diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2016-10-11 20:07:52 +0200 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2016-10-11 20:08:30 +0200 |
commit | 6898810ba65a166192df3efe78808c799a5b8f49 (patch) | |
tree | 339e0f2dd37c2e1af986dcb0d1fe9e4e41a83384 /pkgs/tools/networking | |
parent | 9d1dfc9ed01bd07655f617514770959490dc1a7c (diff) | |
parent | 83a8cb1dc2343c00ddc26caea51cf7fa30ca1fd1 (diff) | |
download | nixlib-6898810ba65a166192df3efe78808c799a5b8f49.tar nixlib-6898810ba65a166192df3efe78808c799a5b8f49.tar.gz nixlib-6898810ba65a166192df3efe78808c799a5b8f49.tar.bz2 nixlib-6898810ba65a166192df3efe78808c799a5b8f49.tar.lz nixlib-6898810ba65a166192df3efe78808c799a5b8f49.tar.xz nixlib-6898810ba65a166192df3efe78808c799a5b8f49.tar.zst nixlib-6898810ba65a166192df3efe78808c799a5b8f49.zip |
Merge #19297: openssh: apply patch to fix vulnerability
NEWKEYS null pointer dereference.
Diffstat (limited to 'pkgs/tools/networking')
-rw-r--r-- | pkgs/tools/networking/openssh/RH-1380296-NEWKEYS-null-pointer-deref.patch | 37 | ||||
-rw-r--r-- | pkgs/tools/networking/openssh/default.nix | 1 |
2 files changed, 38 insertions, 0 deletions
diff --git a/pkgs/tools/networking/openssh/RH-1380296-NEWKEYS-null-pointer-deref.patch b/pkgs/tools/networking/openssh/RH-1380296-NEWKEYS-null-pointer-deref.patch new file mode 100644 index 000000000000..665eff864530 --- /dev/null +++ b/pkgs/tools/networking/openssh/RH-1380296-NEWKEYS-null-pointer-deref.patch @@ -0,0 +1,37 @@ +diff --git a/kex.c b/kex.c +index 50c7a0f..823668b 100644 +--- a/kex.c ++++ b/kex.c +@@ -419,6 +419,8 @@ kex_input_newkeys(int type, u_int32_t seq, void *ctxt) + ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error); + if ((r = sshpkt_get_end(ssh)) != 0) + return r; ++ if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0) ++ return r; + kex->done = 1; + sshbuf_reset(kex->peer); + /* sshbuf_reset(kex->my); */ +diff --git a/packet.c b/packet.c +index d6dad2d..f96566b 100644 +--- a/packet.c ++++ b/packet.c +@@ -38,7 +38,7 @@ + */ + + #include "includes.h" +- ++ + #include <sys/param.h> /* MIN roundup */ + #include <sys/types.h> + #include "openbsd-compat/sys-queue.h" +@@ -1907,9 +1907,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) + return r; + return SSH_ERR_PROTOCOL_ERROR; + } +- if (*typep == SSH2_MSG_NEWKEYS) +- r = ssh_set_newkeys(ssh, MODE_IN); +- else if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side) ++ if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side) + r = ssh_packet_enable_delayed_compress(ssh); + else + r = 0; diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 0c19822d37c9..fabcda902be3 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -44,6 +44,7 @@ stdenv.mkDerivation rec { patches = [ + ./RH-1380296-NEWKEYS-null-pointer-deref.patch ./locale_archive.patch ./fix-host-key-algorithms-plus.patch |