa.patch Normal file
View File

@ -0,0 +1,27 @@
From f306aafdc6a6730538ca10a510fe3bd18714342c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Mon, 29 Aug 2022 10:05:22 +0200
Subject: [PATCH] session: Initialize the port with the standard port (22)
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/session.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/session.c b/src/session.c
index 9e1da5cd..6025c133 100644
--- a/src/session.c
+++ b/src/session.c
@@ -104,7 +104,7 @@ ssh_session ssh_new(void)
/* OPTIONS */
session->opts.StrictHostKeyChecking = 1;
- session->opts.port = 0;
+ session->opts.port = 22;
session->opts.fd = -1;
session->opts.compressionlevel = 7;
session->opts.nodelay = 0;
--
2.33.0

29
backport-session-socket_callbacks.data-will-be-set-t.patch Normal file
View File

@ -0,0 +1,29 @@
From 0799775185c4d9a26bbf074f11bf17aa5b055b3f Mon Sep 17 00:00:00 2001
From: renmingshuai <renmingshuai@huawei.com>
Date: Thu, 18 Aug 2022 20:00:25 +0800
Subject: [PATCH] session->socket_callbacks.data will be set to
ssh_packet_socket_callback
in ssh_packet_register_socket_callback. Here is redundant.
Signed-off-by: renmingshuai <renmingshuai@huawei.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/server.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/server.c b/src/server.c
index e33c9366..04949a94 100644
--- a/src/server.c
+++ b/src/server.c
@@ -361,7 +361,6 @@ static void ssh_server_connection_callback(ssh_session session){
}
/* from now, the packet layer is handling incoming packets */
- session->socket_callbacks.data=ssh_packet_socket_callback;
ssh_packet_register_socket_callback(session, session->socket);
ssh_packet_set_default_callbacks(session);
--
2.33.0

39
backport-socket-Add-error-message-if-execv-fails.patch Normal file
View File

@ -0,0 +1,39 @@
From 2546b6224223890af669c272c70ab45ec0298659 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Mon, 29 Aug 2022 13:32:09 +0200
Subject: [PATCH] socket: Add error message if execv fails
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/socket.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/socket.c b/src/socket.c
index bd2cd28c..525b304f 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -891,6 +891,7 @@ ssh_execute_command(const char *command, socket_t in, socket_t out)
ssh_execute_command(const char *command, socket_t in, socket_t out)
{
const char *args[] = {"/bin/sh", "-c", command, NULL};
+ int rc;
/* Prepare /dev/null socket for the stderr redirection */
int devnull = open("/dev/null", O_WRONLY);
if (devnull == -1) {
@@ -915,7 +916,11 @@ ssh_execute_command(const char *command, socket_t in, socket_t out)
dup2(devnull, STDERR_FILENO);
close(in);
close(out);
- execv(args[0], (char * const *)args);
+ rc = execv(args[0], (char * const *)args);
+ if (rc < 0) {
+ SSH_LOG(SSH_LOG_WARN, "Failed to execute command %s: %s",
+ command, strerror(errno));
+ }
exit(1);
}
--
2.33.0

47
backport-tests-Add-test-for-expanding-port-numbers.patch Normal file
View File

@ -0,0 +1,47 @@
From 8c0be750db787d70863ad3bbbc1e70e75a8e223f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Mon, 29 Aug 2022 10:08:58 +0200
Subject: [PATCH] tests: Add test for expanding port numbers
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
tests/unittests/torture_misc.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c
index 354f37bc..6fdf3ab5 100644
--- a/tests/unittests/torture_misc.c
+++ b/tests/unittests/torture_misc.c
@@ -168,17 +168,25 @@ static void torture_path_expand_tilde_unix(void **state) {
static void torture_path_expand_escape(void **state) {
ssh_session session = *state;
- const char *s = "%d/%h/by/%r";
+ const char *s = "%d/%h/%p/by/%r";
char *e;
session->opts.sshdir = strdup("guru");
session->opts.host = strdup("meditation");
+ session->opts.port = 0;
session->opts.username = strdup("root");
e = ssh_path_expand_escape(session, s);
assert_non_null(e);
- assert_string_equal(e, "guru/meditation/by/root");
- free(e);
+ assert_string_equal(e, "guru/meditation/22/by/root");
+ ssh_string_free_char(e);
+
+ session->opts.port = 222;
+
+ e = ssh_path_expand_escape(session, s);
+ assert_non_null(e);
+ assert_string_equal(e, "guru/meditation/222/by/root");
+ ssh_string_free_char(e);
}
static void torture_path_expand_known_hosts(void **state) {
--
2.33.0

25
libssh.spec
View File

@ -1,6 +1,6 @@
Name: libssh
Version: 0.9.6
Release: 4
Release: 5
Summary: A library implementing the SSH protocol
License: LGPLv2+
URL: http://www.libssh.org
@ -18,6 +18,15 @@ Patch5: backport-options-Parse-hostname-by-last.patch
Patch6: backport-torture_options-Add-test-for-in-login-name.patch
Patch7: backport-session-Initialize-pointers.patch
Patch8: backport-tests-Ensure-the-mode-of-the-created-file-is.patch
Patch9: backport-session-socket_callbacks.data-will-be-set-t.patch
Patch10: backport-config-Avoid-false-positive-report-from-Cov.patch
Patch11: backport-kdf-Avoid-endianess-issues.patch
Patch12: backport-misc-rename-gettimeofday-symbol.patch
Patch13: backport-misc-Fix-format-truncation-in-ssh_path_expa.patch
Patch14: backport-misc-Fix-expanding-port-numbers.patch
Patch15: backport-session-Initialize-the-port-with-the-standa.patch
Patch16: backport-tests-Add-test-for-expanding-port-numbers.patch
Patch17: backport-socket-Add-error-message-if-execv-fails.patch
BuildRequires: cmake gcc-c++ gnupg2 openssl-devel pkgconfig zlib-devel
BuildRequires: krb5-devel libcmocka-devel openssh-clients openssh-server
@ -103,6 +112,20 @@ popd
%doc ChangeLog README
%changelog
* Thu Oct 20 2022 zengweifeng<zwfeng@huawei.com> - 0.9.6-5
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:avoid false positive report from Coveritt CID 1470006
kdf: Avoid endianess issues
misc: Fix format truncation in ssh_path_expand_escape()
misc: Fix expanding port numbers
misc: rename gettimeofday symbol
session: Initialize the port with the standard port (22)
session->socket_callbacks.data will be set to ssh_packet_socket_callback
socket: Add error message if execv fails
tests: Add test for expanding port numbers
* Thu Oct 13 2022 xinghe <xinghe2@h-partners.com> - 0.9.6-4
- Type:bugfix
- Id:NA