mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-05-08 13:56:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

main/openssh: fix CVE-2023-48795, CVE-2023-51384, CVE-2023-51385

Browse Source 
Patches ported from Ubuntu
https://launchpad.net/ubuntu/+source/openssh/1:9.0p1-1ubuntu8.6

ref: https://gitlab.alpinelinux.org/alpine/aports/-/issues/15593
This commit is contained in:
Natanael Copa 2024-02-29 16:48:29 +01:00
parent 083fb6b05b
commit 766ab0b768
4 changed files with 734 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
main/openssh/APKBUILD
View File

@ -5,7 +5,7 @@
pkgname=openssh
pkgver=9.0_p1
_myver=${pkgver%_*}${pkgver#*_}
pkgrel=4
pkgrel=5
pkgdesc="Port of OpenBSD's free SSH release"
url="https://www.openssh.com/portable.html"
arch="all"
@ -58,12 +58,19 @@ source="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$_myver.tar
CVE-2023-38408-2.patch
CVE-2023-38408-3.patch
CVE-2023-38408-4.patch
CVE-2023-48795.patch
CVE-2023-51384.patch
CVE-2023-51385.patch
sshd.initd
sshd.confd
"
# secfixes:
# 9.0_p1-r5:
# - CVE-2023-48795
# - CVE-2023-51384
# - CVE-2023-51385
# 9.0_p1-r4:
# - CVE-2023-38408
# 9.0_p1-r3:
@ -294,6 +301,9 @@ f659641b841981f78b03281b7a01add9fbf35b91c0f21c11335a56d7e389ddf965d83d18d73b7243
05cef143420bea1dfc47f8140a99c399f3423f42cd369ff724b5aadba030e5976414cd140d2b2f8046a54b26439b442a57f39521b9041274812c93743f42b141 CVE-2023-38408-2.patch
3d25daafc1e6bb15db4178da64d4bdec56eadb14628ae2e81c25fa2e36f9458547e18c42f1f3c9eb6bb2090f4009e21b73b29c8bf64f6d31dc124ac3dbdcee45 CVE-2023-38408-3.patch
89428998d18fdc753d26d5b55c1ae502d552cb27db40fd9c33d1d0da5fcdce706ef35d374cdaafd3cfe1ed7743e74c1dc5048edc449f84c5a4a8d411e53ce3f1 CVE-2023-38408-4.patch
57d107b9c66d4cfdd60c0356161dc9366edd1121fafbbe1b1a2218819db5119428bcbaeddce2f6b5773f33a7454c8ab44c60d3abc58eb4d216a5a83babe9e2b2 CVE-2023-48795.patch
86b247e81697a1bc7a3377ea7b63b23fdc975e6977c77b94d85fa73b5f669a2823c94bc6f6c9603009bfdd4de36530320f19cf59e4a265c7998016b5b8995000 CVE-2023-51384.patch
eedfcc4a4c90af6bc87d48e1bfca21ead552a3dbaa1d1983117a46e7ef275341e569f6340d552a08fe1432a2b2092d38ba1d04fbb5177612bb7e30e63cb1e0db CVE-2023-51385.patch
50e407d72bfafc7fb276a1e56b1701f8cd91dfcbad2304bec516d69fc5e8334857ef96510dff76d0c407f29955dc2b18570d6f7b557688ceb641280f8279af83 sshd.initd
be7dd5f6d319b2e03528525a66a58310d43444606713786b913a17a0fd9311869181d0fb7927a185d71d392674857dea3c97b6b8284886227d47b36193471a09 sshd.confd
"

456
main/openssh/CVE-2023-48795.patch Normal file
View File

@ -0,0 +1,456 @@
(modified to not remove ssh_packet_read_expect() and to add to
KexAlgorithms in sshd.c and sshconnect2.c as this version pre-dates
kex_proposal_populate_entries())
Backport of:
From 1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Mon, 18 Dec 2023 14:45:17 +0000
Subject: [PATCH] upstream: implement "strict key exchange" in ssh and sshd
This adds a protocol extension to improve the integrity of the SSH
transport protocol, particular in and around the initial key exchange
(KEX) phase.
