diff options
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-06.patch')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-06.patch | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-06.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-06.patch new file mode 100644 index 0000000000..ac494aab0b --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-06.patch | |||
@@ -0,0 +1,73 @@ | |||
1 | From a5d845b7b42861d18f43e83de9f24c7374d1b458 Mon Sep 17 00:00:00 2001 | ||
2 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
3 | Date: Fri, 18 Sep 2020 08:16:38 +0000 | ||
4 | Subject: [PATCH 06/12] upstream: handle multiple messages in a single read() | ||
5 | |||
6 | PR#183 by Dennis Kaarsemaker; feedback and ok markus@ | ||
7 | |||
8 | OpenBSD-Commit-ID: 8570bb4d02d00cf70b98590716ea6a7d1cce68d1 | ||
9 | |||
10 | Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/52a03e9fca2d74eef953ddd4709250f365ca3975] | ||
11 | CVE: CVE-2023-38408 | ||
12 | Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com> | ||
13 | --- | ||
14 | ssh-agent.c | 19 +++++++++++++------ | ||
15 | 1 file changed, 13 insertions(+), 6 deletions(-) | ||
16 | |||
17 | diff --git a/ssh-agent.c b/ssh-agent.c | ||
18 | index 1794f35..78f7268 100644 | ||
19 | --- a/ssh-agent.c | ||
20 | +++ b/ssh-agent.c | ||
21 | @@ -1,4 +1,4 @@ | ||
22 | -/* $OpenBSD: ssh-agent.c,v 1.258 2020/05/26 01:26:58 djm Exp $ */ | ||
23 | +/* $OpenBSD: ssh-agent.c,v 1.264 2020/09/18 08:16:38 djm Exp $ */ | ||
24 | /* | ||
25 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||
26 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
27 | @@ -853,8 +853,10 @@ send: | ||
28 | } | ||
29 | #endif /* ENABLE_PKCS11 */ | ||
30 | |||
31 | -/* dispatch incoming messages */ | ||
32 | - | ||
33 | +/* | ||
34 | + * dispatch incoming message. | ||
35 | + * returns 1 on success, 0 for incomplete messages or -1 on error. | ||
36 | + */ | ||
37 | static int | ||
38 | process_message(u_int socknum) | ||
39 | { | ||
40 | @@ -908,7 +910,7 @@ process_message(u_int socknum) | ||
41 | /* send a fail message for all other request types */ | ||
42 | send_status(e, 0); | ||
43 | } | ||
44 | - return 0; | ||
45 | + return 1; | ||
46 | } | ||
47 | |||
48 | switch (type) { | ||
49 | @@ -952,7 +954,7 @@ process_message(u_int socknum) | ||
50 | send_status(e, 0); | ||
51 | break; | ||
52 | } | ||
53 | - return 0; | ||
54 | + return 1; | ||
55 | } | ||
56 | |||
57 | static void | ||
58 | @@ -1043,7 +1045,12 @@ handle_conn_read(u_int socknum) | ||
59 | if ((r = sshbuf_put(sockets[socknum].input, buf, len)) != 0) | ||
60 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
61 | explicit_bzero(buf, sizeof(buf)); | ||
62 | - process_message(socknum); | ||
63 | + for (;;) { | ||
64 | + if ((r = process_message(socknum)) == -1) | ||
65 | + return -1; | ||
66 | + else if (r == 0) | ||
67 | + break; | ||
68 | + } | ||
69 | return 0; | ||
70 | } | ||
71 | |||
72 | -- | ||
73 | 2.41.0 | ||