[pkg-remote-commits] [xrdp] 01/01: Backport SSL calls and add missing part of upstream patch.
Dominik George
natureshadow-guest at moszumanska.debian.org
Mon Jan 2 00:03:56 UTC 2017
This is an automated email from the git hooks/post-receive script.
natureshadow-guest pushed a commit to branch jessie
in repository xrdp.
commit f8d0dedf593709dad5bb427ab04730d93dd5fd40
Author: Dominik George <nik at naturalnet.de>
Date: Mon Jan 2 00:51:18 2017 +0100
Backport SSL calls and add missing part of upstream patch.
---
debian/patches/cve-2013-1430.patch | 108 ++++++++++++++++++++++++++++++++++---
1 file changed, 101 insertions(+), 7 deletions(-)
diff --git a/debian/patches/cve-2013-1430.patch b/debian/patches/cve-2013-1430.patch
index 38a500c..de495b3 100644
--- a/debian/patches/cve-2013-1430.patch
+++ b/debian/patches/cve-2013-1430.patch
@@ -4,7 +4,15 @@ Subject: Backport of fix for CVE-2013-1430 from 0.9.1 to 0.6.1
From: Dominik George <nik at naturalnet.de>
--- a/sesman/scp_v0.c
+++ b/sesman/scp_v0.c
-@@ -61,6 +61,11 @@ scp_v0_process(struct SCP_CONNECTION* c,
+@@ -45,6 +45,7 @@ scp_v0_process(struct SCP_CONNECTION* c,
+ if (s_item != 0)
+ {
+ display = s_item->display;
++ g_memcpy(s->guid, s_item->guid, 16);
+ if (0 != s->client_ip)
+ {
+ log_message(&(g_cfg->log), LOG_LEVEL_INFO, "++ reconnected session: username %s, display :%d.0, session_pid %d, ip %s", s->username, display, s_item->pid, s->client_ip);
+@@ -61,6 +62,11 @@ scp_v0_process(struct SCP_CONNECTION* c,
LOG_DBG(&(g_cfg->log), "pre auth");
if (1 == access_login_allowed(s->username))
{
@@ -16,7 +24,7 @@ From: Dominik George <nik at naturalnet.de>
if (0 != s->client_ip)
{
log_message(&(g_cfg->log), LOG_LEVEL_INFO, "++ created session (access granted): username %s, ip %s", s->username, s->client_ip);
-@@ -75,14 +80,14 @@ scp_v0_process(struct SCP_CONNECTION* c,
+@@ -75,14 +81,14 @@ scp_v0_process(struct SCP_CONNECTION* c,
log_message(&(g_cfg->log), LOG_LEVEL_INFO, "starting Xvnc session...");
display = session_start(s->width, s->height, s->bpp, s->username,
s->password, data, SESMAN_SESSION_TYPE_XVNC,
@@ -33,7 +41,7 @@ From: Dominik George <nik at naturalnet.de>
}
}
else
-@@ -97,7 +102,7 @@ scp_v0_process(struct SCP_CONNECTION* c,
+@@ -97,7 +103,7 @@ scp_v0_process(struct SCP_CONNECTION* c,
}
else
{
@@ -184,7 +192,15 @@ From: Dominik George <nik at naturalnet.de>
if (type == SESMAN_SESSION_TYPE_XVNC)
{
xserver_params = list_create();
-@@ -597,7 +611,7 @@ session_start_fork(int width, int height
+@@ -570,6 +584,7 @@ session_start_fork(int width, int height
+ temp->item->data = data;
+ g_strncpy(temp->item->client_ip, client_ip, 255); /* store client ip data */
+ g_strncpy(temp->item->name, username, 255);
++ g_memcpy(temp->item->guid, guid, 16);
+
+ ltime = g_time1();
+ localtime_r(<ime, &stime);
+@@ -597,7 +612,7 @@ session_start_fork(int width, int height
int DEFAULT_CC
session_start(int width, int height, int bpp, char* username, char* password,
long data, tui8 type, char* domain, char* program,
@@ -193,7 +209,7 @@ From: Dominik George <nik at naturalnet.de>
{
int display;
-@@ -613,6 +627,7 @@ session_start(int width, int height, int
+@@ -613,6 +628,7 @@ session_start(int width, int height, int
g_sync_program = program;
g_sync_directory = directory;
g_sync_client_ip = client_ip;
