diff --git a/.gitignore b/.gitignore index 9130fdb..bfd0bb1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/libssh-0.9.0.tar.xz +SOURCES/libssh-0.9.4.tar.xz SOURCES/libssh.keyring diff --git a/.libssh.metadata b/.libssh.metadata index 2c4bf88..c453642 100644 --- a/.libssh.metadata +++ b/.libssh.metadata @@ -1,2 +1,2 @@ -570bffef68af6c1211673bc9a8036c9265935b2b SOURCES/libssh-0.9.0.tar.xz +93289b77379263328c843fa85ba5ed4b274b689f SOURCES/libssh-0.9.4.tar.xz 3f2ab0bca02893402ba0ad172a6bd44456a65f86 SOURCES/libssh.keyring diff --git a/SOURCES/libssh-0.9.0-do-not-ignore-known-hosts-keys.patch b/SOURCES/libssh-0.9.0-do-not-ignore-known-hosts-keys.patch deleted file mode 100644 index c007677..0000000 --- a/SOURCES/libssh-0.9.0-do-not-ignore-known-hosts-keys.patch +++ /dev/null @@ -1,1240 +0,0 @@ -From b040856ccfde1a5d4c21791f46ca6ee00c21a47b Mon Sep 17 00:00:00 2001 -From: Anderson Toshiyuki Sasaki -Date: Tue, 2 Jul 2019 10:21:15 +0200 -Subject: [PATCH 1/6] knownhosts: Fix possible memory leak - -The memory allocated for host_port can leak if the global knownhosts -file is unaccessible. - -Found by address sanitizer build in CI. - -Signed-off-by: Anderson Toshiyuki Sasaki -Reviewed-by: Jakub Jelen -(cherry picked from commit fe248414fec1e654e4ee1259927d68777dd870ae) ---- - src/knownhosts.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/knownhosts.c b/src/knownhosts.c -index 8a4a8ba7..9383cc97 100644 ---- a/src/knownhosts.c -+++ b/src/knownhosts.c -@@ -706,13 +706,15 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session) - rc = ssh_known_hosts_read_entries(host_port, - session->opts.global_knownhosts, - &entry_list); -- SAFE_FREE(host_port); - if (rc != 0) { -+ SAFE_FREE(host_port); - ssh_list_free(entry_list); - return SSH_KNOWN_HOSTS_ERROR; - } - } - -+ SAFE_FREE(host_port); -+ - if (ssh_list_count(entry_list) == 0) { - ssh_list_free(entry_list); - return SSH_KNOWN_HOSTS_UNKNOWN; --- -2.21.0 - - -From 7ff0af75436ee6e549907dd563e968b92f7f8db2 Mon Sep 17 00:00:00 2001 -From: Anderson Toshiyuki Sasaki -Date: Fri, 28 Jun 2019 13:19:51 +0200 -Subject: [PATCH 2/6] tests: Check if known_hosts works with single - unaccessible file - -Make sure known hosts check works when local known_hosts file is -unaccessible, but the host is present in global known_hosts file. - -Remove double return value check in previous existing test. - -Signed-off-by: Anderson Toshiyuki Sasaki -Reviewed-by: Jakub Jelen -(cherry picked from commit ad68de7271e6ccda261df4d9fc827321e7d90fd0) ---- - tests/unittests/torture_knownhosts_parsing.c | 19 +++++++++++-------- - 1 file changed, 11 insertions(+), 8 deletions(-) - -diff --git a/tests/unittests/torture_knownhosts_parsing.c b/tests/unittests/torture_knownhosts_parsing.c -index ac8d7f31..a087caef 100644 ---- a/tests/unittests/torture_knownhosts_parsing.c -+++ b/tests/unittests/torture_knownhosts_parsing.c -@@ -384,22 +384,19 @@ static void torture_knownhosts_host_exists(void **state) - - /* This makes sure the system's known_hosts are not used */ - ssh_options_set(session, SSH_OPTIONS_GLOBAL_KNOWNHOSTS, "/dev/null"); -- - found = ssh_session_has_known_hosts_entry(session); - assert_int_equal(found, SSH_KNOWN_HOSTS_OK); -- assert_true(found == SSH_KNOWN_HOSTS_OK); - - /* This makes sure the check will not fail when the system's known_hosts is - * not accessible*/ - ssh_options_set(session, SSH_OPTIONS_GLOBAL_KNOWNHOSTS, "./unaccessible"); -- - found = ssh_session_has_known_hosts_entry(session); - assert_int_equal(found, SSH_KNOWN_HOSTS_OK); -- assert_true(found == SSH_KNOWN_HOSTS_OK); - -+ /* This makes sure the check will fail for an unknown host */ - ssh_options_set(session, SSH_OPTIONS_HOST, "wurstbrot"); - found = ssh_session_has_known_hosts_entry(session); -- assert_true(found == SSH_KNOWN_HOSTS_UNKNOWN); -+ assert_int_equal(found, SSH_KNOWN_HOSTS_UNKNOWN); - - ssh_free(session); - } -@@ -414,17 +411,23 @@ static void torture_knownhosts_host_exists_global(void **state) - assert_non_null(session); - - ssh_options_set(session, SSH_OPTIONS_HOST, "localhost"); -+ ssh_options_set(session, SSH_OPTIONS_GLOBAL_KNOWNHOSTS, knownhosts_file); -+ - /* This makes sure the user's known_hosts are not used */ - ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, "/dev/null"); -- ssh_options_set(session, SSH_OPTIONS_GLOBAL_KNOWNHOSTS, knownhosts_file); -+ found = ssh_session_has_known_hosts_entry(session); -+ assert_int_equal(found, SSH_KNOWN_HOSTS_OK); - -+ /* This makes sure the check will not fail when the user's known_hosts is -+ * not accessible*/ -+ ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, "./unaccessible"); - found = ssh_session_has_known_hosts_entry(session); - assert_int_equal(found, SSH_KNOWN_HOSTS_OK); -- assert_true(found == SSH_KNOWN_HOSTS_OK); - -+ /* This makes sure the check will fail for an unknown host */ - ssh_options_set(session, SSH_OPTIONS_HOST, "wurstbrot"); - found = ssh_session_has_known_hosts_entry(session); -- assert_true(found == SSH_KNOWN_HOSTS_UNKNOWN); -+ assert_int_equal(found, SSH_KNOWN_HOSTS_UNKNOWN); - - ssh_free(session); - } --- -2.21.0 - - -From b9530cedbeb169762307096dfeb485ab94e09740 Mon Sep 17 00:00:00 2001 -From: Anderson Toshiyuki Sasaki -Date: Fri, 28 Jun 2019 13:27:34 +0200 -Subject: [PATCH 3/6] knownhosts: Read knownhosts file only if found - -Avoid trying to open the files if they are not accessible. This was -already treated as a non-error, but with this we save one function call. - -Signed-off-by: Anderson Toshiyuki Sasaki -Reviewed-by: Jakub Jelen -(cherry picked from commit e5a64a3d6b1b601cbaf207468a6658d1a4fa0031) ---- - src/knownhosts.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/knownhosts.c b/src/knownhosts.c -index 9383cc97..8040a0c0 100644 ---- a/src/knownhosts.c -+++ b/src/knownhosts.c -@@ -691,7 +691,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session) - return SSH_KNOWN_HOSTS_ERROR; - } - -- if (session->opts.knownhosts != NULL) { -+ if (known_hosts_found) { - rc = ssh_known_hosts_read_entries(host_port, - session->opts.knownhosts, - &entry_list); -@@ -702,7 +702,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session) - } - } - -- if (session->opts.global_knownhosts != NULL) { -+ if (global_known_hosts_found) { - rc = ssh_known_hosts_read_entries(host_port, - session->opts.global_knownhosts, - &entry_list); --- -2.21.0 - - -From aaa978ad06ebdeff88a39b9a894696254263162c Mon Sep 17 00:00:00 2001 -From: Anderson Toshiyuki Sasaki -Date: Fri, 28 Jun 2019 22:35:38 +0200 -Subject: [PATCH 4/6] token: Added function to remove duplicates - -Added a function to remove duplicates from lists. This function is used -in a new provided function to append lists removing duplicates. - -Signed-off-by: Anderson Toshiyuki Sasaki -Reviewed-by: Jakub Jelen -(cherry picked from commit 548753b3389518ebce98a7ddbf0640db3ad72de8) ---- - include/libssh/token.h | 6 +- - src/token.c | 152 ++++++++++++++++++++++++++++++- - tests/unittests/torture_tokens.c | 