components/openssh/patches/012-acceptenv.patch
author saurabh.vyas@oracle.com
Tue, 09 Jun 2015 22:31:26 -0700
changeset 4459 5a11150c7d2e
parent 1796 a2310ec32635
permissions -rw-r--r--
21203559 problem in SERVICE/HORIZON
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1796
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
     1
#
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
     2
# This is to fix a security bug (CVE-2014-2532) when using environment passing
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
     3
# with a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
     4
# could be tricked into accepting any enviornment variable that contains the
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
     5
# characters before the wildcard character.  The bug fix code came from 
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
     6
# OpenSSH.org.  When we upgrade OpenSSH to version 6.6 or later, we will remove
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
     7
# this patch file.
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
     8
#
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
     9
--- orig/session.c	Tue Mar 18 18:37:57 2014
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    10
+++ new/session.c	Tue Mar 18 18:41:17 2014
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    11
@@ -978,6 +978,11 @@
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    12
 	u_int envsize;
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    13
 	u_int i, namelen;
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    14
 
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    15
+	if (strchr(name, '=') != NULL) {
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    16
+	        error("Invalid environment variable \"%.100s\"", name);
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    17
+                return;
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    18
+	}
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    19
+
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    20
 	/*
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    21
 	 * If we're passed an uninitialized list, allocate a single null
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    22
 	 * entry before continuing.
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    23
@@ -2225,8 +2230,8 @@
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    24
 	char *name, *val;
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    25
 	u_int name_len, val_len, i;
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    26
 
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    27
-	name = packet_get_string(&name_len);
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    28
-	val = packet_get_string(&val_len);
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    29
+	name = packet_get_cstring(&name_len);
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    30
+	val = packet_get_cstring(&val_len);
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    31
 	packet_check_eom();
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    32
 
a2310ec32635 PSARC 2014/078 OpenSSH 6.5
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset
    33
 	/* Don't set too many environment variables */