Bug 1112649 - openssh 7.8p1 (network repo) - authentication failure pubkey (audit.patch to blame?)
openssh 7.8p1 (network repo) - authentication failure pubkey (audit.patch to ...
Status: RESOLVED DUPLICATE of bug 1114008
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P5 - None : Major with 5 votes (vote)
: Current
Assigned To: Vítězslav Čížek
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-21 16:20 UTC by Axel Köllhofer
Modified: 2018-11-25 01:58 UTC (History)
9 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Axel Köllhofer 2018-10-21 16:20:43 UTC
After installing openssh 7.8p1 from the network repo, logging in via ssh fails when using pubkeys.

(I did not check if logging in with a password is also affected.)

Running 

sshd -Ddd

shows this error message

mm_answer_keyverify: buffer error: incomplete message

A quick search for "mm_answer_keyverify" inside the patches applied to the package shows "openssh-7.7p1-audit.patch" to contain changes to that function.

As the patch states 

"Extended auditing through the Linux Auditing subsystem
RH patch from git://pkgs.fedoraproject.org/openssh.git"

it was based on the respective patch from RedHat, I took a look at the respective patch from RH/Fedora and found the following discrepancy:

openSUSE:

@@ -1375,6 +1393,7 @@ mm_answer_keyverify(int sock, struct ssh
        char *sigalg;
        size_t signaturelen, datalen, bloblen;
        int r, ret, valid_data = 0, encoded_ret;
+       int type = 0;
 
        if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
            (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||

Fedora 28:

@@ -1396,8 +1413,10 @@ mm_answer_keyverify(int sock, struct ssh
 	char *sigalg;
 	size_t signaturelen, datalen, bloblen;
 	int r, ret, valid_data = 0, encoded_ret;
+	int type = 0;
 
-	if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
+	if ((r = sshbuf_get_u32(m, &type)) != 0 ||
+	    (r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
 	    (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
 	    (r = sshbuf_get_string(m, &data, &datalen)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)

After adding this extra change


-	if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
+	if ((r = sshbuf_get_u32(m, &type)) != 0 ||
+	    (r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
 	    (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
 	    (r = sshbuf_get_string(m, &data, &datalen)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)

to monitor.c in the audit.patch, openssh works as expected.

Greetings,

AK
Comment 1 Cristian Rodríguez 2018-10-31 00:36:32 UTC
duplicated..thanks

*** This bug has been marked as a duplicate of bug 1114008 ***