122 +++++++++++++++++++++++++ - 3 files changed, 278 insertions(+), 2 deletions(-) - -diff --git a/include/libssh/token.h b/include/libssh/token.h -index 7b244189..9896fb06 100644 ---- a/include/libssh/token.h -+++ b/include/libssh/token.h -@@ -38,7 +38,11 @@ void ssh_tokens_free(struct ssh_tokens_st *tokens); - char *ssh_find_matching(const char *available_d, - const char *preferred_d); - -- - char *ssh_find_all_matching(const char *available_d, - const char *preferred_d); -+ -+char *ssh_remove_duplicates(const char *list); -+ -+char *ssh_append_without_duplicates(const char *list, -+ const char *appended_list); - #endif /* TOKEN_H_ */ -diff --git a/src/token.c b/src/token.c -index aee235ac..0924d3bd 100644 ---- a/src/token.c -+++ b/src/token.c -@@ -26,6 +26,7 @@ - - #include - #include -+#include - - #include "libssh/priv.h" - #include "libssh/token.h" -@@ -175,7 +176,7 @@ char *ssh_find_matching(const char *available_list, - - for (i = 0; p_tok->tokens[i]; i++) { - for (j = 0; a_tok->tokens[j]; j++) { -- if (strcmp(a_tok->tokens[j], p_tok->tokens[i]) == 0){ -+ if (strcmp(a_tok->tokens[j], p_tok->tokens[i]) == 0) { - ret = strdup(a_tok->tokens[j]); - goto out; - } -@@ -260,3 +261,152 @@ out: - ssh_tokens_free(p_tok); - return ret; - } -+ -+/** -+ * @internal -+ * -+ * @brief Given a string containing a list of elements, remove all duplicates -+ * and return in a newly allocated string. -+ * -+ * @param[in] list The list to be freed of duplicates -+ * -+ * @return A newly allocated copy of the string free of duplicates; NULL in -+ * case of error. -+ */ -+char *ssh_remove_duplicates(const char *list) -+{ -+ struct ssh_tokens_st *tok = NULL; -+ -+ size_t i, j, num_tokens, max_len; -+ char *ret = NULL; -+ bool *should_copy = NULL, need_comma = false; -+ -+ if (list == NULL) { -+ return NULL; -+ } -+ -+ /* The maximum number of tokens is the size of the list */ -+ max_len = strlen(list); -+ if (max_len == 0) { -+ return NULL; -+ } -+ -+ /* Add space for ending '\0' */ -+ max_len++; -+ -+ tok = ssh_tokenize(list, ','); -+ if ((tok == NULL) || (tok->tokens == NULL) || (tok->tokens[0] == NULL)) { -+ goto out; -+ } -+ -+ should_copy = calloc(1, max_len); -+ if (should_copy == NULL) { -+ goto out; -+ } -+ -+ if (strlen(tok->tokens[0]) > 0) { -+ should_copy[0] = true; -+ } -+ -+ for (i = 1; tok->tokens[i]; i++) { -+ for (j = 0; j < i; j++) { -+ if (strcmp(tok->tokens[i], tok->tokens[j]) == 0) { -+ /* Found a duplicate; do not copy */ -+ should_copy[i] = false; -+ break; -+ } -+ } -+ -+ /* No matching token before */ -+ if (j == i) { -+ /* Only copy if it is not an empty string */ -+ if (strlen(tok->tokens[i]) > 0) { -+ should_copy[i] = true; -+ } else { -+ should_copy[i] = false; -+ } -+ } -+ } -+ -+ num_tokens = i; -+ -+ ret = calloc(1, max_len); -+ if (ret == NULL) { -+ goto out; -+ } -+ -+ for (i = 0; i < num_tokens; i++) { -+ if (should_copy[i]) { -+ if (need_comma) { -+ strncat(ret, ",", (max_len - strlen(ret) - 1)); -+ } -+ strncat(ret, tok->tokens[i], (max_len - strlen(ret) - 1)); -+ need_comma = true; -+ } -+ } -+ -+ /* If no comma is needed, nothing was copied */ -+ if (!need_comma) { -+ SAFE_FREE(ret); -+ } -+ -+out: -+ SAFE_FREE(should_copy); -+ ssh_tokens_free(tok); -+ return ret; -+} -+ -+/** -+ * @internal -+ * -+ * @brief Given two strings containing lists of tokens, return a newly -+ * allocated string containing all the elements of the first list appended with -+ * all the elements of the second list, without duplicates. The order of the -+ * elements will be preserved. -+ * -+ * @param[in] list The first list -+ * @param[in] appended_list The list to be appended -+ * -+ * @return A newly allocated copy list containing all the elements of the -+ * kept_list appended with the elements of the appended_list without duplicates; -+ * NULL in case of error. -+ */ -+char *ssh_append_without_duplicates(const char *list, -+ const char *appended_list) -+{ -+ size_t concat_len = 0; -+ char *ret = NULL, *concat = NULL; -+ -+ if (list != NULL) { -+ concat_len = strlen(list); -+ } -+ -+ if (appended_list != NULL) { -+ concat_len += strlen(appended_list); -+ } -+ -+ if (concat_len == 0) { -+ return NULL; -+ } -+ -+ /* Add room for ending '\0' and for middle ',' */ -+ concat_len += 2; -+ concat = calloc(1, concat_len); -+ if (concat == NULL) { -+ return NULL; -+ } -+ -+ if (list != NULL) { -+ strcpy(concat, list); -+ strncat(concat, ",", concat_len - strlen(concat) - 1); -+ } -+ if (appended_list != NULL) { -+ strncat(concat, appended_list, concat_len - strlen(concat) - 1); -+ } -+ -+ ret = ssh_remove_duplicates(concat); -+ -+ SAFE_FREE(concat); -+ -+ return ret; -+} -diff --git a/tests/unittests/torture_tokens.c b/tests/unittests/torture_tokens.c -index e192842f..6b52b847 100644 ---- a/tests/unittests/torture_tokens.c -+++ b/tests/unittests/torture_tokens.c -@@ -146,6 +146,126 @@ static void torture_tokens_sanity(UNUSED_PARAM(void **state)) - tokenize_compare_expected(",", single_colon, 1); - } - -+static void torture_remove_duplicate(UNUSED_PARAM(void **state)) -+{ -+ -+ const char *simple[] = {"a,a,b,b,c,c", -+ "a,b,c,a,b,c", -+ "a,b,c,c,b,a", -+ "a,a,,b,b,,c,c", -+ ",a,a,b,b,c,c", -+ "a,a,b,b,c,c,"}; -+ const char *empty[] = {"", -+ ",,,,,,,,,", -+ NULL}; -+ char *ret = NULL; -+ int i; -+ -+ for (i = 0; i < 6; i++) { -+ ret = ssh_remove_duplicates(simple[i]); -+ assert_non_null(ret); -+ assert_string_equal("a,b,c", ret); -+ printf("simple[%d] resulted in '%s'\n", i, ret); -+ SAFE_FREE(ret); -+ } -+ -+ for (i = 0; i < 3; i++) { -+ ret = ssh_remove_duplicates(empty[i]); -+ if (ret != NULL) { -+ printf("empty[%d] resulted in '%s'\n", i, ret); -+ } -+ assert_null(ret); -+ } -+ -+ ret = ssh_remove_duplicates("a"); -+ assert_non_null(ret); -+ assert_string_equal("a", ret); -+ SAFE_FREE(ret); -+} -+ -+static void torture_append_without_duplicate(UNUSED_PARAM(void **state)) -+{ -+ const char *s1[] = {"a,a,b,b,c,c", -+ "a,b,c,a,b,c", -+ "a,b,c,c,b,a", -+ "a,a,,b,b,,c,c", -+ ",a,a,b,b,c,c", -+ "a,a,b,b,c,c,"}; -+ const char *s2[] = {"a,a,b,b,c,c,d,d", -+ "a,b,c,d,a,b,c,d", -+ "a,b,c,d,d,c,b,a", -+ "a,a,,b,b,,c,c,,d,d", -+ ",a,a,b,b,c,c,d,d", -+ "a,a,b,b,c,c,d,d,", -+ "d"}; -+ const char *empty[] = {"", -+ ",,,,,,,,,", -+ NULL, -+ NULL}; -+ char *ret = NULL; -+ int i, j; -+ -+ ret = ssh_append_without_duplicates("a", "a"); -+ assert_non_null(ret); -+ assert_string_equal("a", ret); -+ SAFE_FREE(ret); -+ -+ ret = ssh_append_without_duplicates("a", "b"); -+ assert_non_null(ret); -+ assert_string_equal("a,b", ret); -+ SAFE_FREE(ret); -+ -+ ret = ssh_append_without_duplicates("a", NULL); -+ assert_non_null(ret); -+ assert_string_equal("a", ret); -+ SAFE_FREE(ret); -+ -+ ret = ssh_append_without_duplicates(NULL, "b"); -+ assert_non_null(ret); -+ assert_string_equal("b", ret); -+ SAFE_FREE(ret); -+ -+ for (i = 0; i < 6; i++) { -+ for (j = 0; j < 7; j++) { -+ ret = ssh_append_without_duplicates(s1[i], s2[j]); -+ assert_non_null(ret); -+ printf("s1[%d] + s2[%d] resulted