!22 fix CVE-2018-15919

From: @liuzy518 Reviewed-by: @wangxp006 Signed-off-by: @wangxp006
2020-09-15 17:24:34 +08:00 · 2020-09-15 17:24:34 +08:00 · 2c430a9de3
commit 2c430a9de3
parent 6992315208 1462ccaac2
2 changed files with 69 additions and 1 deletions
--- a/CVE-2018-15919.patch
+++ b/CVE-2018-15919.patch
@ -0,0 +1,60 @@
+From 4286e434ab29c077a42d52c97e7a2e92f93fc1c3 Mon Sep 17 00:00:00 2001
+From: zhuqingfu <zhuqingfu1@huawei.com>
+Date: Tue, 15 Sep 2020 15:09:52 +0800
+Subject: [PATCH] CVE-2018-15919
+
+---
+ auth.h      | 1 +
+ auth2-gss.c | 1 +
+ auth2.c     | 4 ++++
+ 3 files changed, 6 insertions(+)
+
+diff --git a/auth.h b/auth.h
+index c3a92df..1127fdf 100644
+--- a/auth.h
+++ b/auth.h
+@@ -58,6 +58,7 @@ struct Authctxt {
+ 	int		 attempt;
+ 	int		 failures;
+ 	int		 server_caused_failure;
+	int		 server_caused_gssapi_failure;
+ 	int		 force_pwchange;
+ 	char		*user;		/* username sent by the client */
+ 	char		*service;
+diff --git a/auth2-gss.c b/auth2-gss.c
+index 4708375..6008319 100644
+--- a/auth2-gss.c
+++ b/auth2-gss.c
+@@ -156,6 +156,7 @@ userauth_gssapi(struct ssh *ssh)
+ 			ssh_gssapi_delete_ctx(&ctxt);
+ 		free(doid);
+ 		authctxt->server_caused_failure = 1;
+		authctxt->server_caused_gssapi_failure = 1;
+ 		return (0);
+ 	}
+ 
+diff --git a/auth2.c b/auth2.c
+index 956b9cf..2c4fc97 100644
+--- a/auth2.c
+++ b/auth2.c
+@@ -345,6 +345,7 @@ if (options.check_user_splash)
+ 	auth2_authctxt_reset_info(authctxt);
+ 	authctxt->postponed = 0;
+ 	authctxt->server_caused_failure = 0;
+	authctxt->server_caused_gssapi_failure = 0;
+ 
+ 	/* try to authenticate user */
+ 	m = authmethod_lookup(authctxt, method);
+@@ -442,6 +443,9 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
+ 		if (!partial && !authctxt->server_caused_failure &&
+ 		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
+ 			authctxt->failures++;
+		if (!partial && authctxt->server_caused_gssapi_failure &&
+		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
+			authctxt->failures++;
+ 		if (authctxt->failures >= options.max_authtries) {
+ #ifdef SSH_AUDIT_EVENTS
+ 			PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES));
+-- 
+1.8.3.1
+
--- a/openssh.spec
+++ b/openssh.spec
@ -9,7 +9,7 @@

 Name:           openssh
 Version:        8.2p1
-Release:        5
+Release:        6
 URL:            http://www.openssh.com/portable.html
 License:        BSD
 Summary:        An open source implementation of SSH protocol version 2
@ -88,6 +88,7 @@ Patch56:        set-sshd-config.patch
 Patch57:        CVE-2020-12062-1.patch
 Patch58:        CVE-2020-12062-2.patch
 Patch59:        upstream-expose-vasnmprintf.patch
+Patch60:        CVE-2018-15919.patch

 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@ -249,6 +250,7 @@ popd
 %patch57 -p1
 %patch58 -p1
 %patch59 -p1
+%patch60 -p1

 autoreconf
 pushd pam_ssh_agent_auth-0.10.3
@ -464,6 +466,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*

 %changelog
+* Thu Sep 15 2020 liulong<liulong20@huawei.com> - 8.2P1-6
+- Type:cves
+- ID:CVE-2018-15919
+- SUG:NA
+- DESC:Fix CVE-2018-15919
+
 * Thu Jul 2 2020 zhouyihang<zhouyihang3@huawei.com> - 8.2P1-5
 - Type:cves
 - ID:CVE-2020-12062