diff -Nru libgit2-1.5.0+ds/ci/test.sh libgit2-1.5.1+ds/ci/test.sh --- libgit2-1.5.0+ds/ci/test.sh 2022-07-14 00:06:59.000000000 +0000 +++ libgit2-1.5.1+ds/ci/test.sh 2023-01-20 22:11:52.000000000 +0000 @@ -144,6 +144,11 @@ echo "[localhost]:2222 $algorithm $key" >>"${HOME}/.ssh/known_hosts" done <"${SSHD_DIR}/id_rsa.pub" + # Append the github.com keys for the tests that don't override checks. + # We ask for ssh-rsa to test that the selection based off of known_hosts + # is working. + ssh-keyscan -t ssh-rsa github.com >>"${HOME}/.ssh/known_hosts" + # Get the fingerprint for localhost and remove the colons so we can # parse it as a hex number. Older versions have a different output # format. diff -Nru libgit2-1.5.0+ds/CMakeLists.txt libgit2-1.5.1+ds/CMakeLists.txt --- libgit2-1.5.0+ds/CMakeLists.txt 2022-07-14 00:06:59.000000000 +0000 +++ libgit2-1.5.1+ds/CMakeLists.txt 2023-01-20 22:11:52.000000000 +0000 @@ -6,7 +6,7 @@ cmake_minimum_required(VERSION 3.5.1) -project(libgit2 VERSION "1.5.0" LANGUAGES C) +project(libgit2 VERSION "1.5.1" LANGUAGES C) # Add find modules to the path set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${PROJECT_SOURCE_DIR}/cmake") diff -Nru libgit2-1.5.0+ds/debian/changelog libgit2-1.5.1+ds/debian/changelog --- libgit2-1.5.0+ds/debian/changelog 2022-11-04 11:25:02.000000000 +0000 +++ libgit2-1.5.1+ds/debian/changelog 2023-01-26 21:12:51.000000000 +0000 @@ -1,3 +1,21 @@ +libgit2 (1.5.1+ds-1ubuntu1) lunar; urgency=low + + * Merge from Debian unstable. Remaining changes: + - Use OpenSSL as the crypto backend + - Use cmake:native in d/tests/control + - Lower optimization level to O2 on ppc64el to fix a test failure + + -- Gianfranco Costamagna Thu, 26 Jan 2023 22:12:51 +0100 + +libgit2 (1.5.1+ds-1) unstable; urgency=high + + * Team upload. + * New upstream version 1.5.1+ds + - Fix CVE-2023-22742: No certificate checking for SSH remotes + * Bump Standards-Version to 4.6.2 + + -- Timo Röhling Sun, 22 Jan 2023 22:03:29 +0100 + libgit2 (1.5.0+ds-6ubuntu2) lunar; urgency=medium * Merge from Debian unstable. Remaining changes: diff -Nru libgit2-1.5.0+ds/debian/control libgit2-1.5.1+ds/debian/control --- libgit2-1.5.0+ds/debian/control 2022-11-04 11:25:02.000000000 +0000 +++ libgit2-1.5.1+ds/debian/control 2023-01-23 06:41:30.000000000 +0000 @@ -16,7 +16,7 @@ libpcre2-dev, libkrb5-dev, ca-certificates -Standards-Version: 4.6.1 +Standards-Version: 4.6.2 Homepage: https://libgit2.github.com/ Vcs-Git: https://salsa.debian.org/debian/libgit2.git Vcs-Browser: https://salsa.debian.org/debian/libgit2 diff -Nru libgit2-1.5.0+ds/debian/patches/disable-online-tests.patch libgit2-1.5.1+ds/debian/patches/disable-online-tests.patch --- libgit2-1.5.0+ds/debian/patches/disable-online-tests.patch 2022-08-31 13:24:33.000000000 +0000 +++ libgit2-1.5.1+ds/debian/patches/disable-online-tests.patch 2023-01-23 06:41:31.000000000 +0000 @@ -4,30 +4,23 @@ Skip tests that needs an active internet connection --- - tests/libgit2/CMakeLists.txt | 16 +++++++++------- - 1 file changed, 9 insertions(+), 7 deletions(-) + tests/libgit2/CMakeLists.txt | 2 ++ + 1 file changed, 2 insertions(+) diff --git a/tests/libgit2/CMakeLists.txt b/tests/libgit2/CMakeLists.txt -index 27f421a..213076f 100644 +index 280b9a8..e10456b 100644 --- a/tests/libgit2/CMakeLists.txt +++ b/tests/libgit2/CMakeLists.txt -@@ -66,10 +66,12 @@ endif() +@@ -66,6 +66,7 @@ endif() include(AddClarTest) add_clar_test(libgit2_tests offline -v -xonline) add_clar_test(libgit2_tests invasive -v -score::ftruncate -sfilter::stream::bigfile -sodb::largefiles -siterator::workdir::filesystem_gunk -srepo::init -srepo::init::at_filesystem_root) --add_clar_test(libgit2_tests online -v -sonline -xonline::customcert) --add_clar_test(libgit2_tests online_customcert -v -sonline::customcert) --add_clar_test(libgit2_tests gitdaemon -v -sonline::push) --add_clar_test(libgit2_tests ssh -v -sonline::push -sonline::clone::ssh_cert -sonline::clone::ssh_with_paths -sonline::clone::path_whitespace_ssh) --add_clar_test(libgit2_tests proxy -v -sonline::clone::proxy) --add_clar_test(libgit2_tests auth_clone -v -sonline::clone::cred) --add_clar_test(libgit2_tests auth_clone_and_push -v -sonline::clone::push -sonline::push) +if(NOT DISABLE_ONLINE_TESTS) -+ add_clar_test(libgit2_tests online -v -sonline -xonline::customcert) -+ add_clar_test(libgit2_tests online_customcert -v -sonline::customcert) -+ add_clar_test(libgit2_tests gitdaemon -v -sonline::push) -+ add_clar_test(libgit2_tests ssh -v -sonline::push -sonline::clone::ssh_cert -sonline::clone::ssh_with_paths -sonline::clone::path_whitespace_ssh) -+ add_clar_test(libgit2_tests proxy -v -sonline::clone::proxy) -+ add_clar_test(libgit2_tests auth_clone -v -sonline::clone::cred) -+ add_clar_test(libgit2_tests auth_clone_and_push -v -sonline::clone::push -sonline::push) + add_clar_test(libgit2_tests online -v -sonline -xonline::customcert -xonline::clone::ssh_auth_methods) + add_clar_test(libgit2_tests online_customcert -v -sonline::customcert) + add_clar_test(libgit2_tests gitdaemon -v -sonline::push) +@@ -73,3 +74,4 @@ add_clar_test(libgit2_tests ssh -v -sonline::push -sonline::clon + add_clar_test(libgit2_tests proxy -v -sonline::clone::proxy) + add_clar_test(libgit2_tests auth_clone -v -sonline::clone::cred) + add_clar_test(libgit2_tests auth_clone_and_push -v -sonline::clone::push -sonline::push) +endif() diff -Nru libgit2-1.5.0+ds/debian/patches/fix-unit-tests.patch libgit2-1.5.1+ds/debian/patches/fix-unit-tests.patch --- libgit2-1.5.0+ds/debian/patches/fix-unit-tests.patch 2022-08-31 13:24:33.000000000 +0000 +++ libgit2-1.5.1+ds/debian/patches/fix-unit-tests.patch 2023-01-23 06:41:31.000000000 +0000 @@ -8,7 +8,7 @@ 2 files changed, 7 insertions(+), 62 deletions(-) diff --git a/tests/libgit2/CMakeLists.txt b/tests/libgit2/CMakeLists.txt -index 213076f..9a56bd7 100644 +index e10456b..d85d5dd 100644 --- a/tests/libgit2/CMakeLists.txt +++ b/tests/libgit2/CMakeLists.txt @@ -65,7 +65,7 @@ endif() @@ -18,8 +18,8 @@ -add_clar_test(libgit2_tests invasive -v -score::ftruncate -sfilter::stream::bigfile -sodb::largefiles -siterator::workdir::filesystem_gunk -srepo::init -srepo::init::at_filesystem_root) +add_clar_test(libgit2_tests invasive -v -sfilter::stream::bigfile -sodb::largefiles -siterator::workdir::filesystem_gunk -srepo::init -srepo::init::at_filesystem_root) if(NOT DISABLE_ONLINE_TESTS) - add_clar_test(libgit2_tests online -v -sonline -xonline::customcert) - add_clar_test(libgit2_tests online_customcert -v -sonline::customcert) + add_clar_test(libgit2_tests online -v -sonline -xonline::customcert -xonline::clone::ssh_auth_methods) + add_clar_test(libgit2_tests online_customcert -v -sonline::customcert) diff --git a/tests/libgit2/network/url/parse.c