|
| 1 | +https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909.patch |
| 2 | + |
| 3 | +From b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 Mon Sep 17 00:00:00 2001 |
| 4 | +From: Roland Shoemaker <roland@golang.org> |
| 5 | +Date: Tue, 3 Dec 2024 09:03:03 -0800 |
| 6 | +Subject: [PATCH] ssh: make the public key cache a 1-entry FIFO cache |
| 7 | + |
| 8 | +Users of the the ssh package seem to extremely commonly misuse the |
| 9 | +PublicKeyCallback API, assuming that the key passed in the last call |
| 10 | +before a connection is established is the key used for authentication. |
| 11 | +Some users then make authorization decisions based on this key. This |
| 12 | +property is not documented, and may not be correct, due to the caching |
| 13 | +behavior of the package, resulting in users making incorrect |
| 14 | +authorization decisions about the connection. |
| 15 | + |
| 16 | +This change makes the cache a one entry FIFO cache, making the assumed |
| 17 | +property, that the last call to PublicKeyCallback represents the key |
| 18 | +actually used for authentication, actually hold. |
| 19 | + |
| 20 | +Thanks to Damien Tournoud, Patrick Dawkins, Vince Parker, and |
| 21 | +Jules Duvivier from the Platform.sh / Upsun engineering team |
| 22 | +for reporting this issue. |
| 23 | + |
| 24 | +Fixes golang/go#70779 |
| 25 | +Fixes CVE-2024-45337 |
| 26 | + |
| 27 | +Change-Id: Ife7c7b4045d8b6bcd7e3a417bdfae370c709797f |
| 28 | +Reviewed-on: https://go-review.googlesource.com/c/crypto/+/635315 |
| 29 | +Reviewed-by: Roland Shoemaker <roland@golang.org> |
| 30 | +Auto-Submit: Gopher Robot <gobot@golang.org> |
| 31 | +Reviewed-by: Damien Neil <dneil@google.com> |
| 32 | +Reviewed-by: Nicola Murino <nicola.murino@gmail.com> |
| 33 | +LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> |
| 34 | +--- |
| 35 | + vendor/golang.org/x/crypto/ssh/server.go | 15 ++++++++++---- |
| 36 | + |
| 37 | +diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go |
| 38 | +index c0d1c29e6f..5b5ccd96f4 100644 |
| 39 | +--- a/vendor/golang.org/x/crypto/ssh/server.go |
| 40 | ++++ b/vendor/golang.org/x/crypto/ssh/server.go |
| 41 | +@@ -149,7 +149,7 @@ func (s *ServerConfig) AddHostKey(key Signer) { |
| 42 | + } |
| 43 | + |
| 44 | + // cachedPubKey contains the results of querying whether a public key is |
| 45 | +-// acceptable for a user. |
| 46 | ++// acceptable for a user. This is a FIFO cache. |
| 47 | + type cachedPubKey struct { |
| 48 | + user string |
| 49 | + pubKeyData []byte |
| 50 | +@@ -157,7 +157,13 @@ type cachedPubKey struct { |
| 51 | + perms *Permissions |
| 52 | + } |
| 53 | + |
| 54 | +-const maxCachedPubKeys = 16 |
| 55 | ++// maxCachedPubKeys is the number of cache entries we store. |
| 56 | ++// |
| 57 | ++// Due to consistent misuse of the PublicKeyCallback API, we have reduced this |
| 58 | ++// to 1, such that the only key in the cache is the most recently seen one. This |
| 59 | ++// forces the behavior that the last call to PublicKeyCallback will always be |
| 60 | ++// with the key that is used for authentication. |
| 61 | ++const maxCachedPubKeys = 1 |
| 62 | + |
| 63 | + // pubKeyCache caches tests for public keys. Since SSH clients |
| 64 | + // will query whether a public key is acceptable before attempting to |
| 65 | +@@ -179,9 +185,10 @@ func (c *pubKeyCache) get(user string, pubKeyData []byte) (cachedPubKey, bool) { |
| 66 | + |
| 67 | + // add adds the given tuple to the cache. |
| 68 | + func (c *pubKeyCache) add(candidate cachedPubKey) { |
| 69 | +- if len(c.keys) < maxCachedPubKeys { |
| 70 | +- c.keys = append(c.keys, candidate) |
| 71 | ++ if len(c.keys) >= maxCachedPubKeys { |
| 72 | ++ c.keys = c.keys[1:] |
| 73 | + } |
| 74 | ++ c.keys = append(c.keys, candidate) |
| 75 | + } |
| 76 | + |
| 77 | + // ServerConn is an authenticated SSH connection, as seen from the |
0 commit comments