@@ -201,7 +217,7 @@ From: Dominik George <nik at naturalnet.de>
g_sync_data = data;
g_sync_type = type;
/* set event for main thread to see */
-@@ -634,7 +649,7 @@ session_sync_start(void)
+@@ -634,7 +650,7 @@ session_sync_start(void)
g_sync_result = session_start_fork(g_sync_width, g_sync_height, g_sync_bpp,
g_sync_username, g_sync_password,
g_sync_data, g_sync_type, g_sync_domain,
@@ -212,7 +228,15 @@ From: Dominik George <nik at naturalnet.de>
}
--- a/sesman/session.h
+++ b/sesman/session.h
-@@ -105,7 +105,7 @@ session_get_bydata(char* name, int width
+@@ -76,6 +76,7 @@ struct session_item
+ struct session_date disconnect_time;
+ struct session_date idle_time;
+ char client_ip[256];
++ tui8 guid[16];
+ };
+
+ struct session_chain
+@@ -105,7 +106,7 @@ session_get_bydata(char* name, int width
int DEFAULT_CC
session_start(int width, int height, int bpp, char* username, char* password,
long data, tui8 type, char* domain, char* program,
@@ -524,3 +548,73 @@ From: Dominik George <nik at naturalnet.de>
+g_mirror_memcpy(void *dst, const void *src, int len);
#endif
+--- a/common/ssl_calls.c
++++ b/common/ssl_calls.c
+@@ -236,6 +236,52 @@ ssl_mod_exp(char* out, int out_len, char
+ return rv;
+ }
+
++/*****************************************************************************/
++void *APP_CC
++ssl_des3_encrypt_info_create(const char *key, const char* ivec)
++{
++ EVP_CIPHER_CTX *des3_ctx;
++ const tui8 *lkey;
++ const tui8 *livec;
++
++ des3_ctx = EVP_CIPHER_CTX_new();
++ lkey = (const tui8 *) key;
++ livec = (const tui8 *) ivec;
++ EVP_EncryptInit_ex(des3_ctx, EVP_des_ede3_cbc(), NULL, lkey, livec);
++ EVP_CIPHER_CTX_set_padding(des3_ctx, 0);
++ return des3_ctx;
++}
++
++/*****************************************************************************/
++void APP_CC
++ssl_des3_info_delete(void *des3)
++{
++ EVP_CIPHER_CTX *des3_ctx;
++
++ des3_ctx = (EVP_CIPHER_CTX *) des3;
++ if (des3_ctx != 0)
++ {
++ EVP_CIPHER_CTX_free(des3_ctx);
++ }
++}
++
++/*****************************************************************************/
++int APP_CC
++ssl_des3_encrypt(void *des3, int length, const char *in_data, char *out_data)
++{
++ EVP_CIPHER_CTX *des3_ctx;
++ int len;
++ const tui8 *lin_data;
++ tui8 *lout_data;
++
++ des3_ctx = (EVP_CIPHER_CTX *) des3;
++ lin_data = (const tui8 *) in_data;
++ lout_data = (tui8 *) out_data;
++ len = 0;
++ EVP_EncryptUpdate(des3_ctx, lout_data, &len, lin_data, length);
++ return 0;
++}
++
+ #if defined(OLD_RSA_GEN1)
+ /*****************************************************************************/
+ /* returns error
+--- a/common/ssl_calls.h
++++ b/common/ssl_calls.h
+@@ -58,6 +58,12 @@ ssl_md5_complete(void* md5_info, char* d
+ int APP_CC
+ ssl_mod_exp(char* out, int out_len, char* in, int in_len,
+ char* mod, int mod_len, char* exp, int exp_len);
++void *APP_CC
++ssl_des3_encrypt_info_create(const char *key, const char* ivec);
++void APP_CC
++ssl_des3_info_delete(void *des3);
++int APP_CC
++ssl_des3_encrypt(void *des3, int length, const char *in_data, char *out_data);
+ int APP_CC
+ ssl_gen_key_xrdp1(int key_size_in_bits, char* exp, int exp_len,
+ char* mod, int mod_len, char* pri, int pri_len);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-remote/xrdp.git
More information about the pkg-remote-commits
mailing list