b/tests/libgit2/network/url/parse.c index 8149ba5..729302e 100644 --- a/tests/libgit2/network/url/parse.c diff -Nru libgit2-1.5.0+ds/docs/changelog.md libgit2-1.5.1+ds/docs/changelog.md --- libgit2-1.5.0+ds/docs/changelog.md 2022-07-14 00:06:59.000000000 +0000 +++ libgit2-1.5.1+ds/docs/changelog.md 2023-01-20 22:11:52.000000000 +0000 @@ -1,3 +1,14 @@ +v1.5.1 +------ + +🔒 This is a security release to address CVE-2023-22742: when compiled using the optional, included libssh2 backend, libgit2 fails to verify SSH keys by default. + +When using an SSH remote with the optional, included libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2's `git_remote_callbacks` structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. + +The libgit2 security team would like to thank the Julia and Rust security teams for responsibly disclosing this vulnerability and assisting with fixing the vulnerability. + +All users of the v1.5 release line are recommended to upgrade. + v1.5 ---- diff -Nru libgit2-1.5.0+ds/include/git2/version.h libgit2-1.5.1+ds/include/git2/version.h --- libgit2-1.5.0+ds/include/git2/version.h 2022-07-14 00:06:59.000000000 +0000 +++ libgit2-1.5.1+ds/include/git2/version.h 2023-01-20 22:11:52.000000000 +0000 @@ -11,7 +11,7 @@ * The version string for libgit2. This string follows semantic * versioning (v2) guidelines. */ -#define LIBGIT2_VERSION "1.5.0" +#define LIBGIT2_VERSION "1.5.1" /** The major version number for this version of libgit2. */ #define LIBGIT2_VER_MAJOR 1 @@ -20,7 +20,7 @@ #define LIBGIT2_VER_MINOR 5 /** The revision ("teeny") version number for this version of libgit2. */ -#define LIBGIT2_VER_REVISION 0 +#define LIBGIT2_VER_REVISION 1 /** The Windows DLL patch number for this version of libgit2. */ #define LIBGIT2_VER_PATCH 0 diff -Nru libgit2-1.5.0+ds/package.json libgit2-1.5.1+ds/package.json --- libgit2-1.5.0+ds/package.json 2022-07-14 00:06:59.000000000 +0000 +++ libgit2-1.5.1+ds/package.json 2023-01-20 22:11:52.000000000 +0000 @@ -1,6 +1,6 @@ { "name": "libgit2", - "version": "1.5.0", + "version": "1.5.1", "repo": "https://github.com/libgit2/libgit2", "description": " A cross-platform, linkable library implementation of Git that you can use in your application.", "install": "mkdir build && cd build && cmake .. && cmake --build ." diff -Nru libgit2-1.5.0+ds/src/libgit2/transports/ssh.c libgit2-1.5.1+ds/src/libgit2/transports/ssh.c --- libgit2-1.5.0+ds/src/libgit2/transports/ssh.c 2022-07-14 00:06:59.000000000 +0000 +++ libgit2-1.5.1+ds/src/libgit2/transports/ssh.c 2023-01-20 22:11:52.000000000 +0000 @@ -421,15 +421,119 @@ return 0; } +#define KNOWN_HOSTS_FILE ".ssh/known_hosts" + +/* + * Load the known_hosts file. + * + * Returns success but leaves the output NULL if we couldn't find the file. + */ +static int load_known_hosts(LIBSSH2_KNOWNHOSTS **hosts, LIBSSH2_SESSION *session) +{ + git_str path = GIT_STR_INIT, home = GIT_STR_INIT; + LIBSSH2_KNOWNHOSTS *known_hosts = NULL; + int error; + + GIT_ASSERT_ARG(hosts); + + if ((error = git__getenv(&home, "HOME")) < 0) + return error; + + if ((error = git_str_joinpath(&path, git_str_cstr(&home), KNOWN_HOSTS_FILE)) < 0) + goto out; + + if ((known_hosts = libssh2_knownhost_init(session)) == NULL) { + ssh_error(session, "error initializing known hosts"); + error = -1; + goto out; + } + + /* + * Try to read the file and