packages/libgit2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-22742

Browse Source 
(cherry picked from commit d523dd3596f3190c29fb612752f947b6d5a16b9a)
This commit is contained in:
wk333 2023-12-14 17:08:11 +08:00 committed by openeuler-sync-bot
parent 14be6cd5a1
commit c185be60ba
2 changed files with 410 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

405
CVE-2023-22742.patch Normal file
View File

@ -0,0 +1,405 @@
From: =?UTF-8?q?Carlos=20Mart=C3=ADn=20Nieto?= <carlosmn@github.com>
Date: Tue, 1 Nov 2022 12:54:29 +0100
Subject: [PATCH 1/1] Fix CVE-2023-22742
Upstream(1.4.x): https://github.com/libgit2/libgit2/pull/6449
Origin: https://build.opensuse.org/package/show/openSUSE:Leap:15.4/libgit2.28345
---
src/transports/ssh.c | 324 +++++++++++++++++++++++++++++++++++++------
1 files changed, 283 insertions(+), 41 deletions(-)
diff --git a/src/transports/ssh.c b/src/transports/ssh.c
index 23c6433..8098dda 100644
--- a/src/transports/ssh.c
+++ b/src/transports/ssh.c
@@ -473,15 +473,120 @@ static int request_creds(git_cred **out, ssh_subtransport *t, const char *user,
return 0;
}
+#define KNOWN_HOSTS_FILE ".ssh/known_hosts"
+
+/*
+ * Load the known_hosts file.
+ *
+ * Returns success but leaves the output NULL if we couldn't find the file.
+ */
+static int load_known_hosts(LIBSSH2_KNOWNHOSTS **hosts, LIBSSH2_SESSION *session)
+{
+ char *path = NULL;
+ const char *home;
+ LIBSSH2_KNOWNHOSTS *known_hosts = NULL;
+ int error;
+
+ assert(hosts);
+
+ home = getenv ("HOME");
+ if (!home)
+ return -1;
+ path = (char *) malloc (strlen (home) + strlen (KNOWN_HOSTS_FILE) + 2);
+ sprintf (path, "%s/%s", home, KNOWN_HOSTS_FILE);
+
+ if ((known_hosts = libssh2_knownhost_init(session)) == NULL) {
+ ssh_error(session, "error initializing known hosts");
+ error = -1;
+ goto out;
+ }
+
+ /*
+ * Try to read the file and consider not finding it as not trusting the
+ * host rather than an error.
+ */
+ error = libssh2_knownhost_readfile(known_hosts, path, LIBSSH2_KNOWNHOST_FILE_OPENSSH);
+ if (error == LIBSSH2_ERROR_FILE)
+ error = 0;
+ if (error < 0)
+ ssh_error(session, "error reading known_hosts");
+
+out:
+ *hosts = known_hosts;
+
+ if (path)
+ free (path);
+
+ return error;
+}
+
+static const char *hostkey_type_to_string(int type)
+{
+ switch (type) {
+ case LIBSSH2_KNOWNHOST_KEY_SSHRSA:
+ return "ssh-rsa";
+ case LIBSSH2_KNOWNHOST_KEY_SSHDSS:
+ return "ssh-dss";
+#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_256
+ case LIBSSH2_KNOWNHOST_KEY_ECDSA_256:
+ return "ecdsa-sha2-nistp256";
+ case LIBSSH2_KNOWNHOST_KEY_ECDSA_384:
+ return "ecdsa-sha2-nistp384";
+ case LIBSSH2_KNOWNHOST_KEY_ECDSA_521:
+ return "ecdsa-sha2-nistp521";
+#endif
+#ifdef LIBSSH2_KNOWNHOST_KEY_ED25519
+ case LIBSSH2_KNOWNHOST_KEY_ED25519:
+ return "ssh-ed25519";
+#endif
+ }
+
+ return NULL;
+}
+
+/*
+ * We figure out what kind of key we want to ask the remote for by trying to
+ * look it up with a nonsense key and using that mismatch to figure out what key
+ * we do have stored for the host.
+ *
+ * Returns the string to pass to libssh2_session_method_pref or NULL if we were
+ * unable to find anything or an error happened.
+ */
+static const char *find_hostkey_preference(LIBSSH2_KNOWNHOSTS *known_hosts, const char *hostname, int port)
+{
+ struct libssh2_knownhost *host = NULL;
+ /* Specify no key type so we don't filter on that */
+ int type = LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW;
+ const char key = '\0';
+ int error;
+
+ /*
+ * In case of mismatch, we can find the type of key from known_hosts in
+ * the returned host's information as it means that an entry was found
+ * but our nonsense key obviously didn't match.
+ */
+ error = libssh2_knownhost_checkp(known_hosts, hostname, port, &key, 1, type, &host);
+ if (error == LIBSSH2_KNOWNHOST_CHECK_MISMATCH)
+ return hostkey_type_to_string(host->typemask & LIBSSH2_KNOWNHOST_KEY_MASK);
+
+ return NULL;
+}
+
static int _git_ssh_session_create(
LIBSSH2_SESSION** session,
+ LIBSSH2_KNOWNHOSTS **hosts,
+ const char *hostname,
+ int port,
git_stream *io)
{
int rc = 0;
