summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-03-03 09:58:35 (GMT)
committerNora Björklund <nora.bjorklund@enea.com>2016-03-07 13:34:49 (GMT)
commitf6f328f5d40e8d135fe1251ca13e2e521dd6aebf (patch)
treec3493b7d5e16867e7e27bf966e42678a9c9a94e1
parenta75cee30877e48e44e72a2f2f7d319f3eac575c9 (diff)
downloadmeta-openembedded-f6f328f5d40e8d135fe1251ca13e2e521dd6aebf.tar.gz
libssh2: CVE-2016-0787dizzy-enea
bits/bytes confusion resulting in truncated Diffie-Hellman secret length Reference: https://www.libssh2.org/adv_20160223.html Reference to upstream patch: https://www.libssh2.org/CVE-2016-0787.patch Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
-rw-r--r--meta-oe/recipes-support/libssh2/files/CVE-2016-0787.patch36
-rw-r--r--meta-oe/recipes-support/libssh2/libssh2_1.4.3.bb6
2 files changed, 41 insertions, 1 deletions
diff --git a/meta-oe/recipes-support/libssh2/files/CVE-2016-0787.patch b/meta-oe/recipes-support/libssh2/files/CVE-2016-0787.patch
new file mode 100644
index 0000000..9468feb
--- /dev/null
+++ b/meta-oe/recipes-support/libssh2/files/CVE-2016-0787.patch
@@ -0,0 +1,36 @@
1From 8a453a7b0f1e667b7369eb73b00843a8decdecc9 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Thu, 11 Feb 2016 13:52:20 +0100
4Subject: [PATCH] diffie_hellman_sha256: convert bytes to bits
5
6As otherwise we get far too small numbers.
7
8CVE-2016-0787
9Patch is from [https://www.libssh2.org/CVE-2016-0787.patch]
10
11Upstream-Status: Backport
12Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
13---
14 src/kex.c | 2 +-
15 1 file changed, 1 insertion(+), 1 deletion(-)
16
17diff --git a/src/kex.c b/src/kex.c
18index 6349457..e89b36c 100644
19--- a/src/kex.c
20+++ b/src/kex.c
21@@ -751,11 +751,11 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
22
23 /* Zero the whole thing out */
24 memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
25
26 /* Generate x and e */
27- _libssh2_bn_rand(exchange_state->x, group_order, 0, -1);
28+ _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1);
29 _libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p,
30 exchange_state->ctx);
31
32 /* Send KEX init */
33 /* packet_type(1) + String Length(4) + leading 0(1) */
34--
352.7.0
36
diff --git a/meta-oe/recipes-support/libssh2/libssh2_1.4.3.bb b/meta-oe/recipes-support/libssh2/libssh2_1.4.3.bb
index b537663..8f64cf0 100644
--- a/meta-oe/recipes-support/libssh2/libssh2_1.4.3.bb
+++ b/meta-oe/recipes-support/libssh2/libssh2_1.4.3.bb
@@ -1,4 +1,5 @@
1SUMMARY = "A client-side C library implementing the SSH2 protocol" 1SUMMARY = "A client-side C library implementing the SSH2 protocol"
2FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
2HOMEPAGE = "http://www.libssh2.org/" 3HOMEPAGE = "http://www.libssh2.org/"
3SECTION = "libs" 4SECTION = "libs"
4 5
@@ -7,7 +8,10 @@ DEPENDS = "zlib openssl"
7LICENSE = "BSD" 8LICENSE = "BSD"
8LIC_FILES_CHKSUM = "file://COPYING;md5=d00afe44f336a79a2ca7e1681ce14509" 9LIC_FILES_CHKSUM = "file://COPYING;md5=d00afe44f336a79a2ca7e1681ce14509"
9 10
10SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz" 11SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
12 file://CVE-2016-0787.patch \
13 "
14
11SRC_URI[md5sum] = "071004c60c5d6f90354ad1b701013a0b" 15SRC_URI[md5sum] = "071004c60c5d6f90354ad1b701013a0b"
12SRC_URI[sha256sum] = "eac6f85f9df9db2e6386906a6227eb2cd7b3245739561cad7d6dc1d5d021b96d" 16SRC_URI[sha256sum] = "eac6f85f9df9db2e6386906a6227eb2cd7b3245739561cad7d6dc1d5d021b96d"
13 17