microsoft · arc9693 · Aug 1, 2024 · Jul 30, 2024
@@ -0,0 +1,56 @@
+From 5770296d904e90f15f38f77dfc2e43fdf5efc083 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <roland@golang.org>
+Date: Tue, 9 Nov 2021 11:45:57 -0800
+Subject: [PATCH] ssh: don't assume packet plaintext size
+
+When reading GCM and ChaChaPoly1305 packets, don't make assumptions
+about the size of the enciphered plaintext. This fixes two panics
+caused by standards non-compliant malformed packets.
+
+Thanks to Rod Hynes, Psiphon Inc. for reporting this issue.
+
+Fixes golang/go#49932
+Fixes CVE-2021-43565
+
+Change-Id: I660cff39d197e0d04ec44d11d792b22d954df2ef
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1262659
+Reviewed-by: Katie Hockman <katiehockman@google.com>
+Reviewed-by: Julie Qiu <julieqiu@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/crypto/+/368814
+Trust: Roland Shoemaker <roland@golang.org>
+Trust: Katie Hockman <katie@golang.org>
+Run-TryBot: Roland Shoemaker <roland@golang.org>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Reviewed-by: Julie Qiu <julie@golang.org>
+Reviewed-by: Katie Hockman <katie@golang.org>
+---
+ ssh/cipher.go      |   8 ++++
+ ssh/cipher_test.go | 100 +++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 108 insertions(+)
+
+diff --git a/vendor/golang.org/x/crypto/ssh/cipher.go b/vendor/golang.org/x/crypto/ssh/cipher.go
+index bddbde5dbd..f8bdf4984c 100644
+--- a/vendor/golang.org/x/crypto/ssh/cipher.go
++++ b/vendor/golang.org/x/crypto/ssh/cipher.go
+@@ -394,6 +394,10 @@ func (c *gcmCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error)
+ 	}
+ 	c.incIV()
+
++	if len(plain) == 0 {
++		return nil, errors.New("ssh: empty packet")
++	}
++
+ 	padding := plain[0]
+ 	if padding < 4 {
+ 		// padding is a byte, so it automatically satisfies
+@@ -710,6 +714,10 @@ func (c *chacha20Poly1305Cipher) readCipherPacket(seqNum uint32, r io.Reader) ([
+ 	plain := c.buf[4:contentEnd]
+ 	s.XORKeyStream(plain, plain)
+
++	if len(plain) == 0 {
++		return nil, errors.New("ssh: empty packet")
++	}
++
+ 	padding := plain[0]
+ 	if padding < 4 {
+ 		// padding is a byte, so it automatically satisfies
@@ -26,7 +26,7 @@
 Summary:        Configuration files common to github.com/containers
 Name:           libcontainers-common
 Version:        20210626
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        ASL 2.0 AND GPLv3
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -50,6 +50,7 @@ Source10:       containers.conf
 Patch0:         CVE-2021-44716.patch
 #Note (mfrw): The patch for CVE-2024-37298 only applies to podman.
 Patch1:         CVE-2024-37298.patch
+Patch2:         CVE-2021-43565.patch
 BuildRequires:  go-go-md2man
 Requires(post): grep
 Requires(post): util-linux
@@ -70,7 +71,9 @@ github.com/containers libraries, such as Buildah, CRI-O, Podman and Skopeo.
 
 %setup -q -T -D -b 9 -n common-%{commonver}
 %patch 0 -p1
+
 # copy the LICENSE file in the build root
+%patch 2 -p1 -d ../podman-%{podmanver}
 cd ..
 cp %{SOURCE2} .
 
@@ -165,6 +168,9 @@ fi
 %license LICENSE
 
 %changelog
+* Mon Jul 29 2024 Archana Choudhary <archana1@microsoft.com> - 20210626-5
+- Patch CVE-2021-43565
+
 * Wed Jul 24 2024 Muhammad Falak <mwani@microsoft.com> - 20210526-4
 - Address CVE-2024-37298 by patching vendored github.com/gorilla/schema