microsoft · Kanishk-Bansal · Feb 28, 2025 · Mar 2, 2025
@@ -0,0 +1,140 @@
+From 041b89a18f81265899e42e6801f830c101a96120 Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal <[email protected]>
+Date: Sun, 2 Mar 2025 13:46:00 +0000
+Subject: [PATCH] CVE-2025-22869
+
+Upstream Reference : https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22
+
+ssh: limit the size of the internal packet queue while waiting for KEX
+
+In the SSH protocol, clients and servers execute the key exchange to
+generate one-time session keys used for encryption and authentication.
+The key exchange is performed initially after the connection is
+established and then periodically after a configurable amount of data.
+While a key exchange is in progress, we add the received packets to an
+internal queue until we receive SSH_MSG_KEXINIT from the other side.
+This can result in high memory usage if the other party is slow to
+respond to the SSH_MSG_KEXINIT packet, or memory exhaustion if a
+malicious client never responds to an SSH_MSG_KEXINIT packet during a
+large file transfer.
+We now limit the internal queue to 64 packets: this means 2MB with the
+typical 32KB packet size.
+When the internal queue is full we block further writes until the
+pending key exchange is completed or there is a read or write error.
+
+Thanks to Yuichi Watanabe for reporting this issue.
+
+Change-Id: I1ce2214cc16e08b838d4bc346c74c72addafaeec
+Reviewed-on: https://go-review.googlesource.com/c/crypto/+/652135
+Reviewed-by: Neal Patel <[email protected]>
+Auto-Submit: Gopher Robot <[email protected]>
+Reviewed-by: Roland Shoemaker <[email protected]>
+LUCI-TryBot-Result: Go LUCI <[email protected]>
+
+---
+ vendor/golang.org/x/crypto/ssh/handshake.go | 47 ++++++++++++++++-----
+ 1 file changed, 37 insertions(+), 10 deletions(-)
+
+diff --git a/vendor/golang.org/x/crypto/ssh/handshake.go b/vendor/golang.org/x/crypto/ssh/handshake.go
+index 70a7369..e14eb6c 100644
+--- a/vendor/golang.org/x/crypto/ssh/handshake.go
++++ b/vendor/golang.org/x/crypto/ssh/handshake.go
+@@ -24,6 +24,11 @@ const debugHandshake = false
+ // quickly.
+ const chanSize = 16
+
++// maxPendingPackets sets the maximum number of packets to queue while waiting
++// for KEX to complete. This limits the total pending data to maxPendingPackets
++// * maxPacket bytes, which is ~16.8MB.
++const maxPendingPackets = 64
++
+ // keyingTransport is a packet based transport that supports key
+ // changes. It need not be thread-safe. It should pass through
+ // msgNewKeys in both directions.
+@@ -58,11 +63,19 @@ type handshakeTransport struct {
+ 	incoming  chan []byte
+ 	readError error
+
+-	mu               sync.Mutex
+-	writeError       error
+-	sentInitPacket   []byte
+-	sentInitMsg      *kexInitMsg
+-	pendingPackets   [][]byte // Used when a key exchange is in progress.
++	mu sync.Mutex
++	// Condition for the above mutex. It is used to notify a completed key
++	// exchange or a write failure. Writes can wait for this condition while a
++	// key exchange is in progress.
++	writeCond      *sync.Cond
++	writeError     error
++	sentInitPacket []byte
++	sentInitMsg    *kexInitMsg
++	// Used to queue writes when a key exchange is in progress. The length is
++	// limited by pendingPacketsSize. Once full, writes will block until the key
++	// exchange is completed or an error occurs. If not empty, it is emptied
++	// all at once when the key exchange is completed in kexLoop.
++	pendingPackets   [][]byte
+ 	writePacketsLeft uint32
+ 	writeBytesLeft   int64
+
+@@ -114,6 +127,7 @@ func newHandshakeTransport(conn keyingTransport, config *Config, clientVersion,
+
+ 		config: config,
+ 	}
++	t.writeCond = sync.NewCond(&t.mu)
+ 	t.resetReadThresholds()
+ 	t.resetWriteThresholds()
+
+@@ -236,6 +250,7 @@ func (t *handshakeTransport) recordWriteError(err error) {
+ 	defer t.mu.Unlock()
+ 	if t.writeError == nil && err != nil {
+ 		t.writeError = err
++		t.writeCond.Broadcast()
+ 	}
+ }
+
+@@ -339,6 +354,8 @@ write:
+ 			}
+ 		}
+ 		t.pendingPackets = t.pendingPackets[:0]
++		// Unblock writePacket if waiting for KEX.
++		t.writeCond.Broadcast()
+ 		t.mu.Unlock()
+ 	}
+
+@@ -526,11 +543,20 @@ func (t *handshakeTransport) writePacket(p []byte) error {
+ 	}
+
+ 	if t.sentInitMsg != nil {
+-		// Copy the packet so the writer can reuse the buffer.
