1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
CVE-2015-6563
Don't resend username to PAM; it already has it.
Pointed out by Moritz Jodeit; ok dtucker@
Upstream-Status: Backport
https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
Signed-off-by: Armin Kuster <akuster@mvista.com>
Index: openssh-6.7p1/monitor.c
===================================================================
--- openssh-6.7p1.orig/monitor.c
+++ openssh-6.7p1/monitor.c
@@ -1046,9 +1046,7 @@ extern KbdintDevice sshpam_device;
int
mm_answer_pam_init_ctx(int sock, Buffer *m)
{
-
debug3("%s", __func__);
- authctxt->user = buffer_get_string(m, NULL);
sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
sshpam_authok = NULL;
buffer_clear(m);
Index: openssh-6.7p1/monitor_wrap.c
===================================================================
--- openssh-6.7p1.orig/monitor_wrap.c
+++ openssh-6.7p1/monitor_wrap.c
@@ -826,7 +826,6 @@ mm_sshpam_init_ctx(Authctxt *authctxt)
debug3("%s", __func__);
buffer_init(&m);
- buffer_put_cstring(&m, authctxt->user);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);
|