Commit b5a1df4a authored by Dag-Erling Smørgrav's avatar Dag-Erling Smørgrav
Browse files

Vendor import of OpenSSH 7.2p2.

parent ff4b04e0
commit 5c35450a0c901d9375fb23343a8dc82397da5f75
Author: Damien Miller <djm@mindrot.org>
Date: Thu Mar 10 05:04:48 2016 +1100
update versions for release
commit 9d47b8d3f50c3a6282896df8274147e3b9a38c56
Author: Damien Miller <djm@mindrot.org>
Date: Thu Mar 10 05:03:39 2016 +1100
sanitise characters destined for xauth(1)
reported by github.com/tintinweb
commit 72b061d4ba0f909501c595d709ea76e06b01e5c9
Author: Darren Tucker <dtucker@zip.com.au>
Date: Fri Feb 26 14:40:04 2016 +1100
......@@ -8889,19 +8903,3 @@ Author: Damien Miller <djm@mindrot.org>
Date: Thu Mar 13 13:14:21 2014 +1100
- (djm) Release OpenSSH 6.6
commit 8569eba5d7f7348ce3955eeeb399f66f25c52ece
Author: Damien Miller <djm@mindrot.org>
Date: Tue Mar 4 09:35:17 2014 +1100
- djm@cvs.openbsd.org 2014/03/03 22:22:30
[session.c]
ignore enviornment variables with embedded '=' or '\0' characters;
spotted by Jann Horn; ok deraadt@
commit 2476c31b96e89aec7d4e73cb6fbfb9a4290de3a7
Author: Damien Miller <djm@mindrot.org>
Date: Sun Mar 2 04:01:00 2014 +1100
- (djm) [regress/Makefile] Disable dhgex regress test; it breaks when
no moduli file exists at the expected location.
See http://www.openssh.com/txt/release-7.2p1 for the release notes.
See http://www.openssh.com/txt/release-7.2p2 for the release notes.
Please read http://www.openssh.com/report.html for bug reporting
instructions and note that we do not use Github for bug reporting or
......
%define ver 7.2p1
%define ver 7.2p2
%define rel 1
# OpenSSH privilege separation requires a user & group ID
......
......@@ -13,7 +13,7 @@
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
Version: 7.2p1
Version: 7.2p2
URL: http://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz
......
......@@ -46,6 +46,7 @@
#include <arpa/inet.h>
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <grp.h>
......@@ -274,6 +275,21 @@ do_authenticated(Authctxt *authctxt)
do_cleanup(authctxt);
}
/* Check untrusted xauth strings for metacharacters */
static int
xauth_valid_string(const char *s)
{
size_t i;
for (i = 0; s[i] != '\0'; i++) {
if (!isalnum((u_char)s[i]) &&
s[i] != '.' && s[i] != ':' && s[i] != '/' &&
s[i] != '-' && s[i] != '_')
return 0;
}
return 1;
}
/*
* Prepares for an interactive session. This is called after the user has
* been successfully authenticated. During this message exchange, pseudo
......@@ -347,7 +363,13 @@ do_authenticated1(Authctxt *authctxt)
s->screen = 0;
}
packet_check_eom();
success = session_setup_x11fwd(s);
if (xauth_valid_string(s->auth_proto) &&
xauth_valid_string(s->auth_data))
success = session_setup_x11fwd(s);
else {
success = 0;
error("Invalid X11 forwarding data");
}
if (!success) {
free(s->auth_proto);
free(s->auth_data);
......@@ -2178,7 +2200,13 @@ session_x11_req(Session *s)
s->screen = packet_get_int();
packet_check_eom();
success = session_setup_x11fwd(s);
if (xauth_valid_string(s->auth_proto) &&
xauth_valid_string(s->auth_data))
success = session_setup_x11fwd(s);
else {
success = 0;
error("Invalid X11 forwarding data");
}
if (!success) {
free(s->auth_proto);
free(s->auth_data);
......
......@@ -2,5 +2,5 @@
#define SSH_VERSION "OpenSSH_7.2"
#define SSH_PORTABLE "p1"
#define SSH_PORTABLE "p2"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment