author | Tomas Kuthan <tomas.kuthan@oracle.com> |
Thu, 14 Jan 2016 01:39:32 -0800 | |
changeset 5270 | 00c5358f9f1d |
permissions | -rw-r--r-- |
5270
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
1 |
# |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
2 |
# This is to fix two vulnerabilities in experimental client roaming code. |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
3 |
# |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
4 |
# CVE numbers CVE-2016-0777 and CVE-2016-0778 have been reserved |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
5 |
# for these problems, but not officially issued yet. This fix came from |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
6 |
# OpenSSH upstream and will be included in future OpenSSH 7.1p2 release. |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
7 |
# The fix completely disables roaming on the client. |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
8 |
# |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
9 |
# When we upgrade OpenSSH to 7.1p2 or higher in the future, we will remove |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
10 |
# this patch. |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
11 |
# |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
12 |
diff -pur old/readconf.c new/readconf.c |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
13 |
--- old/readconf.c |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
14 |
+++ new/readconf.c |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
15 |
@@ -1716,7 +1716,7 @@ initialize_options(Options * options) |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
16 |
options->tun_remote = -1; |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
17 |
options->local_command = NULL; |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
18 |
options->permit_local_command = -1; |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
19 |
- options->use_roaming = -1; |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
20 |
+ options->use_roaming = 0; |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
21 |
options->visual_host_key = -1; |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
22 |
options->ip_qos_interactive = -1; |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
23 |
options->ip_qos_bulk = -1; |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
24 |
@@ -1908,8 +1908,7 @@ fill_default_options(Options * options) |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
25 |
options->tun_remote = SSH_TUNID_ANY; |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
26 |
if (options->permit_local_command == -1) |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
27 |
options->permit_local_command = 0; |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
28 |
- if (options->use_roaming == -1) |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
29 |
- options->use_roaming = 1; |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
30 |
+ options->use_roaming = 0; |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
31 |
if (options->visual_host_key == -1) |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
32 |
options->visual_host_key = 0; |
00c5358f9f1d
22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
33 |
if (options->ip_qos_interactive == -1) |