openssh: fix for CVE-2014-2532

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. (From OE-Core rev: a8d3b8979c27a8dc87971b66a1d9d9282f660596) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Chen Qi <Qi.Chen@windriver.com> 2014-05-13 15:46:26 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-05-13 19:32:06 +0100
commit: fbf63c30c89b39e0b021af6708c53a24f43fe786 (patch)
tree: 89a830980f220f02d526c3ba4e764513e469c685 /meta/recipes-connectivity/openssh/openssh
parent: 939fce4d98c3ee603742250dd39b9b9f4f20825b (diff)
download: poky-fbf63c30c89b39e0b021af6708c53a24f43fe786.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch
new file mode 100644
index 0000000000..3deaf3f0e9
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch
@@ -0,0 +1,22 @@
+Upstream-Status: Backport
+Fix for CVE-2014-2532
+Backported from openssh-6.6p1.tar.gz
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+--- a/session.c
+++ b/session.c
+@@ -955,6 +955,11 @@
+        u_int envsize;
+        u_int i, namelen;
+ 
+       if (strchr(name, '=') != NULL) {
+               error("Invalid environment variable \"%.100s\"", name);
+               return;
+       }
+
+        /*
+         * If we're passed an uninitialized list, allocate a single null
+         * entry before continuing.
author	Chen Qi <Qi.Chen@windriver.com>	2014-05-13 15:46:26 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-05-13 19:32:06 +0100
commit	fbf63c30c89b39e0b021af6708c53a24f43fe786 (patch)
tree	89a830980f220f02d526c3ba4e764513e469c685 /meta/recipes-connectivity/openssh/openssh
parent	939fce4d98c3ee603742250dd39b9b9f4f20825b (diff)
download	poky-fbf63c30c89b39e0b021af6708c53a24f43fe786.tar.gz

diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch new file mode 100644 index 0000000000..3deaf3f0e9 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch
@@ -0,0 +1,22 @@
	1	Upstream-Status: Backport
	2
	3	Fix for CVE-2014-2532
	4
	5	Backported from openssh-6.6p1.tar.gz
	6
	7	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
	8	---
	9	--- a/session.c
	10	+++ b/session.c
	11	@@ -955,6 +955,11 @@
	12	u_int envsize;
	13	u_int i, namelen;
	14
	15	+ if (strchr(name, '=') != NULL) {
	16	+ error("Invalid environment variable \"%.100s\"", name);
	17	+ return;
	18	+ }
	19	+
	20	/*
	21	* If we're passed an uninitialized list, allocate a single null
	22	* entry before continuing.