security: fix for vulnerability CVE-2014-0017

When accepting a new connection, a forking server based on libssh forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. This can cause several children to end up with same PRNG state which is a security issue. Conflicts: src/bind.c
tests: Add a sftp_read blocking test.
2026-02-04 20:30:38 +09:00 · 2014-03-04 09:54:25 +01:00 · 2013-10-23 15:54:12 +02:00 · 2013-10-06 17:48:40 +02:00
7 changed files with 104 additions and 5 deletions
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -44,5 +44,6 @@ int crypt_set_algorithms_server(ssh_session session);
 struct ssh_crypto_struct *crypto_new(void);
 void crypto_free(struct ssh_crypto_struct *crypto);

+void ssh_reseed(void);

 #endif /* WRAPPER_H_ */
--- a/src/bind.c
+++ b/src/bind.c
@@ -374,7 +374,8 @@ int ssh_bind_accept(ssh_bind sshbind, ssh_session session) {
  ssh_socket_get_poll_handle_out(session->socket);
  session->dsa_key = dsa;
  session->rsa_key = rsa;
-
+  /* force PRNG to change state in case we fork after ssh_bind_accept */
+  ssh_reseed();
  return SSH_OK;
 }

--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -23,6 +23,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <sys/time.h>

 #include "libssh/priv.h"
 #include "libssh/session.h"
@@ -38,6 +39,8 @@
 #include <openssl/rsa.h>
 #include <openssl/hmac.h>
 #include <openssl/opensslv.h>
+#include <openssl/rand.h>
+
 #ifdef HAVE_OPENSSL_AES_H
 #define HAS_AES
 #include <openssl/aes.h>
@@ -66,6 +69,12 @@ static int alloc_key(struct crypto_struct *cipher) {
    return 0;
 }

+void ssh_reseed(void){
+    struct timeval tv;
+    gettimeofday(&tv, NULL);
+    RAND_add(&tv, sizeof(tv), 0.0);
+}
+
 SHACTX sha1_init(void) {
  SHACTX c = malloc(sizeof(*c));
  if (c == NULL) {
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -41,6 +41,9 @@ static int alloc_key(struct crypto_struct *cipher) {
    return 0;
 }

+void ssh_reseed(void){
+	}
+
 SHACTX sha1_init(void) {
  SHACTX ctx = NULL;
  gcry_md_open(&ctx, GCRY_MD_SHA1, 0);
--- a/src/socket.c
+++ b/src/socket.c
@@ -280,10 +280,12 @@ int ssh_socket_pollcallback(struct ssh_poll_handle_struct *p, socket_t fd, int r
 			/* Bufferize the data and then call the callback */
 			buffer_add_data(s->in_buffer,buffer,r);
 			if(s->callbacks && s->callbacks->data){
-				r= s->callbacks->data(buffer_get_rest(s->in_buffer),
-						buffer_get_rest_len(s->in_buffer),
-						s->callbacks->userdata);
-				buffer_pass_bytes(s->in_buffer,r);
+				do {
+					r= s->callbacks->data(buffer_get_rest(s->in_buffer),
+							buffer_get_rest_len(s->in_buffer),
+							s->callbacks->userdata);
+					buffer_pass_bytes(s->in_buffer,r);
+				} while (r > 0);
 				/* p may have been freed, so don't use it
 				* anymore in this function */
 				p = NULL;
--- a/tests/client/CMakeLists.txt
+++ b/tests/client/CMakeLists.txt
@@ -8,4 +8,5 @@ add_cmockery_test(torture_proxycommand torture_proxycommand.c ${TORTURE_LIBRARY}
 if (WITH_SFTP)
    add_cmockery_test(torture_sftp_static torture_sftp_static.c ${TORTURE_LIBRARY})
    add_cmockery_test(torture_sftp_dir torture_sftp_dir.c ${TORTURE_LIBRARY})
+    add_cmockery_test(torture_sftp_read torture_sftp_read.c ${TORTURE_LIBRARY})
 endif (WITH_SFTP)
--- a/tests/client/torture_sftp_read.c
+++ b/tests/client/torture_sftp_read.c
@@ -0,0 +1,82 @@
+#define LIBSSH_STATIC
+
+#include "torture.h"
+#include "sftp.c"
+
+#define MAX_XFER_BUF_SIZE 16384
+
+static void setup(void **state) {
+    ssh_session session;
+    struct torture_sftp *t;
+    const char *host;
+    const char *user;
+    const char *password;
+
+    host = getenv("TORTURE_HOST");
+    if (host == NULL) {
+        host = "localhost";
+    }
+
+    user = getenv("TORTURE_USER");
+    password = getenv("TORTURE_PASSWORD");
+
+    session = torture_ssh_session(host, user, password);
+    assert_false(session == NULL);
+    t = torture_sftp_session(session);
+    assert_false(t == NULL);
+
+    *state = t;
+}
+
+static void teardown(void **state) {
+    struct torture_sftp *t = *state;
+
+    assert_false(t == NULL);
+
+    torture_rmdirs(t->testdir);
+    torture_sftp_close(t);
+}
+
+static void torture_sftp_read_blocking(void **state) {
+    struct torture_sftp *t = *state;
+    char libssh_tmp_file[] = "/tmp/libssh_sftp_test_XXXXXX";
+    char buf[MAX_XFER_BUF_SIZE];
+    ssize_t bytesread;
+    ssize_t byteswritten;
+    int fd;
+    sftp_file file;
+
+
+    file = sftp_open(t->sftp, "/usr/bin/ssh", O_RDONLY, 0);
+
+    fd = mkstemp(libssh_tmp_file);
+    unlink(libssh_tmp_file);
+
+    for (;;) {
+        bytesread = sftp_read(file, buf, MAX_XFER_BUF_SIZE);
+        if (bytesread == 0) {
+                break; /* EOF */
+        }
+        assert_false(bytesread < 0);
+
+        byteswritten = write(fd, buf, bytesread);
+        assert_int_equal(byteswritten, bytesread);
+    }
+
+    close(fd);
+    sftp_close(file);
+}
+
+int torture_run_tests(void) {
+    int rc;
+    const UnitTest tests[] = {
+        unit_test_setup_teardown(torture_sftp_read_blocking, setup, teardown)
+    };
+
+    ssh_init();
+
+    rc = run_tests(tests);
+    ssh_finalize();
+
+    return rc;
+}