2d65772950
Fixes CVE-2016-0777 and CVE-0216-0778. Closes #12385.
51 lines
1.5 KiB
Diff
51 lines
1.5 KiB
Diff
From b842c1891b9979e30a6b53292a236ceb9231be79 Mon Sep 17 00:00:00 2001
|
|
From: Franz Pletz <fpletz@fnordicwalking.de>
|
|
Date: Thu, 14 Jan 2016 16:25:50 +0100
|
|
Subject: [PATCH] Disable roaming, fixes CVE-2016-0777 and CVE-0216-0778
|
|
|
|
Based on http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/010_ssh.patch.sig
|
|
---
|
|
readconf.c | 5 ++---
|
|
ssh.c | 3 ---
|
|
2 files changed, 2 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/readconf.c b/readconf.c
|
|
index db7d0bb..5b03f97 100644
|
|
--- a/readconf.c
|
|
+++ b/readconf.c
|
|
@@ -1660,7 +1660,7 @@ initialize_options(Options * options)
|
|
options->tun_remote = -1;
|
|
options->local_command = NULL;
|
|
options->permit_local_command = -1;
|
|
- options->use_roaming = -1;
|
|
+ options->use_roaming = 0;
|
|
options->visual_host_key = -1;
|
|
options->ip_qos_interactive = -1;
|
|
options->ip_qos_bulk = -1;
|
|
@@ -1835,8 +1835,7 @@ fill_default_options(Options * options)
|
|
options->tun_remote = SSH_TUNID_ANY;
|
|
if (options->permit_local_command == -1)
|
|
options->permit_local_command = 0;
|
|
- if (options->use_roaming == -1)
|
|
- options->use_roaming = 1;
|
|
+ options->use_roaming = 0;
|
|
if (options->visual_host_key == -1)
|
|
options->visual_host_key = 0;
|
|
if (options->ip_qos_interactive == -1)
|
|
diff --git a/ssh.c b/ssh.c
|
|
index 3fd5a94..e8428b5 100644
|
|
--- a/ssh.c
|
|
+++ b/ssh.c
|
|
@@ -1931,9 +1931,6 @@ ssh_session2(void)
|
|
fork_postauth();
|
|
}
|
|
|
|
- if (options.use_roaming)
|
|
- request_roaming();
|
|
-
|
|
return client_loop(tty_flag, tty_flag ?
|
|
options.escape_char : SSH_ESCAPECHAR_NONE, id);
|
|
}
|
|
--
|
|
2.7.0
|
|
|