consider not finding it as not trusting the + * host rather than an error. + */ + error = libssh2_knownhost_readfile(known_hosts, git_str_cstr(&path), LIBSSH2_KNOWNHOST_FILE_OPENSSH); + if (error == LIBSSH2_ERROR_FILE) + error = 0; + if (error < 0) + ssh_error(session, "error reading known_hosts"); + +out: + *hosts = known_hosts; + + git_str_clear(&home); + git_str_clear(&path); + + return error; +} + +static const char *hostkey_type_to_string(int type) +{ + switch (type) { + case LIBSSH2_KNOWNHOST_KEY_SSHRSA: + return "ssh-rsa"; + case LIBSSH2_KNOWNHOST_KEY_SSHDSS: + return "ssh-dss"; +#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_256 + case LIBSSH2_KNOWNHOST_KEY_ECDSA_256: + return "ecdsa-sha2-nistp256"; + case LIBSSH2_KNOWNHOST_KEY_ECDSA_384: + return "ecdsa-sha2-nistp384"; + case LIBSSH2_KNOWNHOST_KEY_ECDSA_521: + return "ecdsa-sha2-nistp521"; +#endif +#ifdef LIBSSH2_KNOWNHOST_KEY_ED25519 + case LIBSSH2_KNOWNHOST_KEY_ED25519: + return "ssh-ed25519"; +#endif + } + + return NULL; +} + +/* + * We figure out what kind of key we want to ask the remote for by trying to + * look it up with a nonsense key and using that mismatch to figure out what key + * we do have stored for the host. + * + * Returns the string to pass to libssh2_session_method_pref or NULL if we were + * unable to find anything or an error happened. + */ +static const char *find_hostkey_preference(LIBSSH2_KNOWNHOSTS *known_hosts, const char *hostname, int port) +{ + struct libssh2_knownhost *host = NULL; + /* Specify no key type so we don't filter on that */ + int type = LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW; + const char key = '\0'; + int error; + + /* + * In case of mismatch, we can find the type of key from known_hosts in + * the returned host's information as it means that an entry was found + * but our nonsense key obviously didn't match. + */ + error = libssh2_knownhost_checkp(known_hosts, hostname, port, &key, 1, type, &host); + if (error == LIBSSH2_KNOWNHOST_CHECK_MISMATCH) + return hostkey_type_to_string(host->typemask & LIBSSH2_KNOWNHOST_KEY_MASK); + + return NULL; +} + static int _git_ssh_session_create( LIBSSH2_SESSION **session, + LIBSSH2_KNOWNHOSTS **hosts, + const char *hostname, + int port, git_stream *io) { int rc = 0; LIBSSH2_SESSION *s; + LIBSSH2_KNOWNHOSTS *known_hosts; git_socket_stream *socket = GIT_CONTAINER_OF(io, git_socket_stream, parent); + const char *keytype = NULL; GIT_ASSERT_ARG(session); + GIT_ASSERT_ARG(hosts); s = libssh2_session_init(); if (!s) { @@ -437,21 +541,225 @@ return -1; } + if ((rc = load_known_hosts(&known_hosts, s)) < 0) { + ssh_error(s, "error loading known_hosts"); + libssh2_session_free(s); + return -1; + } + + if ((keytype = find_hostkey_preference(known_hosts, hostname, port)) != NULL) { + do { + rc = libssh2_session_method_pref(s, LIBSSH2_METHOD_HOSTKEY, keytype); + } while (LIBSSH2_ERROR_EAGAIN == rc || LIBSSH2_ERROR_TIMEOUT == rc); + if (rc != LIBSSH2_ERROR_NONE) { + ssh_error(s, "failed to set hostkey preference"); + goto on_error; + } + } + + do { rc = libssh2_session_handshake(s, socket->s); } while (LIBSSH2_ERROR_EAGAIN == rc || LIBSSH2_ERROR_TIMEOUT == rc); if (rc != LIBSSH2_ERROR_NONE) { ssh_error(s, "failed to start SSH session"); - libssh2_session_free(s); - return -1; + goto on_error; } libssh2_session_set_blocking(s, 1); *session = s; + *hosts = known_hosts; return 0; + +on_error: + libssh2_knownhost_free(known_hosts); + libssh2_session_free(s); + return -1; +} + + +/* + * Returns the typemask argument to pass to libssh2_knownhost_check{,p} based on + * the type of key that libssh2_session_hostkey returns. + */ +static int fingerprint_type_mask(int keytype) +{ + int mask = LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW; + return mask; + + switch (keytype) { + case LIBSSH2_HOSTKEY_TYPE_RSA: + mask |= LIBSSH2_KNOWNHOST_KEY_SSHRSA; + break; + case LIBSSH2_HOSTKEY_TYPE_DSS: + mask |= LIBSSH2_KNOWNHOST_KEY_SSHDSS; + break; +#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256 + case LIBSSH2_HOSTKEY_TYPE_ECDSA_256: + mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_256; + break; + case LIBSSH2_HOSTKEY_TYPE_ECDSA_384: + mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_384; + break; + case LIBSSH2_HOSTKEY_TYPE_ECDSA_521: + mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_521; + break; +#endif +#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519 + case LIBSSH2_HOSTKEY_TYPE_ED25519: + mask |= LIBSSH2_KNOWNHOST_KEY_ED25519; + break; +#endif + } + + return mask; +} + +/* + * Check the host against the user's known_hosts file. + * + * Returns 1/0 for valid/''not-valid or <0 for an error + */ +static int check_against_known_hosts( + LIBSSH2_SESSION *session, + LIBSSH2_KNOWNHOSTS *known_hosts, + const char *hostname, + int port, + const char *key, + size_t key_len, + int key_type) +{ + int check, typemask, ret = 0; + struct libssh2_knownhost *host = NULL; + + if (known_hosts == NULL) + return 0; + + typemask = fingerprint_type_mask(key_type); + check = libssh2_knownhost_checkp(known_hosts, hostname, port, key, key_len, typemask, &host); + if (check == LIBSSH2_KNOWNHOST_CHECK_FAILURE) { + ssh_error(session, "error checking for known host"); + return -1; + } + + ret = check == LIBSSH2_KNOWNHOST_CHECK_MATCH ? 1 : 0; + + return ret; +} + +/* + * Perform the check for the session's certificate against known hosts if + * possible and then ask the user if they have a callback. + * + * Returns 1/0 for valid/not-valid or <0 for an error + */ +static int check_certificate( + LIBSSH2_SESSION *session, + LIBSSH2_KNOWNHOSTS *known_hosts, + git_transport_certificate_check_cb check_cb, + void *check_cb_payload, + const char *host, + int port) +{ + git_cert_hostkey cert = {{ 0 }}; + const char *key; + size_t cert_len; + int cert_type, cert_valid = 0, error = 0; + + if ((key = libssh2_session_hostkey(session, &cert_len, &cert_type)) == NULL) { + ssh_error(session, "failed to retrieve hostkey"); + return -1; + } + + if ((cert_valid = check_against_known_hosts(session, known_hosts, host, port, key, cert_len, cert_type)) < 0) + return -1; + + cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2; + if (key != NULL) { + cert.type |= GIT_CERT_SSH_RAW; + cert.hostkey = key; + cert.hostkey_len = cert_len; + switch (cert_type) { + case LIBSSH2_HOSTKEY_TYPE_RSA: + cert.raw_type = GIT_CERT_SSH_RAW_TYPE_RSA; + break; + case LIBSSH2_HOSTKEY_TYPE_DSS: + cert.raw_type = GIT_CERT_SSH_RAW_TYPE_DSS; + break; + +#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256 + case LIBSSH2_HOSTKEY_TYPE_ECDSA_256: + cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_256; + break; + case LIBSSH2_HOSTKEY_TYPE_ECDSA_384: + cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_384; + break; + case