Message ID | 20240103090049.2048094-1-meenali.gupta@windriver.com |
---|---|
State | Rejected |
Delegated to: | Steve Sakoman |
Headers | show |
Series | [kirkstone,1/1] dropbear: fix CVE-2023-48795 | expand |
This patch fails at build time: ERROR: dropbear-2020.81-r0 do_patch: Applying patch 'CVE-2023-48795.patch' on target directory '/home/steve/builds/poky-contrib-kirkstone/build/tmp/work/core2-64-poky-linux/dropbear/2020.81-r0/dropbear-2020.81' CmdError('quilt --quiltrc /home/steve/builds/poky-contrib-kirkstone/build/tmp/work/core2-64-poky-linux/dropbear/2020.81-r0/recipe-sysroot-native/etc/quiltrc push', 0, 'stdout: Applying patch CVE-2023-48795.patch patching file cli-session.c Hunk #2 succeeded at 115 (offset -3 lines). Hunk #3 succeeded at 475 (offset -14 lines). patching file common-algo.c Hunk #1 succeeded at 332 (offset 25 lines). patching file common-kex.c Hunk #2 FAILED at 198. Hunk #3 succeeded at 555 (offset 1 line). Hunk #4 succeeded at 869 (offset 2 lines). 1 out of 4 hunks FAILED -- rejects in file common-kex.c patching file kex.h patching file process-packet.c Hunk #2 FAILED at 55. 1 out of 3 hunks FAILED -- rejects in file process-packet.c patching file ssh.h patching file svr-session.c Hunk #1 succeeded at 342 (offset -28 lines). Patch CVE-2023-48795.patch does not apply (enforce with -f) Please submit a V2 with these issues fixed. Thanks! Steve On Tue, Jan 2, 2024 at 11:02 PM Meenali Gupta via lists.openembedded.org <meenali.gupta=windriver.com@lists.openembedded.org> wrote: > > From: Meenali Gupta <meenali.gupta@windriver.com> > > A flaw was found in the SSH channel integrity. > By manipulating sequence numbers during the handshake, > an attacker can remove the initial messages on the secure > channel without causing a MAC failure. For example, an attacker > could disable the ping extension and thus disable the new > countermeasure in OpenSSH 9.5 against keystroke timing attacks. > > Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> > --- > meta/recipes-core/dropbear/dropbear.inc | 1 + > .../dropbear/dropbear/CVE-2023-48795.patch | 235 ++++++++++++++++++ > 2 files changed, 236 insertions(+) > create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch > > diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc > index e61930f7db..a32242949b 100644 > --- a/meta/recipes-core/dropbear/dropbear.inc > +++ b/meta/recipes-core/dropbear/dropbear.inc > @@ -30,6 +30,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ > ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ > file://CVE-2021-36369.patch \ > file://CVE-2023-36328.patch \ > + file://CVE-2023-48795.patch \ > " > > PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ > diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch b/meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch > new file mode 100644 > index 0000000000..d3f7c014ef > --- /dev/null > +++ b/meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch > @@ -0,0 +1,235 @@ > +From 768546edcf45794538f81c096f5544a5d35e336f Mon Sep 17 00:00:00 2001 > +From: Matt Johnston <matt@ucc.asn.au> > +Date: Mon, 20 Nov 2023 14:02:47 +0800 > +Subject: [PATCH] Implement Strict KEX mode > + > +As specified by OpenSSH with kex-strict-c-v00@openssh.com and > +kex-strict-s-v00@openssh.com. > + > +CVE: CVE-2023-48795 > + > +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356] > + > +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> > +--- > + cli-session.c | 11 +++++++++++ > + common-algo.c | 6 ++++++ > + common-kex.c | 24 ++++++++++++++++++++++++ > + kex.h | 3 +++ > + process-packet.c | 35 +++++++++++++++++++---------------- > + ssh.h | 4 ++++ > + svr-session.c | 3 +++ > + 7 files changed, 70 insertions(+), 16 deletions(-) > + > +diff --git a/cli-session.c b/cli-session.c > +index 5981b24..d261c8f 100644 > +--- a/cli-session.c > ++++ b/cli-session.c > +@@ -46,6 +46,7 @@ static void cli_finished(void) ATTRIB_NORETURN; > + static void recv_msg_service_accept(void); > + static void cli_session_cleanup(void); > + static void recv_msg_global_request_cli(void); > ++static void cli_algos_initialise(void); > + > + struct clientsession cli_ses; /* GLOBAL */ > + > +@@ -117,6 +118,7 @@ void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection > + } > + > + chaninitialise(cli_chantypes); > ++ cli_algos_initialise(); > + > + /* Set up cli_ses vars */ > + cli_session_init(proxy_cmd_pid); > +@@ -487,3 +489,12 @@ void cli_dropbear_log(int priority, const char* format, va_list param) { > + fflush(stderr); > + } > + > ++static void cli_algos_initialise(void) { > ++ algo_type *algo; > ++ for (algo = sshkex; algo->name; algo++) { > ++ if (strcmp(algo->name, SSH_STRICT_KEX_S) == 0) { > ++ algo->usable = 0; > ++ } > ++ } > ++} > ++ > +diff --git a/common-algo.c b/common-algo.c > +index 378f0ca..f9d46eb 100644 > +--- a/common-algo.c > ++++ b/common-algo.c > +@@ -307,6 +307,12 @@ algo_type sshkex[] = { > + /* Set unusable by svr_algos_initialise() */ > + {SSH_EXT_INFO_C, 0, NULL, 1, NULL}, > + #endif > ++#endif > ++#if DROPBEAR_CLIENT > ++ {SSH_STRICT_KEX_C, 0, NULL, 1, NULL}, > ++#endif > ++#if DROPBEAR_SERVER > ++ {SSH_STRICT_KEX_S, 0, NULL, 1, NULL}, > + #endif > + {NULL, 0, NULL, 0, NULL} > + }; > +diff --git a/common-kex.c b/common-kex.c > +index ac88442..e6825e1 100644 > +--- a/common-kex.c > ++++ b/common-kex.c > +@@ -183,6 +183,10 @@ void send_msg_newkeys() { > + gen_new_keys(); > + switch_keys(); > + > ++ if (ses.kexstate.strict_kex) { > ++ ses.transseq = 0; > ++ } > ++ > + TRACE(("leave send_msg_newkeys")) > + } > + > +@@ -194,6 +198,10 @@ void recv_msg_newkeys() { > + ses.kexstate.recvnewkeys = 1; > + switch_keys(); > + > ++ if (ses.kexstate.strict_kex) { > ++ ses.recvseq = 0; > ++ } > ++ > + TRACE(("leave recv_msg_newkeys")) > + } > + > +@@ -550,6 +558,10 @@ void recv_msg_kexinit() { > + > + ses.kexstate.recvkexinit = 1; > + > ++ if (ses.kexstate.strict_kex && !ses.kexstate.donefirstkex && ses.recvseq != 1) { > ++ dropbear_exit("First packet wasn't kexinit"); > ++ } > ++ > + TRACE(("leave recv_msg_kexinit")) > + } > + > +@@ -859,6 +871,18 @@ static void read_kex_algos() { > + } > + #endif > + > ++ if (!ses.kexstate.donefirstkex) { > ++ const char* strict_name; > ++ if (IS_DROPBEAR_CLIENT) { > ++ strict_name = SSH_STRICT_KEX_S; > ++ } else { > ++ strict_name = SSH_STRICT_KEX_C; > ++ } > ++ if (buf_has_algo(ses.payload, strict_name) == DROPBEAR_SUCCESS) { > ++ ses.kexstate.strict_kex = 1; > ++ } > ++ } > ++ > + algo = buf_match_algo(ses.payload, sshkex, kexguess2, &goodguess); > + allgood &= goodguess; > + if (algo == NULL || algo->data == NULL) { > +diff --git a/kex.h b/kex.h > +index 77cf21a..7fcc3c2 