summaryrefslogtreecommitdiff
path: root/backport-upstream-CVE-2023-25136-fix-double-free-caused.patch
diff options
context:
space:
mode:
Diffstat (limited to 'backport-upstream-CVE-2023-25136-fix-double-free-caused.patch')
-rw-r--r--backport-upstream-CVE-2023-25136-fix-double-free-caused.patch67
1 files changed, 67 insertions, 0 deletions
diff --git a/backport-upstream-CVE-2023-25136-fix-double-free-caused.patch b/backport-upstream-CVE-2023-25136-fix-double-free-caused.patch
new file mode 100644
index 0000000..ee6d98d
--- /dev/null
+++ b/backport-upstream-CVE-2023-25136-fix-double-free-caused.patch
@@ -0,0 +1,67 @@
+From 12da7823336434a403f25c7cc0c2c6aed0737a35 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Thu, 2 Feb 2023 12:10:05 +0000
+Subject: [PATCH] upstream: fix double-free caused by
+compat_kex_proposal();
+ bz3522
+
+by dtucker@, ok me
+
+OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80
+
+Reference:https://anongit.mindrot.org/openssh.git/patch/?id=12da7823336434a403f25c7cc0c2c6aed0737a35
+Conflict:NA
+---
+ compat.c | 17 ++++++++---------
+ 1 file changed, 8 insertions(+), 9 deletions(-)
+
+diff --git a/compat.c b/compat.c
+index 1d50349..4fbb6f0 100644
+--- a/compat.c
++++ b/compat.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: compat.c,v 1.120 2022/07/01 03:35:45 dtucker Exp $ */
++/* $OpenBSD: compat.c,v 1.121 2023/02/02 12:10:05 djm Exp $ */
+ /*
+ * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
+ *
+@@ -190,29 +190,28 @@ compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop)
+ char *
+ compat_kex_proposal(struct ssh *ssh, char *p)
+ {
+- char *cp = NULL;
+-
++ char *cp = NULL, *cp2 = NULL;
+
+ if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
+ return xstrdup(p);
+ debug2_f("original KEX proposal: %s", p);
+ if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0)
+ /* coverity[overwrite_var : FALSE] */
+- if ((p = match_filter_denylist(p,
++ if ((cp = match_filter_denylist(p,
+ "curve25519-sha256@libssh.org")) == NULL)
+ fatal("match_filter_denylist failed");
+ if ((ssh->compat & SSH_OLD_DHGEX) != 0) {
+- cp = p;
+ /* coverity[overwrite_var : FALSE] */
+- if ((p = match_filter_denylist(p,
++ if ((cp2 = match_filter_denylist(cp ? cp : p,
+ "diffie-hellman-group-exchange-sha256,"
+ "diffie-hellman-group-exchange-sha1")) == NULL)
+ fatal("match_filter_denylist failed");
+ free(cp);
++ cp = cp2;
+ }
+- debug2_f("compat KEX proposal: %s", p);
+- if (*p == '\0')
++ if (cp == NULL || *cp == '\0')
+ fatal("No supported key exchange algorithms found");
+- return p;
++ debug2_f("compat KEX proposal: %s", cp);
++ return cp;
+ }
+
+--
+2.23.0
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-30 09:14:03 +0000