diff options
| author | Roland Shoemaker <roland@golang.org> | 2024-12-03 09:03:03 -0800 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2024-12-11 09:50:49 -0800 |
| commit | b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 (patch) | |
| tree | 69f31d6f5e0e04427c355f89a56ec2fde17814ad /ssh/server_test.go | |
| parent | 7042ebcbe097f305ba3a93f9a22b4befa4b83d29 (diff) | |
| download | go-x-crypto-0.31.0.tar.xz | |
ssh: make the public key cache a 1-entry FIFO cachev0.31.0
Users of the the ssh package seem to extremely commonly misuse the
PublicKeyCallback API, assuming that the key passed in the last call
before a connection is established is the key used for authentication.
Some users then make authorization decisions based on this key. This
property is not documented, and may not be correct, due to the caching
behavior of the package, resulting in users making incorrect
authorization decisions about the connection.
This change makes the cache a one entry FIFO cache, making the assumed
property, that the last call to PublicKeyCallback represents the key
actually used for authentication, actually hold.
Thanks to Damien Tournoud, Patrick Dawkins, Vince Parker, and
Jules Duvivier from the Platform.sh / Upsun engineering team
for reporting this issue.
Fixes golang/go#70779
Fixes CVE-2024-45337
Change-Id: Ife7c7b4045d8b6bcd7e3a417bdfae370c709797f
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/635315
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Diffstat (limited to 'ssh/server_test.go')
| -rw-r--r-- | ssh/server_test.go | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/ssh/server_test.go b/ssh/server_test.go index b6d8ab3..ba1bd10 100644 --- a/ssh/server_test.go +++ b/ssh/server_test.go @@ -5,6 +5,7 @@ package ssh import ( + "bytes" "errors" "fmt" "io" @@ -299,6 +300,54 @@ func TestBannerError(t *testing.T) { } } +func TestPublicKeyCallbackLastSeen(t *testing.T) { + var lastSeenKey PublicKey + + c1, c2, err := netPipe() + if err != nil { + t.Fatalf("netPipe: %v", err) + } + defer c1.Close() + defer c2.Close() + serverConf := &ServerConfig{ + PublicKeyCallback: func(conn ConnMetadata, key PublicKey) (*Permissions, error) { + lastSeenKey = key + fmt.Printf("seen %#v\n", key) + if _, ok := key.(*dsaPublicKey); !ok { + return nil, errors.New("nope") + } + return nil, nil + }, + } + serverConf.AddHostKey(testSigners["ecdsap256"]) + + done := make(chan struct{}) + go func() { + defer close(done) + NewServerConn(c1, serverConf) + }() + + clientConf := ClientConfig{ + User: "user", + Auth: []AuthMethod{ + PublicKeys(testSigners["rsa"], testSigners["dsa"], testSigners["ed25519"]), + }, + HostKeyCallback: InsecureIgnoreHostKey(), + } + + _, _, _, err = NewClientConn(c2, "", &clientConf) + if err != nil { + t.Fatal(err) + } + <-done + + expectedPublicKey := testSigners["dsa"].PublicKey().Marshal() + lastSeenMarshalled := lastSeenKey.Marshal() + if !bytes.Equal(lastSeenMarshalled, expectedPublicKey) { + t.Errorf("unexpected key: got %#v, want %#v", lastSeenKey, testSigners["dsa"].PublicKey()) + } +} + type markerConn struct { closed uint32 used uint32 |