From 3726bd99d4128abd8c1eea7c8ee859004f4f7f47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=86=AF=E5=B7=9D=E4=B8=8010346279?= Date: Tue, 16 Jan 2024 16:26:28 +0800 Subject: [PATCH] Bugfix for CVE-2023-51385 --- openssh-8.0p1-CVE-2023-51385.patch | 72 ++++++++++++++++++++++++++++++ openssh.spec | 7 ++- 2 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 openssh-8.0p1-CVE-2023-51385.patch diff --git a/openssh-8.0p1-CVE-2023-51385.patch b/openssh-8.0p1-CVE-2023-51385.patch new file mode 100644 index 0000000..6ae70d4 --- /dev/null +++ b/openssh-8.0p1-CVE-2023-51385.patch @@ -0,0 +1,72 @@ +From 2cf82a21d2ec27723e1c18915752fca8e3314697 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E5=86=AF=E5=B7=9D=E4=B8=8010346279?= + +Date: Tue, 16 Jan 2024 14:22:15 +0800 +Subject: [PATCH] new + +--- + ssh.c | 41 ++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 40 insertions(+), 1 deletion(-) + +diff --git a/ssh.c b/ssh.c +index 91e7c35..448c0f4 100644 +--- a/ssh.c ++++ b/ssh.c +@@ -575,6 +575,41 @@ set_addrinfo_port(struct addrinfo *addrs, int port) + } + } + ++static int ++valid_hostname(const char *s) ++{ ++ size_t i; ++ ++ if (*s == '-') ++ return 0; ++ for (i = 0; s[i] != 0; i++) { ++ if (strchr("'`\"$\\;&<>|(){}", s[i]) != NULL || ++ isspace((u_char)s[i]) || iscntrl((u_char)s[i])) ++ return 0; ++ } ++ return 1; ++} ++ ++static int ++valid_ruser(const char *s) ++{ ++ size_t i; ++ ++ if (*s == '-') ++ return 0; ++ for (i = 0; s[i] != 0; i++) { ++ if (strchr("'`\";&<>|(){}", s[i]) != NULL) ++ return 0; ++ /* Disallow '-' after whitespace */ ++ if (isspace((u_char)s[i]) && s[i + 1] == '-') ++ return 0; ++ /* Disallow \ in last position */ ++ if (s[i] == '\\' && s[i + 1] == '\0') ++ return 0; ++ } ++ return 1; ++} ++ + /* + * Main program for the ssh client. + */ +@@ -1036,7 +1071,11 @@ main(int ac, char **av) + /* Check that we got a host name. */ + if (!host) + usage(); +- ++ ++ if (!valid_hostname(host)) ++ fatal("hostname contains invalid characters"); ++ if (options.user != NULL && !valid_ruser(options.user)) ++ fatal("remote username contains invalid characters"); + host_arg = xstrdup(host); + + /* Initialize the command to execute on remote host. */ +-- +2.27.0 + diff --git a/openssh.spec b/openssh.spec index e98a53e..117d12f 100644 --- a/openssh.spec +++ b/openssh.spec @@ -67,7 +67,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 8.0p1 -%global openssh_rel 19 +%global openssh_rel 20 %global pam_ssh_agent_ver 0.10.3 %global pam_ssh_agent_rel 7 @@ -287,6 +287,7 @@ Patch1002: 1000-openssh-anolis-fix-seccomp-error.patch # End Patch1004: openssh-8.3p1-fix-desynchronised-utimes-failed.patch Patch1005: 1005-terminate-pkcs11-process-for-bad-libraries.patch +Patch1006: openssh-8.0p1-CVE-2023-51385.patch License: BSD Group: Applications/Internet @@ -531,6 +532,7 @@ popd %patch1002 -p1 %patch1004 -p1 %patch1005 -p1 +%patch1006 -p1 autoreconf pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} @@ -816,6 +818,9 @@ getent passwd sshd >/dev/null || \ %endif %changelog +* Tue Jan 16 2024 Chuanyi Feng - 8.0p1-20.0.1 +- Fix CVE-2023-51385 + * Tue Sep 19 2023 Ren Bo - 8.0p1-19.0.1 - Rebuild -- Gitee