100644 > +--- a/kex.h > ++++ b/kex.h > +@@ -83,6 +83,9 @@ struct KEXState { > + > + unsigned our_first_follows_matches : 1; > + > ++ /* Boolean indicating that strict kex mode is in use */ > ++ unsigned int strict_kex; > ++ > + time_t lastkextime; /* time of the last kex */ > + unsigned int datatrans; /* data transmitted since last kex */ > + unsigned int datarecv; /* data received since last kex */ > +diff --git a/process-packet.c b/process-packet.c > +index 9454160..0270f71 100644 > +--- a/process-packet.c > ++++ b/process-packet.c > +@@ -44,6 +44,7 @@ void process_packet() { > + > + unsigned char type; > + unsigned int i; > ++ unsigned int first_strict_kex = ses.kexstate.strict_kex && !ses.kexstate.donefirstkex; > + time_t now; > + > + TRACE2(("enter process_packet")) > +@@ -54,22 +55,23 @@ void process_packet() { > + now = monotonic_now(); > + ses.last_packet_time_keepalive_recv = now; > + > +- /* These packets we can receive at any time */ > +- switch(type) { > +- > +- case SSH_MSG_IGNORE: > +- goto out; > +- case SSH_MSG_DEBUG: > +- goto out; > ++ if (type == SSH_MSG_DISCONNECT) { > ++ /* Allowed at any time */ > ++ dropbear_close("Disconnect received"); > ++ } > + > +- case SSH_MSG_UNIMPLEMENTED: > +- /* debugging XXX */ > +- TRACE(("SSH_MSG_UNIMPLEMENTED")) > +- goto out; > +- > +- case SSH_MSG_DISCONNECT: > +- /* TODO cleanup? */ > +- dropbear_close("Disconnect received"); > ++ /* These packets may be received at any time, > ++ except during first kex with strict kex */ > ++ if (!first_strict_kex) { > ++ switch(type) { > ++ case SSH_MSG_IGNORE: > ++ goto out; > ++ case SSH_MSG_DEBUG: > ++ goto out; > ++ case SSH_MSG_UNIMPLEMENTED: > ++ TRACE(("SSH_MSG_UNIMPLEMENTED")) > ++ goto out; > ++ } > + } > + > + /* Ignore these packet types so that keepalives don't interfere with > +@@ -98,7 +100,8 @@ void process_packet() { > + if (type >= 1 && type <= 49 > + && type != SSH_MSG_SERVICE_REQUEST > + && type != SSH_MSG_SERVICE_ACCEPT > +- && type != SSH_MSG_KEXINIT) > ++ && type != SSH_MSG_KEXINIT > ++ && !first_strict_kex) > + { > + TRACE(("unknown allowed packet during kexinit")) > + recv_unimplemented(); > +diff --git a/ssh.h b/ssh.h > +index 1b4fec6..ef3efdc 100644 > +--- a/ssh.h > ++++ b/ssh.h > +@@ -100,6 +100,10 @@ > + #define SSH_EXT_INFO_C "ext-info-c" > + #define SSH_SERVER_SIG_ALGS "server-sig-algs" > + > ++/* OpenSSH strict KEX feature */ > ++#define SSH_STRICT_KEX_S "kex-strict-s-v00@openssh.com" > ++#define SSH_STRICT_KEX_C "kex-strict-c-v00@openssh.com" > ++ > + /* service types */ > + #define SSH_SERVICE_USERAUTH "ssh-userauth" > + #define SSH_SERVICE_USERAUTH_LEN 12 > +diff --git a/svr-session.c b/svr-session.c > +index 769f073..a538e2c 100644 > +--- a/svr-session.c > ++++ b/svr-session.c > +@@ -370,6 +370,9 @@ static void svr_algos_initialise(void) { > + algo->usable = 0; > + } > + #endif > ++ if (strcmp(algo->name, SSH_STRICT_KEX_C) == 0) { > ++ algo->usable = 0; > ++ } > + } > + } > + > +-- > +2.40.0 > -- > 2.40.