1 files changed, 37 insertions, 0 deletions

diff --git a/main/openssh/CVE-2015-6563.patch b/main/openssh/CVE-2015-6563.patch
new file mode 100644
index 0000000000..d3bdcac132
--- /dev/null
+++ b/main/openssh/CVE-2015-6563.patch
@@ -0,0 +1,37 @@
+From d4697fe9a28dab7255c60433e4dd23cf7fce8a8b Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm@mindrot.org>
+Date: Tue, 11 Aug 2015 13:33:24 +1000
+Subject: [PATCH] Don't resend username to PAM; it already has it.
+
+Pointed out by Moritz Jodeit; ok dtucker@
+---
+ monitor.c      | 2 --
+ monitor_wrap.c | 1 -
+ 2 files changed, 3 deletions(-)
+
+diff --git a/monitor.c b/monitor.c
+index b410965..f1b873d 100644
+--- a/monitor.c
++++ b/monitor.c
+@@ -1084,9 +1084,7 @@ extern KbdintDevice sshpam_device;
+ int
+ mm_answer_pam_init_ctx(int sock, Buffer *m)
+ {
+-
+ 	debug3("%s", __func__);
+-	authctxt->user = buffer_get_string(m, NULL);
+ 	sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
+ 	sshpam_authok = NULL;
+ 	buffer_clear(m);
+diff --git a/monitor_wrap.c b/monitor_wrap.c
+index e6217b3..eac421b 100644
+--- a/monitor_wrap.c
++++ b/monitor_wrap.c
+@@ -614,7 +614,6 @@ mm_sshpam_init_ctx(Authctxt *authctxt)
+ 
+ 	debug3("%s", __func__);
+ 	buffer_init(&m);
+-	buffer_put_cstring(&m, authctxt->user);
+ 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
+ 	debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
+ 	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);