author | saurabh.vyas@oracle.com |
Tue, 09 Jun 2015 22:31:26 -0700 | |
changeset 4459 | 5a11150c7d2e |
parent 1796 | a2310ec32635 |
permissions | -rw-r--r-- |
1796
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
1 |
# |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
2 |
# This is to fix a security bug (CVE-2014-2532) when using environment passing |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
3 |
# with a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
4 |
# could be tricked into accepting any enviornment variable that contains the |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
5 |
# characters before the wildcard character. The bug fix code came from |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
6 |
# OpenSSH.org. When we upgrade OpenSSH to version 6.6 or later, we will remove |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
7 |
# this patch file. |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
8 |
# |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
9 |
--- orig/session.c Tue Mar 18 18:37:57 2014 |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
10 |
+++ new/session.c Tue Mar 18 18:41:17 2014 |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
11 |
@@ -978,6 +978,11 @@ |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
12 |
u_int envsize; |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
13 |
u_int i, namelen; |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
14 |
|
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
15 |
+ if (strchr(name, '=') != NULL) { |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
16 |
+ error("Invalid environment variable \"%.100s\"", name); |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
17 |
+ return; |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
18 |
+ } |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
19 |
+ |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
20 |
/* |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
21 |
* If we're passed an uninitialized list, allocate a single null |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
22 |
* entry before continuing. |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
23 |
@@ -2225,8 +2230,8 @@ |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
24 |
char *name, *val; |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
25 |
u_int name_len, val_len, i; |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
26 |
|
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
27 |
- name = packet_get_string(&name_len); |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
28 |
- val = packet_get_string(&val_len); |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
29 |
+ name = packet_get_cstring(&name_len); |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
30 |
+ val = packet_get_cstring(&val_len); |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
31 |
packet_check_eom(); |
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
32 |
|
a2310ec32635
PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
33 |
/* Don't set too many environment variables */ |