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#193277): https://lists.openembedded.org/g/openembedded-core/message/193277 > Mute This Topic: https://lists.openembedded.org/mt/103498799/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Sure, will send V2 ________________________________ From: Steve Sakoman <steve@sakoman.com> Sent: 04 January 2024 23:30 To: Gupta, Meenali <Meenali.Gupta@windriver.com> Cc: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> Subject: Re: [oe-core][kirkstone][PATCH 1/1] dropbear: fix CVE-2023-48795 CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. This patch fails at build time: ERROR: dropbear-2020.81-r0 do_patch: Applying patch 'CVE-2023-48795.patch' on target directory '/home/steve/builds/poky-contrib-kirkstone/build/tmp/work/core2-64-poky-linux/dropbear/2020.81-r0/dropbear-2020.81' CmdError('quilt --quiltrc /home/steve/builds/poky-contrib-kirkstone/build/tmp/work/core2-64-poky-linux/dropbear/2020.81-r0/recipe-sysroot-native/etc/quiltrc push', 0, 'stdout: Applying patch CVE-2023-48795.patch patching file cli-session.c Hunk #2 succeeded at 115 (offset -3 lines). Hunk #3 succeeded at 475 (offset -14 lines). patching file common-algo.c Hunk #1 succeeded at 332 (offset 25 lines). patching file common-kex.c Hunk #2 FAILED at 198. Hunk #3 succeeded at 555 (offset 1 line). Hunk #4 succeeded at 869 (offset 2 lines). 1 out of 4 hunks FAILED -- rejects in file common-kex.c patching file kex.h patching file process-packet.c Hunk #2 FAILED at 55. 1 out of 3 hunks FAILED -- rejects in file process-packet.c patching file ssh.h patching file svr-session.c Hunk #1 succeeded at 342 (offset -28 lines). Patch CVE-2023-48795.patch does not apply (enforce with -f) Please submit a V2 with these issues fixed. Thanks! Steve On Tue, Jan 2, 2024 at 11:02 PM Meenali Gupta via lists.openembedded.org <meenali.gupta=windriver.com@lists.openembedded.org> wrote: > > From: Meenali Gupta <meenali.gupta@windriver.com> > > A flaw was found in the SSH channel integrity. > By manipulating sequence numbers during the handshake, > an attacker can remove the initial messages on the secure > channel without causing a MAC failure. For example, an attacker > could disable the ping extension and thus disable the new > countermeasure in OpenSSH 9.5 against keystroke timing attacks. > > Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> > --- > meta/recipes-core/dropbear/dropbear.inc | 1 + > .../dropbear/dropbear/CVE-2023-48795.patch | 235 ++++++++++++++++++ > 2 files changed, 236 insertions(+) > create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch > > diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc > index e61930f7db..a32242949b 100644 > --- a/meta/recipes-core/dropbear/dropbear.inc > +++ b/meta/recipes-core/dropbear/dropbear.inc > @@ -30,6 +30,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ > ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ > file://CVE-2021-36369.patch \ > file://CVE-2023-36328.patch \ > + file://CVE-2023-48795.patch \ > " > > PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ > diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch b/meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch > new file mode 100644 > index 0000000000..d3f7c014ef > --- /dev/null > +++ b/meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch > @@ -0,0 +1,235 @@ > +From 768546edcf45794538f81c096f5544a5d35e336f Mon Sep 17 00:00:00 2001 > +From: Matt Johnston <matt@ucc.asn.au> > +Date: Mon, 20 Nov 2023 14:02:47 +0800 > +Subject: [PATCH] Implement Strict KEX mode > + > +As specified by OpenSSH with kex-strict-c-v00@openssh.com and > +kex-strict-s-v00@openssh.com. > + > +CVE: