diff options
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch new file mode 100644 index 0000000000..19cea410dc --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | CVE-2015-6563 | ||
2 | |||
3 | Don't resend username to PAM; it already has it. | ||
4 | Pointed out by Moritz Jodeit; ok dtucker@ | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b | ||
8 | |||
9 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
10 | |||
11 | Index: openssh-6.7p1/monitor.c | ||
12 | =================================================================== | ||
13 | --- openssh-6.7p1.orig/monitor.c | ||
14 | +++ openssh-6.7p1/monitor.c | ||
15 | @@ -1046,9 +1046,7 @@ extern KbdintDevice sshpam_device; | ||
16 | int | ||
17 | mm_answer_pam_init_ctx(int sock, Buffer *m) | ||
18 | { | ||
19 | - | ||
20 | debug3("%s", __func__); | ||
21 | - authctxt->user = buffer_get_string(m, NULL); | ||
22 | sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); | ||
23 | sshpam_authok = NULL; | ||
24 | buffer_clear(m); | ||
25 | Index: openssh-6.7p1/monitor_wrap.c | ||
26 | =================================================================== | ||
27 | --- openssh-6.7p1.orig/monitor_wrap.c | ||
28 | +++ openssh-6.7p1/monitor_wrap.c | ||
29 | @@ -826,7 +826,6 @@ mm_sshpam_init_ctx(Authctxt *authctxt) | ||
30 | |||
31 | debug3("%s", __func__); | ||
32 | buffer_init(&m); | ||
33 | - buffer_put_cstring(&m, authctxt->user); | ||
34 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); | ||
35 | debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); | ||
36 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m); | ||