+-		cp := make([]byte, len(p))
+-		copy(cp, p)
+-		t.pendingPackets = append(t.pendingPackets, cp)
+-		return nil
++		if len(t.pendingPackets) < maxPendingPackets {
++			// Copy the packet so the writer can reuse the buffer.
++			cp := make([]byte, len(p))
++			copy(cp, p)
++			t.pendingPackets = append(t.pendingPackets, cp)
++			return nil
++		}
++		for t.sentInitMsg != nil {
++			// Block and wait for KEX to complete or an error.
++			t.writeCond.Wait()
++			if t.writeError != nil {
++				return t.writeError
++			}
++		}
+ 	}
+
+ 	if t.writeBytesLeft > 0 {
+@@ -547,6 +573,7 @@ func (t *handshakeTransport) writePacket(p []byte) error {
+
+ 	if err := t.pushPacket(p); err != nil {
+ 		t.writeError = err
++		t.writeCond.Broadcast()
+ 	}
+
+ 	return nil
+-- 
+2.45.2
+
@@ -0,0 +1,49 @@
+From 72e5dc031b9ecdc0ba2db04b715bb43b8eefcf59 Mon Sep 17 00:00:00 2001
+From: Kanishk-Bansal <[email protected]>
+Date: Fri, 28 Feb 2025 09:57:57 +0000
+Subject: [PATCH] CVE-2025-27144
+Upstream Reference : https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22
+---
+ vendor/github.com/go-jose/go-jose/v4/jwe.go | 5 +++--
+ vendor/github.com/go-jose/go-jose/v4/jws.go | 5 +++--
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/vendor/github.com/go-jose/go-jose/v4/jwe.go b/vendor/github.com/go-jose/go-jose/v4/jwe.go
+index 89f03ee3..9f1322dc 100644
+--- a/vendor/github.com/go-jose/go-jose/v4/jwe.go
++++ b/vendor/github.com/go-jose/go-jose/v4/jwe.go
+@@ -288,10 +288,11 @@ func ParseEncryptedCompact(
+ 	keyAlgorithms []KeyAlgorithm,
+ 	contentEncryption []ContentEncryption,
+ ) (*JSONWebEncryption, error) {
+-	parts := strings.Split(input, ".")
+-	if len(parts) != 5 {
++	// Five parts is four separators
++	if strings.Count(input, ".") != 4 {
+ 		return nil, fmt.Errorf("go-jose/go-jose: compact JWE format must have five parts")
+ 	}
++	parts := strings.SplitN(input, ".", 5)
+
+ 	rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
+ 	if err != nil {
+diff --git a/vendor/github.com/go-jose/go-jose/v4/jws.go b/vendor/github.com/go-jose/go-jose/v4/jws.go
+index 3a912301..d09d8ba5 100644
+--- a/vendor/github.com/go-jose/go-jose/v4/jws.go
++++ b/vendor/github.com/go-jose/go-jose/v4/jws.go
+@@ -327,10 +327,11 @@ func parseSignedCompact(
+ 	payload []byte,
+ 	signatureAlgorithms []SignatureAlgorithm,
+ ) (*JSONWebSignature, error) {
+-	parts := strings.Split(input, ".")
+-	if len(parts) != 3 {
++	// Three parts is two separators
++	if strings.Count(input, ".") != 2 {
+ 		return nil, fmt.Errorf("go-jose/go-jose: compact JWS format must have three parts")
+ 	}
++	parts := strings.SplitN(input, ".", 3)
+
+ 	if parts[1] != "" && payload != nil {
+ 		return nil, fmt.Errorf("go-jose/go-jose: payload is not detached")
+-- 
+2.45.2
+
@@ -1,7 +1,7 @@
 Summary:        GitHub official command line tool
 Name:           gh
 Version:        2.62.0
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -19,6 +19,8 @@ Patch2:         CVE-2024-45337.patch
 Patch3:         CVE-2024-45338.patch
 Patch5:         CVE-2024-53859.patch
 Patch6:         CVE-2025-25204.patch
+Patch7:         CVE-2025-27144.patch
+Patch8:         CVE-2025-22869.patch
 
 BuildRequires:  golang < 1.23
 BuildRequires:  git
@@ -61,6 +63,9 @@ make test
 %{_datadir}/zsh/site-functions/_gh
 
 %changelog
+* Fri Feb 28 2025 Kanishk Bansal <[email protected]> - 2.62.0-7
+- Fix CVE-2025-27144, CVE-2025-22869 with an upstream patch
+
 * Fri Feb 21 2025 Kshitiz Godara <[email protected]> - 2.62.0-6
 - Patch CVE-2025-25204