jonathan/openssh
1
0
Fork 0
forked from rpms/openssh
Code Pull Requests Activity

Avoid killing all processes on system in case of race condition

Browse Source 
Resolves: RHEL-11548
This commit is contained in:
Dmitry Belyavskiy 2023-10-30 13:31:05 +01:00
parent 9c7572af98
commit ed9948fc28
3 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
openssh-6.7p1-coverity.patch
View File

@ -136,18 +136,6 @@ diff -up openssh-7.4p1/serverloop.c.coverity openssh-7.4p1/serverloop.c
if (tun != SSH_TUNID_ANY &&
auth_opts->force_tun_device != (int)tun)
goto done;
diff -up openssh-7.4p1/sftp.c.coverity openssh-7.4p1/sftp.c
--- openssh-7.4p1/sftp.c.coverity 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/sftp.c 2016-12-23 16:40:26.903788691 +0100
@@ -224,7 +224,7 @@ killchild(int signo)
{
if (sshpid > 1) {
kill(sshpid, SIGTERM);
- waitpid(sshpid, NULL, 0);
+ (void) waitpid(sshpid, NULL, 0);
}
_exit(1);
diff -up openssh-7.4p1/ssh-agent.c.coverity openssh-7.4p1/ssh-agent.c
--- openssh-7.4p1/ssh-agent.c.coverity 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/ssh-agent.c 2016-12-23 16:40:26.903788691 +0100

20
openssh-8.0p1-avoidkillall.patch Normal file
View File

@ -0,0 +1,20 @@
diff --git a/sftp.c b/sftp.c
index b66037f1..54538ff9 100644
--- a/sftp.c
+++ b/sftp.c
@@ -220,9 +220,12 @@ static const struct CMD cmds[] = {
static void
killchild(int signo)
{
- if (sshpid > 1) {
- kill(sshpid, SIGTERM);
- waitpid(sshpid, NULL, 0);
+ pid_t pid;
+
+ pid = sshpid;
+ if (pid > 1) {
+ kill(pid, SIGTERM);
+ (void)waitpid(pid, NULL, 0);
}
_exit(1);

5
openssh.spec
View File

@ -277,6 +277,8 @@ Patch985: openssh-8.7p1-minimize-sha1-use.patch
Patch986: openssh-9.1p1-sshbanner.patch
# Upstream 25e3bccbaa63d27b9d5e09c123f1eb28594d2bd6
Patch987: openssh-8.0p1-ipv6-process.patch
# Upstream 4332b4fe49360679647a8705bc08f4e81323f6b4
Patch988: openssh-8.0p1-avoidkillall.patch
# upsream commit
# b23fe83f06ee7e721033769cfa03ae840476d280
Patch1015: openssh-9.3p1-upstream-cve-2023-38408.patch
@ -515,6 +517,7 @@ popd
%patch985 -p1 -b .minimize-sha1-use
%patch986 -p1 -b .banner
%patch987 -p1 -b .sftp_ipv6
%patch988 -p1 -b .killall
%patch200 -p1 -b .audit
%patch201 -p1 -b .audit-race
@ -814,6 +817,8 @@ getent passwd sshd >/dev/null || \
Resolves: RHEL-1684
- Add comment to OpenSSH server config about FIPS-incompatible key
Resolves: RHEL-5221
- Avoid killing all processes on system in case of race condition
Resolves: RHEL-11548
* Thu Aug 24 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-19
- rebuilt