Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssh get rid of roaming (CVE-2016-0777)
details: https://anonhg.NetBSD.org/src/rev/1f2e4279ffbd
branches: trunk
changeset: 813085:1f2e4279ffbd
user: christos <christos%NetBSD.org@localhost>
date: Thu Jan 14 22:30:04 2016 +0000
description:
get rid of roaming (CVE-2016-0777)
diffstat:
crypto/external/bsd/openssh/bin/ssh/Makefile | 5 +-
crypto/external/bsd/openssh/bin/sshd/Makefile | 4 +-
crypto/external/bsd/openssh/dist/clientloop.c | 11 +-
crypto/external/bsd/openssh/dist/kex.c | 16 +-
crypto/external/bsd/openssh/dist/kex.h | 4 +-
crypto/external/bsd/openssh/dist/monitor.c | 5 +-
crypto/external/bsd/openssh/dist/monitor_wrap.c | 5 +-
crypto/external/bsd/openssh/dist/opacket.c | 16 +-
crypto/external/bsd/openssh/dist/opacket.h | 4 +-
crypto/external/bsd/openssh/dist/packet.c | 86 +------
crypto/external/bsd/openssh/dist/readconf.c | 14 +-
crypto/external/bsd/openssh/dist/readconf.h | 4 +-
crypto/external/bsd/openssh/dist/roaming.h | 46 ---
crypto/external/bsd/openssh/dist/roaming_client.c | 272 ----------------------
crypto/external/bsd/openssh/dist/roaming_common.c | 242 -------------------
crypto/external/bsd/openssh/dist/roaming_dummy.c | 71 -----
crypto/external/bsd/openssh/dist/roaming_serv.c | 30 --
crypto/external/bsd/openssh/dist/serverloop.c | 10 +-
crypto/external/bsd/openssh/dist/ssh.c | 8 +-
crypto/external/bsd/openssh/dist/ssh2.h | 9 +-
crypto/external/bsd/openssh/dist/sshconnect.c | 9 +-
crypto/external/bsd/openssh/dist/sshconnect2.c | 9 +-
crypto/external/bsd/openssh/dist/sshd.c | 9 +-
crypto/external/bsd/openssh/dist/version.h | 4 +-
crypto/external/bsd/openssh/lib/Makefile | 3 +-
crypto/external/bsd/openssh/lib/shlib_version | 4 +-
26 files changed, 52 insertions(+), 848 deletions(-)
diffs (truncated from 1438 to 300 lines):
diff -r 2bab05207ad0 -r 1f2e4279ffbd crypto/external/bsd/openssh/bin/ssh/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh/Makefile Thu Jan 14 22:06:42 2016 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh/Makefile Thu Jan 14 22:30:04 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.8 2012/08/10 12:20:12 joerg Exp $
+# $NetBSD: Makefile,v 1.9 2016/01/14 22:30:04 christos Exp $
.include <bsd.own.mk>
@@ -6,8 +6,7 @@
PROG= ssh
SRCS= ssh.c readconf.c clientloop.c sshtty.c \
- sshconnect.c sshconnect1.c sshconnect2.c mux.c \
- roaming_common.c roaming_client.c
+ sshconnect.c sshconnect1.c sshconnect2.c mux.c
COPTS.sshconnect1.c= -fno-strict-aliasing
COPTS.mux.c= -Wno-pointer-sign
diff -r 2bab05207ad0 -r 1f2e4279ffbd crypto/external/bsd/openssh/bin/sshd/Makefile
--- a/crypto/external/bsd/openssh/bin/sshd/Makefile Thu Jan 14 22:06:42 2016 +0000
+++ b/crypto/external/bsd/openssh/bin/sshd/Makefile Thu Jan 14 22:30:04 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.12 2015/01/26 03:57:17 christos Exp $
+# $NetBSD: Makefile,v 1.13 2016/01/14 22:30:04 christos Exp $
.include <bsd.own.mk>
@@ -15,7 +15,7 @@
auth2-none.c auth2-passwd.c auth2-pubkey.c \
monitor_mm.c monitor.c monitor_wrap.c \
kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \
- roaming_common.c roaming_serv.c sandbox-rlimit.c pfilter.c
+ sandbox-rlimit.c pfilter.c
COPTS.auth-options.c= -Wno-pointer-sign
COPTS.ldapauth.c= -Wno-format-nonliteral # XXX: should fix
diff -r 2bab05207ad0 -r 1f2e4279ffbd crypto/external/bsd/openssh/dist/clientloop.c
--- a/crypto/external/bsd/openssh/dist/clientloop.c Thu Jan 14 22:06:42 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/clientloop.c Thu Jan 14 22:30:04 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: clientloop.c,v 1.15 2015/08/13 10:33:21 christos Exp $ */
+/* $NetBSD: clientloop.c,v 1.16 2016/01/14 22:30:04 christos Exp $ */
/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
@@ -61,7 +61,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: clientloop.c,v 1.15 2015/08/13 10:33:21 christos Exp $");
+__RCSID("$NetBSD: clientloop.c,v 1.16 2016/01/14 22:30:04 christos Exp $");
#include <sys/param.h> /* MIN MAX */
#include <sys/types.h>
@@ -106,7 +106,6 @@
#include "sshpty.h"
#include "match.h"
#include "msg.h"
-#include "roaming.h"
#include "getpeereid.h"
#include "ssherr.h"
#include "hostfile.h"
@@ -734,7 +733,7 @@
static void
client_process_net_input(fd_set *readset)
{
- int len, cont = 0;
+ int len;
char buf[8192];
/*
@@ -743,8 +742,8 @@
*/
if (FD_ISSET(connection_in, readset)) {
/* Read as much as possible. */
- len = roaming_read(connection_in, buf, sizeof(buf), &cont);
- if (len == 0 && cont == 0) {
+ len = read(connection_in, buf, sizeof(buf));
+ if (len == 0) {
/*
* Received EOF. The remote host has closed the
* connection.