in '%s'\n", i, j, ret); -+ assert_string_equal("a,b,c,d", ret); -+ SAFE_FREE(ret); -+ } -+ } -+ -+ for (i = 0; i < 6; i++) { -+ for (j = 0; j < 3; j++) { -+ ret = ssh_append_without_duplicates(s1[i], empty[j]); -+ assert_non_null(ret); -+ printf("s1[%d] + empty[%d] resulted in '%s'\n", i, j, ret); -+ assert_string_equal("a,b,c", ret); -+ SAFE_FREE(ret); -+ } -+ } -+ -+ for (i = 0; i < 3; i++) { -+ for (j = 0; j < 6; j++) { -+ ret = ssh_append_without_duplicates(empty[i], s1[j]); -+ assert_non_null(ret); -+ printf("empty[%d] + s1[%d] resulted in '%s'\n", i, j, ret); -+ assert_string_equal("a,b,c", ret); -+ SAFE_FREE(ret); -+ } -+ } -+ for (i = 0; i < 4; i++) { -+ for (j = 0; j < 4; j++) { -+ ret = ssh_append_without_duplicates(empty[i], empty[j]); -+ if (ret != NULL) { -+ printf("empty[%d] + empty[%d] resulted in '%s'\n", i, j, ret); -+ } -+ assert_null(ret); -+ } -+ } -+} -+ -+ - int torture_run_tests(void) - { - int rc; -@@ -153,6 +273,8 @@ int torture_run_tests(void) - cmocka_unit_test(torture_tokens_sanity), - cmocka_unit_test(torture_find_matching), - cmocka_unit_test(torture_find_all_matching), -+ cmocka_unit_test(torture_remove_duplicate), -+ cmocka_unit_test(torture_append_without_duplicate), - }; - - ssh_init(); --- -2.21.0 - - -From fa3caa61fdb39269cd78c4919df515b71991d231 Mon Sep 17 00:00:00 2001 -From: Anderson Toshiyuki Sasaki -Date: Tue, 2 Jul 2019 13:48:17 +0200 -Subject: [PATCH 5/6] knownhosts: Introduced - ssh_known_hosts_get_algorithms_names() - -The added internal function obtain a newly allocated string containing a -list of the signature types that can be generated by the keys present in -the known_hosts files, separated by commas. - -Signed-off-by: Anderson Toshiyuki Sasaki -Reviewed-by: Jakub Jelen -(cherry picked from commit 65a38759ca872e8bec0158ab3676e74b6afd336f) ---- - include/libssh/knownhosts.h | 1 + - src/knownhosts.c | 141 +++++++++++++++++++ - tests/unittests/torture_knownhosts_parsing.c | 28 ++++ - 3 files changed, 170 insertions(+) - -diff --git a/include/libssh/knownhosts.h b/include/libssh/knownhosts.h -index dcaa6c24..44e434c0 100644 ---- a/include/libssh/knownhosts.h -+++ b/include/libssh/knownhosts.h -@@ -23,6 +23,7 @@ - #define SSH_KNOWNHOSTS_H_ - - struct ssh_list *ssh_known_hosts_get_algorithms(ssh_session session); -+char *ssh_known_hosts_get_algorithms_names(ssh_session session); - enum ssh_known_hosts_e - ssh_session_get_known_hosts_entry_file(ssh_session session, - const char *filename, -diff --git a/src/knownhosts.c b/src/knownhosts.c -index 8040a0c0..cf9d8a6b 100644 ---- a/src/knownhosts.c -+++ b/src/knownhosts.c -@@ -42,6 +42,7 @@ - #include "libssh/pki.h" - #include "libssh/dh.h" - #include "libssh/knownhosts.h" -+#include "libssh/token.h" - - /** - * @addtogroup libssh_session -@@ -451,6 +452,146 @@ error: - return NULL; - } - -+/** -+ * @internal -+ * -+ * @brief Returns a static string containing a list of the signature types the -+ * given key type can generate. -+ * -+ * @returns A static cstring containing the signature types the key is able to -+ * generate separated by commas; NULL in case of error -+ */ -+static const char *ssh_known_host_sigs_from_hostkey_type(enum ssh_keytypes_e type) -+{ -+ switch (type) { -+ case SSH_KEYTYPE_RSA: -+ return "rsa-sha2-512,rsa-sha2-256,ssh-rsa"; -+ case SSH_KEYTYPE_ED25519: -+ return "ssh-ed25519"; -+#ifdef HAVE_DSA -+ case SSH_KEYTYPE_DSS: -+ return "ssh-dss"; -+#endif -+#ifdef HAVE_ECDH -+ case SSH_KEYTYPE_ECDSA_P256: -+ return "ecdsa-sha2-nistp256"; -+ case SSH_KEYTYPE_ECDSA_P384: -+ return "ecdsa-sha2-nistp384"; -+ case SSH_KEYTYPE_ECDSA_P521: -+ return "ecdsa-sha2-nistp521"; -+#endif -+ case SSH_KEYTYPE_UNKNOWN: -+ default: -+ SSH_LOG(SSH_LOG_WARN, "The given type %d is not a base private key type " -+ "or is unsupported", type); -+ return NULL; -+ } -+} -+ -+/** -+ * @internal -+ * @brief Get the host keys algorithms identifiers from the known_hosts files -+ * -+ * This expands the signatures types that can be generated from the keys types -+ * present in the known_hosts files -+ * -+ * @param[in] session The ssh session to use. -+ * -+ * @return A newly allocated cstring containing a list of signature algorithms -+ * that can be generated by the host using the keys listed in the known_hosts -+ * files, NULL on error. -+ */ -+char *ssh_known_hosts_get_algorithms_names(ssh_session session) -+{ -+ char methods_buffer[256 + 1] = {0}; -+ struct ssh_list *entry_list = NULL; -+ struct ssh_iterator *it = NULL; -+ char *host_port = NULL; -+ size_t count; -+ bool needcomma = false; -+ char *names; -+ -+ int rc; -+ -+ if (session->opts.knownhosts == NULL || -+ session->opts.global_knownhosts == NULL) { -+ if (ssh_options_apply(session) < 0) { -+ ssh_set_error(session, -+ SSH_REQUEST_DENIED, -+ "Can't find a known_hosts file"); -+ -+ return NULL; -+ } -+ } -+ -+ host_port = ssh_session_get_host_port(session); -+ if (host_port == NULL) { -+ return NULL; -+ } -+ -+ rc = ssh_known_hosts_read_entries(host_port, -+ session->opts.knownhosts, -+ &entry_list); -+ if (rc != 0) { -+ SAFE_FREE(host_port); -+ ssh_list_free(entry_list); -+ return NULL; -+ } -+ -+ rc = ssh_known_hosts_read_entries(host_port, -+ session->opts.global_knownhosts, -+ &entry_list); -+ SAFE_FREE(host_port); -+ if (rc != 0) { -+ ssh_list_free(entry_list); -+ return NULL; -+ } -+ -+ if (entry_list == NULL) { -+ return NULL; -+ } -+ -+ count = ssh_list_count(entry_list); -+ if (count == 0) { -+ ssh_list_free(entry_list); -+ return NULL; -+ } -+ -+ for (it = ssh_list_get_iterator(entry_list); -+ it != NULL; -+ it = ssh_list_get_iterator(entry_list)) -+ { -+ struct ssh_knownhosts_entry *entry = NULL; -+ const char *algo = NULL; -+ -+ entry = ssh_iterator_value(struct ssh_knownhosts_entry *, it); -+ algo = ssh_known_host_sigs_from_hostkey_type(entry->publickey->type); -+ if (algo == NULL) { -+ continue; -+ } -+ -+ if (needcomma) { -+ strncat(methods_buffer, -+ ",", -+ sizeof(methods_buffer) - strlen(methods_buffer) - 1); -+ } -+ -+ strncat(methods_buffer, -+ algo, -+ sizeof(methods_buffer) - strlen(methods_buffer) - 1); -+ needcomma = true; -+ -+ ssh_knownhosts_entry_free(entry); -+ ssh_list_remove(entry_list, it); -+ } -+ -+ ssh_list_free(entry_list); -+ -+ names = ssh_remove_duplicates(methods_buffer); -+ -+ return names; -+} -+ - /** - * @brief Parse a line from a known_hosts entry into a structure - * -diff --git a/tests/unittests/torture_knownhosts_parsing.c b/tests/unittests/torture_knownhosts_parsing.c -index a087caef..6952e858 100644 ---- a/tests/unittests/torture_knownhosts_parsing.c -+++ b/tests/unittests/torture_knownhosts_parsing.c -@@ -369,6 +369,31 @@ static void torture_knownhosts_read_file(void **state) - ssh_list_free(entry_list); - } - -+static void torture_knownhosts_get_algorithms_names(void **state) -+{ -+ const char *knownhosts_file = *state; -+ ssh_session session; -+ const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa"; -+ char *names = NULL; -+ bool