diff options
| author | Dirk Meyer <dinoex@FreeBSD.org> | 2002-06-26 15:21:27 +0000 |
|---|---|---|
| committer | Dirk Meyer <dinoex@FreeBSD.org> | 2002-06-26 15:21:27 +0000 |
| commit | 6e92b681172f0b572e7431589d5f0146f1eecc51 (patch) | |
| tree | 5b56fee9afd3790f6331df3ff44aabbf157bc65b /security/openssh | |
| parent | Add missing codeblock (diff) | |
Security FIX, Please update to this Version.
Options for both:
USE_OPENSSL_BASE=yes
uses an older opensssl in the base system.
Options for portable:
OPENSSH_OVERWRITE_BASE=yes
includes USE_OPENSSL_BASE=yes
installls in the paths of the base system
Notes
Notes:
svn path=/head/; revision=62021
Diffstat (limited to 'security/openssh')
| -rw-r--r-- | security/openssh/Makefile | 2 | ||||
| -rw-r--r-- | security/openssh/files/patch-auth2-chall.c | 66 |
2 files changed, 64 insertions, 4 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 484c77d5a24b..59b89f77f19f 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -7,7 +7,7 @@ PORTNAME= openssh PORTVERSION= 3.3 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \ ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \ diff --git a/security/openssh/files/patch-auth2-chall.c b/security/openssh/files/patch-auth2-chall.c index 488bdf9d036e..80470f799fd8 100644 --- a/security/openssh/files/patch-auth2-chall.c +++ b/security/openssh/files/patch-auth2-chall.c @@ -1,6 +1,6 @@ --- auth2-chall.c.orig Wed Jun 19 02:27:55 2002 -+++ auth2-chall.c Mon Jun 24 06:54:04 2002 -@@ -40,19 +40,19 @@ ++++ auth2-chall.c Wed Jun 26 16:59:05 2002 +@@ -40,20 +40,20 @@ #ifdef BSD_AUTH extern KbdintDevice bsdauth_device; @@ -22,7 +22,67 @@ + &pam_device, +#elif defined(SKEY) &skey_device, --#endif #endif +-#endif NULL }; + +@@ -63,6 +63,7 @@ + char *devices; + void *ctxt; + KbdintDevice *device; ++ u_int nreq; + }; + + static KbdintAuthctxt * +@@ -90,6 +91,7 @@ + debug("kbdint_alloc: devices '%s'", kbdintctxt->devices); + kbdintctxt->ctxt = NULL; + kbdintctxt->device = NULL; ++ kbdintctxt->nreq = 0; + + return kbdintctxt; + } +@@ -209,26 +211,26 @@ + KbdintAuthctxt *kbdintctxt; + char *name, *instr, **prompts; + int i; +- u_int numprompts, *echo_on; ++ u_int *echo_on; + + kbdintctxt = authctxt->kbdintctxt; + if (kbdintctxt->device->query(kbdintctxt->ctxt, +- &name, &instr, &numprompts, &prompts, &echo_on)) ++ &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on)) + return 0; + + packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); + packet_put_cstring(name); + packet_put_cstring(instr); + packet_put_cstring(""); /* language not used */ +- packet_put_int(numprompts); +- for (i = 0; i < numprompts; i++) { ++ packet_put_int(kbdintctxt->nreq); ++ for (i = 0; i < kbdintctxt->nreq; i++) { + packet_put_cstring(prompts[i]); + packet_put_char(echo_on[i]); + } + packet_send(); + packet_write_wait(); + +- for (i = 0; i < numprompts; i++) ++ for (i = 0; i < kbdintctxt->nreq; i++) + xfree(prompts[i]); + xfree(prompts); + xfree(echo_on); +@@ -256,6 +258,10 @@ + + authctxt->postponed = 0; /* reset */ + nresp = packet_get_int(); ++ if (nresp != kbdintctxt->nreq) ++ fatal("input_userauth_info_response: wrong number of replies"); ++ if (nresp > 100) ++ fatal("input_userauth_info_response: too many replies"); + if (nresp > 0) { + response = xmalloc(nresp * sizeof(char*)); + for (i = 0; i < nresp; i++) |