CVE-2023-48795 > + > +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356] > + > +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> > +--- > + cli-session.c | 11 +++++++++++ > + common-algo.c | 6 ++++++ > + common-kex.c | 24 ++++++++++++++++++++++++ > + kex.h | 3 +++ > + process-packet.c | 35 +++++++++++++++++++---------------- > + ssh.h | 4 ++++ > + svr-session.c | 3 +++ > + 7 files changed, 70 insertions(+), 16 deletions(-) > + > +diff --git a/cli-session.c b/cli-session.c > +index 5981b24..d261c8f 100644 > +--- a/cli-session.c > ++++ b/cli-session.c > +@@ -46,6 +46,7 @@ static void cli_finished(void) ATTRIB_NORETURN; > + static void recv_msg_service_accept(void); > + static void cli_session_cleanup(void); > + static void recv_msg_global_request_cli(void); > ++static void cli_algos_initialise(void); > + > + struct clientsession cli_ses; /* GLOBAL */ > + > +@@ -117,6 +118,7 @@ void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection > + } > + > + chaninitialise(cli_chantypes); > ++ cli_algos_initialise(); > + > + /* Set up cli_ses vars */ > + cli_session_init(proxy_cmd_pid); > +@@ -487,3 +489,12 @@ void cli_dropbear_log(int priority, const char* format, va_list param) { > + fflush(stderr); > + } > + > ++static void cli_algos_initialise(void) { > ++ algo_type *algo; > ++ for (algo = sshkex; algo->name; algo++) { > ++ if (strcmp(algo->name, SSH_STRICT_KEX_S) == 0) { > ++ algo->usable = 0; > ++ } > ++ } > ++} > ++ > +diff --git a/common-algo.c b/common-algo.c > +index 378f0ca..f9d46eb 100644 > +--- a/common-algo.c > ++++ b/common-algo.c > +@@ -307,6 +307,12 @@ algo_type sshkex[] = { > + /* Set unusable by svr_algos_initialise() */ > + {SSH_EXT_INFO_C, 0, NULL, 1, NULL}, > + #endif > ++#endif > ++#if DROPBEAR_CLIENT > ++ {SSH_STRICT_KEX_C, 0, NULL, 1, NULL}, > ++#endif > ++#if DROPBEAR_SERVER > ++ {SSH_STRICT_KEX_S, 0, NULL, 1, NULL}, > + #endif > + {NULL, 0, NULL, 0, NULL} > + }; > +diff --git a/common-kex.c b/common-kex.c > +index ac88442..e6825e1 100644 > +--- a/common-kex.c > ++++ b/common-kex.c > +@@ -183,6 +183,10 @@ void send_msg_newkeys() { > + gen_new_keys(); > + switch_keys(); > + > ++ if (ses.kexstate.strict_kex) { > ++ ses.transseq = 0; > ++ } > ++ > + TRACE(("leave send_msg_newkeys")) > + } > + > +@@ -194,6 +198,10 @@ void recv_msg_newkeys() { > + ses.kexstate.recvnewkeys = 1; > + switch_keys(); > + > ++ if (ses.kexstate.strict_kex) { > ++ ses.recvseq = 0; > ++ } > ++ > + TRACE(("leave recv_msg_newkeys")) > + } > + > +@@ -550,6 +558,10 @@ void recv_msg_kexinit() { > + > + ses.kexstate.recvkexinit = 1; > + > ++ if (ses.kexstate.strict_kex && !ses.kexstate.donefirstkex && ses.recvseq != 1) { > ++ dropbear_exit("First packet wasn't kexinit"); > ++ } > ++ > + TRACE(("leave recv_msg_kexinit")) > + } > + > +@@ -859,6 +871,18 @@ static void read_kex_algos() { > + } > + #endif > + > ++ if (!ses.kexstate.donefirstkex) { > ++ const char* strict_name; > ++ if (IS_DROPBEAR_CLIENT) { > ++ strict_name = SSH_STRICT_KEX_S; > ++ } else { > ++ strict_name = SSH_STRICT_KEX_C; > ++ } > ++ if (buf_has_algo(ses.payload, strict_name) == DROPBEAR_SUCCESS) { > ++ ses.kexstate.strict_kex = 1; > ++ } > ++ } > ++ > + algo = buf_match_algo(ses.payload, sshkex, kexguess2, &goodguess); > + allgood &= goodguess; > + if (algo == NULL || algo->data == NULL) { > +diff --git a/kex.h b/kex.h > +index 77cf21a..7fcc3c2 100644 > +--- a/kex.h > ++++ b/kex.h > +@@ -83,6 +83,9 @@ struct KEXState { > + > + unsigned our_first_follows_matches : 1; > + > ++ /* Boolean indicating that strict kex mode is in use */ > ++ unsigned int strict_kex; > ++ > + time_t lastkextime; /* time of the last kex */ > + unsigned int datatrans; /* data transmitted since last kex */ > + unsigned int datarecv; /* data received since last kex */ > +diff --git a/process-packet.c b/process-packet.c > +index 9454160..0270f71 100644 > +--- a/process-packet.c > ++++ b/process-packet.c > +@@ -44,6 +44,7 @@ void process_packet() { > + > + unsigned char type; > + unsigned int i; > ++ unsigned int first_strict_kex = ses.kexstate.strict_kex && !ses.kexstate.donefirstkex; > + time_t now; > + > + TRACE2(("enter process_packet")) > +@@ -54,22 +55,23 @@ void process_packet() { > + now = monotonic_now(); > + ses.last_packet_time_keepalive_recv = now; > + > +- /* These packets we can receive at any time */ > +- switch(type) { > +- > +- case SSH_MSG_IGNORE: > +- goto out; > +- case SSH_MSG_DEBUG: > +- goto out; > ++ if (type == SSH_MSG_DISCONNECT) { > ++ /* Allowed at any time */ > ++ dropbear_close("Disconnect received"); > ++ } > + > +- case SSH_MSG_UNIMPLEMENTED: > +- /* debugging XXX */ > +- TRACE(("SSH_MSG_UNIMPLEMENTED")) > +- goto out; > +- > +- case SSH_MSG_DISCONNECT: > +- /* TODO cleanup? */ > +- dropbear_close("Disconnect received"); > ++ /* These packets may be received at any time, > ++ except during first kex with strict kex */ > ++ if (!first_strict_kex) { > ++ switch(type) { > ++ case SSH_MSG_IGNORE: > ++ goto out; > ++ case SSH_MSG_DEBUG: > ++ goto out; > ++ case SSH_MSG_UNIMPLEMENTED: > ++ TRACE(("SSH_MSG_UNIMPLEMENTED")) > ++ goto out; > ++ } > + } > + > + /* Ignore these packet types so that keepalives don't interfere with > +@@ -98,7 +100,8 @@ void process_packet() { > + if (type >= 1 && type <= 49 > + && type != SSH_MSG_SERVICE_REQUEST > + && type != SSH_MSG_SERVICE_ACCEPT > +- && type != SSH_MSG_KEXINIT) > ++ && type != SSH_MSG_KEXINIT > ++ && !first_strict_kex) > + { > + TRACE(("unknown allowed packet during kexinit")) > + recv_unimplemented(); > +diff --git a/ssh.h b/ssh.h > +index 1b4fec6..ef3efdc 100644 > +--- a/ssh.h > ++++ b/ssh.h > +@@ -100,6 +100,10 @@ > + #define SSH_EXT_INFO_C "ext-info-c" > + #define SSH_SERVER_SIG_ALGS "server-sig-algs" > + > ++/* OpenSSH strict KEX feature */ > ++#define SSH_STRICT_KEX_S "kex-strict-s-v00@openssh.com" > ++#define SSH_STRICT_KEX_C "kex-strict-c-v00@openssh.com" > ++ > + /* service types */ > + #define SSH_SERVICE_USERAUTH "ssh-userauth" > + #define SSH_SERVICE_USERAUTH_LEN 12 > +diff --git a/svr-session.c b/svr-session.c > +index 769f073..a538e2c 100644 > +--- a/svr-session.c > ++++ b/svr-session.c > +@@ -370,6 +370,9 @@ static void svr_algos_initialise(void) { > + algo->usable = 0; > + } > + #endif > ++ if (strcmp(algo->name, SSH_STRICT_KEX_C) == 0) { > ++ algo->usable = 0; > ++ } > + } > + } > + > +-- > +2.40.0 > -- > 2.40.