1 files changed, 73 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-06.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-06.patch
new file mode 100644
index 0000000000..ac494aab0b
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-06.patch
@@ -0,0 +1,73 @@
+From a5d845b7b42861d18f43e83de9f24c7374d1b458 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 18 Sep 2020 08:16:38 +0000
+Subject: [PATCH 06/12] upstream: handle multiple messages in a single read()
+PR#183 by Dennis Kaarsemaker; feedback and ok markus@
+OpenBSD-Commit-ID: 8570bb4d02d00cf70b98590716ea6a7d1cce68d1
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/52a03e9fca2d74eef953ddd4709250f365ca3975]
+CVE: CVE-2023-38408
+Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
+---
+ ssh-agent.c | 19 +++++++++++++------
+ 1 file changed, 13 insertions(+), 6 deletions(-)
+diff --git a/ssh-agent.c b/ssh-agent.c
+index 1794f35..78f7268 100644
+--- a/ssh-agent.c
+++ b/ssh-agent.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: ssh-agent.c,v 1.258 2020/05/26 01:26:58 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.264 2020/09/18 08:16:38 djm Exp $ */
+ /*
+  * Author: Tatu Ylonen <ylo@cs.hut.fi>
+  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+@@ -853,8 +853,10 @@ send:
+ }
+ #endif /* ENABLE_PKCS11 */
+-/* dispatch incoming messages */
+-
+/*
+ * dispatch incoming message.
+ * returns 1 on success, 0 for incomplete messages or -1 on error.
+ */
+ static int
+ process_message(u_int socknum)
+ {
+@@ -908,7 +910,7 @@ process_message(u_int socknum)
+                        /* send a fail message for all other request types */
+                        send_status(e, 0);
+                }
+-               return 0;
+               return 1;
+        }
+        switch (type) {
+@@ -952,7 +954,7 @@ process_message(u_int socknum)
+                send_status(e, 0);
+                break;
+        }
+-       return 0;
+       return 1;
+ }
+ static void
+@@ -1043,7 +1045,12 @@ handle_conn_read(u_int socknum)
+        if ((r = sshbuf_put(sockets[socknum].input, buf, len)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+        explicit_bzero(buf, sizeof(buf));
+-       process_message(socknum);
+       for (;;) {
+               if ((r = process_message(socknum)) == -1)
+                       return -1;
+               else if (r == 0)
+                       break;
+       }
+        return 0;
+ }
+--
+2.41.0

diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-06.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-06.patch new file mode 100644 index 0000000000..ac494aab0b --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-06.patch
@@ -0,0 +1,73 @@
	1	From a5d845b7b42861d18f43e83de9f24c7374d1b458 Mon Sep 17 00:00:00 2001
	2	From: "djm@openbsd.org" <djm@openbsd.org>
	3	Date: Fri, 18 Sep 2020 08:16:38 +0000
	4	Subject: [PATCH 06/12] upstream: handle multiple messages in a single read()
	5
	6	PR#183 by Dennis Kaarsemaker; feedback and ok markus@
	7
	8	OpenBSD-Commit-ID: 8570bb4d02d00cf70b98590716ea6a7d1cce68d1
	9
	10	Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/52a03e9fca2d74eef953ddd4709250f365ca3975]
	11	CVE: CVE-2023-38408
	12	Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
	13	---
	14	ssh-agent.c \| 19 +++++++++++++------
	15	1 file changed, 13 insertions(+), 6 deletions(-)
	16
	17	diff --git a/ssh-agent.c b/ssh-agent.c
	18	index 1794f35..78f7268 100644
	19	--- a/ssh-agent.c
	20	+++ b/ssh-agent.c
	21	@@ -1,4 +1,4 @@
	22	-/* $OpenBSD: ssh-agent.c,v 1.258 2020/05/26 01:26:58 djm Exp $ */
	23	+/* $OpenBSD: ssh-agent.c,v 1.264 2020/09/18 08:16:38 djm Exp $ */
	24	/*
	25	* Author: Tatu Ylonen <ylo@cs.hut.fi>
	26	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	27	@@ -853,8 +853,10 @@ send:
	28	}
	29	#endif /* ENABLE_PKCS11 */
	30
	31	-/* dispatch incoming messages */
	32	-
	33	+/*
	34	+ * dispatch incoming message.
	35	+ * returns 1 on success, 0 for incomplete messages or -1 on error.
	36	+ */
	37	static int
	38	process_message(u_int socknum)
	39	{
	40	@@ -908,7 +910,7 @@ process_message(u_int socknum)
	41	/* send a fail message for all other request types */
	42	send_status(e, 0);
	43	}
	44	- return 0;
	45	+ return 1;
	46	}
	47
	48	switch (type) {
	49	@@ -952,7 +954,7 @@ process_message(u_int socknum)
	50	send_status(e, 0);
	51	break;
	52	}
	53	- return 0;
	54	+ return 1;
	55	}
	56
	57	static void
	58	@@ -1043,7 +1045,12 @@ handle_conn_read(u_int socknum)
	59	if ((r = sshbuf_put(sockets[socknum].input, buf, len)) != 0)
	60	fatal("%s: buffer error: %s", __func__, ssh_err(r));
	61	explicit_bzero(buf, sizeof(buf));
	62	- process_message(socknum);
	63	+ for (;;) {
	64	+ if ((r = process_message(socknum)) == -1)
	65	+ return -1;
	66	+ else if (r == 0)
	67	+ break;
	68	+ }
	69	return 0;
	70	}
	71
	72	--
	73	2.41.0