aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2016-01-15 16:59:49 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-01-17 11:32:21 +0000
commita42229df424552955c0ac62da1063461f97f5938 (patch)
tree808ac75edca8dbf9572e1548e35b37a69cc72af3 /meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch
parent20d6a4ce4e395251604d92111ce5ecacde5ce172 (diff)
downloadopenembedded-core-contrib-a42229df424552955c0ac62da1063461f97f5938.tar.gz
openembedded-core-contrib-a42229df424552955c0ac62da1063461f97f5938.tar.bz2
openembedded-core-contrib-a42229df424552955c0ac62da1063461f97f5938.zip
openssh: CVE-2016-1907
This issue requires three commits: https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch')
-rw-r--r--meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch65
1 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch
new file mode 100644
index 0000000000..9fac69c3dd
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch
@@ -0,0 +1,65 @@
+From f98a09cacff7baad8748c9aa217afd155a4d493f Mon Sep 17 00:00:00 2001
+From: "mmcc@openbsd.org" <mmcc@openbsd.org>
+Date: Tue, 20 Oct 2015 03:36:35 +0000
+Subject: [PATCH] upstream commit
+
+Replace a function-local allocation with stack memory.
+
+ok djm@
+
+Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e
+Upstream-Status: Backport
+CVE: CVE-2016-1907
+
+[YOCTO #8935]
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ clientloop.c | 9 ++-------
+ 1 file changed, 2 insertions(+), 7 deletions(-)
+
+diff --git a/clientloop.c b/clientloop.c
+index 87ceb3d..1e05cba 100644
+--- a/clientloop.c
++++ b/clientloop.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */
++/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */
+ /*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+@@ -311,11 +311,10 @@ client_x11_get_proto(const char *display, const char *xauth_path,
+ static char proto[512], data[512];
+ FILE *f;
+ int got_data = 0, generated = 0, do_unlink = 0, i;
+- char *xauthdir, *xauthfile;
++ char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = "";
+ struct stat st;
+ u_int now, x11_timeout_real;
+
+- xauthdir = xauthfile = NULL;
+ *_proto = proto;
+ *_data = data;
+ proto[0] = data[0] = '\0';
+@@ -343,8 +342,6 @@ client_x11_get_proto(const char *display, const char *xauth_path,
+ display = xdisplay;
+ }
+ if (trusted == 0) {
+- xauthdir = xmalloc(PATH_MAX);
+- xauthfile = xmalloc(PATH_MAX);
+ mktemp_proto(xauthdir, PATH_MAX);
+ /*
+ * The authentication cookie should briefly outlive
+@@ -407,8 +404,6 @@ client_x11_get_proto(const char *display, const char *xauth_path,
+ unlink(xauthfile);
+ rmdir(xauthdir);
+ }
+- free(xauthdir);
+- free(xauthfile);
+
+ /*
+ * If we didn't get authentication data, just make up some
+--
+1.9.1
+