Ubuntu
openssh package

Merge ~3v1n0/ubuntu/+source/openssh:ubuntu/focal-devel into ubuntu/+source/openssh:ubuntu/focal-devel

  1. Git
  2. lp:~3v1n0/ubuntu/+source/openssh
  3. ubuntu/focal-devel
  4. Merge into ubuntu/focal-devel
Proposed by Marco Trevisan (Treviño)
Status: Merged
Merge reported by: Robie Basak
Merged at revision: 9691ef52be478fafa1a578b2196a4eaa7400edf8
Proposed branch: ~3v1n0/ubuntu/+source/openssh:ubuntu/focal-devel
Merge into: ubuntu/+source/openssh:ubuntu/focal-devel
Diff against target: 140 lines (+118/-0)
3 files modified
debian/changelog (+9/-0)
debian/patches/series (+1/-0)
debian/patches/sshconnect2-Write-kbd-interactive-service-info-and-instru.patch (+108/-0)
Reviewer Review Type Date Requested Status
Vladimir Petko (community) Abstain
git-ubuntu import Pending
Review via email: mp+471763@code.launchpad.net

Description of the change

Backport fix for https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2077576 to focal

To post a comment you must log in.
Revision history for this message
Sebastien Bacher (seb128) wrote :

I've sponsored the change now, whoever has access to change the MP status can mark is as merged

Revision history for this message
Vladimir Petko (vpa1977) wrote :

Claiming review slot to remove from the sponsoring queue

review: Abstain

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 71d9b41..379fb41 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,12 @@
6+openssh (1:8.2p1-4ubuntu0.12) UNRELEASED; urgency=medium
7+
8+ * debian/patches: Properly notify keyboard interactive info and instructions.
9+ Use notifier to send keyboard interactive info and instruction messages
10+ to properly print non-ASCII chars when using PAM-based authentication.
11+ (LP: #2077576)
12+
13+ -- Marco Trevisan (Treviño) <marco@ubuntu.com> Wed, 21 Aug 2024 16:22:35 -0400
14+
15 openssh (1:8.2p1-4ubuntu0.11) focal-security; urgency=medium
16
17 * SECURITY UPDATE: Supplemental groups not initialized
18diff --git a/debian/patches/series b/debian/patches/series
19index f00cdc7..5619355 100644
20--- a/debian/patches/series
21+++ b/debian/patches/series
22@@ -37,3 +37,4 @@ CVE-2023-48795.patch
23 CVE-2021-41617-1.patch
24 CVE-2021-41617-2.patch
25 CVE-2023-51385.patch
26+sshconnect2-Write-kbd-interactive-service-info-and-instru.patch
27diff --git a/debian/patches/sshconnect2-Write-kbd-interactive-service-info-and-instru.patch b/debian/patches/sshconnect2-Write-kbd-interactive-service-info-and-instru.patch
28new file mode 100644
29index 0000000..a12f4e0
30--- /dev/null
31+++ b/debian/patches/sshconnect2-Write-kbd-interactive-service-info-and-instru.patch
32@@ -0,0 +1,108 @@
33+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
34+Date: Tue, 17 Oct 2023 06:12:03 +0200
35+Subject: sshconnect2: Write kbd-interactive service,
36+ info and instructions as utf-8
37+MIME-Version: 1.0
38+Content-Type: text/plain; charset="utf-8"
39+Content-Transfer-Encoding: 8bit
40+
41+As per the previous server change now the keyboard-interactive service
42+and instruction values could be reported as soon as they are available
43+and so they're not prompts anymore and not parsed like them.
44+
45+While this was already supported by the SSH client, these messages were
46+not properly written as the escaped sequences they contained were not
47+correctly reported.
48+
49+So for example a message containing "\" was represented as "\\" and
50+similarly for all the other C escape sequences.
51+
52+This was leading to more problems when it come to utf-8 chars, as they
53+were only represented by their octal representation.
54+
55+This was easily testable by adding a line like the one below to the
56+sshd PAM service:
57+ auth requisite pam_echo.so Hello SSHD! Want some 🍕?
58+
59+Which was causing this to be written instead:
60+ Hello SSHD! Want some \360\237\215\225?
61+
62+To handle this, instead of simply using fmprintf, we're using the notifier
63+in a way can be exposed to users in the proper format and UI.
64+
65+Origin: https://github.com/openssh/openssh-portable/pull/452/commits/cc14301ce05
66+---
67+ sshconnect2.c | 33 ++++++++++++++++++++++++---------
68+ 1 file changed, 24 insertions(+), 9 deletions(-)
69+
70+diff --git a/sshconnect2.c b/sshconnect2.c
71+index bf34201..60a14b3 100644
72+--- a/sshconnect2.c
73++++ b/sshconnect2.c
74+@@ -1203,6 +1203,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)
75+ char *info = NULL, *lang = NULL, *password = NULL, *retype = NULL;
76+ char prompt[256];
77+ const char *host;
78++ size_t info_len;
79+ int r;
80+
81+ debug2("input_userauth_passwd_changereq");
82+@@ -1212,11 +1213,15 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)
83+ "no authentication context");
84+ host = options.host_key_alias ? options.host_key_alias : authctxt->host;
85+
86+- if ((r = sshpkt_get_cstring(ssh, &info, NULL)) != 0 ||
87++ if ((r = sshpkt_get_cstring(ssh, &info, &info_len)) != 0 ||
88+ (r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0)
89+ goto out;
90+- if (strlen(info) > 0)
91+- logit("%s", info);
92++ if (info_len > 0) {
93++ struct notifier_ctx *notifier = NULL;
94++ debug("%s: info: %s", __func__, info);
95++ notifier = notify_start(0, "%s", info);
96++ notify_complete(notifier);
97++ }
98+ if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
99+ (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
100+ (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
101+@@ -2003,8 +2008,10 @@ input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
102+ Authctxt *authctxt = ssh->authctxt;
103+ char *name = NULL, *inst = NULL, *lang = NULL, *prompt = NULL;
104+ char *response = NULL;
105++ struct notifier_ctx *notifier = NULL;
106+ u_char echo = 0;
107+ u_int num_prompts, i;
108++ size_t name_len, inst_len;
109+ int r;
110+
111+ debug2("input_userauth_info_req");
112+@@ -2014,14 +2021,22 @@ input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
113+
114+ authctxt->info_req_seen = 1;
115+
116+- if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0 ||
117+- (r = sshpkt_get_cstring(ssh, &inst, NULL)) != 0 ||
118++ if ((r = sshpkt_get_cstring(ssh, &name, &name_len)) != 0 ||
119++ (r = sshpkt_get_cstring(ssh, &inst, &inst_len)) != 0 ||
120+ (r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0)
121+ goto out;
122+- if (strlen(name) > 0)
123+- logit("%s", name);
124+- if (strlen(inst) > 0)
125+- logit("%s", inst);
126++ if (name_len > 0) {
127++ debug("%s: kbd int name: %s", __func__, name);
128++ notifier = notify_start(0, "%s", name);
129++ notify_complete(notifier);
130++ notifier = NULL;
131++ }
132++ if (inst_len > 0) {
133++ debug("%s: kbd int inst: %s", __func__, inst);
134++ notifier = notify_start(0, "%s", inst);
135++ notify_complete(notifier);
136++ notifier = NULL;
137++ }
138+
139+ if ((r = sshpkt_get_u32(ssh, &num_prompts)) != 0)
140+ goto out;

Subscribers

People subscribed via source and target branches