forked from rpms/openssh
		
	Update audit patch after rebase with more sanity checks
This commit is contained in:
		
							parent
							
								
									aa8fb3e1cc
								
							
						
					
					
						commit
						12cf3e4d35
					
				| @ -1717,7 +1717,7 @@ diff -up openssh-6.8p1/packet.c.audit openssh-6.8p1/packet.c | ||||
|  		if ((r = cipher_cleanup(cc)) != 0) | ||||
|  			return r; | ||||
|  		enc  = &state->newkeys[mode]->enc; | ||||
| @@ -2263,6 +2275,73 @@ ssh_packet_get_output(struct ssh *ssh)
 | ||||
| @@ -2263,6 +2275,75 @@ ssh_packet_get_output(struct ssh *ssh)
 | ||||
|  	return (void *)ssh->state->output; | ||||
|  } | ||||
|   | ||||
| @ -1774,9 +1774,11 @@ diff -up openssh-6.8p1/packet.c.audit openssh-6.8p1/packet.c | ||||
| +packet_destroy_all(int audit_it, int privsep)
 | ||||
| +{
 | ||||
| +	if (audit_it)
 | ||||
| +		audit_it = packet_state_has_keys (active_state->state) ||
 | ||||
| +			packet_state_has_keys (backup_state->state);
 | ||||
| +		audit_it = (active_state != NULL && packet_state_has_keys(active_state->state))
 | ||||
| +			|| (backup_state != NULL && packet_state_has_keys(backup_state->state));
 | ||||
| +	if (active_state != NULL)
 | ||||
| +		packet_destroy_state(active_state->state);
 | ||||
| +	if (backup_state != NULL)
 | ||||
| +		packet_destroy_state(backup_state->state);
 | ||||
| +	if (audit_it) {
 | ||||
| +#ifdef SSH_AUDIT_EVENTS
 | ||||
| @ -2162,14 +2164,16 @@ diff -up openssh-6.8p1/sshd.c.audit openssh-6.8p1/sshd.c | ||||
|  	if (pid == -1) { | ||||
|  		fatal("fork of unprivileged child failed"); | ||||
|  	} else if (pid != 0) { | ||||
| @@ -759,6 +811,10 @@ privsep_postauth(Authctxt *authctxt)
 | ||||
| @@ -759,6 +811,12 @@ privsep_postauth(Authctxt *authctxt)
 | ||||
|  	else if (pmonitor->m_pid != 0) { | ||||
|  		verbose("User child is on pid %ld", (long)pmonitor->m_pid); | ||||
|  		buffer_clear(&loginmsg); | ||||
| +		if (*pmonitor->m_pkex != NULL ){
 | ||||
| +			newkeys_destroy((*pmonitor->m_pkex)->newkeys[MODE_OUT]);
 | ||||
| +			newkeys_destroy((*pmonitor->m_pkex)->newkeys[MODE_IN]);
 | ||||
| +			audit_session_key_free_body(2, getpid(), getuid());
 | ||||
| +			packet_destroy_all(0, 0);
 | ||||
| +		}
 | ||||
|  		monitor_child_postauth(pmonitor); | ||||
|   | ||||
|  		/* NEVERREACHED */ | ||||
| @ -2224,7 +2228,7 @@ diff -up openssh-6.8p1/sshd.c.audit openssh-6.8p1/sshd.c | ||||
|   | ||||
|  	/* Destroy the private and public keys. No longer. */ | ||||
| -	destroy_sensitive_data();
 | ||||
| +	destroy_sensitive_data(0);
 | ||||
| +	destroy_sensitive_data(1);
 | ||||
|   | ||||
|  	if (use_privsep) | ||||
|  		mm_ssh1_session_id(session_id); | ||||
|  | ||||
| @ -439,8 +439,7 @@ popd | ||||
| %patch926 -p1 -b .sftp-force-mode | ||||
| %patch927 -p1 -b .bz1204646 | ||||
| 
 | ||||
| # audit patch needs more care | ||||
| #%patch200 -p1 -b .audit | ||||
| %patch200 -p1 -b .audit | ||||
| %patch700 -p1 -b .fips | ||||
| 
 | ||||
| %patch100 -p1 -b .coverity | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user