packages/libssh2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!40 回合社区补丁

Browse Source 
From: @renmingshuai 
Reviewed-by: @kircher 
Signed-off-by: @kircher
This commit is contained in:
openeuler-ci-bot 2023-03-30 02:03:43 +00:00 committed by Gitee
commit 0c0abaf639
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
6 changed files with 348 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
backport-Fix-a-memcmp-errors-in-code-that-was-changed-from-me.patch Normal file
View File

@ -0,0 +1,41 @@
From 13ad7b2f5cd67e0dc843098ce19ce8b208368c29 Mon Sep 17 00:00:00 2001
From: Michael Buckley <michael@buckleyisms.com>
Date: Thu, 6 Jan 2022 13:56:22 -0800
Subject: [PATCH] Fix a memcmp errors in code that was changed from memmem to
memcmp (#656)
Notes:
Fixed supported algo prefs list check when upgrading rsa keys
Credit: Michael Buckley
Conflict:NA
Reference:https://github.com/libssh2/commit/13ad7b2f5cd67e0dc843098ce19ce8b208368c29
---
src/userauth.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/userauth.c b/src/userauth.c
index 988dc17..29f58ba 100644
--- a/src/userauth.c
+++ b/src/userauth.c
@@ -1147,7 +1147,7 @@ _libssh2_key_sign_algorithm(LIBSSH2_SESSION *session,
f = strchr(a, ',');
f_len = f ? (f - a) : (int) strlen(a);
- if(f_len == p_len && memcmp(a, s, p_len)) {
+ if(f_len == p_len && memcmp(a, s, p_len) == 0) {
if(i != filtered_algs) {
memcpy(i, ",", 1);
@@ -1185,7 +1185,7 @@ _libssh2_key_sign_algorithm(LIBSSH2_SESSION *session,
f = strchr(a, ',');
f_len = f ? (f - a) : (int) strlen(a);
- if(f_len == p_len && memcmp(a, s, p_len)) {
+ if(f_len == p_len && memcmp(a, s, p_len) == 0) {
/* found a match, upgrade key method */
match = s;
match_len = p_len;
--
2.23.0

172
backport-Legacy-Agent-support-for-rsa2-key-upgrading-downgrad.patch Normal file
View File

