summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2021-41617-1.patch
blob: 042c9bcb3fc93bfca76099be645bb71cc7fd7975 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
From ad2748dee50e4c0040f6efda5eff4a34e4eb5b85 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sun, 26 Sep 2021 14:01:03 +0000
Subject: upstream: need initgroups() before setresgid(); reported by anton@,

ok deraadt@

OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce

Bug-Debian: https://bugs.debian.org/995130
Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=f3cbe43e28fe71427d41cfe3a17125b972710455
Last-Update: 2023-12-19

Patch-Name: CVE-2021-41617-1.patch
---
 auth.c | 6 ++++++
 1 file changed, 6 insertions(+)

Index: openssh/auth.c
===================================================================
--- openssh.orig/auth.c
+++ openssh/auth.c
@@ -866,6 +866,12 @@ subprocess(const char *tag, struct passw
 		}
 		closefrom(STDERR_FILENO + 1);
 
+		if (geteuid() == 0 &&
+		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
+			error("%s: initgroups(%s, %u): %s", tag,
+			    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
+			_exit(1);
+		}
 		/* Don't use permanently_set_uid() here to avoid fatal() */
 		if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
 			error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,