PSARC 2012/335 OpenSSH migration PSARC 2013/115 Shared configuration for SunSSH & OpenSSH PSARC 2014/078 OpenSSH 6.5 PSARC 2014/342 pam_unix_session lastlog support 15769261 SUNBT7135649 Deliver OpenSSH 6.0P1 in the userland gate 18205826 upgrade OpenSSH to 6.5p1 19579776 OpenSSH doesn't need to reference lastlog anymore now that PAM session mgmt does 18267729 Delegating credentials in OpenSSH 18828925 migrate the disablebanner feature from SunSSH to OpenSSH 18890096 migrate PAM enhancements from SunSSH to OpenSSH 19629847 OpenSSH does not support Solaris Audit for login/logout. 17997193 misc. problems in Makefile and openssh.p5m 18268681 openssh has non-existent /usr/local/lib in its runpath 18528305 /var/empty should be delivered readonly 19034156 PAM coversation function for passwd auth method has an incorrect assumption 19906401 should set AUTHTOK to NULL after pam_authenticate in sshpam_auth_passwd() 19517432 OpenSSH does not update utmpx on login 19570656 GSSAPIAuthentication option should default to yes 19591379 X11Forwarding and ForwardX11Trusted should default to yes 19465507 Deprecate SunSSH-only server options (e.g. iMaxAuthTriesLog) in OpenSSH 18898794 ssh connections fail with openssh, same config works with sunssh 20549448 OpenSSH X86 server core dump at audit_event 20656125 OpenSSH ed25519 algorithm signature verification failure 18435439 problem in UTILITY/OPENSSH 18491957 problem in UTILITY/OPENSSH

     1

#

     2

# This is to fix a security bug (CVE-2014-2532) when using environment passing

     3

# with a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6

     4

# could be tricked into accepting any enviornment variable that contains the

     5

# characters before the wildcard character.  The bug fix code came from 

     6

# OpenSSH.org.  When we upgrade OpenSSH to version 6.6 or later, we will remove

     7

# this patch file.

     8

#

     9

--- orig/session.c	Tue Mar 18 18:37:57 2014

    10

+++ new/session.c	Tue Mar 18 18:41:17 2014

    11

@@ -978,6 +978,11 @@

    12

 	u_int envsize;

    13

 	u_int i, namelen;

    14

    15

+	if (strchr(name, '=') != NULL) {

    16

+	        error("Invalid environment variable \"%.100s\"", name);

    17

+                return;

    18

+	}

    19

+

    20

 	/*

    21

 	 * If we're passed an uninitialized list, allocate a single null

    22

 	 * entry before continuing.

    23

@@ -2225,8 +2230,8 @@

    24

 	char *name, *val;

    25

 	u_int name_len, val_len, i;

    26

    27

-	name = packet_get_string(&name_len);

    28

-	val = packet_get_string(&val_len);

    29

+	name = packet_get_cstring(&name_len);

    30

+	val = packet_get_cstring(&val_len);

    31

 	packet_check_eom();

    32

    33

 	/* Don't set too many environment variables */