summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChen Qi <Qi.Chen@windriver.com>2014-05-13 15:46:26 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-05-29 13:43:28 +0100
commitb6124bdbfba17cf15cc71fee7c5b9313dfa3c604 (patch)
tree46a9a5c7e4d89718fd05a5d4dde16362b79db799
parent989013222e936362173fbc7125554ef119bbf758 (diff)
downloadpoky-b6124bdbfba17cf15cc71fee7c5b9313dfa3c604.tar.gz
openssh: fix for CVE-2014-2532
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. (From OE-Core rev: a8d3b8979c27a8dc87971b66a1d9d9282f660596) (From OE-Core rev: e5786afbfa79e1288d1df2401684c4c151c60406) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-connectivity/openssh/openssh_6.5p1.bb
-rw-r--r--meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch22
-rw-r--r--meta/recipes-connectivity/openssh/openssh_6.5p1.bb3
2 files changed, 24 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch
new file mode 100644
index 0000000000..3deaf3f0e9
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch
@@ -0,0 +1,22 @@
1Upstream-Status: Backport
2
3Fix for CVE-2014-2532
4
5Backported from openssh-6.6p1.tar.gz
6
7Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
8---
9--- a/session.c
10+++ b/session.c
11@@ -955,6 +955,11 @@
12 u_int envsize;
13 u_int i, namelen;
14
15+ if (strchr(name, '=') != NULL) {
16+ error("Invalid environment variable \"%.100s\"", name);
17+ return;
18+ }
19+
20 /*
21 * If we're passed an uninitialized list, allocate a single null
22 * entry before continuing.
diff --git a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb
index d19cc5a6b2..5e6c03c4a5 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb
@@ -27,7 +27,8 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
27 file://sshd.socket \ 27 file://sshd.socket \
28 file://sshd@.service \ 28 file://sshd@.service \
29 file://sshdgenkeys.service \ 29 file://sshdgenkeys.service \
30 file://volatiles.99_sshd " 30 file://volatiles.99_sshd \
31 file://openssh-CVE-2014-2532.patch"
31 32
32PAM_SRC_URI = "file://sshd" 33PAM_SRC_URI = "file://sshd"
33 34