forked from rpms/openssh
ignore environment variables with embedded '=' or '\0' characters (#1077843)
CVE-2014-2532
This commit is contained in:
Petr Lautrbach
parent
d271e02296
commit
8f8619e1e6
37
openssh-6.4p1-ignore-bad-env-var.patch
Normal file
37
openssh-6.4p1-ignore-bad-env-var.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
diff -U0 openssh-6.4p1/ChangeLog.bad-env-var openssh-6.4p1/ChangeLog
|
||||||
|
--- openssh-6.4p1/ChangeLog.bad-env-var 2014-03-19 21:37:36.270509907 +0100
|
||||||
|
+++ openssh-6.4p1/ChangeLog 2014-03-19 21:37:36.276509878 +0100
|
||||||
|
@@ -0,0 +1,7 @@
|
||||||
|
+20140304
|
||||||
|
+ - OpenBSD CVS Sync
|
||||||
|
+ - djm@cvs.openbsd.org 2014/03/03 22:22:30
|
||||||
|
+ [session.c]
|
||||||
|
+ ignore enviornment variables with embedded '=' or '\0' characters;
|
||||||
|
+ spotted by Jann Horn; ok deraadt@
|
||||||
|
+
|
||||||
|
diff -up openssh-6.4p1/session.c.bad-env-var openssh-6.4p1/session.c
|
||||||
|
--- openssh-6.4p1/session.c.bad-env-var 2014-03-19 21:37:36.233510090 +0100
|
||||||
|
+++ openssh-6.4p1/session.c 2014-03-19 21:37:36.277509873 +0100
|
||||||
|
@@ -990,6 +990,11 @@ child_set_env(char ***envp, u_int *envsi
|
||||||
|
u_int envsize;
|
||||||
|
u_int i, namelen;
|
||||||
|
|
||||||
|
+ if (strchr(name, '=') != NULL) {
|
||||||
|
+ error("Invalid environment variable \"%.100s\"", name);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* If we're passed an uninitialized list, allocate a single null
|
||||||
|
* entry before continuing.
|
||||||
|
@@ -2255,8 +2260,8 @@ session_env_req(Session *s)
|
||||||
|
char *name, *val;
|
||||||
|
u_int name_len, val_len, i;
|
||||||
|
|
||||||
|
- name = packet_get_string(&name_len);
|
||||||
|
- val = packet_get_string(&val_len);
|
||||||
|
+ name = packet_get_cstring(&name_len);
|
||||||
|
+ val = packet_get_cstring(&val_len);
|
||||||
|
packet_check_eom();
|
||||||
|
|
||||||
|
/* Don't set too many environment variables */
|
||||||
@ -193,6 +193,8 @@ Patch907: openssh-6.4p1-CLOCK_BOOTTIME.patch
|
|||||||
# Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
|
# Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
|
||||||
# dialog by offering only certificate keys. (#1081338)
|
# dialog by offering only certificate keys. (#1081338)
|
||||||
Patch908: openssh-6.4p1-CVE-2014-2653.patch
|
Patch908: openssh-6.4p1-CVE-2014-2653.patch
|
||||||
|
# ignore environment variables with embedded '=' or '\0' characters (#1077843)
|
||||||
|
Patch909: openssh-6.4p1-ignore-bad-env-var.patch
|
||||||
|
|
||||||
|
|
||||||
License: BSD
|
License: BSD
|
||||||
@ -420,6 +422,7 @@ popd
|
|||||||
%patch906 -p1 -b .fromto-remote
|
%patch906 -p1 -b .fromto-remote
|
||||||
%patch907 -p1 -b .CLOCK_BOOTTIME
|
%patch907 -p1 -b .CLOCK_BOOTTIME
|
||||||
%patch908 -p1 -b .CVE-2014-2653
|
%patch908 -p1 -b .CVE-2014-2653
|
||||||
|
%patch909 -p1 -b .bad-env-var
|
||||||
|
|
||||||
%if 0
|
%if 0
|
||||||
# Nothing here yet
|
# Nothing here yet
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user