openssh: fix for CVE-2014-2532
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. (From OE-Core rev: a8d3b8979c27a8dc87971b66a1d9d9282f660596) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
939fce4d98
commit
fbf63c30c8
|
@ -0,0 +1,22 @@
|
|||
Upstream-Status: Backport
|
||||
|
||||
Fix for CVE-2014-2532
|
||||
|
||||
Backported from openssh-6.6p1.tar.gz
|
||||
|
||||
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
||||
---
|
||||
--- a/session.c
|
||||
+++ b/session.c
|
||||
@@ -955,6 +955,11 @@
|
||||
u_int envsize;
|
||||
u_int i, namelen;
|
||||
|
||||
+ if (strchr(name, '=') != NULL) {
|
||||
+ error("Invalid environment variable \"%.100s\"", name);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
/*
|
||||
* If we're passed an uninitialized list, allocate a single null
|
||||
* entry before continuing.
|
|
@ -29,7 +29,8 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
|
|||
file://sshdgenkeys.service \
|
||||
file://volatiles.99_sshd \
|
||||
file://add-test-support-for-busybox.patch \
|
||||
file://run-ptest"
|
||||
file://run-ptest \
|
||||
file://openssh-CVE-2014-2532.patch"
|
||||
|
||||
PAM_SRC_URI = "file://sshd"
|
||||
|
||||
|
|
Loading…
Reference in New Issue