packages/libs/libssh/patches/0005-examples-Explicitly-track-auth-state-in-samplesshd-k.patch
Kevin Darbyshire-Bryant 72096874d0 libssh: bump to 0.7.6 CVE-2018-10933 fix
Bump from 0.7.5 to 0.7.6.  Upstream changelog:

Fixed CVE-2018-10933
Added support for OpenSSL 1.1
Added SHA256 support for ssh_get_publickey_hash()
Fixed config parsing
Fixed random memory corruption when importing pubkeys

Backported upstream patches since 0.7.6 to fix interactive
authentication issues amongst other things:

9d5cf209 libcrypto: Fix memory leak in evp_final()
10397321 gssapi: Set correct state after sending GSSAPI_RESPONSE (select mechanism OID)
7ad80ba1 server: Fix compile error
acb0e4f4 examples: Explicitly track auth state in samplesshd-kbdint
3fe7510b messages: Check that the requested service is 'ssh-connection'
734e3ce6 server: Set correct state after sending INFO_REQUEST (Kbd Interactive)
e4c6d591 packet: Add missing break in ssh_packet_incoming_filter()
f81ca616 misc: Add strndup implementation if not provides by the OS

Refresh patches.
Remove local backport for OpenSSL 1.1 support as is now in release
Remove PKG_INSTALL & CMAKE vars that are defaulted anyway
Add PKG_CPE_ID:=cpe:/a:libssh:libssh for CVE tracking
Remove BROKEN tag as is no longer broken

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-10-29 09:08:11 +00:00

72 lines
2 KiB
Diff

From acb0e4f401440ca325e441064d2cb4b896fb9a3d Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 17 Oct 2018 17:32:54 +0200
Subject: [PATCH 5/8] examples: Explicitly track auth state in
samplesshd-kbdint
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0ff566b6dde5cd27653aa35280feceefad5d5224)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
examples/samplesshd-kbdint.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
--- a/examples/samplesshd-kbdint.c
+++ b/examples/samplesshd-kbdint.c
@@ -23,6 +23,7 @@ clients must be made or how a client sho
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
+#include <stdbool.h>
#define SSHD_USER "libssh"
#define SSHD_PASSWORD "libssh"
@@ -36,6 +37,7 @@ clients must be made or how a client sho
#endif
static int port = 22;
+static bool authenticated = false;
#ifdef WITH_PCAP
static const char *pcap_file = "debug.server.pcap";
@@ -61,11 +63,20 @@ static void cleanup_pcap(void) {
#endif
-static int auth_password(const char *user, const char *password){
- if(strcmp(user, SSHD_USER))
+static int auth_password(const char *user, const char *password)
+{
+ int cmp;
+
+ cmp = strcmp(user, SSHD_USER);
+ if (cmp != 0) {
return 0;
- if(strcmp(password, SSHD_PASSWORD))
+ }
+ cmp = strcmp(password, SSHD_PASSWORD);
+ if (cmp != 0) {
return 0;
+ }
+
+ authenticated = true;
return 1; // authenticated
}
#ifdef HAVE_ARGP_H
@@ -200,6 +211,7 @@ static int kbdint_check_response(ssh_ses
return 0;
}
+ authenticated = true;
return 1;
}
@@ -328,7 +340,7 @@ int main(int argc, char **argv){
/* proceed to authentication */
auth = authenticate(session);
- if(!auth){
+ if (!auth || !authenticated) {
printf("Authentication error: %s\n", ssh_get_error(session));
ssh_disconnect(session);
return 1;