summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog30
-rw-r--r--README2
-rw-r--r--contrib/redhat/openssh.spec2
-rw-r--r--contrib/suse/openssh.spec2
-rw-r--r--session.c32
-rw-r--r--version.h2
6 files changed, 48 insertions, 22 deletions
diff --git a/ChangeLog b/ChangeLog
index b01bb5642..1e4346715 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
1commit 5c35450a0c901d9375fb23343a8dc82397da5f75
2Author: Damien Miller <djm@mindrot.org>
3Date: Thu Mar 10 05:04:48 2016 +1100
4
5 update versions for release
6
7commit 9d47b8d3f50c3a6282896df8274147e3b9a38c56
8Author: Damien Miller <djm@mindrot.org>
9Date: Thu Mar 10 05:03:39 2016 +1100
10
11 sanitise characters destined for xauth(1)
12
13 reported by github.com/tintinweb
14
1commit 72b061d4ba0f909501c595d709ea76e06b01e5c9 15commit 72b061d4ba0f909501c595d709ea76e06b01e5c9
2Author: Darren Tucker <dtucker@zip.com.au> 16Author: Darren Tucker <dtucker@zip.com.au>
3Date: Fri Feb 26 14:40:04 2016 +1100 17Date: Fri Feb 26 14:40:04 2016 +1100
@@ -8889,19 +8903,3 @@ Author: Damien Miller <djm@mindrot.org>
8889Date: Thu Mar 13 13:14:21 2014 +1100 8903Date: Thu Mar 13 13:14:21 2014 +1100
8890 8904
8891 - (djm) Release OpenSSH 6.6 8905 - (djm) Release OpenSSH 6.6
8892
8893commit 8569eba5d7f7348ce3955eeeb399f66f25c52ece
8894Author: Damien Miller <djm@mindrot.org>
8895Date: Tue Mar 4 09:35:17 2014 +1100
8896
8897 - djm@cvs.openbsd.org 2014/03/03 22:22:30
8898 [session.c]
8899 ignore enviornment variables with embedded '=' or '\0' characters;
8900 spotted by Jann Horn; ok deraadt@
8901
8902commit 2476c31b96e89aec7d4e73cb6fbfb9a4290de3a7
8903Author: Damien Miller <djm@mindrot.org>
8904Date: Sun Mar 2 04:01:00 2014 +1100
8905
8906 - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when
8907 no moduli file exists at the expected location.
diff --git a/README b/README
index 0dd047af3..86c55a554 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
1See http://www.openssh.com/txt/release-7.2p1 for the release notes. 1See http://www.openssh.com/txt/release-7.2p2 for the release notes.
2 2
3Please read http://www.openssh.com/report.html for bug reporting 3Please read http://www.openssh.com/report.html for bug reporting
4instructions and note that we do not use Github for bug reporting or 4instructions and note that we do not use Github for bug reporting or
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 2a55f454e..eefe82df0 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 7.2p1 1%define ver 7.2p2
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 53264c1fb..f20a78656 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
13 13
14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
15Name: openssh 15Name: openssh
16Version: 7.2p1 16Version: 7.2p2
17URL: http://www.openssh.com/ 17URL: http://www.openssh.com/
18Release: 1 18Release: 1
19Source0: openssh-%{version}.tar.gz 19Source0: openssh-%{version}.tar.gz
diff --git a/session.c b/session.c
index 7a02500ab..87fddfc3d 100644
--- a/session.c
+++ b/session.c
@@ -46,6 +46,7 @@
46 46
47#include <arpa/inet.h> 47#include <arpa/inet.h>
48 48
49#include <ctype.h>
49#include <errno.h> 50#include <errno.h>
50#include <fcntl.h> 51#include <fcntl.h>
51#include <grp.h> 52#include <grp.h>
@@ -274,6 +275,21 @@ do_authenticated(Authctxt *authctxt)
274 do_cleanup(authctxt); 275 do_cleanup(authctxt);
275} 276}
276 277
278/* Check untrusted xauth strings for metacharacters */
279static int
280xauth_valid_string(const char *s)
281{
282 size_t i;
283
284 for (i = 0; s[i] != '\0'; i++) {
285 if (!isalnum((u_char)s[i]) &&
286 s[i] != '.' && s[i] != ':' && s[i] != '/' &&
287 s[i] != '-' && s[i] != '_')
288 return 0;
289 }
290 return 1;
291}
292
277/* 293/*
278 * Prepares for an interactive session. This is called after the user has 294 * Prepares for an interactive session. This is called after the user has
279 * been successfully authenticated. During this message exchange, pseudo 295 * been successfully authenticated. During this message exchange, pseudo
@@ -347,7 +363,13 @@ do_authenticated1(Authctxt *authctxt)
347 s->screen = 0; 363 s->screen = 0;
348 } 364 }
349 packet_check_eom(); 365 packet_check_eom();
350 success = session_setup_x11fwd(s); 366 if (xauth_valid_string(s->auth_proto) &&
367 xauth_valid_string(s->auth_data))
368 success = session_setup_x11fwd(s);
369 else {
370 success = 0;
371 error("Invalid X11 forwarding data");
372 }
351 if (!success) { 373 if (!success) {
352 free(s->auth_proto); 374 free(s->auth_proto);
353 free(s->auth_data); 375 free(s->auth_data);
@@ -2178,7 +2200,13 @@ session_x11_req(Session *s)
2178 s->screen = packet_get_int(); 2200 s->screen = packet_get_int();
2179 packet_check_eom(); 2201 packet_check_eom();
2180 2202
2181 success = session_setup_x11fwd(s); 2203 if (xauth_valid_string(s->auth_proto) &&
2204 xauth_valid_string(s->auth_data))
2205 success = session_setup_x11fwd(s);
2206 else {
2207 success = 0;
2208 error("Invalid X11 forwarding data");
2209 }
2182 if (!success) { 2210 if (!success) {
2183 free(s->auth_proto); 2211 free(s->auth_proto);
2184 free(s->auth_data); 2212 free(s->auth_data);
diff --git a/version.h b/version.h
index 4189982a9..eb4e94825 100644
--- a/version.h
+++ b/version.h
@@ -2,5 +2,5 @@
2 2
3#define SSH_VERSION "OpenSSH_7.2" 3#define SSH_VERSION "OpenSSH_7.2"
4 4
5#define SSH_PORTABLE "p1" 5#define SSH_PORTABLE "p2"
6#define SSH_RELEASE SSH_VERSION SSH_PORTABLE 6#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-28 22:15:23 +0000