rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Make sure we audit properly from the new code

Browse Source
This commit is contained in:
Jakub Jelen 2017-10-19 16:06:27 +02:00
parent e0e7ed914b
commit cdc735a59b
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
openssh-7.6p1-audit.patch
View File

@ -1612,7 +1612,7 @@ diff -up openssh-7.6p1/packet.c.audit openssh-7.6p1/packet.c
/*
* Returns the IP-address of the remote host as a string. The returned
* string must not be freed.
@@ -566,18 +574,11 @@ ssh_packet_close_internal(struct ssh *ss
@@ -566,22 +574,19 @@ ssh_packet_close_internal(struct ssh *ss
{
struct session_state *state = ssh->state;
u_int mode;
@ -1630,14 +1630,24 @@ diff -up openssh-7.6p1/packet.c.audit openssh-7.6p1/packet.c
- }
- }
sshbuf_free(state->input);
+ state->input = NULL;
sshbuf_free(state->output);
+ state->output = NULL;
sshbuf_free(state->outgoing_packet);
@@ -615,8 +616,16 @@ ssh_packet_close_internal(struct ssh *ss
+ state->outgoing_packet = NULL;
sshbuf_free(state->incoming_packet);
+ state->incoming_packet = NULL;
for (mode = 0; mode < MODE_MAX; mode++) {
kex_free_newkeys(state->newkeys[mode]); /* current keys */
state->newkeys[mode] = NULL;
@@ -615,8 +616,18 @@ ssh_packet_close_internal(struct ssh *ss
}
cipher_free(state->send_context);
cipher_free(state->receive_context);
+ if (had_keys)
+ if (had_keys && state->server_side) {
+ /* Assuming this is called only from privsep child */
+ audit_session_key_free(MODE_MAX);
+ }
state->send_context = state->receive_context = NULL;
if (do_close) {
+ if (state->connection_in == state->connection_out) {