From 76675a1f732d21cdd430dd63770eadaa0ac82498 Mon Sep 17 00:00:00 2001 From: Wout Mertens Date: Wed, 30 Dec 2020 16:38:10 +0100 Subject: [PATCH] pam-ssh-agent: fix EDCSA crash --- .../linux/pam_ssh_agent_auth/default.nix | 1 + .../pam_ssh_agent_auth/edcsa-crash-fix.patch | 53 +++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 pkgs/os-specific/linux/pam_ssh_agent_auth/edcsa-crash-fix.patch diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix index b8cdda5a69a5..167363e60a85 100644 --- a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix +++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix @@ -24,6 +24,7 @@ stdenv.mkDerivation rec { # Allow multiple colon-separated authorized keys files to be # specified in the file= option. ./multiple-key-files.patch + ./edcsa-crash-fix.patch ]; configureFlags = [ diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/edcsa-crash-fix.patch b/pkgs/os-specific/linux/pam_ssh_agent_auth/edcsa-crash-fix.patch new file mode 100644 index 000000000000..45ee87458161 --- /dev/null +++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/edcsa-crash-fix.patch @@ -0,0 +1,53 @@ +commit 1b0d9bcc5f5cd78b0bb1357d6a11da5d616ad26f +Author: Wout Mertens +Date: Thu Jun 11 18:08:13 2020 +0200 + + fix segfault when using ECDSA keys. + + Author: Marc Deslauriers + Bug-Ubuntu: https://bugs.launchpad.net/bugs/1869512 + +diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c +index 5b13b30..5bf29cc 100644 +--- a/ssh-ecdsa.c ++++ b/ssh-ecdsa.c +@@ -46,7 +46,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + u_int len, dlen; + Buffer b, bb; + #if OPENSSL_VERSION_NUMBER >= 0x10100005L +- BIGNUM *r, *s; ++ BIGNUM *r = NULL, *s = NULL; + #endif + + if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) { +@@ -137,20 +137,27 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + + /* parse signature */ + if ((sig = ECDSA_SIG_new()) == NULL) +- pamsshagentauth_fatal("ssh_ecdsa_verify: DSA_SIG_new failed"); ++ pamsshagentauth_fatal("ssh_ecdsa_verify: ECDSA_SIG_new failed"); + + pamsshagentauth_buffer_init(&b); + pamsshagentauth_buffer_append(&b, sigblob, len); + #if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1)) ++ pamsshagentauth_fatal("ssh_ecdsa_verify:" ++ "pamsshagentauth_buffer_get_bignum2_ret failed"); + #else +- DSA_SIG_get0(sig, &r, &s); ++ if ((r = BN_new()) == NULL) ++ pamsshagentauth_fatal("ssh_ecdsa_verify: BN_new failed"); ++ if ((s = BN_new()) == NULL) ++ pamsshagentauth_fatal("ssh_ecdsa_verify: BN_new failed"); + if ((pamsshagentauth_buffer_get_bignum2_ret(&b, r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(&b, s) == -1)) +-#endif + pamsshagentauth_fatal("ssh_ecdsa_verify:" + "pamsshagentauth_buffer_get_bignum2_ret failed"); ++ if (ECDSA_SIG_set0(sig, r, s) != 1) ++ pamsshagentauth_fatal("ssh_ecdsa_verify: ECDSA_SIG_set0 failed"); ++#endif + + /* clean up */ + memset(sigblob, 0, len);