diff options
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch new file mode 100644 index 0000000000..9fac69c3dd --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch | |||
@@ -0,0 +1,65 @@ | |||
1 | From f98a09cacff7baad8748c9aa217afd155a4d493f Mon Sep 17 00:00:00 2001 | ||
2 | From: "mmcc@openbsd.org" <mmcc@openbsd.org> | ||
3 | Date: Tue, 20 Oct 2015 03:36:35 +0000 | ||
4 | Subject: [PATCH] upstream commit | ||
5 | |||
6 | Replace a function-local allocation with stack memory. | ||
7 | |||
8 | ok djm@ | ||
9 | |||
10 | Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e | ||
11 | Upstream-Status: Backport | ||
12 | CVE: CVE-2016-1907 | ||
13 | |||
14 | [YOCTO #8935] | ||
15 | |||
16 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
17 | |||
18 | --- | ||
19 | clientloop.c | 9 ++------- | ||
20 | 1 file changed, 2 insertions(+), 7 deletions(-) | ||
21 | |||
22 | diff --git a/clientloop.c b/clientloop.c | ||
23 | index 87ceb3d..1e05cba 100644 | ||
24 | --- a/clientloop.c | ||
25 | +++ b/clientloop.c | ||
26 | @@ -1,4 +1,4 @@ | ||
27 | -/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */ | ||
28 | +/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */ | ||
29 | /* | ||
30 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||
31 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
32 | @@ -311,11 +311,10 @@ client_x11_get_proto(const char *display, const char *xauth_path, | ||
33 | static char proto[512], data[512]; | ||
34 | FILE *f; | ||
35 | int got_data = 0, generated = 0, do_unlink = 0, i; | ||
36 | - char *xauthdir, *xauthfile; | ||
37 | + char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = ""; | ||
38 | struct stat st; | ||
39 | u_int now, x11_timeout_real; | ||
40 | |||
41 | - xauthdir = xauthfile = NULL; | ||
42 | *_proto = proto; | ||
43 | *_data = data; | ||
44 | proto[0] = data[0] = '\0'; | ||
45 | @@ -343,8 +342,6 @@ client_x11_get_proto(const char *display, const char *xauth_path, | ||
46 | display = xdisplay; | ||
47 | } | ||
48 | if (trusted == 0) { | ||
49 | - xauthdir = xmalloc(PATH_MAX); | ||
50 | - xauthfile = xmalloc(PATH_MAX); | ||
51 | mktemp_proto(xauthdir, PATH_MAX); | ||
52 | /* | ||
53 | * The authentication cookie should briefly outlive | ||
54 | @@ -407,8 +404,6 @@ client_x11_get_proto(const char *display, const char *xauth_path, | ||
55 | unlink(xauthfile); | ||
56 | rmdir(xauthdir); | ||
57 | } | ||
58 | - free(xauthdir); | ||
59 | - free(xauthfile); | ||
60 | |||
61 | /* | ||
62 | * If we didn't get authentication data, just make up some | ||
63 | -- | ||
64 | 1.9.1 | ||
65 | |||