Full details of the extension are in the PROTOCOL file.
with markus@
OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14
---
PROTOCOL | 28 +++++++++++++-
kex.c | 84 ++++++++++++++++++++++++++--------------
kex.h | 3 +-
packet.c | 103 +++++++++++++++++++++++++++++---------------------
packet.h | 3 +-
sshconnect2.c | 12 ++----
6 files changed, 148 insertions(+), 85 deletions(-)
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -102,6 +102,32 @@ OpenSSH supports the use of ECDH in Curv
described at:
http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256@libssh.org.txt?h=curve25519
+1.9 transport: strict key exchange extension
+
+OpenSSH supports a number of transport-layer hardening measures under
+a "strict KEX" feature. This feature is signalled similarly to the
+RFC8308 ext-info feature: by including a additional algorithm in the
+initiial SSH2_MSG_KEXINIT kex_algorithms field. The client may append
+"kex-strict-c-v00@openssh.com" to its kex_algorithms and the server
+may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms
+are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored
+if they are present in subsequent SSH2_MSG_KEXINIT packets.
+
+When an endpoint that supports this extension observes this algorithm
+name in a peer's KEXINIT packet, it MUST make the following changes to
+the the protocol:
+
+a) During initial KEX, terminate the connection if any unexpected or
+ out-of-sequence packet is received. This includes terminating the
+ connection if the first packet received is not SSH2_MSG_KEXINIT.
+ Unexpected packets for the purpose of strict KEX include messages
+ that are otherwise valid at any time during the connection such as
+ SSH2_MSG_DEBUG and SSH2_MSG_IGNORE.
+b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the
+ packet sequence number to zero. This behaviour persists for the
+ duration of the connection (i.e. not just the first
+ SSH2_MSG_NEWKEYS).
+
2. Connection protocol changes
2.1. connection: Channel write close extension "eow@openssh.com"
--- a/kex.c
+++ b/kex.c
@@ -68,7 +68,7 @@
#endif
/* prototype */
-static int kex_choose_conf(struct ssh *);
+static int kex_choose_conf(struct ssh *, uint32_t seq);
static int kex_input_newkeys(int, u_int32_t, struct ssh *);
static const char * const proposal_names[PROPOSAL_MAX] = {
@@ -209,6 +209,18 @@ kex_names_valid(const char *names)
return 1;
}
+/* returns non-zero if proposal contains any algorithm from algs */
+static int
+has_any_alg(const char *proposal, const char *algs)
+{
+ char *cp;
+
+ if ((cp = match_list(proposal, algs, NULL)) == NULL)
+ return 0;
+ free(cp);
+ return 1;
+}
+
/*
* Concatenate algorithm names, avoiding duplicates in the process.
* Caller must free returned string.
