diff options
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch new file mode 100644 index 0000000000..f226f12edc --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch @@ -0,0 +1,36 @@ +From 892506b13654301f69f9545f48213fc210e5c5cc Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Wed, 19 Jul 2023 13:55:53 +0000 +Subject: [PATCH 3/4] upstream: terminate process if requested to load a + PKCS#11 provider that isn't a PKCS#11 provider; from / ok markus@ + +OpenBSD-Commit-ID: 39532cf18b115881bb4cfaee32084497aadfa05c + +Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc] + +CVE: CVE-2023-38408 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + ssh-pkcs11.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c +index 5eb28e9..0aef379 100644 +--- a/ssh-pkcs11.c ++++ b/ssh-pkcs11.c +@@ -1541,10 +1541,8 @@ pkcs11_register_provider(char *provider_id, char *pin, + error("dlopen %s failed: %s", provider_id, dlerror()); + goto fail; + } +- if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) { +- error("dlsym(C_GetFunctionList) failed: %s", dlerror()); +- goto fail; +- } ++ if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) ++ fatal("dlsym(C_GetFunctionList) failed: %s", dlerror()); + p = xcalloc(1, sizeof(*p)); + p->name = xstrdup(provider_id); + p->handle = handle; +-- +2.40.0 |