openssh: Security fix

CVE-2013-4548

2 files changed, 19 insertions, 1 deletions

diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 35586031ef55..7d2ae9c5bb4b 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
       export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s"
     '';
 
-  patches = [ ./locale_archive.patch ];
+  patches = [ ./locale_archive.patch ./gcmrekey.patch ];
 
   buildInputs = [ zlib openssl libedit pkgconfig pam ] ++
     (if withKerberos then [ kerberos ] else [])
diff --git a/pkgs/tools/networking/openssh/gcmrekey.patch b/pkgs/tools/networking/openssh/gcmrekey.patch
new file mode 100644
index 000000000000..ddb694af1ddb
--- /dev/null
+++ b/pkgs/tools/networking/openssh/gcmrekey.patch
@@ -0,0 +1,18 @@
+http://www.openssh.com/txt/gcmrekey.adv
+
+Index: monitor_wrap.c
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/monitor_wrap.c,v
+retrieving revision 1.76
+diff -u -p -u -r1.76 monitor_wrap.c
+--- a/monitor_wrap.c	17 May 2013 00:13:13 -0000	1.76
++++ b/monitor_wrap.c	6 Nov 2013 16:31:26 -0000
+@@ -469,7 +469,7 @@ mm_newkeys_from_blob(u_char *blob, int b
+ 	buffer_init(&b);
+ 	buffer_append(&b, blob, blen);
+ 
+-	newkey = xmalloc(sizeof(*newkey));
++	newkey = xcalloc(1, sizeof(*newkey));
+ 	enc = &newkey->enc;
+ 	mac = &newkey->mac;
+ 	comp = &newkey->comp;