Date: Sat, 29 Oct 2016 15:14:10 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r424915 - in branches/2016Q4/security/openssh-portable: . files Message-ID: <201610291514.u9TFEANu047547@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Sat Oct 29 15:14:10 2016 New Revision: 424915 URL: https://svnweb.freebsd.org/changeset/ports/424915 Log: MFH: r424592 Bring in upstream commit ec165c392ca54317dbe3064a8c200de6531e89ad: Unregister the KEXINIT handler after message has been received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause allocation of up to 128MB -- until the connection is closed. Reported by shilei-c at 360.cn Security: CVE-2016-8858 Approved by: ports-secteam (with hat) Added: branches/2016Q4/security/openssh-portable/files/patch-kex.c - copied unchanged from r424592, head/security/openssh-portable/files/patch-kex.c Modified: branches/2016Q4/security/openssh-portable/Makefile Directory Properties: branches/2016Q4/ (props changed) Modified: branches/2016Q4/security/openssh-portable/Makefile ============================================================================== --- branches/2016Q4/security/openssh-portable/Makefile Sat Oct 29 15:01:59 2016 (r424914) +++ branches/2016Q4/security/openssh-portable/Makefile Sat Oct 29 15:14:10 2016 (r424915) @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 7.3p1 -PORTREVISION= 0 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= OPENBSD/OpenSSH/portable Copied: branches/2016Q4/security/openssh-portable/files/patch-kex.c (from r424592, head/security/openssh-portable/files/patch-kex.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q4/security/openssh-portable/files/patch-kex.c Sat Oct 29 15:14:10 2016 (r424915, copy of r424592, head/security/openssh-portable/files/patch-kex.c) @@ -0,0 +1,33 @@ +From ec165c392ca54317dbe3064a8c200de6531e89ad Mon Sep 17 00:00:00 2001 +From: "markus@openbsd.org" <markus@openbsd.org> +Date: Mon, 10 Oct 2016 19:28:48 +0000 +Subject: [PATCH] upstream commit + +Unregister the KEXINIT handler after message has been +received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause +allocation of up to 128MB -- until the connection is closed. Reported by +shilei-c at 360.cn + +Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05 +--- + kex.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git kex.c kex.c +index 3f97f8c..6a94bc5 100644 +--- kex.c ++++ kex.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: kex.c,v 1.126 2016/09/28 21:44:52 djm Exp $ */ ++/* $OpenBSD: kex.c,v 1.127 2016/10/10 19:28:48 markus Exp $ */ + /* + * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * +@@ -481,6 +481,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) + if (kex == NULL) + return SSH_ERR_INVALID_ARGUMENT; + ++ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); + ptr = sshpkt_ptr(ssh, &dlen); + if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) + return r;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610291514.u9TFEANu047547>