Merge branch 'master' of https://github.com/openssh/openssh-portable into latestw

2017-04-10 15:11:19 -07:00 · 2017-04-10 15:11:19 -07:00 · e91d1f7ef1
parent 3965d200c7 d9048861be
commit e91d1f7ef1
8 changed files with 31 additions and 128 deletions
--- a/Makefile.in
+++ b/Makefile.in
@ -80,7 +80,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
 	canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \
 	cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
 	compat.o crc32.o deattack.o fatal.o hostfile.o \
-	log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \
+	log.o match.o moduli.o nchan.o packet.o opacket.o \
 	readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
 	atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \
 	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
--- a/auth-pam.c
+++ b/auth-pam.c
@ -106,7 +106,6 @@ extern char *__progname;

 extern ServerOptions options;
 extern Buffer loginmsg;
-extern int compat20;
 extern u_int utmp_len;

 /* so we don't silently change behaviour */
@ -468,18 +467,16 @@ sshpam_thread(void *ctxtp)
 	if (sshpam_err != PAM_SUCCESS)
 		goto auth_fail;

-	if (compat20) {
-		if (!do_pam_account()) {
-			sshpam_err = PAM_ACCT_EXPIRED;
+	if (!do_pam_account()) {
+		sshpam_err = PAM_ACCT_EXPIRED;
+		goto auth_fail;
+	}
+	if (sshpam_authctxt->force_pwchange) {
+		sshpam_err = pam_chauthtok(sshpam_handle,
+		    PAM_CHANGE_EXPIRED_AUTHTOK);
+		if (sshpam_err != PAM_SUCCESS)
 			goto auth_fail;
-		}
-		if (sshpam_authctxt->force_pwchange) {
-			sshpam_err = pam_chauthtok(sshpam_handle,
-			    PAM_CHANGE_EXPIRED_AUTHTOK);
-			if (sshpam_err != PAM_SUCCESS)
-				goto auth_fail;
-			sshpam_password_change_required(0);
-		}
+		sshpam_password_change_required(0);
 	}

 	buffer_put_cstring(&buffer, "OK");
--- a/configure.ac
+++ b/configure.ac
@ -179,6 +179,7 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
 CFLAGS="$saved_CFLAGS"

 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
+	OSSH_CHECK_CFLAG_COMPILE([-pipe])
 	OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
 	OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
 	OSSH_CHECK_CFLAG_COMPILE([-Wall])
@ -2769,9 +2770,6 @@ if test "x$openssl" = "xyes" ; then
 	#include <openssl/evp.h>
 	#include <openssl/objects.h>
 	#include <openssl/opensslv.h>
-	#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
-	# error "OpenSSL < 0.9.8g has unreliable ECC code"
-	#endif
 		]], [[
 		EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
 		const EVP_MD *m = EVP_sha256(); /* We need this too */
@ -2790,9 +2788,6 @@ if test "x$openssl" = "xyes" ; then
 	#include <openssl/evp.h>
 	#include <openssl/objects.h>
 	#include <openssl/opensslv.h>
-	#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
-	# error "OpenSSL < 0.9.8g has unreliable ECC code"
-	#endif
 		]], [[
 		EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
 		const EVP_MD *m = EVP_sha384(); /* We need this too */
@ -2811,9 +2806,6 @@ if test "x$openssl" = "xyes" ; then
 	#include <openssl/evp.h>
 	#include <openssl/objects.h>
 	#include <openssl/opensslv.h>
-	#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
-	# error "OpenSSL < 0.9.8g has unreliable ECC code"
-	#endif
 		]], [[
 		EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
 		const EVP_MD *m = EVP_sha512(); /* We need this too */
--- a/kex.c
+++ b/kex.c
@ -54,14 +54,6 @@
 #include "sshbuf.h"
 #include "digest.h"

