Fixed
Status Update
Comments
lu...@gmail.com <lu...@gmail.com> #2
lu...@gmail.com <lu...@gmail.com> #3
As requested from Maintainers: moving destination branch from "master" to "stable-3.6" as this is the oldest supported version with this bug
ap...@google.com <ap...@google.com> #4
Project: gerrit
Branch: stable-3.6
commit c81232ad71adc60275608b54b369b4346d950abe
Author: Paweł Kurek <kurek.zxc@gmail.com>
Date: Tue Jul 11 09:30:13 2023
Fix CreateAccessChange ignoring provided review message
Fix API endpoint 'CreateAccessChange' '/projects/*/access:review'
not hounouring 'message' field provided via 'ProjectAccessInput' object despite setting it.
Add condition to check if message is provided then use it instead of default 'Review access change'
Bug: Issue 290641654
Release-Notes: Fix bug in API '/projects/*/access:review' ignoring 'message' field
Change-Id: I807d9989e23c68a762966ba7b60d6644605c739f
M java/com/google/gerrit/server/restapi/project/CreateAccessChange.java
A javatests/com/google/gerrit/acceptance/api/project/AccessReviewIT.java
https://gerrit-review.googlesource.com/379003
Branch: stable-3.6
commit c81232ad71adc60275608b54b369b4346d950abe
Author: Paweł Kurek <kurek.zxc@gmail.com>
Date: Tue Jul 11 09:30:13 2023
Fix CreateAccessChange ignoring provided review message
Fix API endpoint 'CreateAccessChange' '/projects/*/access:review'
not hounouring 'message' field provided via 'ProjectAccessInput' object despite setting it.
Add condition to check if message is provided then use it instead of default 'Review access change'
Bug:
Release-Notes: Fix bug in API '/projects/*/access:review' ignoring 'message' field
Change-Id: I807d9989e23c68a762966ba7b60d6644605c739f
M java/com/google/gerrit/server/restapi/project/CreateAccessChange.java
A javatests/com/google/gerrit/acceptance/api/project/AccessReviewIT.java
ap...@google.com <ap...@google.com> #5
Project: gerrit
Branch: master
commit 4f3ff5abdb18ad34078d8dd2f0ad1d4e610957d1
Author: Luca Milanesio <luca.milanesio@gmail.com>
Date: Thu Mar 21 20:49:04 2024
Demonstrate SshKeyUtil fails to validate invalid SSH keys
The SshKeyUtil has always missed the validation of the SSH key algo
specified as a prefix of the Base-64 encoded key.
Whilst the behaviour has always been the same since 2008, it is
nonetheless buggy and should be validated for preventing the storage
of invalid keys.
TODO: Mark the SSH key validation test as disabled for allowing the
build to succeed. The test can be enabled back again once the validation
has been amended to verify the key algorithm.
Bug: Issue 330758152
Release-Notes: skip
Change-Id: I42b1c6474fa876828e5353e81e97b21b981665f9
M javatests/com/google/gerrit/sshd/BUILD
A javatests/com/google/gerrit/sshd/SshUtilTest.java
https://gerrit-review.googlesource.com/414350
Branch: master
commit 4f3ff5abdb18ad34078d8dd2f0ad1d4e610957d1
Author: Luca Milanesio <luca.milanesio@gmail.com>
Date: Thu Mar 21 20:49:04 2024
Demonstrate SshKeyUtil fails to validate invalid SSH keys
The SshKeyUtil has always missed the validation of the SSH key algo
specified as a prefix of the Base-64 encoded key.
Whilst the behaviour has always been the same since 2008, it is
nonetheless buggy and should be validated for preventing the storage
of invalid keys.
TODO: Mark the SSH key validation test as disabled for allowing the
build to succeed. The test can be enabled back again once the validation
has been amended to verify the key algorithm.
Bug:
Release-Notes: skip
Change-Id: I42b1c6474fa876828e5353e81e97b21b981665f9
M javatests/com/google/gerrit/sshd/BUILD
A javatests/com/google/gerrit/sshd/SshUtilTest.java
ap...@google.com <ap...@google.com> #6
Project: gerrit
Branch: stable-3.4
commit 78812bd5ed5c1b8f24a29c4a19cb25437aa45384
Author: Luca Milanesio <luca.milanesio@gmail.com>
Date: Thu Mar 21 20:49:04 2024
Demonstrate SshKeyUtil fails to validate invalid SSH keys
The SshKeyUtil has always missed the validation of the SSH key algo
specified as a prefix of the Base-64 encoded key.
Whilst the behaviour has always been the same since 2008, it is
nonetheless buggy and should be validated for preventing the storage
of invalid keys.
TODO: Mark the SSH key validation test as disabled for allowing the
build to succeed. The test can be enabled back again once the validation
has been amended to verify the key algorithm.