process_config = false; -+ -+ session = ssh_new(); -+ assert_non_null(session); -+ -+ /* This makes sure the global configuration file is not processed */ -+ ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config); -+ -+ ssh_options_set(session, SSH_OPTIONS_HOST, "localhost"); -+ ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, knownhosts_file); -+ -+ names = ssh_known_hosts_get_algorithms_names(session); -+ assert_non_null(names); -+ assert_string_equal(names, expect); -+ -+ SAFE_FREE(names); -+ ssh_free(session); -+} -+ - #ifndef _WIN32 /* There is no /dev/null on Windows */ - static void torture_knownhosts_host_exists(void **state) - { -@@ -510,6 +535,9 @@ int torture_run_tests(void) { - cmocka_unit_test_setup_teardown(torture_knownhosts_read_file, - setup_knownhosts_file_duplicate, - teardown_knownhosts_file), -+ cmocka_unit_test_setup_teardown(torture_knownhosts_get_algorithms_names, -+ setup_knownhosts_file, -+ teardown_knownhosts_file), - #ifndef _WIN32 - cmocka_unit_test_setup_teardown(torture_knownhosts_host_exists, - setup_knownhosts_file, --- -2.21.0 - - -From 1fd68ec732214a12ba3f59ca23f80463411e22dd Mon Sep 17 00:00:00 2001 -From: Anderson Toshiyuki Sasaki -Date: Mon, 1 Jul 2019 19:39:07 +0200 -Subject: [PATCH 6/6] kex: Do not ignore keys in known_hosts files - -Previously, if the SSH_OPTIONS_HOSTKEYS option was set by any mean, -including the client configuration file, the keys in known_hosts files -wouldn't be considered before advertising the list of wanted host keys. - -This could result in the client requesting the server to provide a -signature using a key not present in the known_hosts files (e.g. when -the first wanted algorithm in SSH_OPTIONS_HOSTKEYS is not present in the -known_hosts files), causing a host key mismatch and possible key -rejection. - -Now, the keys present in the known_hosts files are prioritized over the -other wanted keys. This do not change the fact that only keys of types -present in the list set in SSH_OPTIONS_HOSTKEYS will be accepted and -prioritized following the order defined by such list. - -The new wanted list of hostkeys is given by: - - The keys present in known_hosts files, ordered by preference defined - in SSH_OPTIONS_HOSTKEYS. If the option is not set, a default order - of preference is used. - - The other keys present in the same option are appended without adding - duplicates. If the option is not set, the default list of keys is - used. - -Fixes: T156 - -Signed-off-by: Anderson Toshiyuki Sasaki -Reviewed-by: Jakub Jelen -(cherry picked from commit f18a7cc17e399ae7bc92f707da3a676c52fd948e) ---- - src/kex.c | 165 +++++++++---------- - tests/unittests/torture_knownhosts_parsing.c | 148 ++++++++++++++++- - 2 files changed, 223 insertions(+), 90 deletions(-) - -diff --git a/src/kex.c b/src/kex.c -index 6ea5e8ba..0d4cad6d 100644 ---- a/src/kex.c -+++ b/src/kex.c -@@ -561,103 +561,94 @@ void ssh_list_kex(struct ssh_kex_struct *kex) { - - /** - * @internal -+ * - * @brief selects the hostkey mechanisms to be chosen for the key exchange, -- * as some hostkey mechanisms may be present in known_hosts file and preferred -+ * as some hostkey mechanisms may be present in known_hosts files. -+ * - * @returns a cstring containing a comma-separated list of hostkey methods. - * NULL if no method matches - */ - char *ssh_client_select_hostkeys(ssh_session session) - { -- char methods_buffer[128]={0}; -- char tail_buffer[128]={0}; -+ const char *wanted = NULL; -+ char *wanted_without_certs = NULL; -+ char *known_hosts_algorithms = NULL; -+ char *known_hosts_ordered = NULL; - char *new_hostkeys = NULL; -- static const char *preferred_hostkeys[] = { -- "ssh-ed25519", -- "ecdsa-sha2-nistp521", -- "ecdsa-sha2-nistp384", -- "ecdsa-sha2-nistp256", -- "rsa-sha2-512", -- "rsa-sha2-256", -- "ssh-rsa", --#ifdef HAVE_DSA -- "ssh-dss", --#endif -- NULL -- }; -- struct ssh_list *algo_list = NULL; -- struct ssh_iterator *it = NULL; -- size_t algo_count; -- int needcomma = 0; -- size_t i, len; -- -- algo_list = ssh_known_hosts_get_algorithms(session); -- if (algo_list == NULL) { -- return NULL; -+ char *fips_hostkeys = NULL; -+ -+ wanted = session->opts.wanted_methods[SSH_HOSTKEYS]; -+ if (wanted == NULL) { -+ if (ssh_fips_mode()) { -+ wanted = ssh_kex_get_fips_methods(SSH_HOSTKEYS); -+ } else { -+ wanted = ssh_kex_get_default_methods(SSH_HOSTKEYS); -+ } - } - -- algo_count = ssh_list_count(algo_list); -- if (algo_count == 0) { -- ssh_list_free(algo_list); -+ /* This removes the certificate types, unsupported for now */ -+ wanted_without_certs = ssh_find_all_matching(HOSTKEYS, wanted); -+ if (wanted_without_certs == NULL) { -+ SSH_LOG(SSH_LOG_WARNING, -+ "List of allowed host key algorithms is empty or contains only " -+ "unsupported algorithms"); - return NULL; - } - -- for (i = 0; preferred_hostkeys[i] != NULL; ++i) { -- bool found = false; -- /* This is a signature type: We list also the SHA2 extensions */ -- enum ssh_keytypes_e base_preferred = -- ssh_key_type_from_signature_name(preferred_hostkeys[i]); -- -- for (it = ssh_list_get_iterator(algo_list); -- it != NULL; -- it = it->next) { -- const char *algo = ssh_iterator_value(const char *, it); -- /* This is always key type so we do not have to care for the -- * SHA2 extension */ -- enum ssh_keytypes_e base_algo = ssh_key_type_from_name(algo); -- -- if (base_preferred == base_algo) { -- /* Matching the keys already verified it is a known type */ -- if (needcomma) { -- strncat(methods_buffer, -- ",", -- sizeof(methods_buffer) - strlen(methods_buffer) - 1); -- } -- strncat(methods_buffer, -- preferred_hostkeys[i], -- sizeof(methods_buffer) - strlen(methods_buffer) - 1); -- needcomma = 1; -- found = true; -- } -- } -- /* Collect the rest of the algorithms in other buffer, that will -- * follow the preferred buffer. This will signalize all the algorithms -- * we are willing to accept. -- */ -- if (!found) { -- snprintf(tail_buffer + strlen(tail_buffer), -- sizeof(tail_buffer) - strlen(tail_buffer), -- ",%s", preferred_hostkeys[i]); -- } -+ SSH_LOG(SSH_LOG_DEBUG, -+ "Order of wanted host keys: \"%s\"", -+ wanted_without_certs); -+ -+ known_hosts_algorithms = ssh_known_hosts_get_algorithms_names(session); -+ if (known_hosts_algorithms == NULL) { -+ SSH_LOG(SSH_LOG_DEBUG, -+ "No key found in known_hosts; " -+ "changing host key method to \"%s\"", -+ wanted_without_certs); -+ -+ return wanted_without_certs; - } -- ssh_list_free(algo_list); - -- if (strlen(methods_buffer) == 0) { -+ SSH_LOG(SSH_LOG_DEBUG, -+ "Algorithms found in known_hosts files: \"%s\"", -+ known_hosts_algorithms); -+ -+ /* Filter and order the keys from known_hosts according to wanted list */ -+ known_hosts_ordered = ssh_find_all_matching(known_hosts_algorithms, -+ wanted_without_certs); -+ SAFE_FREE(known_hosts_algorithms); -+ if (known_hosts_ordered == NULL) { - SSH_LOG(SSH_LOG_DEBUG, -- "No supported kex method for existing key in known_hosts file"); -- return NULL; -+ "No key found