summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChen Qi <Qi.Chen@windriver.com>2014-05-13 15:46:26 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-05-13 19:26:34 +0100
commita8d3b8979c27a8dc87971b66a1d9d9282f660596 (patch)
tree86068a8446be1c4908e3c6b11dc08692944fbcf3
parentecb819b12a89e4e944974068d2e20ed226979317 (diff)
downloadopenembedded-core-a8d3b8979c27a8dc87971b66a1d9d9282f660596.tar.gz
openembedded-core-a8d3b8979c27a8dc87971b66a1d9d9282f660596.tar.bz2
openembedded-core-a8d3b8979c27a8dc87971b66a1d9d9282f660596.zip
openssh: fix for CVE-2014-2532
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch22
-rw-r--r--meta/recipes-connectivity/openssh/openssh_6.5p1.bb3
2 files changed, 24 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch
new file mode 100644
index 0000000000..3deaf3f0e9
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch
@@ -0,0 +1,22 @@
+Upstream-Status: Backport
+
+Fix for CVE-2014-2532
+
+Backported from openssh-6.6p1.tar.gz
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+--- a/session.c
++++ b/session.c
+@@ -955,6 +955,11 @@
+ u_int envsize;
+ u_int i, namelen;
+
++ if (strchr(name, '=') != NULL) {
++ error("Invalid environment variable \"%.100s\"", name);
++ return;
++ }
++
+ /*
+ * If we're passed an uninitialized list, allocate a single null
+ * entry before continuing.
diff --git a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb
index b93b9ae79f..230f38ab31 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb
@@ -29,7 +29,8 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
file://sshdgenkeys.service \
file://volatiles.99_sshd \
file://add-test-support-for-busybox.patch \
- file://run-ptest"
+ file://run-ptest \
+ file://openssh-CVE-2014-2532.patch"
PAM_SRC_URI = "file://sshd"