diff -r 2bab05207ad0 -r 1f2e4279ffbd crypto/external/bsd/openssh/dist/kex.c
--- a/crypto/external/bsd/openssh/dist/kex.c Thu Jan 14 22:06:42 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/kex.c Thu Jan 14 22:30:04 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kex.c,v 1.12 2015/08/13 10:33:21 christos Exp $ */
+/* $NetBSD: kex.c,v 1.13 2016/01/14 22:30:04 christos Exp $ */
/* $OpenBSD: kex.c,v 1.109 2015/07/30 00:01:34 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: kex.c,v 1.12 2015/08/13 10:33:21 christos Exp $");
+__RCSID("$NetBSD: kex.c,v 1.13 2016/01/14 22:30:04 christos Exp $");
#include <sys/param.h> /* MAX roundup */
#include <signal.h>
@@ -50,7 +50,6 @@
#include "dispatch.h"
#include "monitor.h"
#include "canohost.h"
-#include "roaming.h"
#include "ssherr.h"
#include "sshbuf.h"
@@ -650,17 +649,6 @@
sprop=peer;
}
- /* Check whether server offers roaming */
- if (!kex->server) {
- char *roaming = match_list(KEX_RESUME,
- peer[PROPOSAL_KEX_ALGS], NULL);
-
- if (roaming) {
- kex->roaming = 1;
- free(roaming);
- }
- }
-
/* Algorithm Negotiation */
for (mode = 0; mode < MODE_MAX; mode++) {
if ((newkeys = calloc(1, sizeof(*newkeys))) == NULL) {
diff -r 2bab05207ad0 -r 1f2e4279ffbd crypto/external/bsd/openssh/dist/kex.h
--- a/crypto/external/bsd/openssh/dist/kex.h Thu Jan 14 22:06:42 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/kex.h Thu Jan 14 22:30:04 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kex.h,v 1.10 2015/08/13 10:33:21 christos Exp $ */
+/* $NetBSD: kex.h,v 1.11 2016/01/14 22:30:04 christos Exp $ */
/* $OpenBSD: kex.h,v 1.73 2015/07/30 00:01:34 djm Exp $ */
/*
@@ -41,7 +41,6 @@
#define KEX_DH14 "diffie-hellman-group14-sha1"
#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
-#define KEX_RESUME "resume%appgate.com@localhost"
#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
@@ -119,7 +118,6 @@
int hostkey_type;
int hostkey_nid;
u_int kex_type;
- int roaming;
struct sshbuf *my;
struct sshbuf *peer;
sig_atomic_t done;
diff -r 2bab05207ad0 -r 1f2e4279ffbd crypto/external/bsd/openssh/dist/monitor.c
--- a/crypto/external/bsd/openssh/dist/monitor.c Thu Jan 14 22:06:42 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/monitor.c Thu Jan 14 22:30:04 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: monitor.c,v 1.16 2015/08/13 10:33:21 christos Exp $ */
+/* $NetBSD: monitor.c,v 1.17 2016/01/14 22:30:04 christos Exp $ */
/* $OpenBSD: monitor.c,v 1.150 2015/06/22 23:42:16 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos%citi.umich.edu@localhost>
@@ -27,7 +27,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: monitor.c,v 1.16 2015/08/13 10:33:21 christos Exp $");
+__RCSID("$NetBSD: monitor.c,v 1.17 2016/01/14 22:30:04 christos Exp $");
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/socket.h>
@@ -84,7 +84,6 @@
#include "monitor_fdpass.h"
#include "compat.h"
#include "ssh2.h"
-#include "roaming.h"
#include "authfd.h"
#include "match.h"
#include "ssherr.h"
diff -r 2bab05207ad0 -r 1f2e4279ffbd crypto/external/bsd/openssh/dist/monitor_wrap.c
--- a/crypto/external/bsd/openssh/dist/monitor_wrap.c Thu Jan 14 22:06:42 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/monitor_wrap.c Thu Jan 14 22:30:04 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: monitor_wrap.c,v 1.12 2015/07/03 01:00:00 christos Exp $ */
+/* $NetBSD: monitor_wrap.c,v 1.13 2016/01/14 22:30:04 christos Exp $ */
/* $OpenBSD: monitor_wrap.c,v 1.85 2015/05/01 03:23:51 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos%citi.umich.edu@localhost>