LIBSSH2_KNOWNHOST_KEY_ECDSA_521: + cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_521; + break; +#endif + +#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519 + case LIBSSH2_HOSTKEY_TYPE_ED25519: + cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ED25519; + break; +#endif + default: + cert.raw_type = GIT_CERT_SSH_RAW_TYPE_UNKNOWN; + } + } + +#ifdef LIBSSH2_HOSTKEY_HASH_SHA256 + key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA256); + if (key != NULL) { + cert.type |= GIT_CERT_SSH_SHA256; + memcpy(&cert.hash_sha256, key, 32); + } +#endif + + key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); + if (key != NULL) { + cert.type |= GIT_CERT_SSH_SHA1; + memcpy(&cert.hash_sha1, key, 20); + } + + key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5); + if (key != NULL) { + cert.type |= GIT_CERT_SSH_MD5; + memcpy(&cert.hash_md5, key, 16); + } + + if (cert.type == 0) { + git_error_set(GIT_ERROR_SSH, "unable to get the host key"); + return -1; + } + + git_error_clear(); + error = 0; + if (!cert_valid) { + git_error_set(GIT_ERROR_SSH, "invalid or unknown remote ssh hostkey"); + error = GIT_ECERTIFICATE; + } + + if (check_cb != NULL) { + git_cert_hostkey *cert_ptr = &cert; + git_error_state previous_error = {0}; + + git_error_state_capture(&previous_error, error); + error = check_cb((git_cert *) cert_ptr, cert_valid, host, check_cb_payload); + if (error == GIT_PASSTHROUGH) { + error = git_error_state_restore(&previous_error); + } else if (error < 0 && !git_error_last()) { + git_error_set(GIT_ERROR_NET, "user canceled hostkey check"); + } + + git_error_state_free(&previous_error); + } + + return error; } #define SSH_DEFAULT_PORT "22" @@ -462,11 +770,12 @@ const char *cmd, git_smart_subtransport_stream **stream) { - int auth_methods, error = 0; + int auth_methods, error = 0, port; ssh_stream *s; git_credential *cred = NULL; LIBSSH2_SESSION *session=NULL; LIBSSH2_CHANNEL *channel=NULL; + LIBSSH2_KNOWNHOSTS *known_hosts = NULL; t->current_stream = NULL; @@ -490,96 +799,20 @@ (error = git_stream_connect(s->io)) < 0) goto done; - if ((error = _git_ssh_session_create(&session, s->io)) < 0) - goto done; - - if (t->owner->connect_opts.callbacks.certificate_check != NULL) { - git_cert_hostkey cert = {{ 0 }}, *cert_ptr; - const char *key; - size_t cert_len; - int cert_type; - - cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2; - - key = libssh2_session_hostkey(session, &cert_len, &cert_type); - if (key != NULL) { - cert.type |= GIT_CERT_SSH_RAW; - cert.hostkey = key; - cert.hostkey_len = cert_len; - switch (cert_type) { - case LIBSSH2_HOSTKEY_TYPE_RSA: - cert.raw_type = GIT_CERT_SSH_RAW_TYPE_RSA; - break; - case LIBSSH2_HOSTKEY_TYPE_DSS: - cert.raw_type = GIT_CERT_SSH_RAW_TYPE_DSS; - break; + /* + * Try to parse the port as a number, if we can't then fall back to + * default. It would be nice if we could get the port that was resolved + * as part of the stream connection, but that's not something that's + * exposed. + */ + if (git__strntol32(&port, s->url.port, strlen(s->url.port), NULL, 10) < 0) + port = -1; -#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256 - case LIBSSH2_HOSTKEY_TYPE_ECDSA_256: - cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_256; - break; - case LIBSSH2_HOSTKEY_TYPE_ECDSA_384: - cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_384; - break; - case