[bug#32451] [PATCH] gnu: openssh: Don't allow remote username enumeration.

[bug#32451] [PATCH] gnu: openssh: Don't allow remote username enumeration.

[Leo Famulari]

The upstream commit needs some changes in order to apply to the latest
OpenSSH release, and I've done that here. I'm currently building in
order to test it. Careful review requested!

* gnu/packages/patches/openssh-remote-username-enumeration.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ssh.scm (openssh)[source]: Use it.
---
 gnu/local.mk                                  |   1 +
 .../openssh-remote-username-enumeration.patch | 192 ++++++++++++++++++
 gnu/packages/ssh.scm                          |   1 +
 3 files changed, 194 insertions(+)
 create mode 100644 gnu/packages/patches/openssh-remote-username-enumeration.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index e14657c2d..c9b9c3c9d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -997,6 +997,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/openldap-CVE-2017-9287.patch		\
   %D%/packages/patches/openocd-nrf52.patch			\
   %D%/packages/patches/opensmtpd-fix-crash.patch		\
+  %D%/packages/patches/openssh-remote-username-enumeration.patch	\
   %D%/packages/patches/openssl-runpath.patch			\
   %D%/packages/patches/openssl-1.0.2-CVE-2018-0495.patch	\
   %D%/packages/patches/openssl-1.0.2-CVE-2018-0732.patch	\
diff --git a/gnu/packages/patches/openssh-remote-username-enumeration.patch b/gnu/packages/patches/openssh-remote-username-enumeration.patch
new file mode 100644
index 000000000..5cb59eeeb
--- /dev/null
+++ b/gnu/packages/patches/openssh-remote-username-enumeration.patch
@@ -0,0 +1,192 @@
+Don't allow remote clients to enumerate usernames on the server:
+
+http://seclists.org/oss-sec/2018/q3/124
+
+Patch adapted from upstream source repository:
+
+https://anongit.mindrot.org/openssh.git/commit/?id=74287f5df9966a0648b4a68417451dd18f079ab8
+
+From 74287f5df9966a0648b4a68417451dd18f079ab8 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Tue, 31 Jul 2018 03:10:27 +0000
+Subject: [PATCH] upstream: delay bailout for invalid authentic
+
+=?UTF-8?q?ating=20user=20until=20after=20the=20packet=20containing=20the?=
+=?UTF-8?q?=20request=20has=20been=20fully=20parsed.=20Reported=20by=20Dar?=
+=?UTF-8?q?iusz=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d
+---
+ auth2-gss.c       | 11 +++++++----
+ auth2-hostbased.c | 11 ++++++-----
+ auth2-pubkey.c    | 25 +++++++++++++++----------
+ 3 files changed, 28 insertions(+), 19 deletions(-)
+
+diff --git a/auth2-gss.c b/auth2-gss.c
+index 47308c5c..9351e042 100644
+--- a/auth2-gss.c
++++ b/auth2-gss.c
+#@@ -1,4 +1,4 @@
+#-/* $OpenBSD: auth2-gss.c,v 1.28 2018/07/10 09:13:30 djm Exp $ */
+#+/* $OpenBSD: auth2-gss.c,v 1.29 2018/07/31 03:10:27 djm Exp $ */
+# 
+# /*
+#  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
+#@@ -70,9 +70,6 @@ userauth_gssapi(struct ssh *ssh)
+# 	size_t len;
+# 	u_char *doid = NULL;
+# 
+#-	if (!authctxt->valid || authctxt->user == NULL)
+#-		return (0);
+#-
+# 	if ((r = sshpkt_get_u32(ssh, &mechs)) != 0)
+# 		fatal("%s: %s", __func__, ssh_err(r));
+# 
+@@ -106,6 +103,12 @@ userauth_gssapi(struct ssh *ssh)
+ 		return (0);
+ 	}
+ 
++	if (!authctxt->valid || authctxt->user == NULL) {
++		debug2("%s: disabled because of invalid user", __func__);
++		free(doid);
++		return (0);
++	}
++
+ 	if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
+ 		if (ctxt != NULL)
+ 			ssh_gssapi_delete_ctx(&ctxt);
+diff --git a/auth2-hostbased.c b/auth2-hostbased.c
+index 60159a56..35939329 100644
+--- a/auth2-hostbased.c
++++ b/auth2-hostbased.c
+#@@ -1,4 +1,4 @@
+#-/* $OpenBSD: auth2-hostbased.c,v 1.35 2018/07/09 21:35:50 markus Exp $ */
+#+/* $OpenBSD: auth2-hostbased.c,v 1.36 2018/07/31 03:10:27 djm Exp $ */
+# /*
+#  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+#  *
+@@ -67,10 +67,6 @@ userauth_hostbased(struct ssh *ssh)
+ 	size_t alen, blen, slen;
+ 	int r, pktype, authenticated = 0;
+ 
+-	if (!authctxt->valid) {
+-		debug2("%s: disabled because of invalid user", __func__);
+-		return 0;
+-	}
+ 	/* XXX use sshkey_froms() */
+ 	if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 ||
+ 	    (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 ||
+@@ -117,6 +113,11 @@ userauth_hostbased(struct ssh *ssh)
+ 		goto done;
+ 	}
+ 
++	if (!authctxt->valid || authctxt->user == NULL) {
++		debug2("%s: disabled because of invalid user", __func__);
++		goto done;
++	}
++
+ 	if ((b = sshbuf_new()) == NULL)