@@ -27,7 +27,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: monitor_wrap.c,v 1.12 2015/07/03 01:00:00 christos Exp $");
+__RCSID("$NetBSD: monitor_wrap.c,v 1.13 2016/01/14 22:30:04 christos Exp $");
#include <sys/types.h>
#include <sys/uio.h>
#include <sys/queue.h>
@@ -78,7 +78,6 @@
#include "channels.h"
#include "session.h"
#include "servconf.h"
-#include "roaming.h"
#include "ssherr.h"
diff -r 2bab05207ad0 -r 1f2e4279ffbd crypto/external/bsd/openssh/dist/opacket.c
--- a/crypto/external/bsd/openssh/dist/opacket.c Thu Jan 14 22:06:42 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/opacket.c Thu Jan 14 22:30:04 2016 +0000
@@ -1,8 +1,8 @@
-/* $NetBSD: opacket.c,v 1.3 2015/07/03 01:00:00 christos Exp $ */
+/* $NetBSD: opacket.c,v 1.4 2016/01/14 22:30:04 christos Exp $ */
/* Written by Markus Friedl. Placed in the public domain. */
#include "includes.h"
-__RCSID("$NetBSD: opacket.c,v 1.3 2015/07/03 01:00:00 christos Exp $");
+__RCSID("$NetBSD: opacket.c,v 1.4 2016/01/14 22:30:04 christos Exp $");
#include "ssherr.h"
#include "packet.h"
@@ -243,18 +243,6 @@
fatal("%s: ssh_packet_set_connection failed", __func__);
}
-void
-packet_backup_state(void)
-{
- ssh_packet_backup_state(active_state, backup_state);
-}
-
-void
-packet_restore_state(void)
-{
- ssh_packet_restore_state(active_state, backup_state);
-}
-
u_int
packet_get_char(void)
{
diff -r 2bab05207ad0 -r 1f2e4279ffbd crypto/external/bsd/openssh/dist/opacket.h
--- a/crypto/external/bsd/openssh/dist/opacket.h Thu Jan 14 22:06:42 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/opacket.h Thu Jan 14 22:30:04 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: opacket.h,v 1.2 2015/04/03 23:58:19 christos Exp $ */
+/* $NetBSD: opacket.h,v 1.3 2016/01/14 22:30:04 christos Exp $ */
#ifndef _OPACKET_H
/* Written by Markus Friedl. Placed in the public domain. */
@@ -41,8 +41,6 @@
void packet_close(void);
u_int packet_get_char(void);
u_int packet_get_int(void);
-void packet_backup_state(void);
-void packet_restore_state(void);
void packet_set_connection(int, int);
int packet_read_seqnr(u_int32_t *);
int packet_read_poll_seqnr(u_int32_t *);
diff -r 2bab05207ad0 -r 1f2e4279ffbd crypto/external/bsd/openssh/dist/packet.c
--- a/crypto/external/bsd/openssh/dist/packet.c Thu Jan 14 22:06:42 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/packet.c Thu Jan 14 22:30:04 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: packet.c,v 1.21 2015/08/21 08:20:59 christos Exp $ */
+/* $NetBSD: packet.c,v 1.22 2016/01/14 22:30:04 christos Exp $ */
/* $OpenBSD: packet.c,v 1.214 2015/08/20 22:32:42 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
@@ -39,7 +39,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.21 2015/08/21 08:20:59 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.22 2016/01/14 22:30:04 christos Exp $");
#include <sys/param.h> /* MIN roundup */
#include <sys/types.h>
#include <sys/queue.h>
@@ -80,7 +80,6 @@
#include "channels.h"
#include "ssh.h"
#include "packet.h"
-#include "roaming.h"
#include "ssherr.h"
#include "sshbuf.h"
@@ -1265,7 +1264,7 @@
ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
{
struct session_state *state = ssh->state;
- int len, r, ms_remain = 0, cont;
+ int len, r, ms_remain = 0;
fd_set *setp;
char buf[8192];
struct timeval timeout, start, *timeoutp = NULL;
@@ -1334,11 +1333,7 @@
if (r == 0)
return SSH_ERR_CONN_TIMEOUT;
/* Read data from the socket. */
- do {
- cont = 0;
- len = roaming_read(state->connection_in, buf,
- sizeof(buf), &cont);
- } while (len == 0 && cont);
+ len = read(state->connection_in, buf, sizeof(buf));
Home |
Main Index |
Thread Index |
Old Index