[openssh] - clean the data structures in the non privileged process - clean the data structures when roaming

Jan F. Chadima jfch2222 at fedoraproject.org
Mon Feb 7 19:47:35 UTC 2011 

commit cfb0f30feb06906edffa26d764ab8acc4881beaa
Author: Jan F <jfch at kerberos.example.com>
Date:   Mon Feb 7 20:47:23 2011 +0100

    - clean the data structures in the non privileged process
    - clean the data structures when roaming

 openssh-5.6p1-audit5.patch |   79 ++++++++++++++++++++++---------------------
 openssh.spec               |    5 ++-
 2 files changed, 43 insertions(+), 41 deletions(-)
---
diff --git a/openssh-5.6p1-audit5.patch b/openssh-5.6p1-audit5.patch
index 30c8f72..4be224a 100644
--- a/openssh-5.6p1-audit5.patch
+++ b/openssh-5.6p1-audit5.patch
@@ -1,6 +1,6 @@
 diff -up openssh-5.6p1/audit-bsm.c.audit5 openssh-5.6p1/audit-bsm.c
---- openssh-5.6p1/audit-bsm.c.audit5	2011-02-06 14:24:44.000000000 +0100
-+++ openssh-5.6p1/audit-bsm.c	2011-02-06 14:24:44.000000000 +0100
+--- openssh-5.6p1/audit-bsm.c.audit5	2011-02-07 18:53:53.000000000 +0100
++++ openssh-5.6p1/audit-bsm.c	2011-02-07 18:53:53.000000000 +0100
 @@ -401,4 +401,10 @@ audit_session_key_free_body(int ctos)
  {
  	/* not implemented */
@@ -13,8 +13,8 @@ diff -up openssh-5.6p1/audit-bsm.c.audit5 openssh-5.6p1/audit-bsm.c
 +}
  #endif /* BSM */
 diff -up openssh-5.6p1/audit.c.audit5 openssh-5.6p1/audit.c
---- openssh-5.6p1/audit.c.audit5	2011-02-06 14:24:44.000000000 +0100
-+++ openssh-5.6p1/audit.c	2011-02-06 14:24:44.000000000 +0100
+--- openssh-5.6p1/audit.c.audit5	2011-02-07 18:53:53.000000000 +0100
++++ openssh-5.6p1/audit.c	2011-02-07 18:53:53.000000000 +0100
 @@ -268,5 +268,14 @@ audit_session_key_free_body(int ctos)
  {
  	debug("audit session key discard euid %d direction %d", geteuid(), ctos);
@@ -31,8 +31,8 @@ diff -up openssh-5.6p1/audit.c.audit5 openssh-5.6p1/audit.c
  # endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
  #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.6p1/audit.h.audit5 openssh-5.6p1/audit.h
---- openssh-5.6p1/audit.h.audit5	2011-02-06 14:24:44.000000000 +0100
-+++ openssh-5.6p1/audit.h	2011-02-06 14:24:44.000000000 +0100
+--- openssh-5.6p1/audit.h.audit5	2011-02-07 18:53:53.000000000 +0100
++++ openssh-5.6p1/audit.h	2011-02-07 18:53:53.000000000 +0100
 @@ -62,5 +62,6 @@ void	audit_unsupported_body(int);
  void	audit_kex_body(int, char *, char *, char *);
  void	audit_session_key_free(int ctos);
@@ -41,8 +41,8 @@ diff -up openssh-5.6p1/audit.h.audit5 openssh-5.6p1/audit.h
  
