4 files changed, 43 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index ab59d980a..08f22e8b7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openssh (1:5.7p1-2) UNRELEASED; urgency=low
+  * Fix crash in ssh_selinux_setfscreatecon when SELinux is disabled
+    (LP: #708571).
+ -- Colin Watson <cjwatson@debian.org>  Thu, 27 Jan 2011 12:05:26 +0000
 openssh (1:5.7p1-1) experimental; urgency=low
  * New upstream release (http://www.openssh.org/txt/release-5.7):
diff --git a/debian/patches/selinux-setfscreatecon-crash.patch b/debian/patches/selinux-setfscreatecon-crash.patch
new file mode 100644
index 000000000..8d09d3529
--- /dev/null
+++ b/debian/patches/selinux-setfscreatecon-crash.patch
@@ -0,0 +1,28 @@
+Description: Fix crash in ssh_selinux_setfscreatecon when SELinux is disabled
+Author: Colin Watson <cjwatson@ubuntu.com>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/708571
+Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=1851
+Last-Update: 2011-01-27
+Index: b/openbsd-compat/port-linux.c
+===================================================================
+--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
+@@ -224,12 +224,15 @@
+ {
+                security_context_t context;
+ 
+               if (!ssh_selinux_enabled())
+                       return;
+
+                if (path == NULL) {
+                        setfscreatecon(NULL);
+                        return;
+                }
+-               matchpathcon(path, 0700, &context);
+-               setfscreatecon(context);
+               if (matchpathcon(path, 0700, &context) == 0)
+                       setfscreatecon(context);
+ }
+ 
+ #endif /* WITH_SELINUX */
diff --git a/debian/patches/series b/debian/patches/series
index a3431201e..15b5d91db 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -39,6 +39,9 @@ doc-hash-tab-completion.patch
 # Upstream backports
 selinux-build-failure.patch
+# Miscellaneous bug fixes
+selinux-setfscreatecon-crash.patch
 # Debian-specific configuration
 gnome-ssh-askpass2-icon.patch
 debian-config.patch
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 11385326e..a2498dc15 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -224,12 +224,15 @@ ssh_selinux_setfscreatecon(const char *path)
 {
                security_context_t context;
+                if (!ssh_selinux_enabled())
+                        return;
                if (path == NULL) {
                        setfscreatecon(NULL);
                        return;
                }
-                matchpathcon(path, 0700, &context);
+                if (matchpathcon(path, 0700, &context) == 0)
-                setfscreatecon(context);
+                        setfscreatecon(context);
 }
 #endif /* WITH_SELINUX */

diff --git a/debian/changelog b/debian/changelog index ab59d980a..08f22e8b7 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -1,3 +1,10 @@
		1	openssh (1:5.7p1-2) UNRELEASED; urgency=low
		2
		3	* Fix crash in ssh_selinux_setfscreatecon when SELinux is disabled
		4	(LP: #708571).
		5
		6	-- Colin Watson <cjwatson@debian.org> Thu, 27 Jan 2011 12:05:26 +0000
		7
1	openssh (1:5.7p1-1) experimental; urgency=low	8	openssh (1:5.7p1-1) experimental; urgency=low
2		9
3	* New upstream release (http://www.openssh.org/txt/release-5.7):	10	* New upstream release (http://www.openssh.org/txt/release-5.7):


diff --git a/debian/patches/selinux-setfscreatecon-crash.patch b/debian/patches/selinux-setfscreatecon-crash.patch new file mode 100644 index 000000000..8d09d3529 --- /dev/null +++ b/debian/patches/selinux-setfscreatecon-crash.patch
@@ -0,0 +1,28 @@
		1	Description: Fix crash in ssh_selinux_setfscreatecon when SELinux is disabled
		2	Author: Colin Watson <cjwatson@ubuntu.com>
		3	Bug-Ubuntu: https://bugs.launchpad.net/bugs/708571
		4	Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=1851
		5	Last-Update: 2011-01-27
		6
		7	Index: b/openbsd-compat/port-linux.c
		8	===================================================================
		9	--- a/openbsd-compat/port-linux.c
		10	+++ b/openbsd-compat/port-linux.c
		11	@@ -224,12 +224,15 @@
		12	{
		13	security_context_t context;
		14
		15	+ if (!ssh_selinux_enabled())
		16	+ return;
		17	+
		18	if (path == NULL) {
		19	setfscreatecon(NULL);
		20	return;
		21	}
		22	- matchpathcon(path, 0700, &context);
		23	- setfscreatecon(context);
		24	+ if (matchpathcon(path, 0700, &context) == 0)
		25	+ setfscreatecon(context);
		26	}
		27
		28	#endif /* WITH_SELINUX */


diff --git a/debian/patches/series b/debian/patches/series index a3431201e..15b5d91db 100644 --- a/debian/patches/series +++ b/debian/patches/series
@@ -39,6 +39,9 @@ doc-hash-tab-completion.patch
39	# Upstream backports	39	# Upstream backports
40	selinux-build-failure.patch	40	selinux-build-failure.patch
41		41
		42	# Miscellaneous bug fixes
		43	selinux-setfscreatecon-crash.patch
		44
42	# Debian-specific configuration	45	# Debian-specific configuration
43	gnome-ssh-askpass2-icon.patch	46	gnome-ssh-askpass2-icon.patch
44	debian-config.patch	47	debian-config.patch


diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 11385326e..a2498dc15 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c
@@ -224,12 +224,15 @@ ssh_selinux_setfscreatecon(const char *path)
224	{	224	{
225	security_context_t context;	225	security_context_t context;
226		226
		227	if (!ssh_selinux_enabled())
		228	return;
		229
227	if (path == NULL) {	230	if (path == NULL) {
228	setfscreatecon(NULL);	231	setfscreatecon(NULL);
229	return;	232	return;
230	}	233	}
231	matchpathcon(path, 0700, &context);	234	if (matchpathcon(path, 0700, &context) == 0)
232	setfscreatecon(context);	235	setfscreatecon(context);
233	}	236	}
234		237
235	#endif /* WITH_SELINUX */	238	#endif /* WITH_SELINUX */