diff options
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch new file mode 100644 index 0000000000..9fac69c3dd --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch @@ -0,0 +1,65 @@ +From f98a09cacff7baad8748c9aa217afd155a4d493f Mon Sep 17 00:00:00 2001 +From: "mmcc@openbsd.org" <mmcc@openbsd.org> +Date: Tue, 20 Oct 2015 03:36:35 +0000 +Subject: [PATCH] upstream commit + +Replace a function-local allocation with stack memory. + +ok djm@ + +Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e +Upstream-Status: Backport +CVE: CVE-2016-1907 + +[YOCTO #8935] + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + clientloop.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/clientloop.c b/clientloop.c +index 87ceb3d..1e05cba 100644 +--- a/clientloop.c ++++ b/clientloop.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */ ++/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */ + /* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland +@@ -311,11 +311,10 @@ client_x11_get_proto(const char *display, const char *xauth_path, + static char proto[512], data[512]; + FILE *f; + int got_data = 0, generated = 0, do_unlink = 0, i; +- char *xauthdir, *xauthfile; ++ char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = ""; + struct stat st; + u_int now, x11_timeout_real; + +- xauthdir = xauthfile = NULL; + *_proto = proto; + *_data = data; + proto[0] = data[0] = '\0'; +@@ -343,8 +342,6 @@ client_x11_get_proto(const char *display, const char *xauth_path, + display = xdisplay; + } + if (trusted == 0) { +- xauthdir = xmalloc(PATH_MAX); +- xauthfile = xmalloc(PATH_MAX); + mktemp_proto(xauthdir, PATH_MAX); + /* + * The authentication cookie should briefly outlive +@@ -407,8 +404,6 @@ client_x11_get_proto(const char *display, const char *xauth_path, + unlink(xauthfile); + rmdir(xauthdir); + } +- free(xauthdir); +- free(xauthfile); + + /* + * If we didn't get authentication data, just make up some +-- +1.9.1 + |