diff options
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/CVE-2016-3115.patch')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/CVE-2016-3115.patch | 84 |
1 files changed, 0 insertions, 84 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2016-3115.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2016-3115.patch deleted file mode 100644 index 9a9ad776ce..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/CVE-2016-3115.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 4b4bfb01cd40b9ddb948e6026ddd287cc303d871 Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" <djm@openbsd.org> -Date: Thu, 10 Mar 2016 11:47:57 +0000 -Subject: [PATCH] upstream commit - -sanitise characters destined for xauth reported by - github.com/tintinweb feedback and ok deraadt and markus - -Upstream-ID: 18ad8d0d74cbd2ea3306a16595a306ee356aa261 - -Upstream-Status: Backport -CVE: CVE-2016-3115 -https://anongit.mindrot.org/openssh.git/commit/?id=4b4bfb01cd40b9ddb948e6026ddd287cc303d871 - -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - session.c | 34 +++++++++++++++++++++++++++++++--- - 1 file changed, 31 insertions(+), 3 deletions(-) - -Index: openssh-7.1p2/session.c -=================================================================== ---- openssh-7.1p2.orig/session.c -+++ openssh-7.1p2/session.c -@@ -46,6 +46,7 @@ - - #include <arpa/inet.h> - -+#include <ctype.h> - #include <errno.h> - #include <fcntl.h> - #include <grp.h> -@@ -273,6 +274,21 @@ do_authenticated(Authctxt *authctxt) - do_cleanup(authctxt); - } - -+/* Check untrusted xauth strings for metacharacters */ -+static int -+xauth_valid_string(const char *s) -+{ -+ size_t i; -+ -+ for (i = 0; s[i] != '\0'; i++) { -+ if (!isalnum((u_char)s[i]) && -+ s[i] != '.' && s[i] != ':' && s[i] != '/' && -+ s[i] != '-' && s[i] != '_') -+ return 0; -+ } -+ return 1; -+} -+ - /* - * Prepares for an interactive session. This is called after the user has - * been successfully authenticated. During this message exchange, pseudo -@@ -346,7 +362,13 @@ do_authenticated1(Authctxt *authctxt) - s->screen = 0; - } - packet_check_eom(); -- success = session_setup_x11fwd(s); -+ if (xauth_valid_string(s->auth_proto) && -+ xauth_valid_string(s->auth_data)) -+ success = session_setup_x11fwd(s); -+ else { -+ success = 0; -+ error("Invalid X11 forwarding data"); -+ } - if (!success) { - free(s->auth_proto); - free(s->auth_data); -@@ -2181,7 +2203,13 @@ session_x11_req(Session *s) - s->screen = packet_get_int(); - packet_check_eom(); - -- success = session_setup_x11fwd(s); -+ if (xauth_valid_string(s->auth_proto) && -+ xauth_valid_string(s->auth_data)) -+ success = session_setup_x11fwd(s); -+ else { -+ success = 0; -+ error("Invalid X11 forwarding data"); -+ } - if (!success) { - free(s->auth_proto); - free(s->auth_data); |