From 817071dc4d9455adfe1ecc3a9260bbcbdcdb9927 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 17 Jul 2014 14:26:49 +0200 Subject: [PATCH] standardise on NI_MAXHOST for gethostname() string lengths (#1051490) --- openssh-6.6.1p1-NI_MAXHOST.patch | 76 ++++++++++++++++++++++++++++++++ openssh.spec | 3 ++ 2 files changed, 79 insertions(+) create mode 100644 openssh-6.6.1p1-NI_MAXHOST.patch diff --git a/openssh-6.6.1p1-NI_MAXHOST.patch b/openssh-6.6.1p1-NI_MAXHOST.patch new file mode 100644 index 0000000..7eeee50 --- /dev/null +++ b/openssh-6.6.1p1-NI_MAXHOST.patch @@ -0,0 +1,76 @@ +diff --git a/ChangeLog b/ChangeLog +index 928999d..3887495 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,10 @@ ++20140703 ++ - OpenBSD CVS Sync ++ - djm@cvs.openbsd.org 2014/07/03 03:34:09 ++ [gss-serv.c session.c ssh-keygen.c] ++ standardise on NI_MAXHOST for gethostname() string lengths; about ++ 1/2 the cases were using it already. Fixes bz#2239 en passant ++ + 20140420 + - (djm) [bufaux.c compat.c compat.h sshconnect2.c sshd.c version.h] + OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519 +diff --git a/gss-serv.c b/gss-serv.c +index 14f540e..29916d3 100644 +--- a/gss-serv.c ++++ b/gss-serv.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: gss-serv.c,v 1.26 2014/02/26 20:28:44 djm Exp $ */ ++/* $OpenBSD: gss-serv.c,v 1.27 2014/07/03 03:34:09 djm Exp $ */ + + /* + * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. +@@ -102,14 +102,14 @@ static OM_uint32 + ssh_gssapi_acquire_cred(Gssctxt *ctx) + { + OM_uint32 status; +- char lname[MAXHOSTNAMELEN]; ++ char lname[NI_MAXHOST]; + gss_OID_set oidset; + + if (options.gss_strict_acceptor) { + gss_create_empty_oid_set(&status, &oidset); + gss_add_oid_set_member(&status, ctx->oid, &oidset); + +- if (gethostname(lname, MAXHOSTNAMELEN)) { ++ if (gethostname(lname, sizeof(lname))) { + gss_release_oid_set(&status, &oidset); + return (-1); + } +diff --git a/session.c b/session.c +index ba4589b..e4add93 100644 +--- a/session.c ++++ b/session.c +@@ -49,6 +49,7 @@ + #include + #include + #include ++#include + #ifdef HAVE_PATHS_H + #include + #endif +@@ -2669,7 +2670,7 @@ session_setup_x11fwd(Session *s) + { + struct stat st; + char display[512], auth_display[512]; +- char hostname[MAXHOSTNAMELEN]; ++ char hostname[NI_MAXHOST]; + u_int i; + + if (no_x11_forwarding_flag) { +diff --git a/ssh-keygen.c b/ssh-keygen.c +index 482dc1c..66198e6 100644 +--- a/ssh-keygen.c ++++ b/ssh-keygen.c +@@ -165,7 +165,7 @@ int rounds = 0; + /* argv0 */ + extern char *__progname; + +-char hostname[MAXHOSTNAMELEN]; ++char hostname[NI_MAXHOST]; + + /* moduli.c */ + int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); diff --git a/openssh.spec b/openssh.spec index d5f5284..699cc96 100644 --- a/openssh.spec +++ b/openssh.spec @@ -189,6 +189,8 @@ Patch908: openssh-6.6p1-CVE-2014-2653.patch # OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519 key exchange incorrectly # Disable the curve25519 KEX when speaking to OpenSSH 6.5 or 6.6 Patch909: openssh-5618210618256bbf5f4f71b2887ff186fd451736.patch +# standardise on NI_MAXHOST for gethostname() string lengths (#1051490) +Patch910: openssh-6.6.1p1-NI_MAXHOST.patch License: BSD Group: Applications/Internet @@ -392,6 +394,7 @@ popd %patch907 -p1 -b .CLOCK_BOOTTIME %patch908 -p1 -b .CVE-2014-2653 %patch909 -p1 -b .6.6.1 +%patch910 -p1 -b .NI_MAXHOST %patch200 -p1 -b .audit %patch700 -p1 -b .fips