LIBSSH2_KNOWNHOST_KEY_ECDSA_521: - cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_521; - break; -#endif - -#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519 - case LIBSSH2_HOSTKEY_TYPE_ED25519: - cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ED25519; - break; -#endif - default: - cert.raw_type = GIT_CERT_SSH_RAW_TYPE_UNKNOWN; - } - } - -#ifdef LIBSSH2_HOSTKEY_HASH_SHA256 - key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA256); - if (key != NULL) { - cert.type |= GIT_CERT_SSH_SHA256; - memcpy(&cert.hash_sha256, key, 32); - } -#endif - - key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); - if (key != NULL) { - cert.type |= GIT_CERT_SSH_SHA1; - memcpy(&cert.hash_sha1, key, 20); - } - - key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5); - if (key != NULL) { - cert.type |= GIT_CERT_SSH_MD5; - memcpy(&cert.hash_md5, key, 16); - } - - if (cert.type == 0) { - git_error_set(GIT_ERROR_SSH, "unable to get the host key"); - error = -1; - goto done; - } - - /* We don't currently trust any hostkeys */ - git_error_clear(); - - cert_ptr = &cert; - - error = t->owner->connect_opts.callbacks.certificate_check( - (git_cert *)cert_ptr, - 0, - s->url.host, - t->owner->connect_opts.callbacks.payload); - - if (error < 0 && error != GIT_PASSTHROUGH) { - if (!git_error_last()) - git_error_set(GIT_ERROR_NET, "user cancelled hostkey check"); + if ((error = _git_ssh_session_create(&session, &known_hosts, s->url.host, port, s->io)) < 0) + goto done; - goto done; - } - } + if ((error = check_certificate(session, known_hosts, t->owner->connect_opts.callbacks.certificate_check, t->owner->connect_opts.callbacks.payload, s->url.host, port)) < 0) + goto done; /* we need the username to ask for auth methods */ if (!s->url.username) { @@ -651,6 +884,8 @@ if (error < 0) { ssh_stream_free(*stream); + if (known_hosts) + libssh2_knownhost_free(known_hosts); if (session) libssh2_session_free(session); } diff -Nru libgit2-1.5.0+ds/tests/libgit2/CMakeLists.txt libgit2-1.5.1+ds/tests/libgit2/CMakeLists.txt --- libgit2-1.5.0+ds/tests/libgit2/CMakeLists.txt 2022-07-14 00:06:59.000000000 +0000 +++ libgit2-1.5.1+ds/tests/libgit2/CMakeLists.txt 2023-01-20 22:11:52.000000000 +0000 @@ -66,10 +66,10 @@ include(AddClarTest) add_clar_test(libgit2_tests offline -v -xonline) add_clar_test(libgit2_tests invasive -v -score::ftruncate -sfilter::stream::bigfile -sodb::largefiles -siterator::workdir::filesystem_gunk -srepo::init -srepo::init::at_filesystem_root) -add_clar_test(libgit2_tests online -v -sonline -xonline::customcert) +add_clar_test(libgit2_tests online -v -sonline -xonline::customcert -xonline::clone::ssh_auth_methods) add_clar_test(libgit2_tests online_customcert -v -sonline::customcert) add_clar_test(libgit2_tests gitdaemon -v -sonline::push) -add_clar_test(libgit2_tests ssh -v -sonline::push -sonline::clone::ssh_cert -sonline::clone::ssh_with_paths -sonline::clone::path_whitespace_ssh) +add_clar_test(libgit2_tests ssh -v -sonline::push -sonline::clone::ssh_cert -sonline::clone::ssh_with_paths -sonline::clone::path_whitespace_ssh -sonline::clone::ssh_auth_methods) add_clar_test(libgit2_tests proxy -v -sonline::clone::proxy) add_clar_test(libgit2_tests auth_clone -v -sonline::clone::cred) add_clar_test(libgit2_tests auth_clone_and_push -v -sonline::clone::push -sonline::push)