LIBSSH2_SESSION* s;
+ LIBSSH2_KNOWNHOSTS *known_hosts;
git_socket_stream *socket = (git_socket_stream *) io;
+ const char *keytype = NULL;
assert(session);
+ assert(hosts);
s = libssh2_session_init();
if (!s) {
@@ -489,21 +594,181 @@ static int _git_ssh_session_create(
return -1;
}
+ if ((rc = load_known_hosts(&known_hosts, s)) < 0) {
+ ssh_error(s, "error loading known_hosts");
+ libssh2_session_free(s);
+ return -1;
+ }
+
+ if ((keytype = find_hostkey_preference(known_hosts, hostname, port)) != NULL) {
+ do {
+ rc = libssh2_session_method_pref(s, LIBSSH2_METHOD_HOSTKEY, keytype);
+ } while (LIBSSH2_ERROR_EAGAIN == rc || LIBSSH2_ERROR_TIMEOUT == rc);
+ if (rc != LIBSSH2_ERROR_NONE) {
+ ssh_error(s, "failed to set hostkey preference");
+ goto on_error;
+ }
+ }
+
do {
rc = libssh2_session_handshake(s, socket->s);
} while (LIBSSH2_ERROR_EAGAIN == rc || LIBSSH2_ERROR_TIMEOUT == rc);
if (rc != LIBSSH2_ERROR_NONE) {
ssh_error(s, "failed to start SSH session");
- libssh2_session_free(s);
- return -1;
+
}
libssh2_session_set_blocking(s, 1);
*session = s;
+ *hosts = known_hosts;
return 0;
+
+on_error:
+ libssh2_knownhost_free(known_hosts);
+ libssh2_session_free(s);
+ return -1;
+}
+
+/*
+ * Returns the typemask argument to pass to libssh2_knownhost_check{,p} based on
+ * the type of key that libssh2_session_hostkey returns.
+ */
+static int fingerprint_type_mask(int keytype)
+{
+ int mask = LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW;
+ return mask;
+
+ switch (keytype) {
+ case LIBSSH2_HOSTKEY_TYPE_RSA:
+ mask |= LIBSSH2_KNOWNHOST_KEY_SSHRSA;
+ break;
+ case LIBSSH2_HOSTKEY_TYPE_DSS:
+ mask |= LIBSSH2_KNOWNHOST_KEY_SSHDSS;
+ break;
+#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256
+ case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
+ mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_256;
+ break;
+ case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
+ mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_384;
+ break;
+ case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
+ mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
+ break;
+#endif
+#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
+ case LIBSSH2_HOSTKEY_TYPE_ED25519:
+ mask |= LIBSSH2_KNOWNHOST_KEY_ED25519;
+ break;
+#endif
+ }
+
+ return mask;
+}
+
+/*
+ * Check the host against the user's known_hosts file.
+ *
+ * Returns 1/0 for valid/''not-valid or <0 for an error
+ */
+static int check_against_known_hosts(
+ LIBSSH2_SESSION *session,
+ LIBSSH2_KNOWNHOSTS *known_hosts,
+ const char *hostname,
+ int port,
+ const char *key,
+ size_t key_len,
+ int key_type)
+{
+ int check, typemask, ret = 0;
+ struct libssh2_knownhost *host = NULL;
+
+ if (known_hosts == NULL)
+ return 0;
+
+ typemask = fingerprint_type_mask(key_type);
+ check = libssh2_knownhost_checkp(known_hosts, hostname, port, key, key_len, typemask, &host);
+ if (check == LIBSSH2_KNOWNHOST_CHECK_FAILURE) {
+ ssh_error(session, "error checking for known host");
+ return -1;
+ }
+
+ ret = check == LIBSSH2_KNOWNHOST_CHECK_MATCH ? 1 : 0;
+
+ return ret;
+}
+
+/*
+ * Perform the check for the session's certificate against known hosts if
+ * possible and then ask the user if they have a callback.
+ *
+ * Returns 1/0 for valid/not-valid or <0 for an error
+ */
+static int check_certificate(
+ LIBSSH2_SESSION *session,
+ LIBSSH2_KNOWNHOSTS *known_hosts,
+ git_transport_certificate_check_cb check_cb,
+ void *check_cb_payload,
+ const char *host,
+ int port)
+{
+ git_cert_hostkey cert = {{ 0 }};
+ const char *key;
+ size_t cert_len;
+ int cert_type, cert_valid = 0, error = 0;
+
+ if ((key = libssh2_session_hostkey(session, &cert_len, &cert_type)) == NULL) {
+ ssh_error(session, "failed to retrieve hostkey");
+ return -1;
+ }
+
+ if ((cert_valid = check_against_known_hosts(session, known_hosts, host, port, key, cert_len, cert_type)) < 0)
+ return -1;
+
+ cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2;
+ key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
+ if (key != NULL) {
+ cert.type |= GIT_CERT_SSH_SHA1;
+ memcpy(&cert.hash_sha1, key, 20);
