Update to 1.10.0
- New upstream release 1.10.0 - Adds agent forwarding support - Adds OpenSSH Agent support on Windows - Adds ECDSA key support using the Mbed TLS backend - Adds ECDSA cert authentication - Adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512 key exchanges - Adds support for PKIX key reading when using ed25519 with OpenSSL - Adds support for EWOULDBLOCK on VMS systems - Adds support for building with OpenSSL 3 - Adds support for using FIPS mode in OpenSSL - Adds debug symbols when building with MSVC - Adds support for building on the 3DS - Adds unicode build support on Windows - Restores os400 building - Increases min, max and opt Diffie Hellman group values - Improves portability of the make file - Improves timeout behaviour with 2FA keyboard auth - Various improvements to the Wincng backend - Fixes reading partial packet replies when using an agent - Fixes Diffie Hellman key exchange on Windows 1903+ builds - Fixes building tests with older versions of OpenSSL - Fixes possible multiple definition warnings - Fixes potential cast issues _libssh2_ecdsa_key_get_curve_type() - Fixes potential use after free if libssh2_init() is called twice - Improved linking when using Mbed TLS - Fixes call to libssh2_crypto_exit() if crypto hasn't been initialized - Fixes crash when loading public keys with no id - Fixes possible out of bounds read when exchanging keys - Fixes possible out of bounds read when reading packets - Fixes possible out of bounds read when opening an X11 connection - Fixes possible out of bounds read when ecdh host keys - Fixes possible hang when trying to read a disconnected socket - Fixes a crash when using the delayed compression option - Fixes read error with large known host entries - Fixes various warnings - Fixes various small memory leaks - Improved error handling, various detailed errors will now be reported - Builds are now using OSS-Fuzz - Builds now use autoreconf instead of a custom build script - cmake now respects install directory - Improved CI backend - Updated HACKING-CRYPTO documentation - Use markdown file extensions - Improved unit tests
This commit is contained in:
parent
258ac8bba4
commit
9784ae6dca
|
@ -1,130 +0,0 @@
|
|||
From a1554e78e15fc0daeb574c3dd5c87654469a3742 Mon Sep 17 00:00:00 2001
|
||||
From: Will Cosgrove <will@panic.com>
|
||||
Date: Fri, 30 Aug 2019 09:57:38 -0700
|
||||
Subject: [PATCH] packet.c: improve message parsing (#402)
|
||||
|
||||
* packet.c: improve parsing of packets
|
||||
|
||||
file: packet.c
|
||||
|
||||
notes:
|
||||
Use _libssh2_get_string API in SSH_MSG_DEBUG/SSH_MSG_DISCONNECT. Additional uint32 bounds check in SSH_MSG_GLOBAL_REQUEST.
|
||||
|
||||
Upstream-commit: dedcbd106f8e52d5586b0205bc7677e4c9868f9c
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
src/packet.c | 68 ++++++++++++++++++++++------------------------------
|
||||
1 file changed, 29 insertions(+), 39 deletions(-)
|
||||
|
||||
diff --git a/src/packet.c b/src/packet.c
|
||||
index 38ab629..2e01bfc 100644
|
||||
--- a/src/packet.c
|
||||
+++ b/src/packet.c
|
||||
@@ -419,8 +419,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
|
||||
size_t datalen, int macstate)
|
||||
{
|
||||
int rc = 0;
|
||||
- char *message = NULL;
|
||||
- char *language = NULL;
|
||||
+ unsigned char *message = NULL;
|
||||
+ unsigned char *language = NULL;
|
||||
size_t message_len = 0;
|
||||
size_t language_len = 0;
|
||||
LIBSSH2_CHANNEL *channelp = NULL;
|
||||
@@ -472,33 +472,23 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
|
||||
|
||||
case SSH_MSG_DISCONNECT:
|
||||
if(datalen >= 5) {
|
||||
- size_t reason = _libssh2_ntohu32(data + 1);
|
||||
+ uint32_t reason = 0;
|
||||
+ struct string_buf buf;
|
||||
+ buf.data = (unsigned char *)data;
|
