# HG changeset patch # User Matt Johnston # Date 1496419858 -28800 # Node ID 238a439670f5df572fc09de63c98f78bf80806ef # Parent b90da477ab632cd8fee3f6668bd1c4355246e8f4# Parent 47a3a3cb7d45577760f124df13f1c03792c6af6f merge diff -r b90da477ab63 -r 238a439670f5 .gitignore --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/.gitignore Sat Jun 03 00:10:58 2017 +0800 @@ -0,0 +1,21 @@ +*~ +*.o +*.a +*.da +*.bb +*.bbg +*.prof +/autom4te.cache +/config.log +/config.status +/dbclient +/dropbear +/dropbearconvert +/dropbearkey +/dropbearmulti +/scp +/scp-progress +Makefile +config.h +config.h.in +configure diff -r b90da477ab63 -r 238a439670f5 CHANGES --- a/CHANGES Thu May 18 23:02:39 2017 +0800 +++ b/CHANGES Sat Jun 03 00:10:58 2017 +0800 @@ -5,6 +5,7 @@ dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. + CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix @@ -16,6 +17,7 @@ contents of that file. This information disclosure is to an already authenticated user. Thanks to Jann Horn of Google Project Zero for reporting this. + CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync Thanks to Andrei Gherzan for a patch diff -r b90da477ab63 -r 238a439670f5 cli-session.c --- a/cli-session.c Thu May 18 23:02:39 2017 +0800 +++ b/cli-session.c Sat Jun 03 00:10:58 2017 +0800 @@ -287,7 +287,7 @@ int devnull; /* keeping stdin open steals input from the terminal and is confusing, though stdout/stderr could be useful. */ - devnull = open(_PATH_DEVNULL, O_RDONLY); + devnull = open(DROPBEAR_PATH_DEVNULL, O_RDONLY); if (devnull < 0) { dropbear_exit("Opening /dev/null: %d %s", errno, strerror(errno)); diff -r b90da477ab63 -r 238a439670f5 compat.c --- a/compat.c Thu May 18 23:02:39 2017 +0800 +++ b/compat.c Sat Jun 03 00:10:58 2017 +0800 @@ -174,7 +174,7 @@ if (!nochdir) (void)chdir("/"); - if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { + if (!noclose && (fd = open(DROPBEAR_PATH_DEVNULL, O_RDWR, 0)) != -1) { (void)dup2(fd, STDIN_FILENO); (void)dup2(fd, STDOUT_FILENO); (void)dup2(fd, STDERR_FILENO); diff -r b90da477ab63 -r 238a439670f5 configure.ac --- a/configure.ac Thu May 18 23:02:39 2017 +0800 +++ b/configure.ac Sat Jun 03 00:10:58 2017 +0800 @@ -45,8 +45,8 @@ sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` if test "$sol2ver" -ge 8; then AC_MSG_RESULT(yes) - AC_DEFINE(DISABLE_UTMP,,Disable utmp) - AC_DEFINE(DISABLE_WTMP,,Disable wtmp) + AC_DEFINE(DISABLE_UTMP,1,Disable utmp) + AC_DEFINE(DISABLE_WTMP,1,Disable wtmp) else AC_MSG_RESULT(no) fi @@ -55,18 +55,18 @@ ;; *-*-aix*) - AC_DEFINE(AIX,,Using AIX) + AC_DEFINE(AIX,1,Using AIX) # OpenSSH thinks it's broken. If it isn't, let me know. - AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo) + AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo) ;; *-*-hpux*) LIBS="$LIBS -lsec" # It's probably broken. - AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo) + AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo) ;; *-dec-osf*) - AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo) + AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo) ;; esac @@ -80,7 +80,7 @@ [ no_loginfunc_check=1 AC_MSG_NOTICE([Using uClibc - login() and logout() probably don't work, so we won't use them.]) - ],,,) + ],,) dnl We test for crypt() specially. On Linux (and others?) it resides in libcrypt dnl but we don't want link all binaries to -lcrypt, just dropbear server. @@ -118,7 +118,7 @@ [ --disable-zlib Don't include zlib support], [ if test "x$enableval" = "xno"; then - AC_DEFINE(DISABLE_ZLIB,, Use zlib) + AC_DEFINE(DISABLE_ZLIB,1,Use zlib) AC_MSG_NOTICE(Disabling zlib) else AC_CHECK_LIB(z, deflate, , AC_MSG_ERROR([*** zlib missing - install first or check config.log ***])) @@ -159,13 +159,13 @@ AC_MSG_NOTICE(Enabling PAM) AC_CHECK_FUNCS(pam_fail_delay) else - AC_DEFINE(DISABLE_PAM,, Use PAM) + AC_DEFINE(DISABLE_PAM,1,Use PAM) AC_MSG_NOTICE(Disabling PAM) fi ], [ # disable it by default - AC_DEFINE(DISABLE_PAM,, Use PAM) + AC_DEFINE(DISABLE_PAM,1,Use PAM) AC_MSG_NOTICE(Disabling PAM) ] ) @@ -177,7 +177,7 @@ AC_MSG_NOTICE(Not using openpty) else AC_MSG_NOTICE(Using openpty if available) - AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) + AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,1,[Have openpty() function])]) fi ], [ @@ -191,7 +191,7 @@ [ --disable-syslog Don't include syslog support], [ if test "x$enableval" = "xno"; then - AC_DEFINE(DISABLE_SYSLOG,, Using syslog) + AC_DEFINE(DISABLE_SYSLOG,1,Using syslog) AC_MSG_NOTICE(Disabling syslog) else AC_MSG_NOTICE(Enabling syslog) @@ -295,7 +295,7 @@ ) ]) if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6,,Have struct sockaddr_in6) + AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6,1,Have struct sockaddr_in6) fi AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ @@ -309,7 +309,7 @@ ) ]) if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_IN6_ADDR,,Have struct in6_addr) + AC_DEFINE(HAVE_STRUCT_IN6_ADDR,1,Have struct in6_addr) fi AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ @@ -324,7 +324,7 @@ ) ]) if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_ADDRINFO,,Have struct addrinfo) + AC_DEFINE(HAVE_STRUCT_ADDRINFO,1,Have struct addrinfo) fi @@ -402,7 +402,7 @@ ) if test $BUNDLED_LIBTOM = 1 ; then - AC_DEFINE(BUNDLED_LIBTOM,,Use bundled libtom) + AC_DEFINE(BUNDLED_LIBTOM,1,Use bundled libtom) fi AC_SUBST(LIBTOM_LIBS) @@ -413,36 +413,64 @@ dnl allow user to disable some login recording features AC_ARG_ENABLE(lastlog, [ --disable-lastlog Disable use of lastlog even if detected [no]], - [ AC_DEFINE(DISABLE_LASTLOG,,Disable use of lastlog()) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_LASTLOG,1,Disable use of lastlog()) + fi + ] ) AC_ARG_ENABLE(utmp, [ --disable-utmp Disable use of utmp even if detected [no]], - [ AC_DEFINE(DISABLE_UTMP,,Disable use of utmp) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_UTMP,1,Disable use of utmp) + fi + ] ) AC_ARG_ENABLE(utmpx, [ --disable-utmpx Disable use of utmpx even if detected [no]], - [ AC_DEFINE(DISABLE_UTMPX,,Disable use of utmpx) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_UTMPX,1,Disable use of utmpx) + fi + ] ) AC_ARG_ENABLE(wtmp, [ --disable-wtmp Disable use of wtmp even if detected [no]], - [ AC_DEFINE(DISABLE_WTMP,,Disable use of wtmp) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_WTMP,1,Disable use of wtmp) + fi + ] ) AC_ARG_ENABLE(wtmpx, [ --disable-wtmpx Disable use of wtmpx even if detected [no]], - [ AC_DEFINE(DISABLE_WTMPX,,Disable use of wtmpx) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_WTMPX,1,Disable use of wtmpx) + fi + ] ) AC_ARG_ENABLE(loginfunc, [ --disable-loginfunc Disable use of login() etc. [no]], [ no_loginfunc_check=1 - AC_MSG_NOTICE(Not using login() etc) ] + AC_MSG_NOTICE([Not using login() etc]) ] ) AC_ARG_ENABLE(pututline, [ --disable-pututline Disable use of pututline() etc. ([uw]tmp) [no]], - [ AC_DEFINE(DISABLE_PUTUTLINE,,Disable use of pututline()) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_PUTUTLINE,1,Disable use of pututline()) + fi + ] ) AC_ARG_ENABLE(pututxline, [ --disable-pututxline Disable use of pututxline() etc. ([uw]tmpx) [no]], - [ AC_DEFINE(DISABLE_PUTUTXLINE,,Disable use of pututxline()) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_PUTUTXLINE,1,Disable use of pututxline()) + fi + ] ) AC_ARG_WITH(lastlog, [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], @@ -457,7 +485,7 @@ if test -z "$no_loginfunc_check"; then dnl Checks for libutil functions (login(), logout() etc, not openpty() ) - AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN,,Have login() function)]) + AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN,1,[Have login() function])]) AC_CHECK_FUNCS(logout updwtmp logwtmp) fi @@ -653,7 +681,7 @@ if test -z "$no_ptmx_check" ; then if test x"$cross_compiling" = x"no" ; then if test -e /dev/ptmx ; then - AC_DEFINE(USE_DEV_PTMX,,Use /dev/ptmx) + AC_DEFINE(USE_DEV_PTMX,1,Use /dev/ptmx) fi else AC_MSG_NOTICE([Not checking for /dev/ptmx, we're cross-compiling]) @@ -663,7 +691,7 @@ if test -z "$no_ptc_check" ; then if test x"$cross_compiling" = x"no" ; then if test -e /dev/ptc ; then - AC_DEFINE(HAVE_DEV_PTS_AND_PTC,,Use /dev/ptc & /dev/pts) + AC_DEFINE(HAVE_DEV_PTS_AND_PTC,1,Use /dev/ptc & /dev/pts) fi else AC_MSG_NOTICE([Not checking for /dev/ptc & /dev/pts since we're cross-compiling]) diff -r b90da477ab63 -r 238a439670f5 keyimport.c --- a/keyimport.c Thu May 18 23:02:39 2017 +0800 +++ b/keyimport.c Sat Jun 03 00:10:58 2017 +0800 @@ -694,7 +694,7 @@ &id, &len, &flags); p += ret; /* id==4 for octet string */ - if (ret < 0 || id != 4 || len < 0 || + if (ret < 0 || id != 4 || len < 0 || key->keyblob+key->keyblob_len-p < len) { errmsg = "ASN.1 decoding failure"; goto error; @@ -708,7 +708,7 @@ &id, &len, &flags); p += ret; /* id==0 */ - if (ret < 0 || id != 0 || len < 0) { + if (ret < 0 || id != 0 || len < 0) { errmsg = "ASN.1 decoding failure"; goto error; } @@ -717,7 +717,7 @@ &id, &len, &flags); p += ret; /* id==6 for object */ - if (ret < 0 || id != 6 || len < 0 || + if (ret < 0 || id != 6 || len < 0 || key->keyblob+key->keyblob_len-p < len) { errmsg = "ASN.1 decoding failure"; goto error; @@ -756,7 +756,7 @@ &id, &len, &flags); p += ret; /* id==1 */ - if (ret < 0 || id != 1 || len < 0) { + if (ret < 0 || id != 1 || len < 0) { errmsg = "ASN.1 decoding failure"; goto error; } @@ -765,7 +765,7 @@ &id, &len, &flags); p += ret; /* id==3 for bit string */ - if (ret < 0 || id != 3 || len < 0 || + if (ret < 0 || id != 3 || len < 0 || key->keyblob+key->keyblob_len-p < len) { errmsg = "ASN.1 decoding failure"; goto error; diff -r b90da477ab63 -r 238a439670f5 libtommath/bn_mp_exteuclid.c --- a/libtommath/bn_mp_exteuclid.c Thu May 18 23:02:39 2017 +0800 +++ b/libtommath/bn_mp_exteuclid.c Sat Jun 03 00:10:58 2017 +0800 @@ -29,34 +29,34 @@ /* initialize, (u1,u2,u3) = (1,0,a) */ mp_set(&u1, 1); - if ((err = mp_copy(a, &u3)) != MP_OKAY) { goto _ERR; } + if ((err = mp_copy(a, &u3)) != MP_OKAY) { goto LBL_ERR; } /* initialize, (v1,v2,v3) = (0,1,b) */ mp_set(&v2, 1); - if ((err = mp_copy(b, &v3)) != MP_OKAY) { goto _ERR; } + if ((err = mp_copy(b, &v3)) != MP_OKAY) { goto LBL_ERR; } /* loop while v3 != 0 */ while (mp_iszero(&v3) == MP_NO) { /* q = u3/v3 */ - if ((err = mp_div(&u3, &v3, &q, NULL)) != MP_OKAY) { goto _ERR; } + if ((err = mp_div(&u3, &v3, &q, NULL)) != MP_OKAY) { goto LBL_ERR; } /* (t1,t2,t3) = (u1,u2,u3) - (v1,v2,v3)q */ - if ((err = mp_mul(&v1, &q, &tmp)) != MP_OKAY) { goto _ERR; } - if ((err = mp_sub(&u1, &tmp, &t1)) != MP_OKAY) { goto _ERR; } - if ((err = mp_mul(&v2, &q, &tmp)) != MP_OKAY) { goto _ERR; } - if ((err = mp_sub(&u2, &tmp, &t2)) != MP_OKAY) { goto _ERR; } - if ((err = mp_mul(&v3, &q, &tmp)) != MP_OKAY) { goto _ERR; } - if ((err = mp_sub(&u3, &tmp, &t3)) != MP_OKAY) { goto _ERR; } + if ((err = mp_mul(&v1, &q, &tmp)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_sub(&u1, &tmp, &t1)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_mul(&v2, &q, &tmp)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_sub(&u2, &tmp, &t2)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_mul(&v3, &q, &tmp)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_sub(&u3, &tmp, &t3)) != MP_OKAY) { goto LBL_ERR; } /* (u1,u2,u3) = (v1,v2,v3) */ - if ((err = mp_copy(&v1, &u1)) != MP_OKAY) { goto _ERR; } - if ((err = mp_copy(&v2, &u2)) != MP_OKAY) { goto _ERR; } - if ((err = mp_copy(&v3, &u3)) != MP_OKAY) { goto _ERR; } + if ((err = mp_copy(&v1, &u1)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_copy(&v2, &u2)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_copy(&v3, &u3)) != MP_OKAY) { goto LBL_ERR; } /* (v1,v2,v3) = (t1,t2,t3) */ - if ((err = mp_copy(&t1, &v1)) != MP_OKAY) { goto _ERR; } - if ((err = mp_copy(&t2, &v2)) != MP_OKAY) { goto _ERR; } - if ((err = mp_copy(&t3, &v3)) != MP_OKAY) { goto _ERR; } + if ((err = mp_copy(&t1, &v1)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_copy(&t2, &v2)) != MP_OKAY) { goto LBL_ERR; } + if ((err = mp_copy(&t3, &v3)) != MP_OKAY) { goto LBL_ERR; } } /* make sure U3 >= 0 */ @@ -72,7 +72,8 @@ if (U3 != NULL) { mp_exch(U3, &u3); } err = MP_OKAY; -_ERR: mp_clear_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL); +LBL_ERR: + mp_clear_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL); return err; } #endif diff -r b90da477ab63 -r 238a439670f5 scpmisc.c --- a/scpmisc.c Thu May 18 23:02:39 2017 +0800 +++ b/scpmisc.c Sat Jun 03 00:10:58 2017 +0800 @@ -235,7 +235,7 @@ { int nullfd, dupfd; - if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { + if ((nullfd = dupfd = open(DROPBEAR_PATH_DEVNULL, O_RDWR)) == -1) { fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno)); exit(1); } diff -r b90da477ab63 -r 238a439670f5 termcodes.c --- a/termcodes.c Thu May 18 23:02:39 2017 +0800 +++ b/termcodes.c Sat Jun 03 00:10:58 2017 +0800 @@ -34,7 +34,11 @@ {VKILL, TERMCODE_CONTROLCHAR}, {VEOF, TERMCODE_CONTROLCHAR}, {VEOL, TERMCODE_CONTROLCHAR}, +#ifdef VEOL2 {VEOL2, TERMCODE_CONTROLCHAR}, +#else + {0, 0}, +#endif {VSTART, TERMCODE_CONTROLCHAR}, {VSTOP, TERMCODE_CONTROLCHAR}, {VSUSP, TERMCODE_CONTROLCHAR}, @@ -51,17 +55,25 @@ #ifdef AIX {CERASE, TERMCODE_CONTROLCHAR}, #else +#ifdef VWERASE {VWERASE, TERMCODE_CONTROLCHAR}, +#else + {0, 0}, +#endif #endif +#ifdef VLNEXT {VLNEXT, TERMCODE_CONTROLCHAR}, +#else + {0, 0}, +#endif #ifdef VFLUSH {VFLUSH, TERMCODE_CONTROLCHAR}, -#else +#else {0, 0}, #endif #ifdef VSWTCH {VSWTCH, TERMCODE_CONTROLCHAR}, -#else +#else {0, 0}, #endif #ifdef VSTATUS @@ -135,8 +147,16 @@ {NOFLSH, TERMCODE_LOCAL}, {TOSTOP, TERMCODE_LOCAL}, {IEXTEN, TERMCODE_LOCAL}, +#ifdef ECHOCTL {ECHOCTL, TERMCODE_LOCAL}, +#else + {0, 0}, +#endif +#ifdef ECHOKE {ECHOKE, TERMCODE_LOCAL}, +#else + {0, 0}, +#endif #ifdef PENDIN {PENDIN, TERMCODE_LOCAL}, #else