+ 		fatal("%s: sshbuf_new failed", __func__);
+ 	/* reconstruct packet */
+diff --git a/auth2-pubkey.c b/auth2-pubkey.c
+index c4d0f790..e1c15040 100644
+--- a/auth2-pubkey.c
++++ b/auth2-pubkey.c
+#@@ -1,4 +1,4 @@
+#-/* $OpenBSD: auth2-pubkey.c,v 1.82 2018/07/11 18:55:11 markus Exp $ */
+#+/* $OpenBSD: auth2-pubkey.c,v 1.83 2018/07/31 03:10:27 djm Exp $ */
+# /*
+#  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+#  *
+@@ -89,19 +89,15 @@ userauth_pubkey(struct ssh *ssh)
+ {
+ 	Authctxt *authctxt = ssh->authctxt;
+ 	struct passwd *pw = authctxt->pw;
+-	struct sshbuf *b;
++	struct sshbuf *b = NULL;
+ 	struct sshkey *key = NULL;
+-	char *pkalg, *userstyle = NULL, *key_s = NULL, *ca_s = NULL;
+-	u_char *pkblob, *sig, have_sig;
++	char *pkalg = NULL, *userstyle = NULL, *key_s = NULL, *ca_s = NULL;
++	u_char *pkblob = NULL, *sig = NULL, have_sig;
+ 	size_t blen, slen;
+ 	int r, pktype;
+ 	int authenticated = 0;
+ 	struct sshauthopt *authopts = NULL;
+ 
+-	if (!authctxt->valid) {
+-		debug2("%s: disabled because of invalid user", __func__);
+-		return 0;
+-	}
+ 	if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
+ 	    (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
+ 	    (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
+@@ -167,6 +163,11 @@ userauth_pubkey(struct ssh *ssh)
+ 				fatal("%s: sshbuf_put_string session id: %s",
+ 				    __func__, ssh_err(r));
+ 		}
++		if (!authctxt->valid || authctxt->user == NULL) {
++			debug2("%s: disabled because of invalid user",
++			    __func__);
++			goto done;
++		}
+ 		/* reconstruct packet */
+ 		xasprintf(&userstyle, "%s%s%s", authctxt->user,
+ 		    authctxt->style ? ":" : "",
+@@ -183,7 +184,6 @@ userauth_pubkey(struct ssh *ssh)
+ #ifdef DEBUG_PK
+ 		sshbuf_dump(b, stderr);
+ #endif
+-
+ 		/* test for correct signature */
+ 		authenticated = 0;
+ 		if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
+@@ -194,7 +194,6 @@ userauth_pubkey(struct ssh *ssh)
+ 			authenticated = 1;
+ 		}
+ 		sshbuf_free(b);
+-		free(sig);
+ 		auth2_record_key(authctxt, authenticated, key);
+ 	} else {
+ 		debug("%s: test pkalg %s pkblob %s%s%s",
+@@ -205,6 +204,11 @@ userauth_pubkey(struct ssh *ssh)
+ 		if ((r = sshpkt_get_end(ssh)) != 0)
+ 			fatal("%s: %s", __func__, ssh_err(r));
+ 
++		if (!authctxt->valid || authctxt->user == NULL) {
++			debug2("%s: disabled because of invalid user",
++			    __func__);
++			goto done;
++		}
+ 		/* XXX fake reply and always send PK_OK ? */
+ 		/*
+ 		 * XXX this allows testing whether a user is allowed
+@@ -238,6 +242,7 @@ done:
+ 	free(pkblob);
+ 	free(key_s);
+ 	free(ca_s);
++	free(sig);
+ 	return authenticated;
+ }
+ 
+-- 
+2.18.0
+
+# Adapted from upstream to apply to OpenSSH 7.7p1.
+diff --git a/auth2-gss.c b/auth2-gss.c
+index 589283b7..1d7cfb39 100644
+--- a/auth2-gss.c
++++ b/auth2-gss.c
+@@ -69,9 +69,6 @@ userauth_gssapi(struct ssh *ssh)
+ 	u_int len;
+ 	u_char *doid = NULL;
+ 
+-	if (!authctxt->valid || authctxt->user == NULL)
+-		return (0);
+-
+ 	mechs = packet_get_int();
+ 	if (mechs == 0) {
+ 		debug("Mechanism negotiation is not supported");
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index faa09e94c..4ad0cd1b8 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -153,6 +153,7 @@ a server that supports the SSH-2 protocol.")
              (method url-fetch)
              (uri (string-append "mirror://openbsd/OpenSSH/portable/"
                                  name "-" version ".tar.gz"))
+             (patches (search-patches "openssh-remote-username-enumeration.patch"))
              (sha256
               (base32
                "13vbbrvj3mmfhj83qyrg5c0ipr6bzw5s65dy4k8gr7p9hkkfffyp"))))
-- 
2.18.0

bug#32451: [PATCH] gnu: openssh: Don't allow remote username enumeration

[Leo Famulari]

The bug was assigned CVE-2018-15473.

This patch is basically identical to the one being used by Debian. I
tested with the POC from oss-sec [0], which required some changes to the
Paramiko package.

Pushed as 6cd2c4a83cc2baa387d04979b489bee2429cc39d

[0] http://seclists.org/oss-sec/2018/q3/125

[bug#32451] [PATCH] gnu: openssh: Don't allow remote username enumeration

[Ludovic Courtès]

Leo Famulari <leo@famulari.name> skribis:

> The bug was assigned CVE-2018-15473.
>
> This patch is basically identical to the one being used by Debian. I
> tested with the POC from oss-sec [0], which required some changes to the
> Paramiko package.
>
> Pushed as 6cd2c4a83cc2baa387d04979b489bee2429cc39d

Thank you!

Ludo’.