||||
+ buf.dataptr = buf.data;
|
||||
+ buf.len = datalen;
|
||||
+ buf.dataptr++; /* advance past type */
|
||||
|
||||
- if(datalen >= 9) {
|
||||
- message_len = _libssh2_ntohu32(data + 5);
|
||||
+ _libssh2_get_u32(&buf, &reason);
|
||||
+ _libssh2_get_string(&buf, &message, &message_len);
|
||||
+ _libssh2_get_string(&buf, &language, &language_len);
|
||||
|
||||
- if(message_len < datalen-13) {
|
||||
- /* 9 = packet_type(1) + reason(4) + message_len(4) */
|
||||
- message = (char *) data + 9;
|
||||
-
|
||||
- language_len =
|
||||
- _libssh2_ntohu32(data + 9 + message_len);
|
||||
- language = (char *) data + 9 + message_len + 4;
|
||||
-
|
||||
- if(language_len > (datalen-13-message_len)) {
|
||||
- /* bad input, clear info */
|
||||
- language = message = NULL;
|
||||
- language_len = message_len = 0;
|
||||
- }
|
||||
- }
|
||||
- else
|
||||
- /* bad size, clear it */
|
||||
- message_len = 0;
|
||||
- }
|
||||
if(session->ssh_msg_disconnect) {
|
||||
- LIBSSH2_DISCONNECT(session, reason, message,
|
||||
- message_len, language, language_len);
|
||||
+ LIBSSH2_DISCONNECT(session, reason, (const char *)message,
|
||||
+ message_len, (const char *)language,
|
||||
+ language_len);
|
||||
}
|
||||
+
|
||||
_libssh2_debug(session, LIBSSH2_TRACE_TRANS,
|
||||
"Disconnect(%d): %s(%s)", reason,
|
||||
message, language);
|
||||
@@ -539,24 +529,24 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
|
||||
int always_display = data[1];
|
||||
|
||||
if(datalen >= 6) {
|
||||
- message_len = _libssh2_ntohu32(data + 2);
|
||||
-
|
||||
- if(message_len <= (datalen - 10)) {
|
||||
- /* 6 = packet_type(1) + display(1) + message_len(4) */
|
||||
- message = (char *) data + 6;
|
||||
- language_len = _libssh2_ntohu32(data + 6 +
|
||||
- message_len);
|
||||
-
|
||||
- if(language_len <= (datalen - 10 - message_len))
|
||||
- language = (char *) data + 10 + message_len;
|
||||
- }
|
||||
+ struct string_buf buf;
|
||||
+ buf.data = (unsigned char *)data;
|
||||
+ buf.dataptr = buf.data;
|
||||
+ buf.len = datalen;
|
||||
+ buf.dataptr += 2; /* advance past type & always display */
|
||||
+
|
||||
+ _libssh2_get_string(&buf, &message, &message_len);
|
||||
+ _libssh2_get_string(&buf, &language, &language_len);
|
||||
}
|
||||
|
||||
if(session->ssh_msg_debug) {
|
||||
- LIBSSH2_DEBUG(session, always_display, message,
|
||||
- message_len, language, language_len);
|
||||
+ LIBSSH2_DEBUG(session, always_display,
|
||||
+ (const char *)message,
|
||||
+ message_len, (const char *)language,
|
||||
+ language_len);
|
||||
}
|
||||
}
|
||||
+
|
||||
/*
|
||||
* _libssh2_debug will actually truncate this for us so
|
||||
* that it's not an inordinate about of data
|
||||
@@ -579,7 +569,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
|
||||
uint32_t len = 0;
|
||||
unsigned char want_reply = 0;
|
||||
len = _libssh2_ntohu32(data + 1);
|
||||
- if(datalen >= (6 + len)) {
|
||||
+ if((len <= (UINT_MAX - 6)) && (datalen >= (6 + len))) {
|
||||
want_reply = data[5 + len];
|
||||
_libssh2_debug(session,
|
||||
LIBSSH2_TRACE_CONN,
|
||||
--
|
||||
2.20.1
|
||||
|
55
libssh2.spec
55
libssh2.spec
|
@ -1,14 +1,11 @@
|
|||
Name: libssh2
|
||||
Version: 1.9.0
|
||||
Release: 8%{?dist}
|
||||
Version: 1.10.0
|
||||
Release: 1%{?dist}
|
||||
Summary: A library implementing the SSH2 protocol
|
||||
License: BSD
|
||||
URL: https://www.libssh2.org/
|
||||
Source0: https://libssh2.org/download/libssh2-%{version}.tar.gz
|
||||
|
||||
# Fix integer overflow in SSH_MSG_DISCONNECT logic (CVE-2019-17498)
|
||||
Patch1: 0001-libssh2-1.9.0-CVE-2019-17498.patch
|
||||
|
||||
BuildRequires: coreutils
|
||||
BuildRequires: findutils
|
||||
BuildRequires: gcc
|
||||
|
@ -54,7 +51,6 @@ developing applications that use libssh2.
