1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
From 892506b13654301f69f9545f48213fc210e5c5cc Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 19 Jul 2023 13:55:53 +0000
Subject: [PATCH 3/4] upstream: terminate process if requested to load a
PKCS#11 provider that isn't a PKCS#11 provider; from / ok markus@
OpenBSD-Commit-ID: 39532cf18b115881bb4cfaee32084497aadfa05c
Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc]
CVE: CVE-2023-38408
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
ssh-pkcs11.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index 5eb28e9..0aef379 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1541,10 +1541,8 @@ pkcs11_register_provider(char *provider_id, char *pin,
error("dlopen %s failed: %s", provider_id, dlerror());
goto fail;
}
- if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
- error("dlsym(C_GetFunctionList) failed: %s", dlerror());
- goto fail;
- }
+ if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
+ fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
p = xcalloc(1, sizeof(*p));
p->name = xstrdup(provider_id);
p->handle = handle;
--
2.40.0
|