+ }
+
+ key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+ if (key != NULL) {
+ cert.type |= GIT_CERT_SSH_MD5;
+ memcpy(&cert.hash_md5, key, 16);
+ }
+
+ if (cert.type == 0) {
+ giterr_set(GITERR_SSH, "unable to get the host key");
+ return -1;
+ }
+
+ giterr_clear();
+ error = 0;
+ if (!cert_valid) {
+ giterr_set(GITERR_SSH, "invalid or unknown remote ssh hostkey");
+ error = GIT_ECERTIFICATE;
+ }
+
+ if (check_cb != NULL) {
+ git_cert_hostkey *cert_ptr = &cert;
+ git_error_state previous_error = {0};
+
+ giterr_state_capture(&previous_error, error);
+ error = check_cb((git_cert *) cert_ptr, cert_valid, host, check_cb_payload);
+ if (error == GIT_PASSTHROUGH) {
+ error = giterr_state_restore(&previous_error);
+ } else if (error < 0 && !giterr_last()) {
+ giterr_set(GITERR_NET, "user canceled hostkey check");
+ }
+
+ giterr_state_free(&previous_error);
+ }
+
+ return error;
}
static int _git_ssh_setup_conn(
@@ -514,12 +779,13 @@ static int _git_ssh_setup_conn(
{
char *host=NULL, *port=NULL, *path=NULL, *user=NULL, *pass=NULL;
const char *default_port="22";
- int auth_methods, error = 0;
+ int auth_methods, error = 0, port_num;
size_t i;
ssh_stream *s;
git_cred *cred = NULL;
LIBSSH2_SESSION* session=NULL;
LIBSSH2_CHANNEL* channel=NULL;
+ LIBSSH2_KNOWNHOSTS *known_hosts = NULL;
t->current_stream = NULL;
@@ -551,46 +817,20 @@ post_extract:
(error = git_stream_connect(s->io)) < 0)
goto done;
- if ((error = _git_ssh_session_create(&session, s->io)) < 0)
- goto done;
-
- if (t->owner->certificate_check_cb != NULL) {
- git_cert_hostkey cert = {{ 0 }}, *cert_ptr;
- const char *key;
-
- cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2;
-
- key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
- if (key != NULL) {
- cert.type |= GIT_CERT_SSH_SHA1;
- memcpy(&cert.hash_sha1, key, 20);
- }
-
- key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
- if (key != NULL) {
- cert.type |= GIT_CERT_SSH_MD5;
- memcpy(&cert.hash_md5, key, 16);
- }
-
- if (cert.type == 0) {
- giterr_set(GITERR_SSH, "unable to get the host key");
- error = -1;
- goto done;
- }
-
- /* We don't currently trust any hostkeys */
- giterr_clear();
-
- cert_ptr = &cert;
+ /*
+ * Try to parse the port as a number, if we can't then fall back to
+ * default. It would be nice if we could get the port that was resolved
+ * as part of the stream connection, but that's not something that's
+ * exposed.
+ */
+ if (git__strntol32(&port_num, port, strlen(port), NULL, 10) < 0)
+ port_num = -1;
- error = t->owner->certificate_check_cb((git_cert *) cert_ptr, 0, host, t->owner->message_cb_payload);
- if (error < 0) {
- if (!giterr_last())
- giterr_set(GITERR_NET, "user cancelled hostkey check");
+ if ((error = _git_ssh_session_create(&session, &known_hosts, host, port, s->io)) < 0)
+ goto done;
- goto done;
- }
- }
+ if ((error = check_certificate(session, known_hosts, t->owner->certificate_check_cb, t->owner->message_cb_payload, host, port)) < 0)
+ goto done;
/* we need the username to ask for auth methods */
if (!user) {
@@ -654,6 +894,8 @@ done:
if (error < 0) {
ssh_stream_free(*stream);
+ if (known_hosts)
+ libssh2_knownhost_free(known_hosts);
if (session)
libssh2_session_free(session);
}
--
2.33.0

6
libgit2.spec
View File

@ -1,6 +1,6 @@
Name: libgit2
Version: 0.27.8
Release: 6
Release: 7
Summary: portable, pure C implementation of the Git core methods
License: GPLv2 with exceptions
URL: https://libgit2.org
@ -10,6 +10,7 @@ Patch0001: 0001-tests-don-t-run-buf-oom-on-32-bit-systems.patch
Patch0002: CVE-2020-12278.patch
Patch0003: CVE-2020-12279.patch
Patch0004: Remove-error-prone-redundant-test.patch
Patch0005: CVE-2023-22742.patch
BuildRequires: gcc cmake >= 2.8.11 ninja-build http-parser-devel libcurl-devel
BuildRequires: libssh2-devel openssl-devel python3 zlib-devel
@ -58,6 +59,9 @@ sed -i '/ADD_TEST(online/s/^/#/' tests/CMakeLists.txt
%{_includedir}/git2*
%changelog
* Thu Dec 14 2023 wangkai <13474090681@163.com> - 0.27.8-7
- Fix CVE-2023-22742
* Tue May 24 2022 liyanan <liyanan32@h-partners.com> - 0.27.8-6
- Remove error-prone, redundant test