@@ -216,7 +228,7 @@ kex_names_valid(const char *names)
char *
kex_names_cat(const char *a, const char *b)
{
- char *ret = NULL, *tmp = NULL, *cp, *p, *m;
+ char *ret = NULL, *tmp = NULL, *cp, *p;
size_t len;
if (a == NULL || *a == '\0')
@@ -233,10 +245,8 @@ kex_names_cat(const char *a, const char
}
strlcpy(ret, a, len);
for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
- if ((m = match_list(ret, p, NULL)) != NULL) {
- free(m);
+ if (has_any_alg(ret, p))
continue; /* Algorithm already present */
- }
if (strlcat(ret, ",", len) >= len ||
strlcat(ret, p, len) >= len) {
free(tmp);
@@ -467,7 +477,12 @@ kex_protocol_error(int type, u_int32_t s
{
int r;
- error("kex protocol error: type %d seq %u", type, seq);
+ /* If in strict mode, any unexpected message is an error */
+ if ((ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict) {
+ ssh_packet_disconnect(ssh, "strict KEX violation: "
+ "unexpected packet type %u (seqnr %u)", type, seq);
+ }
+ error_f("type %u seq %u", type, seq);
if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 ||
(r = sshpkt_put_u32(ssh, seq)) != 0 ||
(r = sshpkt_send(ssh)) != 0)
@@ -542,6 +557,11 @@ kex_input_ext_info(int type, u_int32_t s
ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error);
if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0)
return r;
+ if (ninfo >= 1024) {
+ error("SSH2_MSG_EXT_INFO with too many entries, expected "
+ "<=1024, received %u", ninfo);
+ return dispatch_protocol_error(type, seq, ssh);
+ }
for (i = 0; i < ninfo; i++) {
if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0)
return r;
@@ -657,7 +677,7 @@ kex_input_kexinit(int type, u_int32_t se
error_f("no kex");
return SSH_ERR_INTERNAL_ERROR;
}
- ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
+ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_protocol_error);
ptr = sshpkt_ptr(ssh, &dlen);
if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
return r;
@@ -693,7 +713,7 @@ kex_input_kexinit(int type, u_int32_t se
if (!(kex->flags & KEX_INIT_SENT))
if ((r = kex_send_kexinit(ssh)) != 0)
return r;
- if ((r = kex_choose_conf(ssh)) != 0)
+ if ((r = kex_choose_conf(ssh, seq)) != 0)
return r;
if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL)
@@ -960,20 +980,14 @@ proposals_match(char *my[PROPOSAL_MAX],
return (1);
}
-/* returns non-zero if proposal contains any algorithm from algs */
static int
-has_any_alg(const char *proposal, const char *algs)
+kexalgs_contains(char **peer, const char *ext)
{
- char *cp;
-
- if ((cp = match_list(proposal, algs, NULL)) == NULL)
- return 0;
- free(cp);
- return 1;
+ return has_any_alg(peer[PROPOSAL_KEX_ALGS], ext);
}
static int
-kex_choose_conf(struct ssh *ssh)
+kex_choose_conf(struct ssh *ssh, uint32_t seq)
{
struct kex *kex = ssh->kex;
struct newkeys *newkeys;
@@ -998,13 +1012,23 @@ kex_choose_conf(struct ssh *ssh)
sprop=peer;
}
- /* Check whether client supports ext_info_c */
- if (kex->server && (kex->flags & KEX_INITIAL)) {
- char *ext;
-
- ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL);
- kex->ext_info_c = (ext != NULL);
- free(ext);
+ /* Check whether peer supports ext_info/kex_strict */
+ if ((kex->flags & KEX_INITIAL) != 0) {
+ if (kex->server) {
+ kex->ext_info_c = kexalgs_contains(peer, "ext-info-c");
+ kex->kex_strict = kexalgs_contains(peer,
+ "kex-strict-c-v00@openssh.com");
+ } else {
+ kex->kex_strict = kexalgs_contains(peer,
+ "kex-strict-s-v00@openssh.com");
+ }
+ if (kex->kex_strict) {
+ debug3_f("will use strict KEX ordering");
+ if (seq != 0)
+ ssh_packet_disconnect(ssh,
+ "strict KEX violation: "
+ "KEXINIT was not the first packet");
+ }
}