in known_hosts is allowed; " -+ "changing host key method to \"%s\"", -+ wanted_without_certs); -+ -+ return wanted_without_certs; - } - -- /* Append the supported list to the preferred. -- * The length is maximum 128 + 128 + 1, which will not overflow -- */ -- len = strlen(methods_buffer) + strlen(tail_buffer) + 1; -- new_hostkeys = malloc(len); -+ /* Append the other supported keys after the preferred ones -+ * This function tolerates NULL pointers in parameters */ -+ new_hostkeys = ssh_append_without_duplicates(known_hosts_ordered, -+ wanted_without_certs); -+ SAFE_FREE(known_hosts_ordered); -+ SAFE_FREE(wanted_without_certs); - if (new_hostkeys == NULL) { - ssh_set_error_oom(session); - return NULL; - } -- snprintf(new_hostkeys, len, -- "%s%s", methods_buffer, tail_buffer); -+ -+ if (ssh_fips_mode()) { -+ /* Filter out algorithms not allowed in FIPS mode */ -+ fips_hostkeys = ssh_keep_fips_algos(SSH_HOSTKEYS, new_hostkeys); -+ SAFE_FREE(new_hostkeys); -+ if (fips_hostkeys == NULL) { -+ SSH_LOG(SSH_LOG_WARNING, -+ "None of the wanted host keys or keys in known_hosts files " -+ "is allowed in FIPS mode."); -+ return NULL; -+ } -+ new_hostkeys = fips_hostkeys; -+ } - - SSH_LOG(SSH_LOG_DEBUG, - "Changing host key method to \"%s\"", -@@ -672,7 +663,7 @@ char *ssh_client_select_hostkeys(ssh_session session) - */ - int ssh_set_client_kex(ssh_session session) - { -- struct ssh_kex_struct *client= &session->next_crypto->client_kex; -+ struct ssh_kex_struct *client = &session->next_crypto->client_kex; - const char *wanted; - char *kex = NULL; - char *kex_tmp = NULL; -@@ -687,14 +678,22 @@ int ssh_set_client_kex(ssh_session session) - } - - memset(client->methods, 0, KEX_METHODS_SIZE * sizeof(char **)); -- /* first check if we have specific host key methods */ -- if (session->opts.wanted_methods[SSH_HOSTKEYS] == NULL) { -- /* Only if no override */ -- session->opts.wanted_methods[SSH_HOSTKEYS] = -- ssh_client_select_hostkeys(session); -- } - -+ /* Set the list of allowed algorithms in order of preference, if it hadn't -+ * been set yet. */ - for (i = 0; i < KEX_METHODS_SIZE; i++) { -+ if (i == SSH_HOSTKEYS) { -+ /* Set the hostkeys in the following order: -+ * - First: keys present in known_hosts files ordered by preference -+ * - Next: other wanted algorithms ordered by preference */ -+ client->methods[i] = ssh_client_select_hostkeys(session); -+ if (client->methods[i] == NULL) { -+ ssh_set_error_oom(session); -+ return SSH_ERROR; -+ } -+ continue; -+ } -+ - wanted = session->opts.wanted_methods[i]; - if (wanted == NULL) { - if (ssh_fips_mode()) { -diff --git a/tests/unittests/torture_knownhosts_parsing.c b/tests/unittests/torture_knownhosts_parsing.c -index 6952e858..1c2ccc10 100644 ---- a/tests/unittests/torture_knownhosts_parsing.c -+++ b/tests/unittests/torture_knownhosts_parsing.c -@@ -28,6 +28,8 @@ - - #define TMP_FILE_NAME "/tmp/known_hosts_XXXXXX" - -+const char template[] = "temp_dir_XXXXXX"; -+ - static int setup_knownhosts_file(void **state) - { - char *tmp_file = NULL; -@@ -394,6 +396,115 @@ static void torture_knownhosts_get_algorithms_names(void **state) - ssh_free(session); - } - -+static void torture_knownhosts_algorithms_wanted(void **state) -+{ -+ const char *knownhosts_file = *state; -+ char *algo_list = NULL; -+ ssh_session session; -+ bool process_config = false; -+ const char *wanted = "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256," -+ "rsa-sha2-256,ecdsa-sha2-nistp521"; -+ const char *expect = "rsa-sha2-256,ecdsa-sha2-nistp384," -+ "ecdsa-sha2-nistp256,ecdsa-sha2-nistp521"; -+ int verbose = 4; -+ -+ session = ssh_new(); -+ assert_non_null(session); -+ -+ ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbose); -+ -+ /* This makes sure the global configuration file is not processed */ -+ ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config); -+ -+ /* Set the wanted list of hostkeys, ordered by preference */ -+ ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, wanted); -+ -+ ssh_options_set(session, SSH_OPTIONS_HOST, "localhost"); -+ ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, knownhosts_file); -+ -+ algo_list = ssh_client_select_hostkeys(session); -+ assert_non_null(algo_list); -+ assert_string_equal(algo_list, expect); -+ free(algo_list); -+ -+ ssh_free(session); -+} -+ -+static void torture_knownhosts_algorithms_negative(UNUSED_PARAM(void **state)) -+{ -+ const char *wanted = NULL; -+ const char *expect = NULL; -+ -+ char *algo_list = NULL; -+ -+ char *cwd = NULL; -+ char *tmp_dir = NULL; -+ -+ bool process_config = false; -+ int verbose = 4; -+ int rc = 0; -+ -+ ssh_session session; -+ /* Create temporary directory */ -+ cwd = torture_get_current_working_dir(); -+ assert_non_null(cwd); -+ -+ tmp_dir = torture_make_temp_dir(template); -+ assert_non_null(tmp_dir); -+ -+ rc = torture_change_dir(tmp_dir); -+ assert_int_equal(rc, 0); -+ -+ session = ssh_new(); -+ assert_non_null(session); -+ -+ ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbose); -+ ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config); -+ ssh_options_set(session, SSH_OPTIONS_HOST, "localhost"); -+ -+ /* Test with unknown key type in known_hosts */ -+ wanted = "rsa-sha2-256"; -+ ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, wanted); -+ torture_write_file("unknown_key_type", "localhost unknown AAAABBBBCCCC"); -+ ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, "unknown_key_type"); -+ algo_list = ssh_client_select_hostkeys(session); -+ assert_non_null(algo_list); -+ assert_string_equal(algo_list, wanted); -+ SAFE_FREE(algo_list); -+ -+ /* Test with unsupported, but existing types */ -+ wanted = "rsa-sha2-256-cert-v01@openssh.com," -+ "rsa-sha2-512-cert-v01@openssh.com"; -+ ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, wanted); -+ algo_list = ssh_client_select_hostkeys(session); -+ assert_null(algo_list); -+ -+ /* In FIPS mode, test filtering keys not allowed */ -+ if (ssh_fips_mode()) { -+ wanted = "ssh-ed25519,rsa-sha2-256,ssh-rsa"; -+ expect = "rsa-sha2-256"; -+ ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, wanted); -+ torture_write_file("no_fips", LOCALHOST_DEFAULT_ED25519); -+ ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, "no_fips"); -+ algo_list = ssh_client_select_hostkeys(session); -+ assert_non_null(algo_list); -+ assert_string_equal(algo_list, expect); -+ SAFE_FREE(algo_list); -+ } -+ -+ ssh_free(session); -+ -+ /* Teardown */ -+ rc = torture_change_dir(cwd); -+ assert_int_equal(rc, 0); -+ -+ rc = torture_rmdirs(tmp_dir); -+ assert_int_equal(rc, 0); -+ -+ SAFE_FREE(tmp_dir); -+ SAFE_FREE(cwd); -+} -+ - #ifndef _WIN32 /* There is no /dev/null on Windows */ - static void torture_knownhosts_host_exists(void **state) - { -@@ -457,12 +568,12 @@ static void torture_knownhosts_host_exists_global(void **state) - ssh_free(session); - } - --static void --torture_knownhosts_algorithms(void **state) -+static void torture_knownhosts_algorithms(void **state) - { - const