diff options
| author | CoprDistGit <infra@openeuler.org> | 2024-07-03 02:42:38 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2024-07-03 02:42:38 +0000 |
| commit | 3c362eae690284f325824e38431881825e32ffdd (patch) | |
| tree | d2d0e11b92bf88d35c270559d268845d391a4703 /backport-upstream-Always-return-allocated-strings-from-the-ke.patch | |
| parent | 62f0a34c39a6846b6a86f2bbc7fb8c319bd46d94 (diff) | |
automatic import of openssh
Diffstat (limited to 'backport-upstream-Always-return-allocated-strings-from-the-ke.patch')
| -rw-r--r-- | backport-upstream-Always-return-allocated-strings-from-the-ke.patch | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/backport-upstream-Always-return-allocated-strings-from-the-ke.patch b/backport-upstream-Always-return-allocated-strings-from-the-ke.patch new file mode 100644 index 0000000..b7febc9 --- /dev/null +++ b/backport-upstream-Always-return-allocated-strings-from-the-ke.patch @@ -0,0 +1,88 @@ +From 486c4dc3b83b4b67d663fb0fa62bc24138ec3946 Mon Sep 17 00:00:00 2001 +From: "dtucker@openbsd.org" <dtucker@openbsd.org> +Date: Fri, 1 Jul 2022 03:35:45 +0000 +Subject: upstream: Always return allocated strings from the kex filtering so + +that we can free them later. Fix one leak in compat_kex_proposal. Based on +github PR#324 from ZoltanFridrich with some simplications by me. ok djm@ + +OpenBSD-Commit-ID: 9171616da3307612d0ede086fd511142f91246e4 + +Conflict:NA +Reference:https://anongit.mindrot.org/openssh.git/patch/?id=486c4dc3b83b4b67d663fb0fa62bc24138ec3946 +--- + compat.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/compat.c b/compat.c +index 9120bd2..1d50349 100644 +--- a/compat.c ++++ b/compat.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: compat.c,v 1.119 2021/09/10 05:46:09 djm Exp $ */ ++/* $OpenBSD: compat.c,v 1.120 2022/07/01 03:35:45 dtucker Exp $ */ + /* + * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. + * +@@ -156,11 +156,12 @@ compat_banner(struct ssh *ssh, const char *version) + debug_f("no match: %s", version); + } + ++/* Always returns pointer to allocated memory, caller must free. */ + char * + compat_cipher_proposal(struct ssh *ssh, char *cipher_prop) + { + if (!(ssh->compat & SSH_BUG_BIGENDIANAES)) +- return cipher_prop; ++ return xstrdup(cipher_prop); + debug2_f("original cipher proposal: %s", cipher_prop); + if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL) + fatal("match_filter_denylist failed"); +@@ -170,11 +171,12 @@ compat_cipher_proposal(struct ssh *ssh, char *cipher_prop) + return cipher_prop; + } + ++/* Always returns pointer to allocated memory, caller must free. */ + char * + compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop) + { + if (!(ssh->compat & SSH_BUG_RSASIGMD5)) +- return pkalg_prop; ++ return xstrdup(pkalg_prop); + debug2_f("original public key proposal: %s", pkalg_prop); + if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL) + fatal("match_filter_denylist failed"); +@@ -184,11 +186,15 @@ compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop) + return pkalg_prop; + } + ++/* Always returns pointer to allocated memory, caller must free. */ + char * + compat_kex_proposal(struct ssh *ssh, char *p) + { ++ char *cp = NULL; ++ ++ + if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) +- return p; ++ return xstrdup(p); + debug2_f("original KEX proposal: %s", p); + if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0) + /* coverity[overwrite_var : FALSE] */ +@@ -196,11 +202,13 @@ compat_kex_proposal(struct ssh *ssh, char *p) + "curve25519-sha256@libssh.org")) == NULL) + fatal("match_filter_denylist failed"); + if ((ssh->compat & SSH_OLD_DHGEX) != 0) { ++ cp = p; + /* coverity[overwrite_var : FALSE] */ + if ((p = match_filter_denylist(p, + "diffie-hellman-group-exchange-sha256," + "diffie-hellman-group-exchange-sha1")) == NULL) + fatal("match_filter_denylist failed"); ++ free(cp); + } + debug2_f("compat KEX proposal: %s", p); + if (*p == '\0') +-- +2.33.0 + |