From 7b154440658024a00f844db3dde8cf991e88ebf3 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Feb 24 2016 08:51:43 +0000 Subject: Fix X11 forwarding CVE according to upstream --- diff --git a/openssh-7.1p2-fallback-x11-untrusted.patch b/openssh-7.1p2-fallback-x11-untrusted.patch index 2822e3f..3fdf5fe 100644 --- a/openssh-7.1p2-fallback-x11-untrusted.patch +++ b/openssh-7.1p2-fallback-x11-untrusted.patch @@ -113,7 +113,7 @@ index f555451..c0386d5 100644 - } else if (!client_x11_display_valid(display)) { - logit("DISPLAY '%s' invalid, falling back to fake xauth data", + if (!client_x11_display_valid(display)) { -+ debug("DISPLAY \"%s\" invalid; disabling X11 forwarding", ++ logit("DISPLAY \"%s\" invalid; disabling X11 forwarding", display); - } else { - if (display == NULL) { @@ -350,3 +350,38 @@ index 81704ab..096c5b5 100644 "spoofing."); -- 2.5.0 + +From 5658ef2501e785fbbdf5de2dc33b1ff7a4dca73a Mon Sep 17 00:00:00 2001 +From: "millert@openbsd.org" +Date: Mon, 1 Feb 2016 21:18:17 +0000 +Subject: upstream commit + +Avoid ugly "DISPLAY "(null)" invalid; disabling X11 + forwarding" message when DISPLAY is not set. This could also result in a + crash on systems with a printf that doesn't handle NULL. OK djm@ + +Upstream-ID: 20ee0cfbda678a247264c20ed75362042b90b412 +--- + clientloop.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/clientloop.c b/clientloop.c +index f8f9a3f..f0a08f2 100644 +--- a/clientloop.c ++++ b/clientloop.c +@@ -318,8 +318,9 @@ client_x11_get_proto(const char *display, const char *xauth_path, + proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0'; + + if (!client_x11_display_valid(display)) { +- logit("DISPLAY \"%s\" invalid; disabling X11 forwarding", +- display); ++ if (display != NULL) ++ logit("DISPLAY \"%s\" invalid; disabling X11 forwarding", ++ display); + return -1; + } + if (xauth_path != NULL && stat(xauth_path, &st) == -1) { +-- +cgit v0.11.2 + +