/* Check whether client supports rsa-sha2 algorithms */
--- a/kex.h
+++ b/kex.h
@@ -157,6 +157,7 @@ struct kex {
u_int kex_type;
char *server_sig_algs;
int ext_info_c;
+ int kex_strict;
struct sshbuf *my;
struct sshbuf *peer;
struct sshbuf *client_version;
--- a/packet.c
+++ b/packet.c
@@ -1205,8 +1205,13 @@ ssh_packet_send2_wrapped(struct ssh *ssh
sshbuf_dump(state->output, stderr);
#endif
/* increment sequence number for outgoing packets */
- if (++state->p_send.seqnr == 0)
+ if (++state->p_send.seqnr == 0) {
+ if ((ssh->kex->flags & KEX_INITIAL) != 0) {
+ ssh_packet_disconnect(ssh, "outgoing sequence number "
+ "wrapped during initial key exchange");
+ }
logit("outgoing seqnr wraps around");
+ }
if (++state->p_send.packets == 0)
if (!(ssh->compat & SSH_BUG_NOREKEY))
return SSH_ERR_NEED_REKEY;
@@ -1214,6 +1219,11 @@ ssh_packet_send2_wrapped(struct ssh *ssh
state->p_send.bytes += len;
sshbuf_reset(state->outgoing_packet);
+ if (type == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) {
+ debug_f("resetting send seqnr %u", state->p_send.seqnr);
+ state->p_send.seqnr = 0;
+ }
+
if (type == SSH2_MSG_NEWKEYS)
r = ssh_set_newkeys(ssh, MODE_OUT);
else if (type == SSH2_MSG_USERAUTH_SUCCESS && state->server_side)
@@ -1342,8 +1352,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u
/* Stay in the loop until we have received a complete packet. */
for (;;) {
/* Try to read a packet from the buffer. */
- r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p);
- if (r != 0)
+ if ((r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p)) != 0)
break;
/* If we got a packet, return it. */
if (*typep != SSH_MSG_NONE)
@@ -1627,10 +1636,16 @@ ssh_packet_read_poll2(struct ssh *ssh, u
if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0)
goto out;
}
+
if (seqnr_p != NULL)
*seqnr_p = state->p_read.seqnr;
- if (++state->p_read.seqnr == 0)
+ if (++state->p_read.seqnr == 0) {
+ if ((ssh->kex->flags & KEX_INITIAL) != 0) {
+ ssh_packet_disconnect(ssh, "incoming sequence number "
+ "wrapped during initial key exchange");
+ }
logit("incoming seqnr wraps around");
+ }
if (++state->p_read.packets == 0)
if (!(ssh->compat & SSH_BUG_NOREKEY))
return SSH_ERR_NEED_REKEY;
@@ -1696,6 +1711,10 @@ ssh_packet_read_poll2(struct ssh *ssh, u
#endif
/* reset for next packet */
state->packlen = 0;
+ if (*typep == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) {
+ debug_f("resetting read seqnr %u", state->p_read.seqnr);
+ state->p_read.seqnr = 0;
+ }
if ((r = ssh_packet_check_rekey(ssh)) != 0)
return r;
@@ -1716,10 +1735,39 @@ ssh_packet_read_poll_seqnr(struct ssh *s
r = ssh_packet_read_poll2(ssh, typep, seqnr_p);
if (r != 0)
return r;
- if (*typep) {
- state->keep_alive_timeouts = 0;
- DBG(debug("received packet type %d", *typep));
+ if (*typep == 0) {
+ /* no message ready */
+ return 0;
+ }
+ state->keep_alive_timeouts = 0;
+ DBG(debug("received packet type %d", *typep));
+
+ /* Always process disconnect messages */
+ if (*typep == SSH2_MSG_DISCONNECT) {
+ if ((r = sshpkt_get_u32(ssh, &reason)) != 0 ||
+ (r = sshpkt_get_string(ssh, &msg, NULL)) != 0)
+ return r;
+ /* Ignore normal client exit notifications */
+ do_log2(ssh->state->server_side &&
+ reason == SSH2_DISCONNECT_BY_APPLICATION ?
+ SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
+ "Received disconnect from %s port %d:"
+ "%u: %.400s", ssh_remote_ipaddr(ssh),
+ ssh_remote_port(ssh), reason, msg);
+ free(msg);
+ return SSH_ERR_DISCONNECTED;
}
+
+ /*
+ * Do not implicitly handle any messages here during initial
+ * KEX when in strict mode. They will be need to be allowed
+ * explicitly by the KEX dispatch table or they will generate
+ * protocol errors.
