Fix X11 forwarding CVE according to upstream

2016-02-12 11:43:31 +01:00 · 2016-02-12 11:43:31 +01:00 · 7b15444065
commit 7b15444065
parent 4fdc3c59c4
1 changed files with 36 additions and 1 deletions
--- a/openssh-7.1p2-fallback-x11-untrusted.patch
+++ b/openssh-7.1p2-fallback-x11-untrusted.patch
@ -113,7 +113,7 @@ index f555451..c0386d5 100644
 -	} else if (!client_x11_display_valid(display)) {
 -		logit("DISPLAY '%s' invalid, falling back to fake xauth data",
 +	if (!client_x11_display_valid(display)) {
-+		debug("DISPLAY \"%s\" invalid; disabling X11 forwarding",
+		logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
 		    display);
 -	} else {
 -		if (display == NULL) {
@ -350,3 +350,38 @@ index 81704ab..096c5b5 100644
 		    "spoofing.");
 -- 
 2.5.0
+
+From 5658ef2501e785fbbdf5de2dc33b1ff7a4dca73a Mon Sep 17 00:00:00 2001
+From: "millert@openbsd.org" <millert@openbsd.org>
+Date: Mon, 1 Feb 2016 21:18:17 +0000
+Subject: upstream commit
+
+Avoid ugly "DISPLAY "(null)" invalid; disabling X11
+ forwarding" message when DISPLAY is not set.  This could also result in a
+ crash on systems with a printf that doesn't handle NULL.  OK djm@
+
+Upstream-ID: 20ee0cfbda678a247264c20ed75362042b90b412
+---
+ clientloop.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/clientloop.c b/clientloop.c
+index f8f9a3f..f0a08f2 100644
+--- a/clientloop.c
+++ b/clientloop.c
+@@ -318,8 +318,9 @@ client_x11_get_proto(const char *display, const char *xauth_path,
+ 	proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
+ 
+ 	if (!client_x11_display_valid(display)) {
+-		logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
+-		    display);
+		if (display != NULL)
+			logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
+			    display);
+ 		return -1;
+ 	}
+ 	if (xauth_path != NULL && stat(xauth_path, &st) == -1) {
+-- 
+cgit v0.11.2
+
+