|
|||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch1 -p1
|
||||
|
||||
# Replace hard wired port number in the test suite to avoid collisions
|
||||
# between 32-bit and 64-bit builds running on a single build-host
|
||||
|
@ -118,6 +114,53 @@ LC_ALL=en_US.UTF-8 make -C tests check
|
|||
%{_libdir}/pkgconfig/libssh2.pc
|
||||
|
||||
%changelog
|
||||
* Mon Aug 30 2021 Paul Howarth <paul@city-fan.org> - 1.10.0-1
|
||||
- Update to 1.10.0
|
||||
- Adds agent forwarding support
|
||||
- Adds OpenSSH Agent support on Windows
|
||||
- Adds ECDSA key support using the Mbed TLS backend
|
||||
- Adds ECDSA cert authentication
|
||||
- Adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512,
|
||||
diffie-hellman-group18-sha512 key exchanges
|
||||
- Adds support for PKIX key reading when using ed25519 with OpenSSL
|
||||
- Adds support for EWOULDBLOCK on VMS systems
|
||||
- Adds support for building with OpenSSL 3
|
||||
- Adds support for using FIPS mode in OpenSSL
|
||||
- Adds debug symbols when building with MSVC
|
||||
- Adds support for building on the 3DS
|
||||
- Adds unicode build support on Windows
|
||||
- Restores os400 building
|
||||
- Increases min, max and opt Diffie Hellman group values
|
||||
- Improves portability of the make file
|
||||
- Improves timeout behaviour with 2FA keyboard auth
|
||||
- Various improvements to the Wincng backend
|
||||
- Fixes reading partial packet replies when using an agent
|
||||
- Fixes Diffie Hellman key exchange on Windows 1903+ builds
|
||||
- Fixes building tests with older versions of OpenSSL
|
||||
- Fixes possible multiple definition warnings
|
||||
- Fixes potential cast issues _libssh2_ecdsa_key_get_curve_type()
|
||||
- Fixes potential use after free if libssh2_init() is called twice
|
||||
- Improved linking when using Mbed TLS
|
||||
- Fixes call to libssh2_crypto_exit() if crypto hasn't been initialized
|
||||
- Fixes crash when loading public keys with no id
|
||||
- Fixes possible out of bounds read when exchanging keys
|
||||
- Fixes possible out of bounds read when reading packets
|
||||
- Fixes possible out of bounds read when opening an X11 connection
|
||||
- Fixes possible out of bounds read when ecdh host keys
|
||||
- Fixes possible hang when trying to read a disconnected socket
|
||||
- Fixes a crash when using the delayed compression option
|
||||
- Fixes read error with large known host entries
|
||||
- Fixes various warnings
|
||||
- Fixes various small memory leaks
|
||||
- Improved error handling, various detailed errors will now be reported
|
||||
- Builds are now using OSS-Fuzz
|
||||
- Builds now use autoreconf instead of a custom build script
|
||||
- cmake now respects install directory
|
||||
- Improved CI backend
|
||||
- Updated HACKING-CRYPTO documentation
|
||||
- Use markdown file extensions
|
||||
- Improved unit tests
|
||||
|
||||
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (libssh2-1.9.0.tar.gz) = 41a3ebcf84e32eab69b7411ffb0a3b6e6db71491c968602b17392cfe3490ef00239726ec28acb3d25bf0ed62700db7f4d0bb5a9175618f413865f40badca6e17
|
||||
SHA512 (libssh2-1.10.0.tar.gz) = e064ee1089eb8e6cd5fa2617f4fd8ff56c2721c5476775a98bdb68c6c4ee4d05c706c3bb0eb479a27a8ec0b17a8a5ef43e1d028ad3f134519aa582d3981a3a30
|
||||
|
|
Loading…
Reference in New Issue