current/SOURCES/openssh-6.2p2-CVE-2014-2653.patch

Description: Attempt SSHFP lookup even if server presents a certificate
 If an ssh server presents a certificate to the client, then the client does
 not check the DNS for SSHFP records. This means that a malicious server can
 essentially disable DNS-host-key-checking, which means the client will fall
 back to asking the user (who will just say "yes" to the fingerprint,
 sadly).
 .
 This is CVE-2014-2653.
Author: Damien Miller <djm@mindrot.org>
Reviewed-by: Matthew Vernon <matthew@debian.org>
Bug-Debian: http://bugs.debian.org/742513
Forwarded: not-needed
Last-Update: 2014-04-03

Index: b/sshconnect.c
===================================================================
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1110,29 +1110,39 @@
 {
        int flags = 0;
        char *fp;
+       Key *plain = NULL;
 
        fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
        debug("Server host key: %s %s", key_type(host_key), fp);
        xfree(fp);
 
-       /* XXX certs are not yet supported for DNS */
-       if (!key_is_cert(host_key) && options.verify_host_key_dns &&
-           verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) {
-               if (flags & DNS_VERIFY_FOUND) {
-
-                       if (options.verify_host_key_dns == 1 &&
-                           flags & DNS_VERIFY_MATCH &&
-                           flags & DNS_VERIFY_SECURE)
-                               return 0;
-
-                       if (flags & DNS_VERIFY_MATCH) {
-                               matching_host_key_dns = 1;
-                       } else {
-                               warn_changed_key(host_key);
-                               error("Update the SSHFP RR in DNS with the new "
-                                   "host key to get rid of this message.");
+       if (options.verify_host_key_dns) {
+               /*
+                * XXX certs are not yet supported for DNS, so downgrade
+                * them and try the plain key.
+                */
+               plain = key_from_private(host_key);
+               if (key_is_cert(plain))
+                       key_drop_cert(plain);
+               if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) {
+                       if (flags & DNS_VERIFY_FOUND) {
+                               if (options.verify_host_key_dns == 1 &&
+                                   flags & DNS_VERIFY_MATCH &&
+                                   flags & DNS_VERIFY_SECURE) {
+                                       key_free(plain);
+                                       return 0;
+                               }
+                               if (flags & DNS_VERIFY_MATCH) {
+                                       matching_host_key_dns = 1;
+                               } else {
+                                       warn_changed_key(plain);
+                                       error("Update the SSHFP RR in DNS "
+                                           "with the new host key to get rid "
+                                           "of this message.");
+                               }
                        }
                }
+               key_free(plain);
        }
 
        return check_host_key(host, hostaddr, options.port, host_key, RDRW,
1	Description: Attempt SSHFP lookup even if server presents a certificate
2	If an ssh server presents a certificate to the client, then the client does
3	not check the DNS for SSHFP records. This means that a malicious server can
4	essentially disable DNS-host-key-checking, which means the client will fall
5	back to asking the user (who will just say "yes" to the fingerprint,
6	sadly).
7	.
8	This is CVE-2014-2653.
9	Author: Damien Miller <djm@mindrot.org>
10	Reviewed-by: Matthew Vernon <matthew@debian.org>
11	Bug-Debian: http://bugs.debian.org/742513
12	Forwarded: not-needed
13	Last-Update: 2014-04-03
14
15	Index: b/sshconnect.c
16	===================================================================
17	--- a/sshconnect.c
18	+++ b/sshconnect.c
19	@@ -1110,29 +1110,39 @@
20	{
21	int flags = 0;
22	char *fp;
23	+ Key *plain = NULL;
24
25	fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
26	debug("Server host key: %s %s", key_type(host_key), fp);
27	xfree(fp);
28
29	- /* XXX certs are not yet supported for DNS */
30	- if (!key_is_cert(host_key) && options.verify_host_key_dns &&
31	- verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) {
32	- if (flags & DNS_VERIFY_FOUND) {
33	-
34	- if (options.verify_host_key_dns == 1 &&
35	- flags & DNS_VERIFY_MATCH &&
36	- flags & DNS_VERIFY_SECURE)
37	- return 0;
38	-
39	- if (flags & DNS_VERIFY_MATCH) {
40	- matching_host_key_dns = 1;
41	- } else {
42	- warn_changed_key(host_key);
43	- error("Update the SSHFP RR in DNS with the new "
44	- "host key to get rid of this message.");
45	+ if (options.verify_host_key_dns) {
46	+ /*
47	+ * XXX certs are not yet supported for DNS, so downgrade
48	+ * them and try the plain key.
49	+ */
50	+ plain = key_from_private(host_key);
51	+ if (key_is_cert(plain))
52	+ key_drop_cert(plain);
53	+ if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) {
54	+ if (flags & DNS_VERIFY_FOUND) {
55	+ if (options.verify_host_key_dns == 1 &&
56	+ flags & DNS_VERIFY_MATCH &&
57	+ flags & DNS_VERIFY_SECURE) {
58	+ key_free(plain);
59	+ return 0;
60	+ }
61	+ if (flags & DNS_VERIFY_MATCH) {
62	+ matching_host_key_dns = 1;
63	+ } else {
64	+ warn_changed_key(plain);
65	+ error("Update the SSHFP RR in DNS "
66	+ "with the new host key to get rid "
67	+ "of this message.");
68	+ }
69	}
70	}
71	+ key_free(plain);
72	}
73
74	return check_host_key(host, hostaddr, options.port, host_key, RDRW,