Check IP opts length
Resolves: rhbz#1960015
This commit is contained in:
parent
09b309fe0e
commit
f79c122b0b
@ -1,7 +1,7 @@
|
|||||||
diff -up openssh/sshd.c.ip-opts openssh/sshd.c
|
diff -up openssh/sshd.c.ip-opts openssh/sshd.c
|
||||||
--- openssh/sshd.c.ip-opts 2016-07-25 13:58:48.998507834 +0200
|
--- openssh/sshd.c.ip-opts 2016-07-25 13:58:48.998507834 +0200
|
||||||
+++ openssh/sshd.c 2016-07-25 14:01:28.346469878 +0200
|
+++ openssh/sshd.c 2016-07-25 14:01:28.346469878 +0200
|
||||||
@@ -1507,12 +1507,29 @@ check_ip_options(struct ssh *ssh)
|
@@ -1507,12 +1507,32 @@ check_ip_options(struct ssh *ssh)
|
||||||
|
|
||||||
if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts,
|
if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts,
|
||||||
&option_size) >= 0 && option_size != 0) {
|
&option_size) >= 0 && option_size != 0) {
|
||||||
@ -21,11 +21,14 @@ diff -up openssh/sshd.c.ip-opts openssh/sshd.c
|
|||||||
+ case 130:
|
+ case 130:
|
||||||
+ case 133:
|
+ case 133:
|
||||||
+ case 134:
|
+ case 134:
|
||||||
|
+ if (i + 1 < option_size && opts[i + 1] >= 2) {
|
||||||
+ i += opts[i + 1];
|
+ i += opts[i + 1];
|
||||||
+ break;
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ /* FALLTHROUGH */
|
||||||
+ default:
|
+ default:
|
||||||
+ /* Fail, fatally, if we detect either loose or strict
|
+ /* Fail, fatally, if we detect either loose or strict
|
||||||
+ * source routing options. */
|
+ * or incorrect source routing options. */
|
||||||
+ text[0] = '\0';
|
+ text[0] = '\0';
|
||||||
+ for (i = 0; i < option_size; i++)
|
+ for (i = 0; i < option_size; i++)
|
||||||
+ snprintf(text + i*3, sizeof(text) - i*3,
|
+ snprintf(text + i*3, sizeof(text) - i*3,
|
||||||
|
@ -47,7 +47,7 @@
|
|||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%global openssh_ver 9.0p1
|
%global openssh_ver 9.0p1
|
||||||
%global openssh_rel 6
|
%global openssh_rel 7
|
||||||
%global pam_ssh_agent_ver 0.10.4
|
%global pam_ssh_agent_ver 0.10.4
|
||||||
%global pam_ssh_agent_rel 7
|
%global pam_ssh_agent_rel 7
|
||||||
|
|
||||||
@ -722,7 +722,10 @@ test -f %{sysconfig_anaconda} && \
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Oct 5 2022 Anthony Rabbito <hello@anthonyrabbito.com> - 9.0p1-6
|
* Fri Oct 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.0p1-7
|
||||||
|
- Check IP opts length (rhbz#1960015)
|
||||||
|
|
||||||
|
* Wed Oct 5 2022 Anthony Rabbito <hello@anthonyrabbito.com> - 9.0p1-6
|
||||||
- Add a socket unit to ssh-agent user unit (rhbz#2125576)
|
- Add a socket unit to ssh-agent user unit (rhbz#2125576)
|
||||||
|
|
||||||
* Thu Sep 29 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.0p1-5
|
* Thu Sep 29 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.0p1-5
|
||||||
|
Loading…
Reference in New Issue
Block a user