+ */
+ if (ssh->kex != NULL &&
+ (ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict)
+ return 0;
+ /* Implicitly handle transport-level messages */
switch (*typep) {
case SSH2_MSG_IGNORE:
debug3("Received SSH2_MSG_IGNORE");
@@ -1734,19 +1782,6 @@ ssh_packet_read_poll_seqnr(struct ssh *s
debug("Remote: %.900s", msg);
free(msg);
break;
- case SSH2_MSG_DISCONNECT:
- if ((r = sshpkt_get_u32(ssh, &reason)) != 0 ||
- (r = sshpkt_get_string(ssh, &msg, NULL)) != 0)
- return r;
- /* Ignore normal client exit notifications */
- do_log2(ssh->state->server_side &&
- reason == SSH2_DISCONNECT_BY_APPLICATION ?
- SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
- "Received disconnect from %s port %d:"
- "%u: %.400s", ssh_remote_ipaddr(ssh),
- ssh_remote_port(ssh), reason, msg);
- free(msg);
- return SSH_ERR_DISCONNECTED;
case SSH2_MSG_UNIMPLEMENTED:
if ((r = sshpkt_get_u32(ssh, &seqnr)) != 0)
return r;
@@ -2211,6 +2246,7 @@ kex_to_blob(struct sshbuf *m, struct kex
(r = sshbuf_put_u32(m, kex->hostkey_type)) != 0 ||
(r = sshbuf_put_u32(m, kex->hostkey_nid)) != 0 ||
(r = sshbuf_put_u32(m, kex->kex_type)) != 0 ||
+ (r = sshbuf_put_u32(m, kex->kex_strict)) != 0 ||
(r = sshbuf_put_stringb(m, kex->my)) != 0 ||
(r = sshbuf_put_stringb(m, kex->peer)) != 0 ||
(r = sshbuf_put_stringb(m, kex->client_version)) != 0 ||
@@ -2373,6 +2409,7 @@ kex_from_blob(struct sshbuf *m, struct k
(r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_type)) != 0 ||
(r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_nid)) != 0 ||
(r = sshbuf_get_u32(m, &kex->kex_type)) != 0 ||
+ (r = sshbuf_get_u32(m, &kex->kex_strict)) != 0 ||
(r = sshbuf_get_stringb(m, kex->my)) != 0 ||
(r = sshbuf_get_stringb(m, kex->peer)) != 0 ||
(r = sshbuf_get_stringb(m, kex->client_version)) != 0 ||
@@ -2701,6 +2738,7 @@ sshpkt_disconnect(struct ssh *ssh, const
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
+ debug2_f("sending SSH2_MSG_DISCONNECT: %s", buf);
if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 ||
(r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_PROTOCOL_ERROR)) != 0 ||
(r = sshpkt_put_cstring(ssh, buf)) != 0 ||
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -244,7 +244,8 @@ ssh_kex2(struct ssh *ssh, char *host, st
fatal_fr(r, "kex_assemble_namelist");
free(all_key);
- if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
+ if ((s = kex_names_cat(options.kex_algorithms,
+ "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL)
fatal_f("kex_names_cat");
myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, s);
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
@@ -432,7 +433,6 @@ struct cauthmethod {
};
static int input_userauth_service_accept(int, u_int32_t, struct ssh *);
-static int input_userauth_ext_info(int, u_int32_t, struct ssh *);
static int input_userauth_success(int, u_int32_t, struct ssh *);
static int input_userauth_failure(int, u_int32_t, struct ssh *);
static int input_userauth_banner(int, u_int32_t, struct ssh *);
@@ -552,7 +552,7 @@ ssh_userauth2(struct ssh *ssh, const cha
ssh->authctxt = &authctxt;
ssh_dispatch_init(ssh, &input_userauth_error);
- ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info);
+ ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, kex_input_ext_info);
ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept);
ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */
pubkey_cleanup(ssh);
@@ -604,13 +604,6 @@ input_userauth_service_accept(int type,
return r;
}
-/* ARGSUSED */
-static int
-input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh)
-{
- return kex_input_ext_info(type, seqnr, ssh);
-}
-
void
userauth(struct ssh *ssh, char *authlist)
{
@@ -692,6 +685,7 @@ input_userauth_success(int type, u_int32
free(authctxt->methoddata);
authctxt->methoddata = NULL;
authctxt->success = 1; /* break out */
+ ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, dispatch_protocol_error);
return 0;
}
--- a/sshd.c
+++ b/sshd.c
@@ -2489,11 +2489,13 @@ static void
do_ssh2_kex(struct ssh *ssh)
{
char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
+ char *s;
struct kex *kex;
int r;
- myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh,
- options.kex_algorithms);
+ if ((s = kex_names_cat(options.kex_algorithms, "kex-strict-s-v00@openssh.com")) == NULL)
+ fatal_f("kex_names_cat");
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, s);
myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(ssh,
options.ciphers);
myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(ssh,
@@ -2599,6 +2601,7 @@ do_ssh2_kex(struct ssh *ssh)
(r = ssh_packet_write_wait(ssh)) != 0)
fatal_fr(r, "send test");
#endif
+ free(s);
debug("KEX done");
}

170
main/openssh/CVE-2023-51384.patch Normal file
View File

@ -0,0 +1,170 @@
Patch-Source: https://sources.debian.org/src/openssh/1%3A9.2p1-2%2Bdeb12u2/debian/patches/CVE-2023-51384.patch
--
From d5be669c872a313a71d60babee64f3a80340dc51 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Mon, 18 Dec 2023 14:46:12 +0000
Subject: upstream: apply destination constraints to all p11 keys
Previously applied only to the first key returned from each token.
ok markus@
OpenBSD-Commit-ID: 36df3afb8eb94eec6b2541f063d0d164ef8b488d
Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=881d9c6af9da4257c69c327c4e2f1508b2fa754b
Last-Update: 2023-12-19
Patch-Name: CVE-2023-51384.patch
---
ssh-agent.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 99 insertions(+), 4 deletions(-)
diff --git a/ssh-agent.c b/ssh-agent.c
index dce2849d8..27bf9b5ad 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -248,6 +248,91 @@ free_dest_constraints(struct dest_constraint *dcs, size_t ndcs)
free(dcs);
}
+static void
+dup_dest_constraint_hop(const struct dest_constraint_hop *dch,
+ struct dest_constraint_hop *out)
+{
+ u_int i;
+ int r;
+
+ out->user = dch->user == NULL ? NULL : xstrdup(dch->user);
+ out->hostname = dch->hostname == NULL ? NULL : xstrdup(dch->hostname);
+ out->is_ca = dch->is_ca;
+ out->nkeys = dch->nkeys;
+ out->keys = out->nkeys == 0 ? NULL :
+ xcalloc(out->nkeys, sizeof(*out->keys));
+ out->key_is_ca = out->nkeys == 0 ? NULL :
+ xcalloc(out->nkeys, sizeof(*out->key_is_ca));
+ for (i = 0; i < dch->nkeys; i++) {
+ if (dch->keys[i] != NULL &&
+ (r = sshkey_from_private(dch->keys[i],
+ &(out->keys[i]))) != 0)