  #endif /* _SSH_AUDIT_H */
 diff -up openssh-5.6p1/audit-linux.c.audit5 openssh-5.6p1/audit-linux.c
---- openssh-5.6p1/audit-linux.c.audit5	2011-02-06 14:24:44.000000000 +0100
-+++ openssh-5.6p1/audit-linux.c	2011-02-06 14:24:44.000000000 +0100
+--- openssh-5.6p1/audit-linux.c.audit5	2011-02-07 18:53:53.000000000 +0100
++++ openssh-5.6p1/audit-linux.c	2011-02-07 18:53:53.000000000 +0100
 @@ -226,4 +226,26 @@ audit_session_key_free_body(int ctos)
  		error("cannot write into audit");
  }
@@ -71,8 +71,8 @@ diff -up openssh-5.6p1/audit-linux.c.audit5 openssh-5.6p1/audit-linux.c
 +
  #endif /* USE_LINUX_AUDIT */
 diff -up openssh-5.6p1/kex.c.audit5 openssh-5.6p1/kex.c
---- openssh-5.6p1/kex.c.audit5	2011-02-06 14:24:44.000000000 +0100
-+++ openssh-5.6p1/kex.c	2011-02-06 14:24:44.000000000 +0100
+--- openssh-5.6p1/kex.c.audit5	2011-02-07 18:53:53.000000000 +0100
++++ openssh-5.6p1/kex.c	2011-02-07 18:53:53.000000000 +0100
 @@ -592,3 +592,34 @@ dump_digest(char *msg, u_char *digest, i
  	fprintf(stderr, "\n");
  }
@@ -110,7 +110,7 @@ diff -up openssh-5.6p1/kex.c.audit5 openssh-5.6p1/kex.c
 +
 diff -up openssh-5.6p1/kex.h.audit5 openssh-5.6p1/kex.h
 --- openssh-5.6p1/kex.h.audit5	2010-02-26 21:55:05.000000000 +0100
-+++ openssh-5.6p1/kex.h	2011-02-06 14:24:45.000000000 +0100
++++ openssh-5.6p1/kex.h	2011-02-07 18:53:53.000000000 +0100
 @@ -146,6 +146,8 @@ void	 kexdh_server(Kex *);
  void	 kexgex_client(Kex *);
  void	 kexgex_server(Kex *);
@@ -122,7 +122,7 @@ diff -up openssh-5.6p1/kex.h.audit5 openssh-5.6p1/kex.h
      BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
 diff -up openssh-5.6p1/mac.c.audit5 openssh-5.6p1/mac.c
 --- openssh-5.6p1/mac.c.audit5	2008-06-13 02:58:50.000000000 +0200
-+++ openssh-5.6p1/mac.c	2011-02-06 14:24:45.000000000 +0100
++++ openssh-5.6p1/mac.c	2011-02-07 18:53:53.000000000 +0100
 @@ -162,6 +162,20 @@ mac_clear(Mac *mac)
  	mac->umac_ctx = NULL;
  }
@@ -146,15 +146,15 @@ diff -up openssh-5.6p1/mac.c.audit5 openssh-5.6p1/mac.c
  int
 diff -up openssh-5.6p1/mac.h.audit5 openssh-5.6p1/mac.h
 --- openssh-5.6p1/mac.h.audit5	2007-06-11 06:01:42.000000000 +0200
-+++ openssh-5.6p1/mac.h	2011-02-06 14:24:45.000000000 +0100
++++ openssh-5.6p1/mac.h	2011-02-07 18:53:53.000000000 +0100
 @@ -28,3 +28,4 @@ int	 mac_setup(Mac *, char *);
  int	 mac_init(Mac *);
  u_char	*mac_compute(Mac *, u_int32_t, u_char *, int);
  void	 mac_clear(Mac *);
 +void	 mac_destroy(Mac *);
 diff -up openssh-5.6p1/monitor.c.audit5 openssh-5.6p1/monitor.c
---- openssh-5.6p1/monitor.c.audit5	2011-02-06 14:24:44.000000000 +0100
-+++ openssh-5.6p1/monitor.c	2011-02-06 14:24:45.000000000 +0100
+--- openssh-5.6p1/monitor.c.audit5	2011-02-07 18:53:53.000000000 +0100
++++ openssh-5.6p1/monitor.c	2011-02-07 18:53:53.000000000 +0100
 @@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer 
  int mm_answer_audit_unsupported_body(int, Buffer *);
  int mm_answer_audit_kex_body(int, Buffer *);
@@ -212,8 +212,8 @@ diff -up openssh-5.6p1/monitor.c.audit5 openssh-5.6p1/monitor.c
 +}
  #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.6p1/monitor.h.audit5 openssh-5.6p1/monitor.h
---- openssh-5.6p1/monitor.h.audit5	2011-02-06 14:24:44.000000000 +0100
-+++ openssh-5.6p1/monitor.h	2011-02-06 14:24:45.000000000 +0100
+--- openssh-5.6p1/monitor.h.audit5	2011-02-07 18:53:53.000000000 +0100
++++ openssh-5.6p1/monitor.h	2011-02-07 18:53:53.000000000 +0100
 @@ -69,6 +69,7 @@ enum monitor_reqtype {
  	MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
  	MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
@@ -223,8 +223,8 @@ diff -up openssh-5.6p1/monitor.h.audit5 openssh-5.6p1/monitor.h
  