-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
-# if defined(HAVE_EVP_SHA256)
-# define evp_ssh_sha256 EVP_sha256
-# else
-extern const EVP_MD *evp_ssh_sha256(void);
-# endif
-#endif
-
 /* prototype */
 static int kex_choose_conf(struct ssh *);
 static int kex_input_newkeys(int, u_int32_t, void *);
--- a/md-sha256.c
+++ b/md-sha256.c
@ -1,86 +0,0 @@
-/* $OpenBSD: md-sha256.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */
-/*
- * Copyright (c) 2005 Damien Miller <djm@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* EVP wrapper for SHA256 */
-
-#include "includes.h"
-
-#include <sys/types.h>
-#include <openssl/opensslv.h>
-
-#if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
-
-#include <string.h>
-#include <openssl/evp.h>
-#ifdef HAVE_SHA256_UPDATE
-# ifdef HAVE_SHA2_H
-#  include <sha2.h>
-# elif defined(HAVE_CRYPTO_SHA2_H)
-#  include <crypto/sha2.h>
-# endif
-#endif
-
-const EVP_MD *evp_ssh_sha256(void);
-
-static int
-ssh_sha256_init(EVP_MD_CTX *ctxt)
-{
-	SHA256_Init(ctxt->md_data);
-	return (1);
-}
-
-static int
-ssh_sha256_update(EVP_MD_CTX *ctxt, const void *data, unsigned long len)
-{
-	SHA256_Update(ctxt->md_data, data, len);
-	return (1);
-}
-
-static int
-ssh_sha256_final(EVP_MD_CTX *ctxt, unsigned char *digest)
-{
-	SHA256_Final(digest, ctxt->md_data);
-	return (1);
-}
-
-static int
-ssh_sha256_cleanup(EVP_MD_CTX *ctxt)
-{
-	memset(ctxt->md_data, 0, sizeof(SHA256_CTX));
-	return (1);
-}
-
-const EVP_MD *
-evp_ssh_sha256(void)
-{
-	static EVP_MD ssh_sha256;
-
-	memset(&ssh_sha256, 0, sizeof(ssh_sha256));
-	ssh_sha256.type = NID_undef;
-	ssh_sha256.md_size = SHA256_DIGEST_LENGTH;
-	ssh_sha256.init = ssh_sha256_init;
-	ssh_sha256.update = ssh_sha256_update;
-	ssh_sha256.final = ssh_sha256_final;
-	ssh_sha256.cleanup = ssh_sha256_cleanup;
-	ssh_sha256.block_size = SHA256_BLOCK_LENGTH;
-	ssh_sha256.ctx_size = sizeof(SHA256_CTX);
-
-	return (&ssh_sha256);
-}
-
-#endif /* !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) */
-
--- a/openbsd-compat/fmt_scaled.c
+++ b/openbsd-compat/fmt_scaled.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: fmt_scaled.c,v 1.13 2017/03/11 23:37:23 djm Exp $	*/
+/*	$OpenBSD: fmt_scaled.c,v 1.16 2017/03/16 02:40:46 dtucker Exp $	*/

 /*
 * Copyright (c) 2001, 2002, 2003 Ian F. Darwin.  All rights reserved.
@ -125,22 +125,30 @@ scan_scaled(char *scaled, long long *result)
 				/* ignore extra fractional digits */
 				continue;
 			fract_digits++;		/* for later scaling */
-			if (fpart >= LLONG_MAX / 10) {
+			if (fpart > LLONG_MAX / 10) {
 				errno = ERANGE;
 				return -1;
 			}
 			fpart *= 10;
+			if (i > LLONG_MAX - fpart) {
+				errno = ERANGE;
+				return -1;
+			}
 			fpart += i;
 		} else {				/* normal digit */
 			if (++ndigits >= MAX_DIGITS) {
 				errno = ERANGE;
 				return -1;
 			}
-			if (whole >= LLONG_MAX / 10) {
+			if (whole > LLONG_MAX / 10) {
 				errno = ERANGE;
 				return -1;
 			}
 			whole *= 10;
+			if (i > LLONG_MAX - whole) {
+				errno = ERANGE;
+				return -1;
+			}
 			whole += i;
 		}
 	}
@ -170,7 +178,9 @@ scan_scaled(char *scaled, long long *result)
 			}
 			scale_fact = scale_factors[i];

-			if (whole >= LLONG_MAX / scale_fact) {
+			/* check for overflow and underflow after scaling */
+			if (whole > LLONG_MAX / scale_fact ||
+			    whole < LLONG_MIN / scale_fact) {
 				errno = ERANGE;
 				return -1;
 			}
--- a/sshd.c
+++ b/sshd.c
@ -233,6 +233,7 @@ int use_privsep = -1;
 #endif
 struct monitor *pmonitor = NULL;
 int privsep_is_preauth = 1;
+static int privsep_chroot = 1;

 /* global authentication context */
 Authctxt *the_authctxt = NULL;
@ -577,7 +578,7 @@ privsep_preauth_child(void)
 	demote_sensitive_data();

 	/* Demote the child */
-	if (getuid() == 0 || geteuid() == 0) {
+	if (privsep_chroot) {
 		/* Change our root directory */
 		if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
 			fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
@ -1717,8 +1718,9 @@ main(int ac, char **av)

 #ifndef WINDOWS /* not applicable in Windows */
 	/* Store privilege separation user for later use if required. */
+	privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0);
 	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
-		if (use_privsep || options.kerberos_authentication)
+		if (privsep_chroot || options.kerberos_authentication)
 			fatal("Privilege separation user %s does not exist",
 			    SSH_PRIVSEP_USER);
 	} else {
@ -1847,7 +1849,7 @@ main(int ac, char **av)
 		    key_type(key));
 	}

-	if (use_privsep) {
+	if (privsep_chroot) {
 		struct stat st;

 		if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
--- a/sshkey.c
+++ b/sshkey.c
@ -3513,11 +3513,7 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob,
 	int success, r;
 	int blen, len = strlen(_passphrase);
 	u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL;
-#if (OPENSSL_VERSION_NUMBER < 0x00907000L)
-	const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
-#else
- 	const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL;
-#endif
+	const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL;
 	const u_char *bptr;
 	BIO *bio = NULL;