summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2023-38408-1.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:13:19 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:13:19 +0000
commit94597021fbf5b12b369b7bb3c13af715d8be8c4e (patch)
tree5195a1ab18ed95e7ae2e5bf5e74396b00861a6b7 /debian/patches/CVE-2023-38408-1.patch
parentAdding upstream version 1:8.4p1. (diff)
downloadopenssh-bc06b6db68c10b2978c74f0616ab2e484a484f6f.tar.xz
openssh-bc06b6db68c10b2978c74f0616ab2e484a484f6f.zip
Adding debian version 1:8.4p1-5+deb11u3.debian/1%8.4p1-5+deb11u3debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/CVE-2023-38408-1.patch')
-rw-r--r--debian/patches/CVE-2023-38408-1.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/debian/patches/CVE-2023-38408-1.patch b/debian/patches/CVE-2023-38408-1.patch
new file mode 100644
index 0000000..b70fd9f
--- /dev/null
+++ b/debian/patches/CVE-2023-38408-1.patch
@@ -0,0 +1,30 @@
+From 8175e38eaf5636f45c3f27f4eadee1d583b70d35 Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm@mindrot.org>
+Date: Thu, 13 Jul 2023 12:09:34 +1000
+Subject: terminate pkcs11 process for bad libraries
+
+Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=b23fe83f06ee7e721033769cfa03ae840476d280
+Last-Update: 2023-09-17
+
+Patch-Name: CVE-2023-38408-1.patch
+---
+ ssh-pkcs11.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
+index f495883d1..d864051c4 100644
+--- a/ssh-pkcs11.c
++++ b/ssh-pkcs11.c
+@@ -1519,10 +1519,8 @@ pkcs11_register_provider(char *provider_id, char *pin,
+ error("dlopen %s failed: %s", provider_id, dlerror());
+ goto fail;
+ }
+- if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
+- error("dlsym(C_GetFunctionList) failed: %s", dlerror());
+- goto fail;
+- }
++ if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
++ fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
+ p = xcalloc(1, sizeof(*p));
+ p->name = xstrdup(provider_id);
+ p->handle = handle;