+ fatal_fr(r, "copy key");
+ out->key_is_ca[i] = dch->key_is_ca[i];
+ }
+}
+
+static struct dest_constraint *
+dup_dest_constraints(const struct dest_constraint *dcs, size_t ndcs)
+{
+ size_t i;
+ struct dest_constraint *ret;
+
+ if (ndcs == 0)
+ return NULL;
+ ret = xcalloc(ndcs, sizeof(*ret));
+ for (i = 0; i < ndcs; i++) {
+ dup_dest_constraint_hop(&dcs[i].from, &ret[i].from);
+ dup_dest_constraint_hop(&dcs[i].to, &ret[i].to);
+ }
+ return ret;
+}
+
+#ifdef DEBUG_CONSTRAINTS
+static void
+dump_dest_constraint_hop(const struct dest_constraint_hop *dch)
+{
+ u_int i;
+ char *fp;
+
+ debug_f("user %s hostname %s is_ca %d nkeys %u",
+ dch->user == NULL ? "(null)" : dch->user,
+ dch->hostname == NULL ? "(null)" : dch->hostname,
+ dch->is_ca, dch->nkeys);
+ for (i = 0; i < dch->nkeys; i++) {
+ fp = NULL;
+ if (dch->keys[i] != NULL &&
+ (fp = sshkey_fingerprint(dch->keys[i],
+ SSH_FP_HASH_DEFAULT, SSH_FP_DEFAULT)) == NULL)
+ fatal_f("fingerprint failed");
+ debug_f("key %u/%u: %s%s%s key_is_ca %d", i, dch->nkeys,
+ dch->keys[i] == NULL ? "" : sshkey_ssh_name(dch->keys[i]),
+ dch->keys[i] == NULL ? "" : " ",
+ dch->keys[i] == NULL ? "none" : fp,
+ dch->key_is_ca[i]);
+ free(fp);
+ }
+}
+#endif /* DEBUG_CONSTRAINTS */
+
+static void
+dump_dest_constraints(const char *context,
+ const struct dest_constraint *dcs, size_t ndcs)
+{
+#ifdef DEBUG_CONSTRAINTS
+ size_t i;
+
+ debug_f("%s: %zu constraints", context, ndcs);
+ for (i = 0; i < ndcs; i++) {
+ debug_f("constraint %zu / %zu: from: ", i, ndcs);
+ dump_dest_constraint_hop(&dcs[i].from);
+ debug_f("constraint %zu / %zu: to: ", i, ndcs);
+ dump_dest_constraint_hop(&dcs[i].to);
+ }
+ debug_f("done for %s", context);
+#endif /* DEBUG_CONSTRAINTS */
+}
+
static void
free_identity(Identity *id)
{
@@ -519,13 +604,22 @@ process_request_identities(SocketEntry *e)
Identity *id;
struct sshbuf *msg, *keys;
int r;
- u_int nentries = 0;
+ u_int i = 0, nentries = 0;
+ char *fp;
debug2_f("entering");
if ((msg = sshbuf_new()) == NULL || (keys = sshbuf_new()) == NULL)
fatal_f("sshbuf_new failed");
TAILQ_FOREACH(id, &idtab->idlist, next) {
+ if ((fp = sshkey_fingerprint(id->key, SSH_FP_HASH_DEFAULT,
+ SSH_FP_DEFAULT)) == NULL)
+ fatal_f("fingerprint failed");
+ debug_f("key %u / %u: %s %s", i++, idtab->nentries,
+ sshkey_ssh_name(id->key), fp);
+ dump_dest_constraints(__func__,
+ id->dest_constraints, id->ndest_constraints);
+ free(fp);
/* identity not visible, don't include in response */
if (identity_permitted(id, e, NULL, NULL, NULL) != 0)
continue;
@@ -1225,6 +1319,7 @@ process_add_identity(SocketEntry *e)
sshbuf_reset(e->request);
goto out;
}
+ dump_dest_constraints(__func__, dest_constraints, ndest_constraints);
if (sk_provider != NULL) {
if (!sshkey_is_sk(k)) {
@@ -1404,6 +1499,7 @@ process_add_smartcard_key(SocketEntry *e)
error_f("failed to parse constraints");
goto send;
}
+ dump_dest_constraints(__func__, dest_constraints, ndest_constraints);
if (e->nsession_ids != 0 && !remote_add_provider) {
verbose("failed PKCS#11 add of \"%.100s\": remote addition of "
"providers is disabled", provider);
@@ -1439,10 +1535,9 @@ process_add_smartcard_key(SocketEntry *e)