char *knownhosts_file = *state; - char *algo_list = NULL; - ssh_session session; -+ bool process_config = false; - const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa," - "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384," - "ecdsa-sha2-nistp256" -@@ -470,10 +581,15 @@ torture_knownhosts_algorithms(void **state) - ",ssh-dss" - #endif - ; -+ const char *expect_fips = "rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp521," -+ "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256"; - - session = ssh_new(); - assert_non_null(session); - -+ /* This makes sure the global configuration file is not processed */ -+ ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config); -+ - ssh_options_set(session, SSH_OPTIONS_HOST, "localhost"); - ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, knownhosts_file); - /* This makes sure the system's known_hosts are not used */ -@@ -481,18 +597,22 @@ torture_knownhosts_algorithms(void **state) - - algo_list = ssh_client_select_hostkeys(session); - assert_non_null(algo_list); -- assert_string_equal(algo_list, expect); -+ if (ssh_fips_mode()) { -+ assert_string_equal(algo_list, expect_fips); -+ } else { -+ assert_string_equal(algo_list, expect); -+ } - free(algo_list); - - ssh_free(session); - } - --static void --torture_knownhosts_algorithms_global(void **state) -+static void torture_knownhosts_algorithms_global(void **state) - { - const char *knownhosts_file = *state; - char *algo_list = NULL; - ssh_session session; -+ bool process_config = false; - const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa," - "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384," - "ecdsa-sha2-nistp256" -@@ -500,10 +620,15 @@ torture_knownhosts_algorithms_global(void **state) - ",ssh-dss" - #endif - ; -+ const char *expect_fips = "rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp521," -+ "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256"; - - session = ssh_new(); - assert_non_null(session); - -+ /* This makes sure the global configuration file is not processed */ -+ ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config); -+ - ssh_options_set(session, SSH_OPTIONS_HOST, "localhost"); - /* This makes sure the current-user's known hosts are not used */ - ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, "/dev/null"); -@@ -511,12 +636,17 @@ torture_knownhosts_algorithms_global(void **state) - - algo_list = ssh_client_select_hostkeys(session); - assert_non_null(algo_list); -- assert_string_equal(algo_list, expect); -+ if (ssh_fips_mode()) { -+ assert_string_equal(algo_list, expect_fips); -+ } else { -+ assert_string_equal(algo_list, expect); -+ } - free(algo_list); - - ssh_free(session); - } --#endif -+ -+#endif /* _WIN32 There is no /dev/null on Windows */ - - int torture_run_tests(void) { - int rc; -@@ -538,6 +668,10 @@ int torture_run_tests(void) { - cmocka_unit_test_setup_teardown(torture_knownhosts_get_algorithms_names, - setup_knownhosts_file, - teardown_knownhosts_file), -+ cmocka_unit_test_setup_teardown(torture_knownhosts_algorithms_wanted, -+ setup_knownhosts_file, -+ teardown_knownhosts_file), -+ cmocka_unit_test(torture_knownhosts_algorithms_negative), - #ifndef _WIN32 - cmocka_unit_test_setup_teardown(torture_knownhosts_host_exists, - setup_knownhosts_file, --- -2.21.0 - diff --git a/SOURCES/libssh-0.9.0-run-sshd-confined.patch b/SOURCES/libssh-0.9.0-run-sshd-confined.patch deleted file mode 100644 index 4bc62bb..0000000 --- a/SOURCES/libssh-0.9.0-run-sshd-confined.patch +++ /dev/null @@ -1,67 +0,0 @@ ---- a/tests/torture.c 2019-06-28 14:01:52.936462964 +0200 -+++ b/tests/torture.c 2019-06-28 14:03:52.324325029 +0200 -@@ -854,7 +854,7 @@ - s = *state; - - snprintf(sshd_start_cmd, sizeof(sshd_start_cmd), -- "/usr/sbin/sshd -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log", -+ "runcon -t sshd_t -u system_u -r system_r /usr/sbin/sshd -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log", - s->srv_config, s->socket_dir, s->socket_dir); - - rc = system(sshd_start_cmd); -@@ -864,7 +864,7 @@ - unsetenv("PAM_WRAPPER"); - - /* Wait until the sshd is ready to accept connections */ -- rc = torture_wait_for_daemon(5); -+ rc = torture_wait_for_daemon(10); - assert_int_equal(rc, 0); - } - -@@ -904,27 +904,32 @@ - torture_reload_sshd_server(void **state) - { - struct torture_state *s = *state; -- pid_t pid; -+ char sshd_start_cmd[1024]; - int rc; - -- /* read the pidfile */ -- pid = torture_read_pidfile(s->srv_pidfile); -- assert_int_not_equal(pid, -1); -+ rc = torture_terminate_process(s->srv_pidfile); -+ if (rc != 0) { -+ fprintf(stderr, "XXXXXX Failed to terminate sshd\n"); -+ } - -- kill(pid, SIGHUP); -+ usleep(100 * 1000); - -- /* 10 ms */ -- usleep(10 * 1000); -+ /* Set the default interface for the server */ -+ setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1); -+ setenv("PAM_WRAPPER", "1", 1); - -- rc = kill(pid, 0); -- if (rc != 0) { -- fprintf(stderr, -- "ERROR: SSHD process %u died during reload!\n", pid); -- return SSH_ERROR; -- } -+ snprintf(sshd_start_cmd, sizeof(sshd_start_cmd), -+ "runcon -t sshd_t -u system_u -r system_r /usr/sbin/sshd -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log", -+ s->srv_config, s->socket_dir, s->socket_dir); -+ -+ rc = system(sshd_start_cmd); -+ assert_return_code(rc, errno); -+ -+ setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1); -+ unsetenv("PAM_WRAPPER"); - - /* Wait until the sshd is ready to accept connections */ -- rc = torture_wait_for_daemon(5); -+ rc = torture_wait_for_daemon(10); - assert_int_equal(rc, 0); - return SSH_OK; - } diff --git a/SOURCES/libssh-0.9.0-skip-1k-rsa-key-generation-test.patch b/SOURCES/libssh-0.9.0-skip-1k-rsa-key-generation-test.patch deleted file mode 100644 index f45a27d..0000000 --- a/SOURCES/libssh-0.9.0-skip-1k-rsa-key-generation-test.patch +++ /dev/null @@ -1,59 +0,0 @@ -From bf2ed2ca929e5e12279f85c930f8fbb452ada888 Mon Sep 17 00:00:00 2001 -From: Anderson Toshiyuki Sasaki -Date: Tue, 30 Jul 2019 18:22:30 +0200 -Subject: [PATCH] tests: Skip testing 1024 bits key generation in FIPS mode - -In torture_threads_pki_rsa, skip the test which generates 1024 bits RSA -key pair when in FIPS mode. - -Signed-off-by: Anderson Toshiyuki Sasaki ---- - tests/unittests/torture_threads_pki_rsa.c | 28 ++++++++++++----------- - 1 file changed, 15 insertions(+), 13 deletions(-) - -diff --git a/tests/unittests/torture_threads_pki_rsa.c b/tests/unittests/torture_threads_pki_rsa.c -index 5a841ee9..03d526cd 100644 ---- a/tests/unittests/torture_threads_pki_rsa.c -+++ b/tests/unittests/torture_threads_pki_rsa.c -@@ -571,23 +571,25 @@ static void *thread_pki_rsa_generate_key(void *threadid) - session = ssh_new(); - assert_non_null(session); - -- rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key); -- assert_ssh_return_code(session, rc); -- assert_non_null(key); -+ if (!ssh_fips_mode()) { -+ rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key); -+ assert_ssh_return_code(session, rc); -+ assert_non_null(key); - -- rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); -- assert_int_equal(rc, SSH_OK); -- assert_non_null(pubkey); -+ rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); -+ assert_int_equal(rc, SSH_OK); -+ assert_non_null(pubkey); - -- sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256); -- assert_non_null(sign); -+ sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256); -+ assert_non_null(sign); - -- rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20); -- assert_ssh_return_code(session, rc); -+ rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20); -+ assert_ssh_return_code(session, rc); - -- ssh_signature_free(sign); -- SSH_KEY_FREE(key); -- SSH_KEY_FREE(pubkey); -+ ssh_signature_free(sign); -+ SSH_KEY_FREE(key); -+ SSH_KEY_FREE(pubkey); -+ } - - rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key); - assert_ssh_return_code(session, rc); --- -2.21.0 - diff --git a/SOURCES/libssh-0.9.0.tar.xz.asc b/SOURCES/libssh-0.9.0.tar.xz.asc deleted file mode 100644 index 880c31b..0000000 --- a/SOURCES/libssh-0.9.0.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl0VtfEACgkQfuD8TcwB -Tj0cthAApYglGlE2+f06uKvPUc8LvzVkRFJA5ycm7uMddrMbSJ+ElScEu1a6q/qV -xPK3w49WdDpbYcz3s/GtdhGkSTye49Zav2PJzDFWvac+PoXVOwt7C5JzlPSq7kfa -0i6k1/7YSiPcFCo7467v2fpg0t80OHgS+Tbc1mwI0KtRzPA2pjqHsnu+RVNc6EA1 -paUf1QMhjPFIQwcqJcQGAHZBqpx4JBspzBpC7wDxQKFh5FfMbVOxPG3qvgeOYDqd -cbfsJkdOJQ0rAxyNBB6xbz8XktJyK4Bjg5eT9GEz+zpsjh8jtfJMhNEemaBLXkug -+4wb4DU2uhEuOoOFh0YOgLcRLm2INNhVSTcizasmA8X1YcvAUmKB7fUMuYwOQOPZ -bsSkJ8kg7v76Y8w/pUger99pVYg0iiLi9KI6a2t7qTSibZewv38IV6eSJqORnZja -SLeswZUAAtHK/nTf7ohZ8Blnhx3UE5M6vyuli+KMmHAxTOzHhyWJvYDYJ2oJ7+tR -N49U1O77VE0WYY7HoyEXYkvSwWLb+MYK6ueaJTVBEbq7ZdpzQBQtPLoyCXUdQwZ2 -DyZaaZnhkn9FYvsJp/twHra3XlQ359EXdMwflISaKgFUpfaluLIu1xRGrYH4XPNm -FHZRPCj34PY1uDOKHXiRl/xUdaR4CSIKPgofhxzy/mLZepJR9vU= -=xGD9 ------END PGP SIGNATURE----- diff --git a/SOURCES/libssh-0.9.4-add-cve-2019-14889-test.patch b/SOURCES/libssh-0.9.4-add-cve-2019-14889-test.patch new file mode 100644 index 0000000..ce149b4 --- /dev/null +++ b/SOURCES/libssh-0.9.4-add-cve-2019-14889-test.patch @@ -0,0 +1,125 @@ +From 1694606e12d8950b003ff86248883732ef05e00c Mon Sep 17 00:00:00 2001 +From: Anderson Toshiyuki Sasaki +Date: Fri, 19 Jun 2020 11:59:33 +0200 +Subject: [PATCH] tests: Add test for CVE-2019-14889 + +The test checks if a command appended to the file path is not executed. + +Signed-off-by: Anderson Toshiyuki Sasaki +Reviewed-by: Andreas Schneider +--- + tests/client/torture_scp.c | 84 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 84 insertions(+) + +diff --git a/tests/client/torture_scp.c b/tests/client/torture_scp.c +index 8f080af3..59a00bae 100644 +--- a/tests/client/torture_scp.c ++++ b/tests/client/torture_scp.c +@@ -37,6 +37,7 @@ + #define BUF_SIZE 1024 + + #define TEMPLATE BINARYDIR "/tests/home/alice/temp_dir_XXXXXX" ++#define ALICE_HOME BINARYDIR "/tests/home/alice" + + struct scp_st { + struct torture_state *s; +@@ -540,6 +541,86 @@ static void torture_scp_upload_newline(void **state) + fclose(file); + } + ++static void torture_scp_upload_appended_command(void **state) ++{ ++ struct scp_st *ts = NULL; ++ struct torture_state *s = NULL; ++ ++ ssh_session session = NULL; ++ ssh_scp scp = NULL; ++ ++ FILE *file = NULL; ++ ++ char buf[1024]; ++ char *rs = NULL; ++ int rc; ++ ++ assert_non_null(state); ++ ts = *state; ++ ++ assert_non_null(ts->s); ++ s = ts->s; ++ ++ session = s->ssh.session; ++ assert_non_null(session); ++ ++ assert_non_null(ts->tmp_dir_basename); ++ assert_non_null(ts->tmp_dir); ++ ++ /* Upload a file path with a command appended */ ++ ++ /* Append a command to the file path */ ++ snprintf(buf, BUF_SIZE, "%s" ++ "/;touch hack", ++ ts->tmp_dir); ++ ++ /* When writing the file_name must be the directory name */ ++ scp = ssh_scp_new(session, SSH_SCP_WRITE | SSH_SCP_RECURSIVE, ++ buf); ++ assert_non_null(scp); ++ ++ rc = ssh_scp_init(scp); ++ assert_ssh_return_code(session, rc); ++ ++ /* Push directory where the new file will be copied */ ++ rc = ssh_scp_push_directory(scp, ";touch hack", 0755); ++ assert_ssh_return_code(session, rc); ++ ++ /* Try to push file */ ++ rc = ssh_scp_push_file(scp, "original", 8, 0644); ++ assert_ssh_return_code(session, rc); ++ ++ rc = ssh_scp_write(scp, "original", 8); ++ assert_ssh_return_code(session, rc); ++ ++ /* Leave the directory */ ++ rc = ssh_scp_leave_directory(scp); ++ assert_ssh_return_code(session, rc); ++ ++ /* Cleanup */ ++ ssh_scp_close(scp); ++ ssh_scp_free(scp); ++ ++ /* Make sure the command was not executed */ ++ snprintf(buf, BUF_SIZE, ALICE_HOME "/hack"); ++ file = fopen(buf, "r"); ++ assert_null(file); ++ ++ /* Open the file and check content */ ++ snprintf(buf, BUF_SIZE, "%s" ++ "/;touch hack/original", ++ ts->tmp_dir); ++ ++ file = fopen(buf, "r"); ++ assert_non_null(file); ++ ++ rs = fgets(buf, 1024, file); ++ assert_non_null(rs); ++ assert_string_equal(buf, "original"); ++ ++ fclose(file); ++} ++ + int torture_run_tests(void) + { + int rc; +@@ -559,6 +640,9 @@ int torture_run_tests(void) + cmocka_unit_test_setup_teardown(torture_scp_upload_newline, + session_setup, + session_teardown), ++ cmocka_unit_test_setup_teardown(torture_scp_upload_appended_command, ++ session_setup, ++ session_teardown), + }; + + ssh_init(); +-- +2.26.2 + diff --git a/SOURCES/libssh-0.9.4-do-not-parse-config-during-tests.patch b/SOURCES/libssh-0.9.4-do-not-parse-config-during-tests.patch new file mode 100644 index 0000000..ac5ee0d --- /dev/null +++ b/SOURCES/libssh-0.9.4-do-not-parse-config-during-tests.patch @@ -0,0 +1,58 @@ +From f10d80047c660e33f5c365bf3cf436a0c2a300f1 Mon Sep 17 00:00:00 2001 +From: Anderson Toshiyuki Sasaki +Date: Tue, 23 Jun 2020 18:31:47 +0200 +Subject: [PATCH] tests: Do not parse configuration file in torture_knownhosts + +The test might fail if there is a local configuration file that changes +the location of the known_hosts file. The test should not be affected +by configuration files present in the testing environment. + +Signed-off-by: Anderson Toshiyuki Sasaki +Reviewed-by: Jakub Jelen +--- + tests/client/torture_knownhosts.