!218 回合社区补丁,修复内存泄露
From: @renmingshuai Reviewed-by: @robertxw Signed-off-by: @robertxw
This commit is contained in:
openeuler-ci-bot
Gitee
commit
9f1a33d659
@ -78,32 +78,6 @@ Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/backport-ope
|
||||
close(c->sock);
|
||||
c->sock = c->rfd = c->wfd = sock;
|
||||
channel_find_maxfd(ssh->chanctxt);
|
||||
@@ -3804,7 +3804,7 @@ int
|
||||
channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd)
|
||||
{
|
||||
int r, success = 0, idx = -1;
|
||||
- char *host_to_connect, *listen_host, *listen_path;
|
||||
+ char *host_to_connect = NULL, *listen_host = NULL, *listen_path = NULL;
|
||||
int port_to_connect, listen_port;
|
||||
|
||||
/* Send the forward request to the remote side. */
|
||||
@@ -3832,7 +3832,6 @@ channel_request_remote_forwarding(struct
|
||||
success = 1;
|
||||
if (success) {
|
||||
/* Record that connection to this host/port is permitted. */
|
||||
- host_to_connect = listen_host = listen_path = NULL;
|
||||
port_to_connect = listen_port = 0;
|
||||
if (fwd->connect_path != NULL) {
|
||||
host_to_connect = xstrdup(fwd->connect_path);
|
||||
@@ -3853,6 +3852,9 @@ channel_request_remote_forwarding(struct
|
||||
host_to_connect, port_to_connect,
|
||||
listen_host, listen_path, listen_port, NULL);
|
||||
}
|
||||
+ free(host_to_connect);
|
||||
+ free(listen_host);
|
||||
+ free(listen_path);
|
||||
return idx;
|
||||
}
|
||||
|
||||
diff -up openssh-8.5p1/compat.c.coverity openssh-8.5p1/compat.c
|
||||
--- openssh-8.5p1/compat.c.coverity 2021-03-24 12:03:33.768968062 +0100
|
||||
|
||||
@ -0,0 +1,62 @@
|
||||
From d323f7ecf52e3d4ec1f4939bf31693e02f891dca Mon Sep 17 00:00:00 2001
|
||||
From: "mbuhl@openbsd.org" <mbuhl@openbsd.org>
|
||||
Date: Fri, 18 Nov 2022 19:47:40 +0000
|
||||
Subject: [PATCH] upstream: In channel_request_remote_forwarding the parameters
|
||||
for
|
||||
|
||||
permission_set_add are leaked as they are also duplicated in the call. Found
|
||||
by CodeChecker. ok djm
|
||||
|
||||
OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
|
||||
|
||||
Reference:https://github.com/openssh/openssh-portable/commit/d323f7ecf52e3d4ec1f4939bf31693e02f891dca
|
||||
Conflict:NA
|
||||
---
|
||||
channels.c | 13 ++++++-------
|
||||
1 file changed, 6 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/channels.c b/channels.c
|
||||
index e75a0cf9..7c2c882d 100644
|
||||
--- a/channels.c
|
||||
+++ b/channels.c
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $OpenBSD: channels.c,v 1.420 2022/09/19 08:49:50 djm Exp $ */
|
||||
+/* $OpenBSD: channels.c,v 1.421 2022/11/18 19:47:40 mbuhl Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@@ -4081,7 +4081,7 @@ int
|
||||
channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd)
|
||||
{
|
||||
int r, success = 0, idx = -1;
|
||||
- char *host_to_connect, *listen_host, *listen_path;
|
||||
+ const char *host_to_connect, *listen_host, *listen_path;
|
||||
int port_to_connect, listen_port;
|
||||
|
||||
/* Send the forward request to the remote side. */
|
||||
@@ -4112,18 +4112,17 @@ channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd)
|
||||
host_to_connect = listen_host = listen_path = NULL;
|
||||
port_to_connect = listen_port = 0;
|
||||
if (fwd->connect_path != NULL) {
|
||||
- host_to_connect = xstrdup(fwd->connect_path);
|
||||
+ host_to_connect = fwd->connect_path;
|
||||
port_to_connect = PORT_STREAMLOCAL;
|
||||
} else {
|
||||
- host_to_connect = xstrdup(fwd->connect_host);
|
||||
+ host_to_connect = fwd->connect_host;
|
||||
port_to_connect = fwd->connect_port;
|
||||
}
|
||||
if (fwd->listen_path != NULL) {
|
||||
- listen_path = xstrdup(fwd->listen_path);
|
||||
+ listen_path = fwd->listen_path;
|
||||
listen_port = PORT_STREAMLOCAL;
|
||||
} else {
|
||||
- if (fwd->listen_host != NULL)
|
||||
- listen_host = xstrdup(fwd->listen_host);
|
||||
+ listen_host = fwd->listen_host;
|
||||
listen_port = fwd->listen_port;
|
||||
}
|
||||
idx = permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL,
|
||||
--
|
||||
2.23.0
|
||||
|
||||
10
openssh.spec
10
openssh.spec
@ -6,7 +6,7 @@
|
||||
%{?no_gtk2:%global gtk2 0}
|
||||
|
||||
%global sshd_uid 74
|
||||
%global openssh_release 21
|
||||
%global openssh_release 22
|
||||
|
||||
Name: openssh
|
||||
Version: 8.8p1
|
||||
@ -111,6 +111,7 @@ Patch78: skip-tests-for-C-if-there-is-no-openssl-on-local-pat.patch
|
||||
Patch79: set-ssh-config.patch
|
||||
Patch80: backport-upstream-CVE-2023-25136-fix-double-free-caused.patch
|
||||
Patch81: backport-fix-CVE-2023-38408-upstream-terminate-process.patch
|
||||
Patch82: backport-upstream-In-channel_request_remote_forwarding-the-pa.patch
|
||||
|
||||
Requires: /sbin/nologin
|
||||
Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8
|
||||
@ -271,6 +272,7 @@ popd
|
||||
%patch79 -p1
|
||||
%patch80 -p1
|
||||
%patch81 -p1
|
||||
%patch82 -p1
|
||||
|
||||
autoreconf
|
||||
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
|
||||
@ -467,6 +469,12 @@ getent passwd sshd >/dev/null || \
|
||||
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
|
||||
|
||||
%changelog
|
||||
* Tue Aug 15 2023 renmingshuai<renmingshuai@huawei.com> - 8.8p1-22
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
- SUG:NA
|
||||
- DESC:In channel_request_remote_forwarding the parameters
|
||||
|
||||
* Thu Jul 27 2023 renmingshuai <renmingshuai@huawei.com> - 8.8p1-21
|
||||
- Type:CVE
|
||||
- CVE:CVE-2023-38408
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user