diff options
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/CVE-2016-6210_p3.patch')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/CVE-2016-6210_p3.patch | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2016-6210_p3.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2016-6210_p3.patch new file mode 100644 index 0000000000..790ec808be --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2016-6210_p3.patch | |||
@@ -0,0 +1,62 @@ | |||
1 | From dbf788b4d9d9490a5fff08a7b09888272bb10fcc Mon Sep 17 00:00:00 2001 | ||
2 | From: Darren Tucker <dtucker@zip.com.au> | ||
3 | Date: Thu, 21 Jul 2016 14:17:31 +1000 | ||
4 | Subject: [PATCH] Search users for one with a valid salt. | ||
5 | |||
6 | If the root account is locked (eg password "!!" or "*LK*") keep looking | ||
7 | until we find a user with a valid salt to use for crypting passwords of | ||
8 | invalid users. ok djm@ | ||
9 | |||
10 | Upstream-Status: Backport | ||
11 | CVE: CVE-2016-6210 | ||
12 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
13 | |||
14 | --- | ||
15 | openbsd-compat/xcrypt.c | 24 +++++++++++++++--------- | ||
16 | 1 file changed, 15 insertions(+), 9 deletions(-) | ||
17 | |||
18 | diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c | ||
19 | index 8913bb8..cf6a9b9 100644 | ||
20 | --- a/openbsd-compat/xcrypt.c | ||
21 | +++ b/openbsd-compat/xcrypt.c | ||
22 | @@ -65,7 +65,9 @@ | ||
23 | |||
24 | /* | ||
25 | * Pick an appropriate password encryption type and salt for the running | ||
26 | - * system. | ||
27 | + * system by searching through accounts until we find one that has a valid | ||
28 | + * salt. Usually this will be root unless the root account is locked out. | ||
29 | + * If we don't find one we return a traditional DES-based salt. | ||
30 | */ | ||
31 | static const char * | ||
32 | pick_salt(void) | ||
33 | @@ -78,14 +80,18 @@ pick_salt(void) | ||
34 | if (salt[0] != '\0') | ||
35 | return salt; | ||
36 | strlcpy(salt, "xx", sizeof(salt)); | ||
37 | - if ((pw = getpwuid(0)) == NULL) | ||
38 | - return salt; | ||
39 | - passwd = shadow_pw(pw); | ||
40 | - if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL) | ||
41 | - return salt; /* no $, DES */ | ||
42 | - typelen = p - passwd + 1; | ||
43 | - strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); | ||
44 | - explicit_bzero(passwd, strlen(passwd)); | ||
45 | + setpwent(); | ||
46 | + while ((pw = getpwent()) != NULL) { | ||
47 | + passwd = shadow_pw(pw); | ||
48 | + if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) { | ||
49 | + typelen = p - passwd + 1; | ||
50 | + strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); | ||
51 | + explicit_bzero(passwd, strlen(passwd)); | ||
52 | + goto out; | ||
53 | + } | ||
54 | + } | ||
55 | + out: | ||
56 | + endpwent(); | ||
57 | return salt; | ||
58 | } | ||
59 | |||
60 | -- | ||
61 | 2.7.4 | ||
62 | |||