@ -0,0 +1,172 @@
From de7a74aff24c47b2f2e9815f0a98598195d602e4 Mon Sep 17 00:00:00 2001
From: Will Cosgrove <will@panic.com>
Date: Fri, 14 Jan 2022 11:55:18 -0800
Subject: [PATCH] Legacy Agent support for rsa2 key upgrading/downgrading #659
(#662)
Files: libssh2.h, agent.c, userauth.c
Notes:
Part 2 of the fix for #659. This adds rsa key downgrading for agents that don't support sha2 upgrading. It also adds better trace output for debugging/logging around key upgrading.
Credit:
Will Cosgrove (signed off by Michael Buckley)
Conflict:NA
Reference:https://github.com/libssh2/commit/de7a74aff24c47b2f2e9815f0a98598195d602e4
---
include/libssh2.h | 1 +
src/agent.c | 27 +++++++++++++++++++++++++++
src/userauth.c | 43 ++++++++++++++++++++++++++++++++++---------
3 files changed, 62 insertions(+), 9 deletions(-)
diff --git a/include/libssh2.h b/include/libssh2.h
index 20ba548..15dda6f 100644
--- a/include/libssh2.h
+++ b/include/libssh2.h
@@ -508,5 +508,6 @@ typedef struct _LIBSSH2_POLLFD {
#define LIBSSH2_ERROR_KEYFILE_AUTH_FAILED -48
#define LIBSSH2_ERROR_RANDGEN -49
+#define LIBSSH2_ERROR_ALGO_UNSUPPORTED -51
/* this is a define to provide the old (<= 1.2.7) name */
#define LIBSSH2_ERROR_BANNER_NONE LIBSSH2_ERROR_BANNER_RECV
diff --git a/src/agent.c b/src/agent.c
index bce7175..4ed79ac 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -379,6 +379,7 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
ssize_t method_len;
unsigned char *s;
int rc;
+ unsigned char *method_name = NULL;
uint32_t sign_flags = 0;
/* Create a request to sign the data */
@@ -465,8 +466,28 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
goto error;
}
+
+ /* method name */
+ method_name = LIBSSH2_ALLOC(session, method_len);
+ if(!method_name) {
+ rc = LIBSSH2_ERROR_ALLOC;
+ goto error;
+ }
+ memcpy(method_name, s, method_len);
s += method_len;
+ /* check to see if we match requested */
+ if((size_t)method_len != session->userauth_pblc_method_len ||
+ memcmp(method_name, session->userauth_pblc_method, method_len)) {
+ _libssh2_debug(session,
+ LIBSSH2_TRACE_KEX,
+ "Agent sign method %.*s",
+ method_len, method_name);
+
+ rc = LIBSSH2_ERROR_ALGO_UNSUPPORTED;
+ goto error;
+ }
+
/* Read the signature */
len -= 4;
if(len < 0) {
@@ -489,12 +510,18 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
memcpy(*sig, s, *sig_len);
error:
+
+ if(method_name)
+ LIBSSH2_FREE(session, method_name);
+
LIBSSH2_FREE(session, transctx->request);
transctx->request = NULL;
LIBSSH2_FREE(session, transctx->response);
transctx->response = NULL;
+ transctx->state = agent_NB_state_init;
+
return _libssh2_error(session, rc, "agent sign failure");
}
diff --git a/src/userauth.c b/src/userauth.c
index 84285bf..59b76ca 100644
--- a/src/userauth.c
+++ b/src/userauth.c
@@ -1283,9 +1283,6 @@ _libssh2_key_sign_algorithm(LIBSSH2_SESSION *session,
if(key_method) {
memcpy(*key_method, match, match_len);
*key_method_len = match_len;
-
- _libssh2_debug(session, LIBSSH2_TRACE_KEX,
- "Signing using %.*s", match_len, match);
}
else {
*key_method_len = 0;
@@ -1321,6 +1318,10 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
};
int rc;
unsigned char *s;
+ int auth_attempts = 0;
+
+ retry_auth:
+ auth_attempts++;
if(session->userauth_pblc_state == libssh2_NB_state_idle) {
@@ -1364,13 +1365,26 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
session->userauth_pblc_method_len);
}
- /* upgrade key key signing algo needed */
- rc = _libssh2_key_sign_algorithm(session,
- &session->userauth_pblc_method,
- &session->userauth_pblc_method_len);
+ /* upgrade key signing algo if it is supported and
+ * it is our first auth attempt, otherwise fallback to
+ * the key default algo */
+ if(auth_attempts == 1) {
+ rc = _libssh2_key_sign_algorithm(session,
+ &session->userauth_pblc_method,
+ &session->userauth_pblc_method_len);
- if(rc)
- return rc;
+ if(rc)
+ return rc;
+ }
+
+ if(session->userauth_pblc_method_len &&
+ session->userauth_pblc_method) {
+ _libssh2_debug(session,
+ LIBSSH2_TRACE_KEX,
+ "Signing using %.*s",
+ session->userauth_pblc_method_len,
+ session->userauth_pblc_method);
+ }
/*
* 45 = packet_type(1) + username_len(4) + servicename_len(4) +
@@ -1528,6 +1542,17 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
"Would block");
}
+ else if(rc == LIBSSH2_ERROR_ALGO_UNSUPPORTED && auth_attempts == 1) {
+ /* try again with the default key algo */
+ LIBSSH2_FREE(session, session->userauth_pblc_method);
+ session->userauth_pblc_method = NULL;
+ LIBSSH2_FREE(session, session->userauth_pblc_packet);
+ session->userauth_pblc_packet = NULL;
+ session->userauth_pblc_state = libssh2_NB_state_idle;
+
+ rc = LIBSSH2_ERROR_NONE;
+ goto retry_auth;
+ }
else if(rc) {
LIBSSH2_FREE(session, session->userauth_pblc_method);
session->userauth_pblc_method = NULL;
--
2.23.0

58
backport-NULL-terminate-server_sign_algorithms-string-669.patch Normal file
View File

@ -0,0 +1,58 @@
From 2a2aaed3b6c3c1dc25e35e11afcfb23f88a18510 Mon Sep 17 00:00:00 2001
From: tihmstar <tihmstar@gmail.com>
Date: Thu, 3 Feb 2022 19:11:36 +0100
Subject: [PATCH] NULL terminate server_sign_algorithms string (#669)
files: packet.c, libssh2_priv.h
notes:
* Fix heap buffer overflow in _libssh2_key_sign_algorithm
When allocating `session->server_sign_algorithms` which is a `char*` is is important to also allocate space for the string-terminating null byte at the end and make sure the string is actually null terminated.
Without this fix, the `strchr()` call inside the `_libssh2_key_sign_algorithm` (line 1219) function will try to parse the string and go out of buffer on the last invocation.
Credit: tihmstar
Co-authored-by: Will Cosgrove <will@panic.com>
Conflict:NA
Reference:https://github.com/libssh2/commit/2a2aaed3b6c3c1dc25e35e11afcfb23f88a18510
---
src/libssh2_priv.h | 1 -
src/packet.c | 4 ++--
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h
index f218a83..be16ad2 100644
--- a/src/libssh2_priv.h
+++ b/src/libssh2_priv.h
@@ -642,7 +642,6 @@ struct _LIBSSH2_SESSION
/* public key algorithms accepted as comma separated list */
char *server_sign_algorithms;
- size_t server_sign_algorithms_len;
/* key signing algorithm preferences -- NULL yields server order */
char *sign_algo_prefs;
diff --git a/src/packet.c b/src/packet.c
index 686be5c..c3756a8 100644
--- a/src/packet.c
+++ b/src/packet.c
@@ -665,12 +665,12 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
session->server_sign_algorithms =
LIBSSH2_ALLOC(session,
- value_len);
+ value_len + 1);
if(session->server_sign_algorithms) {
- session->server_sign_algorithms_len = value_len;
memcpy(session->server_sign_algorithms,
value, value_len);
+ session->server_sign_algorithms[value_len] = '\0';
}
else {
rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
--
2.23.0

