Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/012-acceptenv.patch
author pnyc <petr.nyc@oracle.com>
Thu, 14 Jan 2016 11:42:28 -0800
branchs11u3-sru4-backport
changeset 5277 33c800398785
parent 3946 b1e0e68de63b
permissions -rw-r--r--
build metadata for S11.3SRU4.5
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
3946
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     1
 
#
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     2
 
# This is to fix a security bug (CVE-2014-2532) when using environment passing
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     3
 
# with a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     4
 
# could be tricked into accepting any enviornment variable that contains the
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     5
 
# characters before the wildcard character.  The bug fix code came from
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     6
 
# OpenSSH.org.  When we upgrade OpenSSH to version 6.6 or later, we will remove
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     7
 
# this patch file.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     8
 
#
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     9
 
--- orig/session.c	Tue Mar 18 18:37:57 2014
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    10
 
+++ new/session.c	Tue Mar 18 18:41:17 2014
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    11
 
@@ -978,6 +978,11 @@
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    12
 
 	u_int envsize;
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    13
 
 	u_int i, namelen;
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    14
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    15
 
+	if (strchr(name, '=') != NULL) {
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    16
 
+	        error("Invalid environment variable \"%.100s\"", name);
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    17
 
+                return;
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    18
 
+	}
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    19
 
+
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    20
 
 	/*
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    21
 
 	 * If we're passed an uninitialized list, allocate a single null
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    22
 
 	 * entry before continuing.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    23
 
@@ -2225,8 +2230,8 @@
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    24
 
 	char *name, *val;
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    25
 
 	u_int name_len, val_len, i;
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    26
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    27
 
-	name = packet_get_string(&name_len);
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    28
 
-	val = packet_get_string(&val_len);
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    29
 
+	name = packet_get_cstring(&name_len);
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    30
 
+	val = packet_get_cstring(&val_len);
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    31
 
 	packet_check_eom();
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    32
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    33
 
 	/* Don't set too many environment variables */
upstream/oracle/userland-gate