aboutsummaryrefslogtreecommitdiffstats
path: root/main/openssh/CVE-2014-2532.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/openssh/CVE-2014-2532.patch')
-rw-r--r--main/openssh/CVE-2014-2532.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/main/openssh/CVE-2014-2532.patch b/main/openssh/CVE-2014-2532.patch
new file mode 100644
index 0000000000..49cccbd274
--- /dev/null
+++ b/main/openssh/CVE-2014-2532.patch
@@ -0,0 +1,30 @@
+Description: fix AcceptEnv wildcard environment restrictions bypass
+Origin: upstream, http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.270;r2=1.271
+
+Index: openssh-6.0p1/session.c
+===================================================================
+--- openssh-6.0p1.orig/session.c 2014-03-21 11:03:33.904069205 -0400
++++ openssh-6.0p1/session.c 2014-03-21 11:03:33.900069205 -0400
+@@ -963,6 +963,11 @@
+ *envsizep = 1;
+ }
+
++ if (strchr(name, '=') != NULL) {
++ error("Invalid environment variable \"%.100s\"", name);
++ return;
++ }
++
+ /*
+ * Find the slot where the value should be stored. If the variable
+ * already exists, we reuse the slot; otherwise we append a new slot
+@@ -2186,8 +2191,8 @@
+ char *name, *val;
+ u_int name_len, val_len, i;
+
+- name = packet_get_string(&name_len);
+- val = packet_get_string(&val_len);
++ name = packet_get_cstring(&name_len);
++ val = packet_get_cstring(&val_len);
+ packet_check_eom();
+
+ /* Don't set too many environment variables */
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-15 19:47:03 +0000