e328c86314
Fixes a critical security bug allowing remote code execution as root:
<https://www.openssh.com/txt/release-9.8>
This may be CVE-2024-6387 (currently embargoed):
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387>
Thanks to upstream and Sam James <sam@gentoo.org> for the backport:
<1633ef4547>
Please don’t use these packages on the open internet if you care
a lot about security.
17 lines
696 B
Diff
17 lines
696 B
Diff
"Minor logic error in ObscureKeystrokeTiming"
|
|
https://marc.info/?l=oss-security&m=171982317624594&w=2
|
|
--- a/clientloop.c
|
|
+++ b/clientloop.c
|
|
@@ -608,8 +608,9 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout,
|
|
if (timespeccmp(&now, &chaff_until, >=)) {
|
|
/* Stop if there have been no keystrokes for a while */
|
|
stop_reason = "chaff time expired";
|
|
- } else if (timespeccmp(&now, &next_interval, >=)) {
|
|
- /* Otherwise if we were due to send, then send chaff */
|
|
+ } else if (timespeccmp(&now, &next_interval, >=) &&
|
|
+ !ssh_packet_have_data_to_write(ssh)) {
|
|
+ /* If due to send but have no data, then send chaff */
|
|
if (send_chaff(ssh))
|
|
nchaff++;
|
|
}
|