[Bug 1159097] New: OpenSSH 7.9p1-lp151.3.4 source package: Wrong function name used in patch (openssh-7.7p1-gssapi_key_exchange.patch)
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1159097 Bug ID: 1159097 Summary: OpenSSH 7.9p1-lp151.3.4 source package: Wrong function name used in patch (openssh-7.7p1-gssapi_key_exchange.patch) Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: scheiner@hlrs.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0 Build Identifier: During creation of a GSI and HPN enabled OpenSSH package ([1]) for the GridCF's Grid Community Toolkit we (a colleague of mine and me) discovered an oddity in the "openssh-7.7p1-gssapi_key_exchange.patch" which is part of [2] - the package used as basis for [1]. [1]: https://build.opensuse.org/package/show/home:frank_scheiner:gct/gsi-openssh [2]: http://download.opensuse.org/source/distribution/leap/15.1/repo/oss/src/open... There we have: ``` 1575 +int 1576 +kexgss_server(struct ssh *ssh) [...] 1603 + const BIGNUM *p, *g, *pub_key; [...] 1650 + DH_set0_pqg(dh, &p, NULL, &g); [...] 1652 + packet_put_bignum2((BIGNUM *)p); 1653 + packet_put_bignum2((BIGNUM *)g); [...] 1745 + DH_get0_key(dh, &pub_key, NULL); [...] 1793 + packet_put_bignum2(pub_key); ``` Specifically line 1650 looks odd, when comparing the arguments (and their types) to the actual interface of the `DH_set0_pqg()` function on e.g. [3]: ``` int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); ``` ``` void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); ``` ... also from [3] would be a better fit here. [3]: https://www.openssl.org/docs/man1.1.1/man3/DH_set0_pqg.html And comparing these specific lines to their counterparts in the OpenSSH 7.9p1 src RPM in Fedora ([4], from the "openssh-7.8p1-gsskex.patch" patch): ``` 1390 +int 1391 +kexgss_server(struct ssh *ssh) [...] 1418 + const BIGNUM *p, *g, *pub_key; [...] 1464 + DH_get0_pqg(dh, &p, NULL, &g); [...] 1466 + packet_put_bignum2((BIGNUM *)p); 1467 + packet_put_bignum2((BIGNUM *)g); [...] 1559 + DH_get0_key(dh, &pub_key, NULL); [...] 1607 + packet_put_bignum2(pub_key); ``` ...it looks like the function name in the openSUSE patch differs and maybe is the result of a typo? [4]: https://kojipkgs.fedoraproject.org/packages/gsi-openssh/7.9p1/7.fc31/src/gsi... When compiling with the assumed wrong function name in the openSUSE patch together with our GSI patch(es) (which use the GSSAPI), this creates the following related warnings: ``` gcc -fpie -fstack-protector -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -I/usr/include/editline -DLDAP_DEPRECATED -DOPENSSL_LOAD_CONF -I/usr/include/globus -DSSHDIR=\"/etc/gsissh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/gsissh/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/gsissh/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/gsissh/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/libexec/gsissh/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/lib/empty\" -DHAVE_CONFIG_H -c kexgsss.c -o kexgsss.o kexgsss.c: In function ‘kexgss_server’: kexgsss.c:131:32: warning: passing argument 2 of ‘DH_set0_pqg’ from incompatible pointer type [-Wincompatible-pointer-types] DH_set0_pqg(dh, &p, NULL, &g); ^ In file included from /usr/include/openssl/dsa.h:31:0, from sshkey.h:33, from kexgsss.c:37: /usr/include/openssl/dh.h:175:5: note: expected ‘BIGNUM * {aka struct bignum_st *}’ but argument is of type ‘const BIGNUM ** {aka const struct bignum_st **}’ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); ^~~~~~~~~~~ kexgsss.c:131:42: warning: passing argument 4 of ‘DH_set0_pqg’ from incompatible pointer type [-Wincompatible-pointer-types] DH_set0_pqg(dh, &p, NULL, &g); ^ In file included from /usr/include/openssl/dsa.h:31:0, from sshkey.h:33, from kexgsss.c:37: /usr/include/openssl/dh.h:175:5: note: expected ‘BIGNUM * {aka struct bignum_st *}’ but argument is of type ‘const BIGNUM ** {aka const struct bignum_st **}’ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); ^~~~~~~~~~~ In file included from packet.h:223:0, from kexgsss.c:41: opacket.h:77:39: warning: passing argument 2 of ‘ssh_packet_put_bignum2’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers] ssh_packet_put_bignum2(active_state, (value)) ^ kexgsss.c:275:2: note: in expansion of macro ‘packet_put_bignum2’ packet_put_bignum2(pub_key); ^~~~~~~~~~~~~~~~~~ opacket.h:10:10: note: expected ‘BIGNUM * {aka struct bignum_st *}’ but argument is of type ‘const BIGNUM * {aka const struct bignum_st *}’ void ssh_packet_put_bignum2(struct ssh *, BIGNUM * value); ^~~~~~~~~~~~~~~~~~~~~~ [...] ``` When using the assumed correct function name, these warnings are gone, but a new warning appears due to passing a const var as non-const argument: ``` [ 131s] gcc -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -fpie -fstack-protector -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -I/usr/include/editline -DLDAP_DEPRECATED -DOPENSSL_LOAD_CONF -I/usr/include/globus -DSSHDIR=\"/etc/gsissh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/gsissh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/gsissh/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/gsissh/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/gsissh/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/gsissh/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/lib/empty\" -DHAVE_CONFIG_H -c ssh.c -o ssh.o [ 131s] In file included from packet.h:223:0, [ 131s] from kexgsss.c:41: [ 131s] kexgsss.c: In function 'kexgss_server': [ 131s] opacket.h:77:39: warning: passing argument 2 of 'ssh_packet_put_bignum2' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] [ 131s] ssh_packet_put_bignum2(active_state, (value)) [ 131s] ^ [ 131s] kexgsss.c:275:2: note: in expansion of macro 'packet_put_bignum2' [ 131s] packet_put_bignum2(pub_key); [ 131s] ^~~~~~~~~~~~~~~~~~ [ 131s] opacket.h:10:10: note: expected 'BIGNUM * {aka struct bignum_st *}' but argument is of type 'const BIGNUM * {aka const struct bignum_st *}' [ 131s] void ssh_packet_put_bignum2(struct ssh *, BIGNUM * value); [ 131s] ^~~~~~~~~~~~~~~~~~~~~~ ``` What's your opinion on that? Reproducible: Always -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1159097
Mischa Salle
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1159097
http://bugzilla.opensuse.org/show_bug.cgi?id=1159097#c1
Frank Scheiner
participants (1)
-
bugzilla_noreply@novell.com