forked from rpms/openssh
Fix X11 forwarding CVE according to upstream
This commit is contained in:
parent
4fdc3c59c4
commit
7b15444065
@ -113,7 +113,7 @@ index f555451..c0386d5 100644
|
||||
- } else if (!client_x11_display_valid(display)) {
|
||||
- logit("DISPLAY '%s' invalid, falling back to fake xauth data",
|
||||
+ if (!client_x11_display_valid(display)) {
|
||||
+ debug("DISPLAY \"%s\" invalid; disabling X11 forwarding",
|
||||
+ logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
|
||||
display);
|
||||
- } else {
|
||||
- if (display == NULL) {
|
||||
@ -350,3 +350,38 @@ index 81704ab..096c5b5 100644
|
||||
"spoofing.");
|
||||
--
|
||||
2.5.0
|
||||
|
||||
From 5658ef2501e785fbbdf5de2dc33b1ff7a4dca73a Mon Sep 17 00:00:00 2001
|
||||
From: "millert@openbsd.org" <millert@openbsd.org>
|
||||
Date: Mon, 1 Feb 2016 21:18:17 +0000
|
||||
Subject: upstream commit
|
||||
|
||||
Avoid ugly "DISPLAY "(null)" invalid; disabling X11
|
||||
forwarding" message when DISPLAY is not set. This could also result in a
|
||||
crash on systems with a printf that doesn't handle NULL. OK djm@
|
||||
|
||||
Upstream-ID: 20ee0cfbda678a247264c20ed75362042b90b412
|
||||
---
|
||||
clientloop.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/clientloop.c b/clientloop.c
|
||||
index f8f9a3f..f0a08f2 100644
|
||||
--- a/clientloop.c
|
||||
+++ b/clientloop.c
|
||||
@@ -318,8 +318,9 @@ client_x11_get_proto(const char *display, const char *xauth_path,
|
||||
proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
|
||||
|
||||
if (!client_x11_display_valid(display)) {
|
||||
- logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
|
||||
- display);
|
||||
+ if (display != NULL)
|
||||
+ logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
|
||||
+ display);
|
||||
return -1;
|
||||
}
|
||||
if (xauth_path != NULL && stat(xauth_path, &st) == -1) {
|
||||
--
|
||||
cgit v0.11.2
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user