path: root/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-06.patch

From a5d845b7b42861d18f43e83de9f24c7374d1b458 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 18 Sep 2020 08:16:38 +0000
Subject: [PATCH 06/12] upstream: handle multiple messages in a single read()

PR#183 by Dennis Kaarsemaker; feedback and ok markus@

OpenBSD-Commit-ID: 8570bb4d02d00cf70b98590716ea6a7d1cce68d1

Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/52a03e9fca2d74eef953ddd4709250f365ca3975]
CVE: CVE-2023-38408
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
---
 ssh-agent.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/ssh-agent.c b/ssh-agent.c
index 1794f35..78f7268 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.258 2020/05/26 01:26:58 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.264 2020/09/18 08:16:38 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -853,8 +853,10 @@ send:
 }
 #endif /* ENABLE_PKCS11 */

-/* dispatch incoming messages */
-
+/*
+ * dispatch incoming message.
+ * returns 1 on success, 0 for incomplete messages or -1 on error.
+ */
 static int
 process_message(u_int socknum)
 {
@@ -908,7 +910,7 @@ process_message(u_int socknum)
			/* send a fail message for all other request types */
			send_status(e, 0);
		}
-		return 0;
+		return 1;
	}

	switch (type) {
@@ -952,7 +954,7 @@ process_message(u_int socknum)
		send_status(e, 0);
		break;
	}
-	return 0;
+	return 1;
 }

 static void
@@ -1043,7 +1045,12 @@ handle_conn_read(u_int socknum)
	if ((r = sshbuf_put(sockets[socknum].input, buf, len)) != 0)
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
	explicit_bzero(buf, sizeof(buf));
-	process_message(socknum);
+	for (;;) {
+		if ((r = process_message(socknum)) == -1)
+			return -1;
+		else if (r == 0)
+			break;
+	}
	return 0;
 }

--
2.41.0