1 #

     2 # This is to fix two vulnerabilities in experimental client roaming code.

     3 #

     4 # CVE numbers CVE-2016-0777 and CVE-2016-0778 have been reserved

     5 # for these problems, but not officially issued yet. This fix came from

     6 # OpenSSH upstream and will be included in future OpenSSH 7.1p2 release.

     7 # The fix completely disables roaming on the client.

     8 #

     9 # When we upgrade OpenSSH to 7.1p2 or higher in the future, we will remove

    10 # this patch.

    11 #

    12 diff -pur old/readconf.c new/readconf.c

    13 --- old/readconf.c

    14 +++ new/readconf.c

    15 @@ -1716,7 +1716,7 @@ initialize_options(Options * options)

    16  	options->tun_remote = -1;

    17  	options->local_command = NULL;

    18  	options->permit_local_command = -1;

    19 -	options->use_roaming = -1;

    20 +	options->use_roaming = 0;

    21  	options->visual_host_key = -1;

    22  	options->ip_qos_interactive = -1;

    23  	options->ip_qos_bulk = -1;

    24 @@ -1908,8 +1908,7 @@ fill_default_options(Options * options)

    25  		options->tun_remote = SSH_TUNID_ANY;

    26  	if (options->permit_local_command == -1)

    27  		options->permit_local_command = 0;

    28 -	if (options->use_roaming == -1)

    29 -		options->use_roaming = 1;

    30 +	options->use_roaming = 0;

    31  	if (options->visual_host_key == -1)

    32  		options->visual_host_key = 0;

    33  	if (options->ip_qos_interactive == -1)