diff options
author | Armin Kuster <akuster@mvista.com> | 2016-01-15 16:59:49 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-01-17 11:32:21 +0000 |
commit | a42229df424552955c0ac62da1063461f97f5938 (patch) | |
tree | 808ac75edca8dbf9572e1548e35b37a69cc72af3 /meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch | |
parent | 20d6a4ce4e395251604d92111ce5ecacde5ce172 (diff) | |
download | openembedded-core-contrib-a42229df424552955c0ac62da1063461f97f5938.tar.gz |
openssh: CVE-2016-1907
This issue requires three commits:
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f
https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch new file mode 100644 index 0000000000..9fac69c3dd --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch @@ -0,0 +1,65 @@ +From f98a09cacff7baad8748c9aa217afd155a4d493f Mon Sep 17 00:00:00 2001 +From: "mmcc@openbsd.org" <mmcc@openbsd.org> +Date: Tue, 20 Oct 2015 03:36:35 +0000 +Subject: [PATCH] upstream commit + +Replace a function-local allocation with stack memory. + +ok djm@ + +Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e +Upstream-Status: Backport +CVE: CVE-2016-1907 + +[YOCTO #8935] + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + clientloop.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/clientloop.c b/clientloop.c +index 87ceb3d..1e05cba 100644 +--- a/clientloop.c ++++ b/clientloop.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */ ++/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */ + /* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland +@@ -311,11 +311,10 @@ client_x11_get_proto(const char *display, const char *xauth_path, + static char proto[512], data[512]; + FILE *f; + int got_data = 0, generated = 0, do_unlink = 0, i; +- char *xauthdir, *xauthfile; ++ char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = ""; + struct stat st; + u_int now, x11_timeout_real; + +- xauthdir = xauthfile = NULL; + *_proto = proto; + *_data = data; + proto[0] = data[0] = '\0'; +@@ -343,8 +342,6 @@ client_x11_get_proto(const char *display, const char *xauth_path, + display = xdisplay; + } + if (trusted == 0) { +- xauthdir = xmalloc(PATH_MAX); +- xauthfile = xmalloc(PATH_MAX); + mktemp_proto(xauthdir, PATH_MAX); + /* + * The authentication cookie should briefly outlive +@@ -407,8 +404,6 @@ client_x11_get_proto(const char *display, const char *xauth_path, + unlink(xauthfile); + rmdir(xauthdir); + } +- free(xauthdir); +- free(xauthfile); + + /* + * If we didn't get authentication data, just make up some +-- +1.9.1 + |