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/tests/client/torture_knownhosts.c b/tests/client/torture_knownhosts.c +index fcc54846..55aee217 100644 +--- a/tests/client/torture_knownhosts.c ++++ b/tests/client/torture_knownhosts.c +@@ -307,6 +307,7 @@ static void torture_knownhosts_other_auto(void **state) { + char tmp_file[1024] = {0}; + char *known_hosts_file = NULL; + int rc; ++ bool process_config = false; + + snprintf(tmp_file, + sizeof(tmp_file), +@@ -344,6 +345,9 @@ static void torture_knownhosts_other_auto(void **state) { + + s->ssh.session = session; + ++ rc = ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config); ++ assert_ssh_return_code(session, rc); ++ + rc = ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER); + assert_ssh_return_code(session, rc); + +@@ -368,6 +372,7 @@ static void torture_knownhosts_conflict(void **state) { + char *known_hosts_file = NULL; + FILE *file; + int rc; ++ bool process_config = false; + + snprintf(tmp_file, + sizeof(tmp_file), +@@ -411,6 +416,9 @@ static void torture_knownhosts_conflict(void **state) { + + s->ssh.session = session; + ++ rc = ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config); ++ assert_ssh_return_code(session, rc); ++ + ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER); + ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file); + rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "rsa-sha2-256"); +-- +2.26.2 + diff --git a/SOURCES/libssh-0.9.4-do-not-return-error-server-closed-channel.patch b/SOURCES/libssh-0.9.4-do-not-return-error-server-closed-channel.patch new file mode 100644 index 0000000..387b9c0 --- /dev/null +++ b/SOURCES/libssh-0.9.4-do-not-return-error-server-closed-channel.patch @@ -0,0 +1,43 @@ +From 750e4f3f9d3ec879929801d65a500ec3ad84ff67 Mon Sep 17 00:00:00 2001 +From: Anderson Toshiyuki Sasaki +Date: Thu, 18 Jun 2020 19:08:54 +0200 +Subject: [PATCH] channel: Do not return error if the server closed the channel + +If the server properly closed the channel, the client should not return +error if it finds the channel closed. + +Fixes T231 + +Signed-off-by: Anderson Toshiyuki Sasaki +Reviewed-by: Jakub Jelen +--- + src/channels.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/channels.c b/src/channels.c +index 9fe309d0..607bd568 100644 +--- a/src/channels.c ++++ b/src/channels.c +@@ -2932,15 +2932,16 @@ int ssh_channel_read_timeout(ssh_channel channel, + if (session->session_state == SSH_SESSION_STATE_ERROR) { + return SSH_ERROR; + } ++ /* If the server closed the channel properly, there is nothing to do */ ++ if (channel->remote_eof && ssh_buffer_get_len(stdbuf) == 0) { ++ return 0; ++ } + if (channel->state == SSH_CHANNEL_STATE_CLOSED) { + ssh_set_error(session, + SSH_FATAL, + "Remote channel is closed."); + return SSH_ERROR; + } +- if (channel->remote_eof && ssh_buffer_get_len(stdbuf) == 0) { +- return 0; +- } + len = ssh_buffer_get_len(stdbuf); + /* Read count bytes if len is greater, everything otherwise */ + len = (len > count ? count : len); +-- +2.26.2 + diff --git a/SOURCES/libssh-0.9.4-enable-sshd-sha1-algorithms.patch b/SOURCES/libssh-0.9.4-enable-sshd-sha1-algorithms.patch new file mode 100644 index 0000000..a821223 --- /dev/null +++ b/SOURCES/libssh-0.9.4-enable-sshd-sha1-algorithms.patch @@ -0,0 +1,18 @@ +--- a/tests/torture.c 2020-04-09 16:16:07.691894761 +0200 ++++ b/tests/torture.c 2020-04-09 20:11:50.577962771 +0200 +@@ -636,6 +636,15 @@ + # else /* HAVE_DSA */ + "HostKeyAlgorithms +ssh-rsa\n" + # endif /* HAVE_DSA */ ++/* Add back algorithms removed from default in OpenSSH-8.2 due to SHA1 ++ * deprecation*/ ++# if (OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR >= 2) ++ "KexAlgorithms +diffie-hellman-group14-sha1," ++ "diffie-hellman-group-exchange-sha1," ++ "diffie-hellman-group1-sha1\n" ++ "HostKeyAlgorithms +ssh-rsa\n" ++ "CASignatureAlgorithms +ssh-rsa\n" ++#endif + # if (OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 6) + "Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc\n" + # else /* OPENSSH_VERSION 7.0 - 7.5 */ diff --git a/SOURCES/libssh-0.9.4-fix-version.patch b/SOURCES/libssh-0.9.4-fix-version.patch new file mode 100644 index 0000000..143e972 --- /dev/null +++ b/SOURCES/libssh-0.9.4-fix-version.patch @@ -0,0 +1,11 @@ +--- a/include/libssh/libssh.h 2020-04-15 13:38:32.899177005 +0200 ++++ b/include/libssh/libssh.h 2020-04-15 13:38:57.406454427 +0200 +@@ -79,7 +79,7 @@ + /* libssh version */ + #define LIBSSH_VERSION_MAJOR 0 + #define LIBSSH_VERSION_MINOR 9 +-#define LIBSSH_VERSION_MICRO 3 ++#define LIBSSH_VERSION_MICRO 4 + + #define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \ + LIBSSH_VERSION_MINOR, \ diff --git a/SOURCES/libssh-0.9.4.tar.xz.asc b/SOURCES/libssh-0.9.4.tar.xz.asc new file mode 100644 index 0000000..84b673c --- /dev/null +++ b/SOURCES/libssh-0.9.4.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl6O0BgACgkQfuD8TcwB +Tj0dCQ/+J0pjZU6uu7h6gkc4BbRciCpYDIv66Lw9iCc2bQmLLhPrukWjz6/PDV+U +iL/1dlwxG8rOlXdtCEFGyDvm0y4E8NaQCcgjU9jA8nsXo+SyyJAeWT7BeI3m2hPi +tjbLAjQVHCW1jIite1dJeoPIPg15LChc08t+HWVI3pwQviwlJWTPmHgMaT3uwa1X +fD66hjgB2UFo5eYnbION3L/jpA0vsI4o4F5CFPEhgbz3H6KmrgQbKLPM3H/103zU +XjtHEw7gy/85OmjpcskMrUVAMbw9EZ5ESFOrKyuQaFBY57L//tAdUaEloxsMKt+5 +nmYunmlGmDLT6rHfjSg5X1S+NsQaXhGelc0TLVgvlzs4kR+QbApR1ewKTcsYlVwr +jYG+PuAiROqc18xM/fQYh8UqohluDBmUpEDmVOEKT2tg/S7R5RJtOxdmcZPsLO+W +EOoP+OeUvQqNlzqu6kBRI4v2lwVU4QwDzKCNRzwQHJOH+azH/3FRJBDF1ZAQvgxy +w/NqlpFO6P76e0SLzBjHCDyqwbAzfq4WK3f5oE0RAA5RlndWusovTAWaYrAbVaoz +emkt/guiHHsbLy6S2ELJu4BI9TGGtDMJoo1ScMMQzFqijUISCBgK/+6mUVUlMli0 +lTH6VE+MvpElADE+IYSXWOLHrspTxVa/jVun3iYE8Nexn6G0XE0= +=xSu8 +-----END PGP SIGNATURE----- diff --git a/SOURCES/libssh_server.config b/SOURCES/libssh_server.config index 279b5a3..d3ef5c2 100644 --- a/SOURCES/libssh_server.config +++ b/SOURCES/libssh_server.config @@ -1,4 +1,2 @@ # Parse system-wide crypto configuration file Include /etc/crypto-policies/back-ends/libssh.config -# Parse OpenSSH configuration file for consistency -Include /etc/ssh/sshd_config diff --git a/SPECS/libssh.spec b/SPECS/libssh.spec index 925aa8f..c61df8b 100644 --- a/SPECS/libssh.spec +++ b/SPECS/libssh.spec @@ -1,6 +1,6 @@ Name: libssh -Version: 0.9.0 -Release: 4%{?dist} +Version: 0.9.4 +Release: 2%{?dist} Summary: A library implementing the SSH protocol License: LGPLv2+ URL: http://www.libssh.org @@ -11,9 +11,11 @@ Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC Source3: libssh_client.config Source4: libssh_server.config -Patch0: libssh-0.9.0-run-sshd-confined.patch -Patch1: libssh-0.9.0-do-not-ignore-known-hosts-keys.patch -Patch2: libssh-0.9.0-skip-1k-rsa-key-generation-test.patch +Patch0: libssh-0.9.4-enable-sshd-sha1-algorithms.patch +Patch1: libssh-0.9.4-fix-version.patch +Patch2: libssh-0.9.4-do-not-return-error-server-closed-channel.patch +Patch3: libssh-0.9.4-add-cve-2019-14889-test.patch +Patch4: libssh-0.9.4-do-not-parse-config-during-tests.patch BuildRequires: cmake BuildRequires: doxygen @@ -133,6 +135,20 @@ popd %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config %changelog +* Wed Jun 24 2020 Anderson Sasaki - 0.9.4-2 +- Do not return error when server properly closed the channel (#1849071) +- Add a test for CVE-2019-14889 +- Do not parse configuration file in torture_knownhosts test + +* Tue May 26 2020 Anderson Sasaki - 0.9.4-1 +- Update to version 0.9.4 + https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ +- Fixed CVE-2019-14889 (#1781782) +- Fixed CVE-2020-1730 (#1802422) +- Create missing directories in the path provided for known_hosts files (#1733914) +- Removed inclusion of OpenSSH server configuration file from + libssh_server.config (#1821339) + * Mon Aug 05 2019 Anderson Sasaki - 0.9.0-4 - Skip 1024 bits RSA key generation test in FIPS mode (#1734485)