Bug: Issue 330758152
Release-Notes: skip
Change-Id: I42b1c6474fa876828e5353e81e97b21b981665f9
(cherry picked from commit 4f3ff5abdb18ad34078d8dd2f0ad1d4e610957d1)
M javatests/com/google/gerrit/sshd/BUILD
A javatests/com/google/gerrit/sshd/SshUtilTest.java
https://gerrit-review.googlesource.com/416277
Branch: stable-3.4
commit 78812bd5ed5c1b8f24a29c4a19cb25437aa45384
Author: Luca Milanesio <luca.milanesio@gmail.com>
Date: Thu Mar 21 20:49:04 2024
Demonstrate SshKeyUtil fails to validate invalid SSH keys
The SshKeyUtil has always missed the validation of the SSH key algo
specified as a prefix of the Base-64 encoded key.
Whilst the behaviour has always been the same since 2008, it is
nonetheless buggy and should be validated for preventing the storage
of invalid keys.
TODO: Mark the SSH key validation test as disabled for allowing the
build to succeed. The test can be enabled back again once the validation
has been amended to verify the key algorithm.
Bug:
Release-Notes: skip
Change-Id: I42b1c6474fa876828e5353e81e97b21b981665f9
(cherry picked from commit 4f3ff5abdb18ad34078d8dd2f0ad1d4e610957d1)
M javatests/com/google/gerrit/sshd/BUILD
A javatests/com/google/gerrit/sshd/SshUtilTest.java
ap...@google.com <ap...@google.com> #7
Project: gerrit
Branch: stable-3.4
commit 60276878a34403dca79d208881577d81467ce399
Author: Luca Milanesio <luca.milanesio@gmail.com>
Date: Thu Mar 21 22:05:36 2024
Fix detection of invalid SSH key algorithm
Verify that the OpenSSH key algorithm matches the one
associated with the public key. Throw a new specific
InvalidKeyAlgorithmException if the two algorithms do not match.
This is a breaking change because invalid OpenSSH keys
have been tolerated since the very beginning, when Shawn introduced
the SSH support in Change 6610.
Attempting to store new invalid SSH keys would fail and result
an HTTP status 400 error as response to the add keys REST-API.
Make SshKeyCacheImpl tolerant to existing keys stored
in the accounts' profile, otherwise Gerrit may start flagging
keys that have been previously stored as invalid, resulting
in random authentication failures by existing users.
Existing invalid keys are reported in the error_log with the
associated exceptions and automatically fixed, removing the
invalid key from the accounts profile and adjusting the key
algorithm with the one associated with the public key.
Bug: Issue 330758152
Release-Notes: Breaking change: validate and reject SSH keys with invalid or mismatched algorithm
Change-Id: I83c89a786f70aa3b88744a70f10012415f45f284
(cherry picked from commit 6eac4fe62a6a081c5c9395f8874bdc49615eea0d)
A java/com/google/gerrit/sshd/InvalidKeyAlgorithmException.java
M java/com/google/gerrit/sshd/SshKeyCacheImpl.java
M java/com/google/gerrit/sshd/SshUtil.java
M javatests/com/google/gerrit/sshd/SshUtilTest.java
https://gerrit-review.googlesource.com/416278
Branch: stable-3.4
commit 60276878a34403dca79d208881577d81467ce399
Author: Luca Milanesio <luca.milanesio@gmail.com>
Date: Thu Mar 21 22:05:36 2024
Fix detection of invalid SSH key algorithm
Verify that the OpenSSH key algorithm matches the one
associated with the public key. Throw a new specific
InvalidKeyAlgorithmException if the two algorithms do not match.
This is a breaking change because invalid OpenSSH keys
have been tolerated since the very beginning, when Shawn introduced
the SSH support in Change 6610.
Attempting to store new invalid SSH keys would fail and result
an HTTP status 400 error as response to the add keys REST-API.
Make SshKeyCacheImpl tolerant to existing keys stored
in the accounts' profile, otherwise Gerrit may start flagging
keys that have been previously stored as invalid, resulting
in random authentication failures by existing users.
Existing invalid keys are reported in the error_log with the
associated exceptions and automatically fixed, removing the
invalid key from the accounts profile and adjusting the key
algorithm with the one associated with the public key.
Bug:
Release-Notes: Breaking change: validate and reject SSH keys with invalid or mismatched algorithm
Change-Id: I83c89a786f70aa3b88744a70f10012415f45f284
(cherry picked from commit 6eac4fe62a6a081c5c9395f8874bdc49615eea0d)
A java/com/google/gerrit/sshd/InvalidKeyAlgorithmException.java
M java/com/google/gerrit/sshd/SshKeyCacheImpl.java
M java/com/google/gerrit/sshd/SshUtil.java
M javatests/com/google/gerrit/sshd/SshUtilTest.java
Description
*** !!!! THIS BUG TRACKER IS FOR GERRIT CODE REVIEW !!!! *** Do not submit bugs for chrome/android and issues with your company's *** Gerrit setup here. Those issues belong in different issue trackers.
What steps will reproduce the problem?
What is the expected output?
Gerrit rejects the key as invalid
What do you see instead?
Gerrit does not complain and the key is added with an invalid algorithm
Please provide any additional information below.
The issue is that Gerrit relies on Apache Mina SSHD for validating the key, but it does not check that the algorithm of the base-64 encoding matches the key type.
As a result, Gerrit creates keys with malformed key types without complaining.