diff options
| author | Colin Watson <cjwatson@debian.org> | 2006-11-15 00:48:30 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2006-11-15 00:48:30 +0000 |
| commit | 0afa4059aa6138214602bf85cf0fc09fa6784882 (patch) | |
| tree | 1dfd86b575a5d7a44e2c8b80b73a07cb0cccc0aa | |
| parent | e836924abc1da31a9ea47d18bda4353935668902 (diff) | |
* Backport from 4.5p1:
- Fix a bug in the sshd privilege separation monitor that weakened its
verification of successful authentication. This bug is not known to be
exploitable in the absence of additional vulnerabilities.
| -rw-r--r-- | debian/changelog | 4 | ||||
| -rw-r--r-- | monitor.c | 6 |
2 files changed, 7 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog index 3722c921b..a018ed003 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -1,6 +1,10 @@ | |||
| 1 | openssh (1:4.3p2-6) UNRELEASED; urgency=low | 1 | openssh (1:4.3p2-6) UNRELEASED; urgency=low |
| 2 | 2 | ||
| 3 | * Acknowledge NMU (thanks, Manoj; closes: #394795). | 3 | * Acknowledge NMU (thanks, Manoj; closes: #394795). |
| 4 | * Backport from 4.5p1: | ||
| 5 | - Fix a bug in the sshd privilege separation monitor that weakened its | ||
| 6 | verification of successful authentication. This bug is not known to be | ||
| 7 | exploitable in the absence of additional vulnerabilities. | ||
| 4 | * openssh-server Suggests: molly-guard (closes: #395473). | 8 | * openssh-server Suggests: molly-guard (closes: #395473). |
| 5 | * debconf template translations: | 9 | * debconf template translations: |
| 6 | - Update German (thanks, Helge Kreutzmann; closes: #395947). | 10 | - Update German (thanks, Helge Kreutzmann; closes: #395947). |
| @@ -339,7 +339,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
| 339 | 339 | ||
| 340 | /* The first few requests do not require asynchronous access */ | 340 | /* The first few requests do not require asynchronous access */ |
| 341 | while (!authenticated) { | 341 | while (!authenticated) { |
| 342 | authenticated = monitor_read(pmonitor, mon_dispatch, &ent); | 342 | authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); |
| 343 | if (authenticated) { | 343 | if (authenticated) { |
| 344 | if (!(ent->flags & MON_AUTHDECIDE)) | 344 | if (!(ent->flags & MON_AUTHDECIDE)) |
| 345 | fatal("%s: unexpected authentication from %d", | 345 | fatal("%s: unexpected authentication from %d", |
| @@ -1220,7 +1220,7 @@ mm_answer_keyverify(int sock, Buffer *m) | |||
| 1220 | 1220 | ||
| 1221 | verified = key_verify(key, signature, signaturelen, data, datalen); | 1221 | verified = key_verify(key, signature, signaturelen, data, datalen); |
| 1222 | debug3("%s: key %p signature %s", | 1222 | debug3("%s: key %p signature %s", |
| 1223 | __func__, key, verified ? "verified" : "unverified"); | 1223 | __func__, key, (verified == 1) ? "verified" : "unverified"); |
| 1224 | 1224 | ||
| 1225 | key_free(key); | 1225 | key_free(key); |
| 1226 | xfree(blob); | 1226 | xfree(blob); |
| @@ -1235,7 +1235,7 @@ mm_answer_keyverify(int sock, Buffer *m) | |||
| 1235 | buffer_put_int(m, verified); | 1235 | buffer_put_int(m, verified); |
| 1236 | mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); | 1236 | mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); |
| 1237 | 1237 | ||
| 1238 | return (verified); | 1238 | return (verified == 1); |
| 1239 | } | 1239 | } |
| 1240 | 1240 | ||
| 1241 | static void | 1241 | static void |