From a5103f413bde6f31bff85d6e1fd29799c647d765 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 4 Feb 2014 11:20:14 +1100 Subject: - djm@cvs.openbsd.org 2014/02/02 03:44:32 [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero() --- sshconnect.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sshconnect.c') diff --git a/sshconnect.c b/sshconnect.c index d21781ea4..3781eaf3b 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.244 2014/01/09 23:26:48 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.245 2014/02/02 03:44:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1299,7 +1299,7 @@ ssh_put_password(char *password) padded = xcalloc(1, size); strlcpy(padded, password, size); packet_put_string(padded, size); - memset(padded, 0, size); + explicit_bzero(padded, size); free(padded); } -- cgit v1.2.3 From d1a7a9c0fd1ac2e3314cceb2891959fd2cd9eabb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 7 Feb 2014 09:24:33 +1100 Subject: - djm@cvs.openbsd.org 2014/02/06 22:21:01 [sshconnect.c] in ssh_create_socket(), only do the getaddrinfo for BindAddress when BindAddress is actually specified. Fixes regression in 6.5 for UsePrivilegedPort=yes; patch from Corinna Vinschen --- ChangeLog | 5 +++++ sshconnect.c | 33 ++++++++++++++++++--------------- 2 files changed, 23 insertions(+), 15 deletions(-) (limited to 'sshconnect.c') diff --git a/ChangeLog b/ChangeLog index cdb5ca4de..e3b5fd28a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,11 @@ [ssh-keygen.1 ssh-keygen.c] tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@ while here, fix ordering in usage(); requested by jmc@ + - djm@cvs.openbsd.org 2014/02/06 22:21:01 + [sshconnect.c] + in ssh_create_socket(), only do the getaddrinfo for BindAddress when + BindAddress is actually specified. Fixes regression in 6.5 for + UsePrivilegedPort=yes; patch from Corinna Vinschen 20140206 - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL diff --git a/sshconnect.c b/sshconnect.c index 3781eaf3b..573d7a8e8 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.245 2014/02/02 03:44:31 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.246 2014/02/06 22:21:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -269,7 +269,7 @@ static int ssh_create_socket(int privileged, struct addrinfo *ai) { int sock, r, gaierr; - struct addrinfo hints, *res; + struct addrinfo hints, *res = NULL; sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { @@ -282,17 +282,19 @@ ssh_create_socket(int privileged, struct addrinfo *ai) if (options.bind_address == NULL && !privileged) return sock; - memset(&hints, 0, sizeof(hints)); - hints.ai_family = ai->ai_family; - hints.ai_socktype = ai->ai_socktype; - hints.ai_protocol = ai->ai_protocol; - hints.ai_flags = AI_PASSIVE; - gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res); - if (gaierr) { - error("getaddrinfo: %s: %s", options.bind_address, - ssh_gai_strerror(gaierr)); - close(sock); - return -1; + if (options.bind_address) { + memset(&hints, 0, sizeof(hints)); + hints.ai_family = ai->ai_family; + hints.ai_socktype = ai->ai_socktype; + hints.ai_protocol = ai->ai_protocol; + hints.ai_flags = AI_PASSIVE; + gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res); + if (gaierr) { + error("getaddrinfo: %s: %s", options.bind_address, + ssh_gai_strerror(gaierr)); + close(sock); + return -1; + } } /* * If we are running as root and want to connect to a privileged @@ -300,7 +302,7 @@ ssh_create_socket(int privileged, struct addrinfo *ai) */ if (privileged) { PRIV_START; - r = bindresvport_sa(sock, res->ai_addr); + r = bindresvport_sa(sock, res ? res->ai_addr : NULL); PRIV_END; if (r < 0) { error("bindresvport_sa: af=%d %s", ai->ai_family, @@ -317,7 +319,8 @@ ssh_create_socket(int privileged, struct addrinfo *ai) return -1; } } - freeaddrinfo(res); + if (res != NULL) + freeaddrinfo(res); return sock; } -- cgit v1.2.3 From 6103c29d855e82c098e88ee12f05a6eb41f659ce Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 9 Feb 2014 16:10:00 +0000 Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand There's some debate on the upstream bug about whether POSIX requires this. I (Colin Watson) agree with Vincent and think it does. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494 Bug-Debian: http://bugs.debian.org/492728 Last-Update: 2013-09-14 Patch-Name: shell-path.patch --- sshconnect.