From 1341391c78be21dccbc694a94157afe948e948d7 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mon, 4 Mar 2019 16:33:28 +0100 Subject: [PATCH] Update cached passwd structure after PAM authentication --- openssh-7.1p2-audit-race-condition.patch | 4 ++-- openssh-7.6p1-audit.patch | 2 +- openssh-7.9p1-updated-cached-pw.patch | 23 +++++++++++++++++++++++ openssh.spec | 3 +++ 4 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 openssh-7.9p1-updated-cached-pw.patch diff --git a/openssh-7.1p2-audit-race-condition.patch b/openssh-7.1p2-audit-race-condition.patch index 9a0d917..c4536ff 100644 --- a/openssh-7.1p2-audit-race-condition.patch +++ b/openssh-7.1p2-audit-race-condition.patch @@ -172,8 +172,8 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c * Performs common processing for the child, such as setting up the * environment, closing extra file descriptors, setting the user and group @@ -1554,13 +1608,6 @@ do_child(Session *s, const char *command - struct passwd *pw = s->pw; - int r = 0; + pw = s->pw; + } - /* remove hostkey from the child's memory */ - destroy_sensitive_data(1); diff --git a/openssh-7.6p1-audit.patch b/openssh-7.6p1-audit.patch index 299d632..feb170f 100644 --- a/openssh-7.6p1-audit.patch +++ b/openssh-7.6p1-audit.patch @@ -1806,7 +1806,7 @@ diff -up openssh-7.6p1/session.c.audit openssh-7.6p1/session.c if (s->ttyfd != -1) ret = do_exec_pty(ssh, s, command); @@ -1499,8 +1511,11 @@ do_child(struct ssh *ssh, Session *s, co - int r = 0; + } /* remove hostkey from the child's memory */ - destroy_sensitive_data(); diff --git a/openssh-7.9p1-updated-cached-pw.patch b/openssh-7.9p1-updated-cached-pw.patch new file mode 100644 index 0000000..7f24ce4 --- /dev/null +++ b/openssh-7.9p1-updated-cached-pw.patch @@ -0,0 +1,23 @@ +diff -up openssh-7.4p1/session.c.update-pw openssh-7.4p1/session.c +--- openssh-7.4p1/session.c.update-pw 2019-03-04 14:10:57.287054645 +0100 ++++ openssh-7.4p1/session.c 2019-03-04 14:12:39.259997218 +0100 +@@ -1522,9 +1522,18 @@ do_child(Session *s, const char *command + char **env; + char *argv[ARGV_MAX]; + const char *shell, *shell0; +- struct passwd *pw = s->pw; ++ struct passwd *pw = NULL; + int r = 0; + ++ /* Update the users passwd structure after successful login */ ++ pw = getpwuid(s->pw->pw_uid); ++ if (pw != NULL) { ++ free(s->pw); ++ s->pw = pw; ++ } else { ++ pw = s->pw; ++ } ++ + /* remove hostkey from the child's memory */ + destroy_sensitive_data(); + packet_clear_keys(); diff --git a/openssh.spec b/openssh.spec index c86f95b..47cf65b 100644 --- a/openssh.spec +++ b/openssh.spec @@ -240,6 +240,8 @@ Patch958: openssh-7.9p1-ssh-copy-id.patch # log when a client requests an interactive session and only sftp is allowed # https://bugzilla.mindrot.org/show_bug.cgi?id=2960 Patch959: openssh-7.9p1-log-sftp-only-connections.patch +# Update cached passwd structure after PAM authentication (#1674541) +Patch960: openssh-7.9p1-updated-cached-pw.patch License: BSD Requires: /sbin/nologin @@ -461,6 +463,7 @@ popd %patch957 -p1 -b .CVE-2018-20685 %patch958 -p1 -b .ssh-copy-id %patch959 -p1 -b .log-sftp-only +%patch960 -p1 -b .update-pw %patch200 -p1 -b .audit %patch201 -p1 -b .audit-race