forked from rpms/openssh
Avoid remote code execution in ssh-agent PKCS#11 support
Resolves: CVE-2023-38408
This commit is contained in:
parent
c5140cafa3
commit
6fa799e1aa
17
openssh-9.3p1-upstream-cve-2023-38408.patch
Normal file
17
openssh-9.3p1-upstream-cve-2023-38408.patch
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
|
||||||
|
index 6be647ec..ebddf6c3 100644
|
||||||
|
--- a/ssh-pkcs11.c
|
||||||
|
+++ b/ssh-pkcs11.c
|
||||||
|
@@ -1537,10 +1537,8 @@ pkcs11_register_provider(char *provider_id, char *pin,
|
||||||
|
error("dlopen %s failed: %s", provider_module, dlerror());
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
- if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
|
||||||
|
- error("dlsym(C_GetFunctionList) failed: %s", dlerror());
|
||||||
|
- goto fail;
|
||||||
|
- }
|
||||||
|
+ if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
|
||||||
|
+ fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
|
||||||
|
|
||||||
|
p->module->handle = handle;
|
||||||
|
/* setup the pkcs11 callbacks */
|
Loading…
Reference in New Issue
Block a user