Fix CVE-2016-0739

resolves: #1311259
2016-02-25 16:38:50 +01:00 · 2016-02-25 16:38:50 +01:00 · b7caf1c02f
commit b7caf1c02f
parent 18561bf909
2 changed files with 79 additions and 1 deletions
--- a/CVE-2016-0739-v0-6.patch
+++ b/CVE-2016-0739-v0-6.patch
@ -0,0 +1,70 @@
+From 1fd92622d87787d183099defb15a5e7bb4e2c875 Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <aris@0xbadc0de.be>
+Date: Tue, 9 Feb 2016 15:09:27 +0100
+Subject: [PATCH] dh: Fix CVE-2016-0739
+
+Due to a byte/bit confusion, the DH secret was too short. This file was
+completely reworked and will be commited in a future version.
+
+Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+---
+ src/dh.c | 22 +++++++++++++++++-----
+ 1 file changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/src/dh.c b/src/dh.c
+index 010a1dd..7a817e8 100644
+--- a/src/dh.c
+++ b/src/dh.c
+@@ -240,15 +240,21 @@ void ssh_print_bignum(const char *which, bignum num) {
+ }
+ 
+ int dh_generate_x(ssh_session session) {
+  int keysize;
+  if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
+    keysize = 1023;
+  } else {
+    keysize = 2047;
+  }
+   session->next_crypto->x = bignum_new();
+   if (session->next_crypto->x == NULL) {
+     return -1;
+   }
+ 
+ #ifdef HAVE_LIBGCRYPT
+-  bignum_rand(session->next_crypto->x, 128);
+  bignum_rand(session->next_crypto->x, keysize);
+ #elif defined HAVE_LIBCRYPTO
+-  bignum_rand(session->next_crypto->x, 128, 0, -1);
+  bignum_rand(session->next_crypto->x, keysize, -1, 0);
+ #endif
+ 
+   /* not harder than this */
+@@ -261,15 +267,21 @@ int dh_generate_x(ssh_session session) {
+ 
+ /* used by server */
+ int dh_generate_y(ssh_session session) {
+-    session->next_crypto->y = bignum_new();
+  int keysize;
+  if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
+    keysize = 1023;
+  } else {
+    keysize = 2047;
+  }
+  session->next_crypto->y = bignum_new();
+   if (session->next_crypto->y == NULL) {
+     return -1;
+   }
+ 
+ #ifdef HAVE_LIBGCRYPT
+-  bignum_rand(session->next_crypto->y, 128);
+  bignum_rand(session->next_crypto->y, keysize);
+ #elif defined HAVE_LIBCRYPTO
+-  bignum_rand(session->next_crypto->y, 128, 0, -1);
+  bignum_rand(session->next_crypto->y, keysize, -1, 0);
+ #endif
+ 
+   /* not harder than this */
+-- 
+2.5.0
+
--- a/libssh.spec
+++ b/libssh.spec
@ -1,6 +1,6 @@
 Name:           libssh
 Version:        0.6.5
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@ -9,6 +9,8 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

 Source0:        https://red.libssh.org/attachments/download/121/libssh-0.6.5.tar.xz

+Patch0:         CVE-2016-0739-v0-6.patch
+
 BuildRequires:  cmake
 BuildRequires:  doxygen
 BuildRequires:  openssl-devel
@ -36,6 +38,9 @@ applications that use %{name}.

 %prep
 %setup -q
+
+%patch0 -p1 -b .CVE-2016-0739-v0-6.patch
+
 # Remove examples, they are not packaged and do not build on EPEL 5
 sed -i -e 's|add_subdirectory(examples)||g' CMakeLists.txt
 rm -rf examples
@ -88,6 +93,9 @@ rm -rf %{buildroot}
 %{_libdir}/libssh_threads.so

 %changelog
+* Thu Feb 25 2016 Andreas Schneider <asn@redhat.com> - 0.6.5-2
+- resolves: #1311259 - Fix CVE-2016-0739
+
 * Thu Apr 30 2015 Andreas Schneider <asn@redhat.com> - 0.6.5-1
 - resolves: #1213775 - Security fix for CVE-2015-3146
 - resolves: #1218077 - Security fix for CVE-2015-3146