Generate two keys with the PID forced to the same value and test that

they differ, to defend against recurrences of the recent Debian OpenSSL
vulnerability.

6 files changed, 71 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
index c2ab8971c..635e573f9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -15,6 +15,9 @@ openssh (1:4.7p1-11) UNRELEASED; urgency=low
     - Update Vietnamese (thanks, Clytie Siddall; closes: #481876).
   * Check RSA1 keys without the need for a separate blacklist. Thanks to
     Simon Tatham for the idea.
+  * Generate two keys with the PID forced to the same value and test that
+    they differ, to defend against recurrences of the recent Debian OpenSSL
+    vulnerability.
 
  -- Colin Watson <cjwatson@debian.org>  Sat, 17 May 2008 08:48:45 +0200
 
diff --git a/debian/rules b/debian/rules
index 2136c2ec8..58eb3a41f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -124,6 +124,7 @@ endif
 
         $(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
         $(MAKE) -C contrib gnome-ssh-askpass2 CC='gcc $(OPTFLAGS) -g -Wall'
+        $(MAKE) -C debian/tests
 
         touch build-deb-stamp
 
@@ -144,6 +145,7 @@ clean:
         dh_testdir
         rm -f build-deb-stamp build-udeb-stamp
         rm -rf build-deb build-udeb
+        $(MAKE) -C debian/tests clean
         $(MAKE) -C contrib clean
         rm -f config.log
         rm -f debian/ssh-askpass-gnome.png
diff --git a/debian/tests/.cvsignore b/debian/tests/.cvsignore
new file mode 100644
index 000000000..d0383c1d3
--- /dev/null
+++ b/debian/tests/.cvsignore
@@ -0,0 +1,4 @@
+key1
+key1.pub
+key2
+key2.pub
diff --git a/debian/tests/Makefile b/debian/tests/Makefile
new file mode 100644
index 000000000..16d9840ac
--- /dev/null
+++ b/debian/tests/Makefile
@@ -0,0 +1,11 @@
+test: getpid.so
+        ./keygen-test
+
+getpid.o: getpid.c
+        gcc -fPIC -c $< -o $@
+
+getpid.so: getpid.o
+        gcc -shared -o $@ $<
+
+clean:
+        rm -f getpid.o getpid.so key1 key1.pub key2 key2.pub
diff --git a/debian/tests/getpid.c b/debian/tests/getpid.c
new file mode 100644
index 000000000..c9e35b87e
--- /dev/null
+++ b/debian/tests/getpid.c
@@ -0,0 +1,39 @@
+/*
+ * Compile:
+
+gcc -fPIC -c getpid.c -o getpid.o
+gcc -shared -o getpid.so getpid.o
+
+ * Use:
+ 
+FORCE_PID=1234 LD_PRELOAD=./getpid.so bash
+
+#
+# Copyright (C) 2001-2008 Kees Cook
+# kees@outflux.net, http://outflux.net/
+# 
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+# http://www.gnu.org/copyleft/gpl.html
+
+*/
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <stdlib.h>
+
+pid_t getpid(void)
+{
+    return atoi(getenv("FORCE_PID"));
+}
diff --git a/debian/tests/keygen-test b/debian/tests/keygen-test
new file mode 100755
index 000000000..02b7c761a
--- /dev/null
+++ b/debian/tests/keygen-test
@@ -0,0 +1,12 @@
+#! /bin/sh
+
+rm -f key1 key1.pub key2 key2.pub
+LD_PRELOAD="$(pwd)/getpid.so" FORCE_PID=1234 \
+        ../../build-deb/ssh-keygen -N '' -f key1 >/dev/null
+LD_PRELOAD="$(pwd)/getpid.so" FORCE_PID=1234 \
+        ../../build-deb/ssh-keygen -N '' -f key2 >/dev/null
+if cmp -s key1 key2; then
+        echo "Generated two identical keys!" >&2
+        exit 1
+fi
+exit 0