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#193277): https://lists.openembedded.org/g/openembedded-core/message/193277 > Mute This Topic: https://lists.openembedded.org/mt/103498799/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc index e61930f7db..a32242949b 100644 --- a/meta/recipes-core/dropbear/dropbear.inc +++ b/meta/recipes-core/dropbear/dropbear.inc @@ -30,6 +30,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ file://CVE-2021-36369.patch \ file://CVE-2023-36328.patch \ + file://CVE-2023-48795.patch \ " PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch b/meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch new file mode 100644 index 0000000000..d3f7c014ef --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch @@ -0,0 +1,235 @@ +From 768546edcf45794538f81c096f5544a5d35e336f Mon Sep 17 00:00:00 2001 +From: Matt Johnston <matt@ucc.asn.au> +Date: Mon, 20 Nov 2023 14:02:47 +0800 +Subject: [PATCH] Implement Strict KEX mode + +As specified by OpenSSH with kex-strict-c-v00@openssh.com and +kex-strict-s-v00@openssh.com. + +CVE: CVE-2023-48795 + +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356] + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + cli-session.c | 11 +++++++++++ + common-algo.c | 6 ++++++ + common-kex.c | 24 ++++++++++++++++++++++++ + kex.h | 3 +++ + process-packet.c | 35 +++++++++++++++++++---------------- + ssh.h | 4 ++++ + svr-session.c | 3 +++ + 7 files changed, 70 insertions(+), 16 deletions(-) + +diff --git a/cli-session.c b/cli-session.c +index 5981b24..d261c8f 100644 +--- a/cli-session.c ++++ b/cli-session.c +@@ -46,6 +46,7 @@ static void cli_finished(void) ATTRIB_NORETURN; + static void recv_msg_service_accept(void); + static void cli_session_cleanup(void); + static void recv_msg_global_request_cli(void); ++static void cli_algos_initialise(void); + + struct clientsession cli_ses; /* GLOBAL */ + +@@ -117,6 +118,7 @@ void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection + } + + chaninitialise(cli_chantypes); ++ cli_algos_initialise(); + + /* Set up cli_ses vars */ + cli_session_init(proxy_cmd_pid); +@@ -487,3 +489,12 @@ void cli_dropbear_log(int priority, const char* format, va_list param) { + fflush(stderr); + } + ++static void cli_algos_initialise(void) { ++ algo_type *algo; ++ for (algo = sshkex; algo->name; algo++) { ++ if (strcmp(algo->name, SSH_STRICT_KEX_S) == 0) { ++ algo->usable = 0; ++ } ++ } ++} ++ +diff --git a/common-algo.c b/common-algo.c +index 378f0ca..f9d46eb 100644 +--- a/common-algo.c ++++ b/common-algo.c +@@ -307,6 +307,12 @@ algo_type sshkex[] = { + /* Set unusable by svr_algos_initialise() */ + {SSH_EXT_INFO_C, 0, NULL, 1, NULL}, + #endif ++#endif ++#if DROPBEAR_CLIENT ++ {SSH_STRICT_KEX_C, 0, NULL, 1, NULL}, ++#endif ++#if DROPBEAR_SERVER ++ {SSH_STRICT_KEX_S, 0, NULL, 1, NULL}, + #endif + {NULL, 0, NULL, 0, NULL} + }; +diff --git a/common-kex.c b/common-kex.c +index ac88442..e6825e1 100644 +--- a/common-kex.c ++++ b/common-kex.c +@@ -183,6 +183,10 @@ void send_msg_newkeys() { + gen_new_keys(); + switch_keys(); + ++ if (ses.kexstate.strict_kex) { ++ ses.transseq = 0; ++ } ++ + TRACE(("leave send_msg_newkeys")) + } + +@@ -194,6 +198,10 @@ void recv_msg_newkeys() { + ses.kexstate.recvnewkeys = 1; + switch_keys(); + ++ if (ses.kexstate.strict_kex) { ++ ses.recvseq = 0; ++ } ++ + TRACE(("leave recv_msg_newkeys")) + } + +@@ -550,6 +558,10 @@ void recv_msg_kexinit() { + + ses.kexstate.recvkexinit = 1; + ++ if (ses.kexstate.strict_kex && !ses.kexstate.donefirstkex && ses.recvseq != 1) { ++ dropbear_exit("First packet wasn't kexinit"); ++ } ++ + TRACE(("leave