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sshconnect.c') diff --git a/sshconnect.c b/sshconnect.c index 573d7a8e8..9e02837ac 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -227,7 +227,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) /* Execute the proxy command. Note that we gave up any extra privileges above. */ signal(SIGPIPE, SIG_DFL); - execv(argv[0], argv); + execvp(argv[0], argv); perror(argv[0]); exit(1); } @@ -1387,7 +1387,7 @@ ssh_local_cmd(const char *args) if (pid == 0) { signal(SIGPIPE, SIG_DFL); debug3("Executing %s -c \"%s\"", shell, args); - execl(shell, shell, "-c", args, (char *)NULL); + execlp(shell, shell, "-c", args, (char *)NULL); error("Couldn't execute %s -c \"%s\": %s", shell, args, strerror(errno)); _exit(1); -- cgit v1.2.3 From 8ab8f1465980856291f215c7b7184a4456398fb4 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Sun, 9 Feb 2014 16:10:03 +0000 Subject: Mention ssh-keygen in ssh fingerprint changed warning Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843 Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607 Last-Update: 2013-09-14 Patch-Name: mention-ssh-keygen-on-keychange.patch --- sshconnect.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'sshconnect.c') diff --git a/sshconnect.c b/sshconnect.c index 9e02837ac..e0a5db9a3 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1065,9 +1065,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, error("%s. This could either mean that", key_msg); error("DNS SPOOFING is happening or the IP address for the host"); error("and its host key have changed at the same time."); - if (ip_status != HOST_NEW) + if (ip_status != HOST_NEW) { error("Offending key for IP in %s:%lu", ip_found->file, ip_found->line); + error(" remove with: ssh-keygen -f \"%s\" -R %s", + ip_found->file, ip); + } } /* The host key has changed. */ warn_changed_key(host_key); @@ -1075,6 +1078,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, user_hostfiles[0]); error("Offending %s key in %s:%lu", key_type(host_found->key), host_found->file, host_found->line); + error(" remove with: ssh-keygen -f \"%s\" -R %s", + host_found->file, host); /* * If strict host key checking is in use, the user will have -- cgit v1.2.3 From 6de70b95f5005447ae23532d4f3ee41a9338479f Mon Sep 17 00:00:00 2001 From: Matthew Vernon Date: Sun, 9 Feb 2014 16:10:05 +0000 Subject: Include the Debian version in our identification This makes it easier to audit networks for versions patched against security vulnerabilities. It has little detrimental effect, as attackers will generally just try attacks rather than bothering to scan for vulnerable-looking version strings. (However, see debian-banner.patch.) Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: package-versioning.patch --- sshconnect.c | 4 ++-- sshd.c | 2 +- version.h | 7 ++++++- 3 files changed, 9 insertions(+), 4 deletions(-) (limited to 'sshconnect.c') diff --git a/sshconnect.c b/sshconnect.c index e0a5db9a3..87c3770c0 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -520,10 +520,10 @@ send_client_banner(int connection_out, int minor1) /* Send our own protocol version identification. */ if (compat20) { xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", - PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE); } else { xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", - PROTOCOL_MAJOR_1, minor1, SSH_VERSION); + PROTOCOL_MAJOR_1, minor1, SSH_RELEASE); } if (roaming_atomicio(vwrite, connection_out, client_version_string, strlen(client_version_string)) != strlen(client_version_string)) diff --git a/sshd.c b/sshd.c index e343d902f..af9b8f180 100644 --- a/sshd.c +++ b/sshd.c @@ -440,7 +440,7 @@ sshd_exchange_identification(int sock_in, int sock_out) } xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", - major, minor, SSH_VERSION, + major, minor, SSH_RELEASE, *options.version_addendum == '\0' ? "" : " ", options.version_addendum, newline); diff --git a/version.h b/version.h index a1579ace1..a97c337a3 100644 --- a/version.h +++ b/version.h @@ -3,4 +3,9 @@ #define SSH_VERSION "OpenSSH_6.6" #define SSH_PORTABLE "p1" -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE +#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE +#ifdef SSH_EXTRAVERSION +#define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION +#else +#define SSH_RELEASE SSH_RELEASE_MINIMUM +#endif -- cgit v1.2.3