Remove patch files left behind

The patches were removed from the spec file in previous commit, but the
files were left behind.
This commit is contained in:
Anderson Toshiyuki Sasaki 2020-09-10 18:02:14 +02:00
parent 785afd63c0
commit a36f0add68
5 changed files with 0 additions and 255 deletions

View File

@ -1,125 +0,0 @@
From 1694606e12d8950b003ff86248883732ef05e00c Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Fri, 19 Jun 2020 11:59:33 +0200
Subject: [PATCH] tests: Add test for CVE-2019-14889
The test checks if a command appended to the file path is not executed.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
tests/client/torture_scp.c | 84 ++++++++++++++++++++++++++++++++++++++
1 file changed, 84 insertions(+)
diff --git a/tests/client/torture_scp.c b/tests/client/torture_scp.c
index 8f080af3..59a00bae 100644
--- a/tests/client/torture_scp.c
+++ b/tests/client/torture_scp.c
@@ -37,6 +37,7 @@
#define BUF_SIZE 1024
#define TEMPLATE BINARYDIR "/tests/home/alice/temp_dir_XXXXXX"
+#define ALICE_HOME BINARYDIR "/tests/home/alice"
struct scp_st {
struct torture_state *s;
@@ -540,6 +541,86 @@ static void torture_scp_upload_newline(void **state)
fclose(file);
}
+static void torture_scp_upload_appended_command(void **state)
+{
+ struct scp_st *ts = NULL;
+ struct torture_state *s = NULL;
+
+ ssh_session session = NULL;
+ ssh_scp scp = NULL;
+
+ FILE *file = NULL;
+
+ char buf[1024];
+ char *rs = NULL;
+ int rc;
+
+ assert_non_null(state);
+ ts = *state;
+
+ assert_non_null(ts->s);
+ s = ts->s;
+
+ session = s->ssh.session;
+ assert_non_null(session);
+
+ assert_non_null(ts->tmp_dir_basename);
+ assert_non_null(ts->tmp_dir);
+
+ /* Upload a file path with a command appended */
+
+ /* Append a command to the file path */
+ snprintf(buf, BUF_SIZE, "%s"
+ "/;touch hack",
+ ts->tmp_dir);
+
+ /* When writing the file_name must be the directory name */
+ scp = ssh_scp_new(session, SSH_SCP_WRITE | SSH_SCP_RECURSIVE,
+ buf);
+ assert_non_null(scp);
+
+ rc = ssh_scp_init(scp);
+ assert_ssh_return_code(session, rc);
+
+ /* Push directory where the new file will be copied */
+ rc = ssh_scp_push_directory(scp, ";touch hack", 0755);
+ assert_ssh_return_code(session, rc);
+
+ /* Try to push file */
+ rc = ssh_scp_push_file(scp, "original", 8, 0644);
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_scp_write(scp, "original", 8);
+ assert_ssh_return_code(session, rc);
+
+ /* Leave the directory */
+ rc = ssh_scp_leave_directory(scp);
+ assert_ssh_return_code(session, rc);
+
+ /* Cleanup */
+ ssh_scp_close(scp);
+ ssh_scp_free(scp);
+
+ /* Make sure the command was not executed */
+ snprintf(buf, BUF_SIZE, ALICE_HOME "/hack");
+ file = fopen(buf, "r");
+ assert_null(file);
+
+ /* Open the file and check content */
+ snprintf(buf, BUF_SIZE, "%s"
+ "/;touch hack/original",
+ ts->tmp_dir);
+
+ file = fopen(buf, "r");
+ assert_non_null(file);
+
+ rs = fgets(buf, 1024, file);
+ assert_non_null(rs);
+ assert_string_equal(buf, "original");
+
+ fclose(file);
+}
+
int torture_run_tests(void)
{
int rc;
@@ -559,6 +640,9 @@ int torture_run_tests(void)
cmocka_unit_test_setup_teardown(torture_scp_upload_newline,
session_setup,
session_teardown),
+ cmocka_unit_test_setup_teardown(torture_scp_upload_appended_command,
+ session_setup,
+ session_teardown),
};
ssh_init();
--
2.26.2

