Package: libssh / 0.4.5-3+squeeze3

CVE-2014-0017.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
Description: security: fix for vulnerability CVE-2014-0017
From: Aris Adamantiadis <aris@0xbadc0de.be>

--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -115,5 +115,6 @@ int crypt_set_algorithms_server(ssh_sess
 struct ssh_crypto_struct *crypto_new(void);
 void crypto_free(struct ssh_crypto_struct *crypto);
 
+void ssh_reseed(void);
 
 #endif /* WRAPPER_H_ */
--- a/libssh/server.c
+++ b/libssh/server.c
@@ -266,7 +266,8 @@ int ssh_bind_accept(ssh_bind sshbind, ss
   ssh_socket_set_fd(session->socket, fd);
   session->dsa_key = dsa;
   session->rsa_key = rsa;
-
+  /* force PRNG to change state in case we fork after ssh_bind_accept */
+  ssh_reseed();
   return SSH_OK;
 }
 
--- a/libssh/wrapper.c
+++ b/libssh/wrapper.c
@@ -35,6 +35,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <sys/time.h>
 
 #include "libssh/priv.h"
 #include "libssh/session.h"
@@ -54,6 +55,9 @@ static int alloc_key(struct crypto_struc
     return 0;
 }
 
+void ssh_reseed(void){
+       }
+
 SHACTX sha1_init(void) {
   SHACTX ctx = NULL;
   gcry_md_open(&ctx, GCRY_MD_SHA1, 0);
@@ -438,6 +442,8 @@ static struct crypto_struct ssh_cipherta
 #include <openssl/rsa.h>
 #include <openssl/hmac.h>
 #include <openssl/opensslv.h>
+#include <openssl/rand.h>
+
 #ifdef HAVE_OPENSSL_AES_H
 #define HAS_AES
 #include <openssl/aes.h>
@@ -466,6 +472,12 @@ static int alloc_key(struct crypto_struc
     return 0;
 }
 
+void ssh_reseed(void){
+    struct timeval tv;
+    gettimeofday(&tv, NULL);
+    RAND_add(&tv, sizeof(tv), 0.0);
+}
+
 SHACTX sha1_init(void) {
   SHACTX c = malloc(sizeof(*c));
   if (c == NULL) {