diff options
author | Wout Mertens <Wout.Mertens@gmail.com> | 2020-12-30 16:38:10 +0100 |
---|---|---|
committer | Wout Mertens <Wout.Mertens@gmail.com> | 2020-12-30 16:44:06 +0100 |
commit | 76675a1f732d21cdd430dd63770eadaa0ac82498 (patch) | |
tree | dcfbed4169c6eab19c0122bf5f0756f3996f999d /pkgs/os-specific/linux | |
parent | e92cc61453b44d00143c972336ec4fd15c2c2aaf (diff) |
pam-ssh-agent: fix EDCSA crash
Diffstat (limited to 'pkgs/os-specific/linux')
-rw-r--r-- | pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix | 1 | ||||
-rw-r--r-- | pkgs/os-specific/linux/pam_ssh_agent_auth/edcsa-crash-fix.patch | 53 |
2 files changed, 54 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix index b8cdda5a69a5e..167363e60a850 100644 --- a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix +++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix @@ -24,6 +24,7 @@ stdenv.mkDerivation rec { # Allow multiple colon-separated authorized keys files to be # specified in the file= option. ./multiple-key-files.patch + ./edcsa-crash-fix.patch ]; configureFlags = [ diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/edcsa-crash-fix.patch b/pkgs/os-specific/linux/pam_ssh_agent_auth/edcsa-crash-fix.patch new file mode 100644 index 0000000000000..45ee87458161d --- /dev/null +++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/edcsa-crash-fix.patch @@ -0,0 +1,53 @@ +commit 1b0d9bcc5f5cd78b0bb1357d6a11da5d616ad26f +Author: Wout Mertens <Wout.Mertens@gmail.com> +Date: Thu Jun 11 18:08:13 2020 +0200 + + fix segfault when using ECDSA keys. + + Author: Marc Deslauriers <marc.deslauriers@canonical.com> + Bug-Ubuntu: https://bugs.launchpad.net/bugs/1869512 + +diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c +index 5b13b30..5bf29cc 100644 +--- a/ssh-ecdsa.c ++++ b/ssh-ecdsa.c +@@ -46,7 +46,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + u_int len, dlen; + Buffer b, bb; + #if OPENSSL_VERSION_NUMBER >= 0x10100005L +- BIGNUM *r, *s; ++ BIGNUM *r = NULL, *s = NULL; + #endif + + if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) { +@@ -137,20 +137,27 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + + /* parse signature */ + if ((sig = ECDSA_SIG_new()) == NULL) +- pamsshagentauth_fatal("ssh_ecdsa_verify: DSA_SIG_new failed"); ++ pamsshagentauth_fatal("ssh_ecdsa_verify: ECDSA_SIG_new failed"); + + pamsshagentauth_buffer_init(&b); + pamsshagentauth_buffer_append(&b, sigblob, len); + #if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1)) ++ pamsshagentauth_fatal("ssh_ecdsa_verify:" ++ "pamsshagentauth_buffer_get_bignum2_ret failed"); + #else +- DSA_SIG_get0(sig, &r, &s); ++ if ((r = BN_new()) == NULL) ++ pamsshagentauth_fatal("ssh_ecdsa_verify: BN_new failed"); ++ if ((s = BN_new()) == NULL) ++ pamsshagentauth_fatal("ssh_ecdsa_verify: BN_new failed"); + if ((pamsshagentauth_buffer_get_bignum2_ret(&b, r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(&b, s) == -1)) +-#endif + pamsshagentauth_fatal("ssh_ecdsa_verify:" + "pamsshagentauth_buffer_get_bignum2_ret failed"); ++ if (ECDSA_SIG_set0(sig, r, s) != 1) ++ pamsshagentauth_fatal("ssh_ecdsa_verify: ECDSA_SIG_set0 failed"); ++#endif + + /* clean up */ + memset(sigblob, 0, len); |