View File

@ -1,58 +0,0 @@
From f10d80047c660e33f5c365bf3cf436a0c2a300f1 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Tue, 23 Jun 2020 18:31:47 +0200
Subject: [PATCH] tests: Do not parse configuration file in torture_knownhosts
The test might fail if there is a local configuration file that changes
the location of the known_hosts file. The test should not be affected
by configuration files present in the testing environment.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
tests/client/torture_knownhosts.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/tests/client/torture_knownhosts.c b/tests/client/torture_knownhosts.c
index fcc54846..55aee217 100644
--- a/tests/client/torture_knownhosts.c
+++ b/tests/client/torture_knownhosts.c
@@ -307,6 +307,7 @@ static void torture_knownhosts_other_auto(void **state) {
char tmp_file[1024] = {0};
char *known_hosts_file = NULL;
int rc;
+ bool process_config = false;
snprintf(tmp_file,
sizeof(tmp_file),
@@ -344,6 +345,9 @@ static void torture_knownhosts_other_auto(void **state) {
s->ssh.session = session;
+ rc = ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config);
+ assert_ssh_return_code(session, rc);
+
rc = ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
assert_ssh_return_code(session, rc);
@@ -368,6 +372,7 @@ static void torture_knownhosts_conflict(void **state) {
char *known_hosts_file = NULL;
FILE *file;
int rc;
+ bool process_config = false;
snprintf(tmp_file,
sizeof(tmp_file),
@@ -411,6 +416,9 @@ static void torture_knownhosts_conflict(void **state) {
s->ssh.session = session;
+ rc = ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &process_config);
+ assert_ssh_return_code(session, rc);
+
ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file);
rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "rsa-sha2-256");
--
2.26.2

View File

@ -1,43 +0,0 @@
From 750e4f3f9d3ec879929801d65a500ec3ad84ff67 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Thu, 18 Jun 2020 19:08:54 +0200
Subject: [PATCH] channel: Do not return error if the server closed the channel
If the server properly closed the channel, the client should not return
error if it finds the channel closed.
Fixes T231
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/channels.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/channels.c b/src/channels.c
index 9fe309d0..607bd568 100644
--- a/src/channels.c
+++ b/src/channels.c
@@ -2932,15 +2932,16 @@ int ssh_channel_read_timeout(ssh_channel channel,
if (session->session_state == SSH_SESSION_STATE_ERROR) {
return SSH_ERROR;
}
+ /* If the server closed the channel properly, there is nothing to do */
+ if (channel->remote_eof && ssh_buffer_get_len(stdbuf) == 0) {
+ return 0;
+ }
if (channel->state == SSH_CHANNEL_STATE_CLOSED) {
ssh_set_error(session,
SSH_FATAL,
"Remote channel is closed.");
return SSH_ERROR;
}
- if (channel->remote_eof && ssh_buffer_get_len(stdbuf) == 0) {
- return 0;
- }
len = ssh_buffer_get_len(stdbuf);
/* Read count bytes if len is greater, everything otherwise */
len = (len > count ? count : len);
--
2.26.2

View File

@ -1,18 +0,0 @@
--- a/tests/torture.c 2020-04-09 16:16:07.691894761 +0200
+++ b/tests/torture.c 2020-04-09 20:11:50.577962771 +0200
@@ -636,6 +636,15 @@
# else /* HAVE_DSA */
"HostKeyAlgorithms +ssh-rsa\n"
# endif /* HAVE_DSA */
+/* Add back algorithms removed from default in OpenSSH-8.2 due to SHA1
+ * deprecation*/
+# if (OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR >= 2)
+ "KexAlgorithms +diffie-hellman-group14-sha1,"
+ "diffie-hellman-group-exchange-sha1,"
+ "diffie-hellman-group1-sha1\n"
+ "HostKeyAlgorithms +ssh-rsa\n"
+ "CASignatureAlgorithms +ssh-rsa\n"
+#endif
# if (OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 6)
"Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc\n"
# else /* OPENSSH_VERSION 7.0 - 7.5 */

View File

@ -1,11 +0,0 @@
--- a/include/libssh/libssh.h 2020-04-15 13:38:32.899177005 +0200
+++ b/include/libssh/libssh.h 2020-04-15 13:38:57.406454427 +0200
@@ -79,7 +79,7 @@
/* libssh version */
#define LIBSSH_VERSION_MAJOR 0
#define LIBSSH_VERSION_MINOR 9
-#define LIBSSH_VERSION_MICRO 3
+#define LIBSSH_VERSION_MICRO 4
#define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \
LIBSSH_VERSION_MINOR, \