gnu: openssh: Don't allow remote username enumeration [fixes CVE-2018-15473].

* gnu/packages/patches/openssh-CVE-2018-15473.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ssh.scm (openssh)[source]: Use it.

gnu/local.mk

@@ -997,6 +997,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/openldap-CVE-2017-9287.patch		\
   %D%/packages/patches/openocd-nrf52.patch			\
   %D%/packages/patches/opensmtpd-fix-crash.patch		\
+  %D%/packages/patches/openssh-CVE-2018-15473.patch		\
   %D%/packages/patches/openssl-runpath.patch			\
   %D%/packages/patches/openssl-1.0.2-CVE-2018-0495.patch	\
   %D%/packages/patches/openssl-1.0.2-CVE-2018-0732.patch	\

gnu/packages/patches/openssh-CVE-2018-15473.patch

@@ -0,0 +1,165 @@
+Fix CVE-2018-15473, a method by which remote clients can enumerate
+usernames on the server:
+
+http://seclists.org/oss-sec/2018/q3/124
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473
+
+Patch adapted from upstream source repository:
+
+https://anongit.mindrot.org/openssh.git/commit/?id=74287f5df9966a0648b4a68417451dd18f079ab8
+
+From 74287f5df9966a0648b4a68417451dd18f079ab8 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Tue, 31 Jul 2018 03:10:27 +0000
+Subject: [PATCH] upstream: delay bailout for invalid authentic
+
+=?UTF-8?q?ating=20user=20until=20after=20the=20packet=20containing=20the?=
+=?UTF-8?q?=20request=20has=20been=20fully=20parsed.=20Reported=20by=20Dar?=
+=?UTF-8?q?iusz=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d
+---
+ auth2-gss.c       | 11 +++++++----
+ auth2-hostbased.c | 11 ++++++-----
+ auth2-pubkey.c    | 25 +++++++++++++++----------
+ 3 files changed, 28 insertions(+), 19 deletions(-)
+
+# Adapted from upstream to apply to OpenSSH 7.7p1.
+diff --git a/auth2-gss.c b/auth2-gss.c
+index 589283b7..1d7cfb39 100644
+--- a/auth2-gss.c
++++ b/auth2-gss.c
+@@ -69,9 +69,6 @@ userauth_gssapi(struct ssh *ssh)
+ 	u_int len;
+ 	u_char *doid = NULL;
+ 
+-	if (!authctxt->valid || authctxt->user == NULL)
+-		return (0);
+-
+ 	mechs = packet_get_int();
+ 	if (mechs == 0) {
+ 		debug("Mechanism negotiation is not supported");
+diff --git a/auth2-gss.c b/auth2-gss.c
+index 47308c5c..9351e042 100644
+--- a/auth2-gss.c
++++ b/auth2-gss.c
+@@ -106,6 +103,12 @@ userauth_gssapi(struct ssh *ssh)
+ 		return (0);
+ 	}
+ 
++	if (!authctxt->valid || authctxt->user == NULL) {
++		debug2("%s: disabled because of invalid user", __func__);
++		free(doid);
++		return (0);
++	}
++
+ 	if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
+ 		if (ctxt != NULL)
+ 			ssh_gssapi_delete_ctx(&ctxt);
+diff --git a/auth2-hostbased.c b/auth2-hostbased.c
+index 60159a56..35939329 100644
+--- a/auth2-hostbased.c
++++ b/auth2-hostbased.c
+@@ -67,10 +67,6 @@ userauth_hostbased(struct ssh *ssh)
+ 	size_t alen, blen, slen;
+ 	int r, pktype, authenticated = 0;
+ 
+-	if (!authctxt->valid) {
+-		debug2("%s: disabled because of invalid user", __func__);
+-		return 0;
+-	}
+ 	/* XXX use sshkey_froms() */
+ 	if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 ||
+ 	    (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 ||
