Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.1:Rings:1-MinimalX
openssh
openssh-6.6p1-pam_privsep_auth_uaf.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssh-6.6p1-pam_privsep_auth_uaf.patch of Package openssh
# HG changeset patch # Parent ea1be5dee37dc7f20e9010e251579223d5f09179 Prevent possible use-after-free in PAM authentication monitor when privilege separation child gets compromised. CVE-2015-6564 bsc#943006 diff --git a/openssh-6.6p1/monitor.c b/openssh-6.6p1/monitor.c --- a/openssh-6.6p1/monitor.c +++ b/openssh-6.6p1/monitor.c @@ -1150,24 +1150,26 @@ mm_answer_pam_respond(int sock, Buffer * if (ret == 0) sshpam_authok = sshpam_ctxt; return (0); } int mm_answer_pam_free_ctx(int sock, Buffer *m) { + int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt; debug3("%s", __func__); (sshpam_device.free_ctx)(sshpam_ctxt); + sshpam_ctxt = sshpam_authok = NULL; buffer_clear(m); mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); auth_method = "keyboard-interactive"; auth_submethod = "pam"; - return (sshpam_authok == sshpam_ctxt); + return r; } #endif int mm_answer_keyallowed(int sock, Buffer *m) { Key *key; char *cuser, *chost;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor