diff options
Diffstat (limited to 'gnu/packages/patches/openssh-CVE-2016-6210-3.patch')
| -rw-r--r-- | gnu/packages/patches/openssh-CVE-2016-6210-3.patch | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/gnu/packages/patches/openssh-CVE-2016-6210-3.patch b/gnu/packages/patches/openssh-CVE-2016-6210-3.patch deleted file mode 100644 index 303c34ee1b..0000000000 --- a/gnu/packages/patches/openssh-CVE-2016-6210-3.patch +++ /dev/null @@ -1,60 +0,0 @@ -From abde8dda29c2db2405d6fbca2fe022430e2c1177 Mon Sep 17 00:00:00 2001 -From: Darren Tucker <dtucker@zip.com.au> -Date: Thu, 21 Jul 2016 14:17:31 +1000 -Subject: Search users for one with a valid salt. - -If the root account is locked (eg password "!!" or "*LK*") keep looking -until we find a user with a valid salt to use for crypting passwords of -invalid users. ok djm@ - -Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=dbf788b4d9d9490a5fff08a7b09888272bb10fcc -Bug-Debian: https://bugs.debian.org/831902 -Last-Update: 2016-07-22 - -Patch-Name: CVE-2016-6210-3.patch ---- - openbsd-compat/xcrypt.c | 24 +++++++++++++++--------- - 1 file changed, 15 insertions(+), 9 deletions(-) - -diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c -index 8913bb8..cf6a9b9 100644 ---- a/openbsd-compat/xcrypt.c -+++ b/openbsd-compat/xcrypt.c -@@ -65,7 +65,9 @@ - - /* - * Pick an appropriate password encryption type and salt for the running -- * system. -+ * system by searching through accounts until we find one that has a valid -+ * salt. Usually this will be root unless the root account is locked out. -+ * If we don't find one we return a traditional DES-based salt. - */ - static const char * - pick_salt(void) -@@ -78,14 +80,18 @@ pick_salt(void) - if (salt[0] != '\0') - return salt; - strlcpy(salt, "xx", sizeof(salt)); -- if ((pw = getpwuid(0)) == NULL) -- return salt; -- passwd = shadow_pw(pw); -- if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL) -- return salt; /* no $, DES */ -- typelen = p - passwd + 1; -- strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); -- explicit_bzero(passwd, strlen(passwd)); -+ setpwent(); -+ while ((pw = getpwent()) != NULL) { -+ passwd = shadow_pw(pw); -+ if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) { -+ typelen = p - passwd + 1; -+ strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); -+ explicit_bzero(passwd, strlen(passwd)); -+ goto out; -+ } -+ } -+ out: -+ endpwent(); - return salt; - } - |