}
id->death = death;
id->confirm = confirm;
- id->dest_constraints = dest_constraints;
+ id->dest_constraints = dup_dest_constraints(
+ dest_constraints, ndest_constraints);
id->ndest_constraints = ndest_constraints;
- dest_constraints = NULL; /* transferred */
- ndest_constraints = 0;
TAILQ_INSERT_TAIL(&idtab->idlist, id, next);
idtab->nentries++;
success = 1;

97
main/openssh/CVE-2023-51385.patch Normal file
View File

@ -0,0 +1,97 @@
Patch-Source: https://sources.debian.org/src/openssh/1%3A9.2p1-2%2Bdeb12u2/debian/patches/CVE-2023-51385.patch (modified)
--
From 14c4d6f0fa446414d1c38ad083107576d0ae3032 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Mon, 18 Dec 2023 14:47:44 +0000
Subject: upstream: ban user/hostnames with most shell metacharacters
This makes ssh(1) refuse user or host names provided on the
commandline that contain most shell metacharacters.
Some programs that invoke ssh(1) using untrusted data do not filter
metacharacters in arguments they supply. This could create
interactions with user-specified ProxyCommand and other directives
that allow shell injection attacks to occur.
It's a mistake to invoke ssh(1) with arbitrary untrusted arguments,
but getting this stuff right can be tricky, so this should prevent
most obvious ways of creating risky situations. It however is not
and cannot be perfect: ssh(1) has no practical way of interpreting
what shell quoting rules are in use and how they interact with the
user's specified ProxyCommand.
To allow configurations that use strange user or hostnames to
continue to work, this strictness is applied only to names coming
from the commandline. Names specified using User or Hostname
directives in ssh_config(5) are not affected.
feedback/ok millert@ markus@ dtucker@ deraadt@
OpenBSD-Commit-ID: 3b487348b5964f3e77b6b4d3da4c3b439e94b2d9
Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=7ef3787c84b6b524501211b11a26c742f829af1a
Last-Update: 2023-12-19
Patch-Name: CVE-2023-51385.patch
---
ssh.c | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/ssh.c b/ssh.c
index 8b6b54558..422405035 100644
--- a/ssh.c
+++ b/ssh.c
@@ -619,6 +619,41 @@
free(cinfo);
}
+static int
+valid_hostname(const char *s)
+{
+ size_t i;
+
+ if (*s == '-')
+ return 0;
+ for (i = 0; s[i] != 0; i++) {
+ if (strchr("'`\"$\\;&<>|(){}", s[i]) != NULL ||
+ isspace((u_char)s[i]) || iscntrl((u_char)s[i]))
+ return 0;
+ }
+ return 1;
+}
+
+static int
+valid_ruser(const char *s)
+{
+ size_t i;
+
+ if (*s == '-')
+ return 0;
+ for (i = 0; s[i] != 0; i++) {
+ if (strchr("'`\";&<>|(){}", s[i]) != NULL)
+ return 0;
+ /* Disallow '-' after whitespace */
+ if (isspace((u_char)s[i]) && s[i + 1] == '-')
+ return 0;
+ /* Disallow \ in last position */
+ if (s[i] == '\\' && s[i + 1] == '\0')
+ return 0;
+ }
+ return 1;
+}
+
/*
* Main program for the ssh client.
*/
@@ -1104,6 +1139,11 @@
/* Check that we got a host name. */
if (!host)
usage();
+
+ if (!valid_hostname(host))
+ fatal("hostname contains invalid characters");
+ if (options.user != NULL && !valid_ruser(options.user))
+ fatal("remote username contains invalid characters");
host_arg = xstrdup(host);