33
backport-Skip-leading-r-and-n-characters-in-banner_receive-76.patch Normal file
View File

@ -0,0 +1,33 @@
From 821d50dad313b53fb2782f26aec1f52f1be34fc0 Mon Sep 17 00:00:00 2001
From: Michael Buckley <michael@buckleyisms.com>
Date: Wed, 9 Nov 2022 15:56:22 -0800
Subject: [PATCH] Skip leading \r and \n characters in banner_receive() (#769)
Fixes #768
Credit:
Michael Buckley
Conflict:NA
Reference:https://github.com/libssh2/commit/821d50dad313b53fb2782f26aec1f52f1be34fc0
---
src/session.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/session.c b/src/session.c
index 3549152..235ab95 100644
--- a/src/session.c
+++ b/src/session.c
@@ -147,6 +147,10 @@ banner_receive(LIBSSH2_SESSION * session)
return LIBSSH2_ERROR_SOCKET_DISCONNECT;
}
+ if((c == '\r' || c == '\n') && banner_len == 0) {
+ continue;
+ }
+
if(c == '\0') {
/* NULLs are not allowed in SSH banners */
session->banner_TxRx_state = libssh2_NB_state_idle;
--
2.23.0

32
backport-free-RSA2-related-memory-664.patch Normal file
View File

@ -0,0 +1,32 @@
From 30fc410b972e6dec87c248c0fedbff28cfa18f17 Mon Sep 17 00:00:00 2001
From: Will Cosgrove <will@panic.com>
Date: Tue, 18 Jan 2022 11:28:13 -0800
Subject: [PATCH] free RSA2 related memory (#664)
Free `server_sign_algorithms` and `sign_algo_prefs`.
Conflict:NA
Reference:https://github.com/libssh2/commit/30fc410b972e6dec87c248c0fedbff28cfa18f17
---
src/session.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/session.c b/src/session.c
index 0de5ab3..ae6132c 100644
--- a/src/session.c
+++ b/src/session.c
@@ -981,6 +981,12 @@ session_free(LIBSSH2_SESSION *session)
if(session->remote.lang_prefs) {
LIBSSH2_FREE(session, session->remote.lang_prefs);
}
+ if(session->server_sign_algorithms) {
+ LIBSSH2_FREE(session, session->server_sign_algorithms);
+ }
+ if(session->sign_algo_prefs) {
+ LIBSSH2_FREE(session, session->sign_algo_prefs);
+ }
/*
* Make sure all memory used in the state variables are free
--
2.23.0

13
libssh2.spec
View File

@ -1,6 +1,6 @@
Name: libssh2
Version: 1.10.0
Release: 5
Release: 6
Summary: A library implementing the SSH2 protocol
License: BSD
URL: https://www.libssh2.org/
@ -10,6 +10,11 @@ Patch0: backport-RSA-SHA2-256-512-key-upgrade-support-RFC-8332.patch
Patch1: backport-misc-libssh2_copy_string-avoid-malloc-zero-bytes.patch
Patch2: sftp-Prevent-files-from-being-skipped-if-the-output.patch
Patch3: backport-Support-rsa-sha2-agent-flags.patch
Patch4: backport-Fix-a-memcmp-errors-in-code-that-was-changed-from-me.patch
Patch5: backport-Legacy-Agent-support-for-rsa2-key-upgrading-downgrad.patch
Patch6: backport-free-RSA2-related-memory-664.patch
Patch7: backport-NULL-terminate-server_sign_algorithms-string-669.patch
Patch8: backport-Skip-leading-r-and-n-characters-in-banner_receive-76.patch
BuildRequires: coreutils findutils /usr/bin/man zlib-devel
BuildRequires: gcc make sed openssl-devel > 1:1.0.1 openssh-server
@ -89,6 +94,12 @@ LC_ALL=en_US.UTF-8 make -C tests check
%{_mandir}/man3/libssh2_*.3*
%changelog
* Tue Mar 28 2023 renmingshuai <renmingshuai> - 1.10.0-6
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:backport some upstream patches
* Thu Feb 16 2023 renmingshuai <renmingshuai> - 1.10.0-5
- Type:bugfix
- ID:NA