+@@ -117,6 +113,11 @@ userauth_hostbased(struct ssh *ssh)
+ 		goto done;
+ 	}
+ 
++	if (!authctxt->valid || authctxt->user == NULL) {
++		debug2("%s: disabled because of invalid user", __func__);
++		goto done;
++	}
++
+ 	if ((b = sshbuf_new()) == NULL)
+ 		fatal("%s: sshbuf_new failed", __func__);
+ 	/* reconstruct packet */
+diff --git a/auth2-pubkey.c b/auth2-pubkey.c
+index c4d0f790..e1c15040 100644
+--- a/auth2-pubkey.c
++++ b/auth2-pubkey.c
+@@ -89,19 +89,15 @@ userauth_pubkey(struct ssh *ssh)
+ {
+ 	Authctxt *authctxt = ssh->authctxt;
+ 	struct passwd *pw = authctxt->pw;
+-	struct sshbuf *b;
++	struct sshbuf *b = NULL;
+ 	struct sshkey *key = NULL;
+-	char *pkalg, *userstyle = NULL, *key_s = NULL, *ca_s = NULL;
+-	u_char *pkblob, *sig, have_sig;
++	char *pkalg = NULL, *userstyle = NULL, *key_s = NULL, *ca_s = NULL;
++	u_char *pkblob = NULL, *sig = NULL, have_sig;
+ 	size_t blen, slen;
+ 	int r, pktype;
+ 	int authenticated = 0;
+ 	struct sshauthopt *authopts = NULL;
+ 
+-	if (!authctxt->valid) {
+-		debug2("%s: disabled because of invalid user", __func__);
+-		return 0;
+-	}
+ 	if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
+ 	    (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
+ 	    (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
+@@ -167,6 +163,11 @@ userauth_pubkey(struct ssh *ssh)
+ 				fatal("%s: sshbuf_put_string session id: %s",
+ 				    __func__, ssh_err(r));
+ 		}
++		if (!authctxt->valid || authctxt->user == NULL) {
++			debug2("%s: disabled because of invalid user",
++			    __func__);
++			goto done;
++		}
+ 		/* reconstruct packet */
+ 		xasprintf(&userstyle, "%s%s%s", authctxt->user,
+ 		    authctxt->style ? ":" : "",
+@@ -183,7 +184,6 @@ userauth_pubkey(struct ssh *ssh)
+ #ifdef DEBUG_PK
+ 		sshbuf_dump(b, stderr);
+ #endif
+-
+ 		/* test for correct signature */
+ 		authenticated = 0;
+ 		if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
+@@ -194,7 +194,6 @@ userauth_pubkey(struct ssh *ssh)
+ 			authenticated = 1;
+ 		}
+ 		sshbuf_free(b);
+-		free(sig);
+ 		auth2_record_key(authctxt, authenticated, key);
+ 	} else {
+ 		debug("%s: test pkalg %s pkblob %s%s%s",
+@@ -205,6 +204,11 @@ userauth_pubkey(struct ssh *ssh)
+ 		if ((r = sshpkt_get_end(ssh)) != 0)
+ 			fatal("%s: %s", __func__, ssh_err(r));
+ 
++		if (!authctxt->valid || authctxt->user == NULL) {
++			debug2("%s: disabled because of invalid user",
++			    __func__);
++			goto done;
++		}
+ 		/* XXX fake reply and always send PK_OK ? */
+ 		/*
+ 		 * XXX this allows testing whether a user is allowed
+@@ -238,6 +242,7 @@ done:
+ 	free(pkblob);
+ 	free(key_s);
+ 	free(ca_s);
++	free(sig);
+ 	return authenticated;
+ }
+ 
+-- 
+2.18.0

gnu/packages/ssh.scm

@@ -153,6 +153,7 @@ a server that supports the SSH-2 protocol.")
              (method url-fetch)
              (uri (string-append "mirror://openbsd/OpenSSH/portable/"
                                  name "-" version ".tar.gz"))
+             (patches (search-patches "openssh-CVE-2018-15473.patch"))
              (sha256
               (base32
                "13vbbrvj3mmfhj83qyrg5c0ipr6bzw5s65dy4k8gr7p9hkkfffyp"))))