!181 修复不适用FIDO构建时可能发生的引用空指针的问题

From: @renmingshuai Reviewed-by: @kircher Signed-off-by: @kircher
2023-01-10 02:01:41 +00:00 · 2023-01-10 02:01:41 +00:00 · 2abde599e0
commit 2abde599e0
parent d45fcb3b81 3618776f83
2 changed files with 44 additions and 3 deletions
--- a/backport-fix-possible-NULL-deref-when-built-without-FIDO.patch
+++ b/backport-fix-possible-NULL-deref-when-built-without-FIDO.patch
@ -0,0 +1,33 @@
+From 7d25b37fb2a5ff4dadabcbdac6087a97479434f5 Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm@mindrot.org>
+Date: Fri, 24 Jun 2022 13:46:39 +1000
+Subject: [PATCH] fix possible NULL deref when built without FIDO
+
+Analysis/fix from kircher in bz3443; ok dtucker@
+
+Reference:https://github.com/openssh/openssh-portable/commit/7d25b37fb2a5ff
+Conflict:NA
+---
+ ssh-sk.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ssh-sk.c b/ssh-sk.c
+index a1ff5cc4..ba514607 100644
+--- a/ssh-sk.c
+++ b/ssh-sk.c
+@@ -127,10 +127,11 @@ sshsk_open(const char *path)
+ 		ret->sk_enroll = ssh_sk_enroll;
+ 		ret->sk_sign = ssh_sk_sign;
+ 		ret->sk_load_resident_keys = ssh_sk_load_resident_keys;
+		return ret;
+ #else
+ 		error("internal security key support not enabled");
+		goto fail;
+ #endif
+-		return ret;
+ 	}
+ 	if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) {
+ 		error("Provider \"%s\" dlopen failed: %s", path, dlerror());
+-- 
+2.23.0
+
--- a/openssh.spec
+++ b/openssh.spec
@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}

 %global sshd_uid    74
-%global openssh_release 17
+%global openssh_release 18

 Name:           openssh
 Version:        8.2p1
@ -89,14 +89,15 @@ Patch56:        set-sshd-config.patch
 Patch57:        CVE-2020-12062-1.patch
 Patch58:        CVE-2020-12062-2.patch
 Patch59:        upstream-expose-vasnmprintf.patch
-Patch60:	CVE-2020-14145.patch
-Patch61:	add-strict-scp-check-for-CVE-2020-15778.patch
+Patch60:        CVE-2020-14145.patch
+Patch61:        add-strict-scp-check-for-CVE-2020-15778.patch
 Patch62:        backport-move-closefrom-to-before-first-malloc.patch
 Patch63:        backport-CVE-2021-41617-1.patch
 Patch64:        backport-CVE-2021-41617-2.patch
 Patch65:        backport-CVE-2021-28041.patch
 Patch66:        backport-change-convtime-form-returning-long-to-returning-int.patch
 Patch67:        backport-change-types-in-convtime-unit-test-to-int-to-match.patch
+Patch68:        backport-fix-possible-NULL-deref-when-built-without-FIDO.patch

 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@ -266,6 +267,7 @@ popd
 %patch65 -p1
 %patch66 -p1
 %patch67 -p1
+%patch68 -p1

 autoreconf
 pushd pam_ssh_agent_auth-0.10.3
@ -474,6 +476,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*

 %changelog
+* Mon Jan 09 2023 renmingshuai<renmingshuai@huawei.cn> - 8.2p1-18
+- Type:bugfix
+- CVE:
+- SUG:NA
+- DESC:fix possible NULL deref when built without FIDO
+
 * Fri Jan 06 2023 renmingshuai<renmingshuai@hauwei.com> - 8.2p1-17
 - Type:requirement
 - CVE:NA