diff options
| author | CoprDistGit <infra@openeuler.org> | 2024-07-03 02:42:38 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2024-07-03 02:42:38 +0000 |
| commit | 3c362eae690284f325824e38431881825e32ffdd (patch) | |
| tree | d2d0e11b92bf88d35c270559d268845d391a4703 /backport-upstream-CVE-2023-25136-fix-double-free-caused.patch | |
| parent | 62f0a34c39a6846b6a86f2bbc7fb8c319bd46d94 (diff) | |
automatic import of openssh
Diffstat (limited to 'backport-upstream-CVE-2023-25136-fix-double-free-caused.patch')
| -rw-r--r-- | backport-upstream-CVE-2023-25136-fix-double-free-caused.patch | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/backport-upstream-CVE-2023-25136-fix-double-free-caused.patch b/backport-upstream-CVE-2023-25136-fix-double-free-caused.patch new file mode 100644 index 0000000..ee6d98d --- /dev/null +++ b/backport-upstream-CVE-2023-25136-fix-double-free-caused.patch @@ -0,0 +1,67 @@ +From 12da7823336434a403f25c7cc0c2c6aed0737a35 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Thu, 2 Feb 2023 12:10:05 +0000 +Subject: [PATCH] upstream: fix double-free caused by +compat_kex_proposal(); + bz3522 + +by dtucker@, ok me + +OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 + +Reference:https://anongit.mindrot.org/openssh.git/patch/?id=12da7823336434a403f25c7cc0c2c6aed0737a35 +Conflict:NA +--- + compat.c | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +diff --git a/compat.c b/compat.c +index 1d50349..4fbb6f0 100644 +--- a/compat.c ++++ b/compat.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: compat.c,v 1.120 2022/07/01 03:35:45 dtucker Exp $ */ ++/* $OpenBSD: compat.c,v 1.121 2023/02/02 12:10:05 djm Exp $ */ + /* + * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. + * +@@ -190,29 +190,28 @@ compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop) + char * + compat_kex_proposal(struct ssh *ssh, char *p) + { +- char *cp = NULL; +- ++ char *cp = NULL, *cp2 = NULL; + + if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) + return xstrdup(p); + debug2_f("original KEX proposal: %s", p); + if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0) + /* coverity[overwrite_var : FALSE] */ +- if ((p = match_filter_denylist(p, ++ if ((cp = match_filter_denylist(p, + "curve25519-sha256@libssh.org")) == NULL) + fatal("match_filter_denylist failed"); + if ((ssh->compat & SSH_OLD_DHGEX) != 0) { +- cp = p; + /* coverity[overwrite_var : FALSE] */ +- if ((p = match_filter_denylist(p, ++ if ((cp2 = match_filter_denylist(cp ? cp : p, + "diffie-hellman-group-exchange-sha256," + "diffie-hellman-group-exchange-sha1")) == NULL) + fatal("match_filter_denylist failed"); + free(cp); ++ cp = cp2; + } +- debug2_f("compat KEX proposal: %s", p); +- if (*p == '\0') ++ if (cp == NULL || *cp == '\0') + fatal("No supported key exchange algorithms found"); +- return p; ++ debug2_f("compat KEX proposal: %s", cp); ++ return cp; + } + +-- +2.23.0 + |