  struct mm_master;
 diff -up openssh-5.6p1/monitor_wrap.c.audit5 openssh-5.6p1/monitor_wrap.c
---- openssh-5.6p1/monitor_wrap.c.audit5	2011-02-06 14:24:44.000000000 +0100
-+++ openssh-5.6p1/monitor_wrap.c	2011-02-06 14:24:45.000000000 +0100
+--- openssh-5.6p1/monitor_wrap.c.audit5	2011-02-07 18:53:53.000000000 +0100
++++ openssh-5.6p1/monitor_wrap.c	2011-02-07 18:53:53.000000000 +0100
 @@ -1458,4 +1458,16 @@ mm_audit_session_key_free_body(int ctos)
  				  &m);
  	buffer_free(&m);
@@ -243,8 +243,8 @@ diff -up openssh-5.6p1/monitor_wrap.c.audit5 openssh-5.6p1/monitor_wrap.c
 +}
  #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.6p1/monitor_wrap.h.audit5 openssh-5.6p1/monitor_wrap.h
---- openssh-5.6p1/monitor_wrap.h.audit5	2011-02-06 14:24:44.000000000 +0100
-+++ openssh-5.6p1/monitor_wrap.h	2011-02-06 14:24:45.000000000 +0100
+--- openssh-5.6p1/monitor_wrap.h.audit5	2011-02-07 18:53:53.000000000 +0100
++++ openssh-5.6p1/monitor_wrap.h	2011-02-07 18:53:53.000000000 +0100
 @@ -77,6 +77,7 @@ void mm_audit_run_command(const char *);
  void mm_audit_unsupported_body(int);
  void mm_audit_kex_body(int, char *, char *, char *);
@@ -254,8 +254,8 @@ diff -up openssh-5.6p1/monitor_wrap.h.audit5 openssh-5.6p1/monitor_wrap.h
  
  struct Session;
 diff -up openssh-5.6p1/packet.c.audit5 openssh-5.6p1/packet.c
---- openssh-5.6p1/packet.c.audit5	2011-02-06 14:24:44.000000000 +0100
-+++ openssh-5.6p1/packet.c	2011-02-07 08:51:31.000000000 +0100
+--- openssh-5.6p1/packet.c.audit5	2011-02-07 18:53:53.000000000 +0100
++++ openssh-5.6p1/packet.c	2011-02-07 18:53:54.000000000 +0100
 @@ -60,6 +60,7 @@
  #include <signal.h>
  
@@ -353,7 +353,7 @@ diff -up openssh-5.6p1/packet.c.audit5 openssh-5.6p1/packet.c
 +
 diff -up openssh-5.6p1/packet.h.audit5 openssh-5.6p1/packet.h
 --- openssh-5.6p1/packet.h.audit5	2009-07-05 23:11:13.000000000 +0200
-+++ openssh-5.6p1/packet.h	2011-02-06 14:24:45.000000000 +0100
++++ openssh-5.6p1/packet.h	2011-02-07 18:53:54.000000000 +0100
 @@ -115,4 +115,5 @@ void	 packet_restore_state(void);
  void	*packet_get_input(void);
  void	*packet_get_output(void);
@@ -362,7 +362,7 @@ diff -up openssh-5.6p1/packet.h.audit5 openssh-5.6p1/packet.h
  #endif				/* PACKET_H */
 diff -up openssh-5.6p1/session.c.audit5 openssh-5.6p1/session.c
 --- openssh-5.6p1/session.c.audit5	2010-06-26 02:00:15.000000000 +0200
-+++ openssh-5.6p1/session.c	2011-02-06 14:24:45.000000000 +0100
++++ openssh-5.6p1/session.c	2011-02-07 18:53:54.000000000 +0100
 @@ -1677,6 +1677,7 @@ do_child(Session *s, const char *command
  
