From 6f816105006f89c4192d636f5964bf8dd00b3b2a Mon Sep 17 00:00:00 2001
From: Matt Ruffalo <matt.ruffalo@gmail.com>
Date: Sun, 28 Dec 2014 10:51:11 -0500
Subject: [PATCH] Add test coverage for CVE-2006-6301 and CVE-2007-5715

This code isn't vulnerable to the DoS attack described in in CVE-2007-5715,
but that's because the regex wasn't correctly patched.
---
 tests/test_cves.py | 45 ++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 42 insertions(+), 3 deletions(-)

diff --git a/tests/test_cves.py b/tests/test_cves.py
index 16f753f..c2c9a44 100644
--- a/tests/test_cves.py
+++ b/tests/test_cves.py
@@ -4,6 +4,16 @@
 
 from DenyHosts.regex import FAILED_ENTRY_REGEX_MAP, SSHD_FORMAT_REGEX
 
+# From https://bugs.gentoo.org/show_bug.cgi?id=157163
+CVE_2006_6301_LINE = ' sshd[23964]: Invalid user foo from 123.123.123.123 from 127.0.0.1'
+CVE_2006_6301_USER = 'foo from 123.123.123.123'
+CVE_2006_6301_HOST = '127.0.0.1'
+
+# From https://bugzilla.redhat.com/show_bug.cgi?id=237449
+CVE_2007_5715_LINE = ' sshd[29961]: User root from 122.36.2.10 not allowed because not listed in AllowUsers'
+CVE_2007_5715_USER = 'root'
+CVE_2007_5715_HOST = '122.36.2.10'
+
 # From Helmut Grohne's disclosure of this CVE
 CVE_2013_6890_LINES = [
     ' sshd[123]: Invalid user Invalid user root from 123.123.123.123 from 21.21.21.21',
@@ -14,13 +24,44 @@
 CVE_2013_6890_USER = 'Invalid user root from 123.123.123.123'
 CVE_2013_6890_HOST = '21.21.21.21'
 
+# TODO separate matching behavior into a common function
+# that's also used by the DenyHosts daemon class, instead of
+# doing it ourselves in every test case here
+
 class CVEsTestCase(unittest.TestCase):
     def test_cve_2006_6301(self):
-        pass
+        user = None
+        host = None
+        sshd_m = SSHD_FORMAT_REGEX.match(CVE_2006_6301_LINE)
+        if sshd_m:
+            message = sshd_m.group('message')
+
+            for rx in FAILED_ENTRY_REGEX_MAP.values():
+                m = rx.search(message)
+                if m:
+                    user = m.group('user')
+                    host = m.group('host')
+        self.assertEqual(user, CVE_2006_6301_USER)
+        self.assertEqual(host, CVE_2006_6301_HOST)
 
     def test_cve_2007_4323(self):
         pass
 
+    def test_cve_2007_5715(self):
+        user = None
+        host = None
+        sshd_m = SSHD_FORMAT_REGEX.match(CVE_2007_5715_LINE)
+        if sshd_m:
+            message = sshd_m.group('message')
+
+            for rx in FAILED_ENTRY_REGEX_MAP.values():
+                m = rx.search(message)
+                if m:
+                    user = m.group('user')
+                    host = m.group('host')
+        self.assertEqual(user, CVE_2007_5715_USER)
+        self.assertEqual(host, CVE_2007_5715_HOST)
+
     def test_cve_2013_6890(self):
         user = None
         host = None
@@ -28,8 +69,6 @@ def test_cve_2013_6890(self):
         # the first contains what we want. The second and third lines
         # don't match any of the 'failed entry' regexes.
         for line in CVE_2013_6890_LINES:
-            # TODO separate matching behavior into a common function
-            # that's also used by the DenyHosts daemon class
             sshd_m = SSHD_FORMAT_REGEX.match(line)
             if sshd_m:
                 message = sshd_m.group('message')