recv_msg_kexinit")) + } + +@@ -859,6 +871,18 @@ static void read_kex_algos() { + } + #endif + ++ if (!ses.kexstate.donefirstkex) { ++ const char* strict_name; ++ if (IS_DROPBEAR_CLIENT) { ++ strict_name = SSH_STRICT_KEX_S; ++ } else { ++ strict_name = SSH_STRICT_KEX_C; ++ } ++ if (buf_has_algo(ses.payload, strict_name) == DROPBEAR_SUCCESS) { ++ ses.kexstate.strict_kex = 1; ++ } ++ } ++ + algo = buf_match_algo(ses.payload, sshkex, kexguess2, &goodguess); + allgood &= goodguess; + if (algo == NULL || algo->data == NULL) { +diff --git a/kex.h b/kex.h +index 77cf21a..7fcc3c2 100644 +--- a/kex.h ++++ b/kex.h +@@ -83,6 +83,9 @@ struct KEXState { + + unsigned our_first_follows_matches : 1; + ++ /* Boolean indicating that strict kex mode is in use */ ++ unsigned int strict_kex; ++ + time_t lastkextime; /* time of the last kex */ + unsigned int datatrans; /* data transmitted since last kex */ + unsigned int datarecv; /* data received since last kex */ +diff --git a/process-packet.c b/process-packet.c +index 9454160..0270f71 100644 +--- a/process-packet.c ++++ b/process-packet.c +@@ -44,6 +44,7 @@ void process_packet() { + + unsigned char type; + unsigned int i; ++ unsigned int first_strict_kex = ses.kexstate.strict_kex && !ses.kexstate.donefirstkex; + time_t now; + + TRACE2(("enter process_packet")) +@@ -54,22 +55,23 @@ void process_packet() { + now = monotonic_now(); + ses.last_packet_time_keepalive_recv = now; + +- /* These packets we can receive at any time */ +- switch(type) { +- +- case SSH_MSG_IGNORE: +- goto out; +- case SSH_MSG_DEBUG: +- goto out; ++ if (type == SSH_MSG_DISCONNECT) { ++ /* Allowed at any time */ ++ dropbear_close("Disconnect received"); ++ } + +- case SSH_MSG_UNIMPLEMENTED: +- /* debugging XXX */ +- TRACE(("SSH_MSG_UNIMPLEMENTED")) +- goto out; +- +- case SSH_MSG_DISCONNECT: +- /* TODO cleanup? */ +- dropbear_close("Disconnect received"); ++ /* These packets may be received at any time, ++ except during first kex with strict kex */ ++ if (!first_strict_kex) { ++ switch(type) { ++ case SSH_MSG_IGNORE: ++ goto out; ++ case SSH_MSG_DEBUG: ++ goto out; ++ case SSH_MSG_UNIMPLEMENTED: ++ TRACE(("SSH_MSG_UNIMPLEMENTED")) ++ goto out; ++ } + } + + /* Ignore these packet types so that keepalives don't interfere with +@@ -98,7 +100,8 @@ void process_packet() { + if (type >= 1 && type <= 49 + && type != SSH_MSG_SERVICE_REQUEST + && type != SSH_MSG_SERVICE_ACCEPT +- && type != SSH_MSG_KEXINIT) ++ && type != SSH_MSG_KEXINIT ++ && !first_strict_kex) + { + TRACE(("unknown allowed packet during kexinit")) + recv_unimplemented(); +diff --git a/ssh.h b/ssh.h +index 1b4fec6..ef3efdc 100644 +--- a/ssh.h ++++ b/ssh.h +@@ -100,6 +100,10 @@ + #define SSH_EXT_INFO_C "ext-info-c" + #define SSH_SERVER_SIG_ALGS "server-sig-algs" + ++/* OpenSSH strict KEX feature */ ++#define SSH_STRICT_KEX_S "kex-strict-s-v00@openssh.com" ++#define SSH_STRICT_KEX_C "kex-strict-c-v00@openssh.com" ++ + /* service types */ + #define SSH_SERVICE_USERAUTH "ssh-userauth" + #define SSH_SERVICE_USERAUTH_LEN 12 +diff --git a/svr-session.c b/svr-session.c +index 769f073..a538e2c 100644 +--- a/svr-session.c ++++ b/svr-session.c +@@ -370,6 +370,9 @@ static void svr_algos_initialise(void) { + algo->usable = 0; + } + #endif ++ if (strcmp(algo->name, SSH_STRICT_KEX_C) == 0) { ++ algo->usable = 0; ++ } + } + } + +-- +2.40.0