  	/* remove hostkey from the child's memory */
@@ -372,8 +372,8 @@ diff -up openssh-5.6p1/session.c.audit5 openssh-5.6p1/session.c
  	/* Force a password change */
  	if (s->authctxt->force_pwchange) {
 diff -up openssh-5.6p1/sshd.c.audit5 openssh-5.6p1/sshd.c
---- openssh-5.6p1/sshd.c.audit5	2011-02-06 14:24:44.000000000 +0100
-+++ openssh-5.6p1/sshd.c	2011-02-06 14:24:45.000000000 +0100
+--- openssh-5.6p1/sshd.c.audit5	2011-02-07 18:53:53.000000000 +0100
++++ openssh-5.6p1/sshd.c	2011-02-07 19:08:56.000000000 +0100
 @@ -579,6 +579,7 @@ demote_sensitive_data(void)
  		}
  		/* Certs do not need demotion */
@@ -402,25 +402,16 @@ diff -up openssh-5.6p1/sshd.c.audit5 openssh-5.6p1/sshd.c
  		monitor_child_postauth(pmonitor);
  
  		/* NEVERREACHED */
-@@ -709,6 +716,7 @@ privsep_postauth(Authctxt *authctxt)
-  skip:
- 	/* It is safe now to apply the key state */
- 	monitor_apply_keystate(pmonitor);
-+//drop here ??
- 
- 	/*
- 	 * Tell the packet layer that authentication was successful, since
-@@ -1970,6 +1978,9 @@ main(int ac, char **av)
+@@ -1970,6 +1977,8 @@ main(int ac, char **av)
  	 */
  	if (use_privsep) {
  		mm_send_keystate(pmonitor);
-+//umac_clear
 +		packet_destroy_all();
 +		audit_session_key_free(2);
  		exit(0);
  	}
  
-@@ -2011,8 +2022,10 @@ main(int ac, char **av)
+@@ -2011,8 +2020,10 @@ main(int ac, char **av)
  	if (use_privsep) {
  		privsep_postauth(authctxt);
  		/* the monitor process [priv] will not return */
@@ -432,7 +423,17 @@ diff -up openssh-5.6p1/sshd.c.audit5 openssh-5.6p1/sshd.c
  	}
  
  	packet_set_timeout(options.client_alive_interval,
-@@ -2249,6 +2262,7 @@ do_ssh1_kex(void)
+@@ -2022,6 +2033,9 @@ main(int ac, char **av)
+ 	do_authenticated(authctxt);
+ 
+ 	/* The connection has been terminated. */
++	packet_destroy_all();
++	audit_session_key_free(2);
++
+ 	packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
+ 	packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
+ 	verbose("Transferred: sent %llu, received %llu bytes", obytes, ibytes);
+@@ -2249,6 +2263,7 @@ do_ssh1_kex(void)
  	}
  	/* Destroy the private and public keys. No longer. */
  	destroy_sensitive_data();
diff --git a/openssh.spec b/openssh.spec
index 0d95bcb..4859f33 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -71,7 +71,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.6p1
-%define openssh_rel 29
+%define openssh_rel 30
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 29
 
@@ -603,7 +603,8 @@ fi
 %endif
 
 %changelog
-* Tue Feb  2 2011 Jan F. Chadima <jchadima at redhat.com> - 5.6p1-29 + 0.9.2-29
+* Mon Feb  7 2011 Jan F. Chadima <jchadima at redhat.com> - 5.6p1-30 + 0.9.2-29
+- clean the data structures in the non privileged process
 - clean the data structures when roaming
 
 * Tue Feb  2 2011 Jan F. Chadima <jchadima at redhat.com> - 5.6p1-28 + 0.9.2-29

More information about the scm-commits mailing list