summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2014-04-04 22:00:23 +0200
committerLudovic Courtès <ludo@gnu.org>2014-04-04 22:04:44 +0200
commit9c333da6f1b465e70767254ab19d9ec27681bb7b (patch)
tree5214117b798c9009679482d7249d2d2663e95461
parentbde8c0e6d9c7d943cf09c8fd4bc3201ab8f4799e (diff)
downloadguix-9c333da6f1b465e70767254ab19d9ec27681bb7b.tar.gz
gnu: guile-ssh: Use libssh 0.5.5 patched for CVE-2014-0017.
* gnu/packages/patches/libssh-CVE-2014-0017.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/ssh.scm (libssh-0.5): New variable.
  (guile-ssh): Use it.
-rw-r--r--gnu-system.am1
-rw-r--r--gnu/packages/patches/libssh-CVE-2014-0017.patch89
-rw-r--r--gnu/packages/ssh.scm15
3 files changed, 104 insertions, 1 deletions
diff --git a/gnu-system.am b/gnu-system.am
index 315b661eaf..5d817cc03e 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -302,6 +302,7 @@ dist_patch_DATA =						\
   gnu/packages/patches/libtheora-config-guess.patch		\
   gnu/packages/patches/libtool-skip-tests.patch			\
   gnu/packages/patches/libtool-skip-tests-for-mips.patch	\
+  gnu/packages/patches/libssh-CVE-2014-0017.patch		\
   gnu/packages/patches/luit-posix.patch				\
   gnu/packages/patches/m4-gets-undeclared.patch			\
   gnu/packages/patches/m4-readlink-EINVAL.patch			\
diff --git a/gnu/packages/patches/libssh-CVE-2014-0017.patch b/gnu/packages/patches/libssh-CVE-2014-0017.patch
new file mode 100644
index 0000000000..94d8cc33d2
--- /dev/null
+++ b/gnu/packages/patches/libssh-CVE-2014-0017.patch
@@ -0,0 +1,89 @@
+Patch from libssh 0.6, with bind.c hunk adjusted for 0.5.5.
+
+From e99246246b4061f7e71463f8806b9dcad65affa0 Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <aris@0xbadc0de.be>
+Date: Wed, 05 Feb 2014 20:24:12 +0000
+Subject: security: fix for vulnerability CVE-2014-0017
+
+When accepting a new connection, a forking server based on libssh forks
+and the child process handles the request. The RAND_bytes() function of
+openssl doesn't reset its state after the fork, but simply adds the
+current process id (getpid) to the PRNG state, which is not guaranteed
+to be unique.
+This can cause several children to end up with same PRNG state which is
+a security issue.
+---
+diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
+index 7374a88..e8ff32c 100644
+--- a/include/libssh/wrapper.h
++++ b/include/libssh/wrapper.h
+@@ -70,5 +70,6 @@ int crypt_set_algorithms_server(ssh_session session);
+ struct ssh_crypto_struct *crypto_new(void);
+ void crypto_free(struct ssh_crypto_struct *crypto);
+ 
++void ssh_reseed(void);
+ 
+ #endif /* WRAPPER_H_ */
+diff --git a/src/bind.c b/src/bind.c
+index 8d82d0d..03d3403 100644
+--- a/src/bind.c
++++ b/src/bind.c
+@@ -375,6 +375,8 @@ int ssh_bind_accept(ssh_bind sshbind, ss
+   session->dsa_key = dsa;
+   session->rsa_key = rsa;
+ 
++  /* force PRNG to change state in case we fork after ssh_bind_accept */
++  ssh_reseed();
+   return SSH_OK;
+ }
+ 
+diff --git a/src/libcrypto.c b/src/libcrypto.c
+index bb1d96a..d8cc795 100644
+--- a/src/libcrypto.c
++++ b/src/libcrypto.c
+@@ -23,6 +23,7 @@
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
++#include <sys/time.h>
+ 
+ #include "libssh/priv.h"
+ #include "libssh/session.h"
+@@ -38,6 +39,8 @@
+ #include <openssl/rsa.h>
+ #include <openssl/hmac.h>
+ #include <openssl/opensslv.h>
++#include <openssl/rand.h>
++
+ #ifdef HAVE_OPENSSL_AES_H
+ #define HAS_AES
+ #include <openssl/aes.h>
+@@ -74,6 +77,12 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
+     return 0;
+ }
+ 
++void ssh_reseed(void){
++    struct timeval tv;
++    gettimeofday(&tv, NULL);
++    RAND_add(&tv, sizeof(tv), 0.0);
++}
++
+ SHACTX sha1_init(void) {
+   SHACTX c = malloc(sizeof(*c));
+   if (c == NULL) {
+diff --git a/src/libgcrypt.c b/src/libgcrypt.c
+index 899bccd..4617901 100644
+--- a/src/libgcrypt.c
++++ b/src/libgcrypt.c
+@@ -45,6 +45,9 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
+     return 0;
+ }
+ 
++void ssh_reseed(void){
++	}
++
+ SHACTX sha1_init(void) {
+   SHACTX ctx = NULL;
+   gcry_md_open(&ctx, GCRY_MD_SHA1, 0);
+--
+cgit v0.9.1
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index a6441709f3..a952890b29 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -30,6 +30,7 @@
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages which)
+  #:use-module (gnu packages)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
@@ -96,6 +97,18 @@ remote applications.")
     (home-page "http://www.libssh.org")
     (license license:lgpl2.1+)))
 
+(define libssh-0.5                                ; kept private
+  (package (inherit libssh)
+    (version "0.5.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://red.libssh.org/attachments/download/51/libssh-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "17cfdff4hc0ijzrr15biq29fiabafz0bw621zlkbwbc1zh2hzpy0"))
+              (patches (list (search-patch "libssh-CVE-2014-0017.patch")))))))
+
 (define-public libssh2
   (package
    (name "libssh2")
@@ -238,7 +251,7 @@ Additionally, various channel-specific options can be negotiated.")
                      ("pkg-config" ,pkg-config)
                      ("which" ,which)))
     (inputs `(("guile" ,guile-2.0)
-              ("libssh" ,libssh)))
+              ("libssh" ,libssh-0.5)))
     (synopsis "Guile bindings to libssh")
     (description
      "Guile-SSH is a library that provides access to the SSH protocol for