diff options
author | Bartłomiej Piotrowski <bpiotrowski@alpinelinux.org> | 2014-03-26 10:12:26 +0100 |
---|---|---|
committer | Bartłomiej Piotrowski <bpiotrowski@alpinelinux.org> | 2014-03-26 10:15:12 +0100 |
commit | 504d9cc36b7cce12fe32cd729d4211c5c4fc3303 (patch) | |
tree | 0b9b8888c20461bb76fe14eb1a735944a233ce02 /main/openssh/CVE-2014-2532.patch | |
parent | ec2da43c51111eaa09bcc37c381521c6f9dada48 (diff) | |
download | aports-504d9cc36b7cce12fe32cd729d4211c5c4fc3303.tar.bz2 aports-504d9cc36b7cce12fe32cd729d4211c5c4fc3303.tar.xz |
main/openssh: security fix for CVE-2014-2532
Diffstat (limited to 'main/openssh/CVE-2014-2532.patch')
-rw-r--r-- | main/openssh/CVE-2014-2532.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/main/openssh/CVE-2014-2532.patch b/main/openssh/CVE-2014-2532.patch new file mode 100644 index 000000000..49cccbd27 --- /dev/null +++ b/main/openssh/CVE-2014-2532.patch @@ -0,0 +1,30 @@ +Description: fix AcceptEnv wildcard environment restrictions bypass +Origin: upstream, http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.270;r2=1.271 + +Index: openssh-6.0p1/session.c +=================================================================== +--- openssh-6.0p1.orig/session.c 2014-03-21 11:03:33.904069205 -0400 ++++ openssh-6.0p1/session.c 2014-03-21 11:03:33.900069205 -0400 +@@ -963,6 +963,11 @@ + *envsizep = 1; + } + ++ if (strchr(name, '=') != NULL) { ++ error("Invalid environment variable \"%.100s\"", name); ++ return; ++ } ++ + /* + * Find the slot where the value should be stored. If the variable + * already exists, we reuse the slot; otherwise we append a new slot +@@ -2186,8 +2191,8 @@ + char *name, *val; + u_int name_len, val_len, i; + +- name = packet_get_string(&name_len); +- val = packet_get_string(&val_len); ++ name = packet_get_cstring(&name_len); ++ val = packet_get_cstring(&val_len); + packet_check_eom(); + + /* Don't set too many environment variables */ |