yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch - mdmillerii/openbmc - Gitiles

 From f98a09cacff7baad8748c9aa217afd155a4d493f Mon Sep 17 00:00:00 2001
 From: "mmcc@openbsd.org" <mmcc@openbsd.org>
 Date: Tue, 20 Oct 2015 03:36:35 +0000
 Subject: [PATCH] upstream commit

 Replace a function-local allocation with stack memory.

 ok djm@

 Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e
 Upstream-Status: Backport
 CVE: CVE-2016-1907

 [YOCTO #8935]

 Signed-off-by: Armin Kuster <akuster@mvista.com>

 ---
  clientloop.c | 9 ++-------
  1 file changed, 2 insertions(+), 7 deletions(-)

 diff --git a/clientloop.c b/clientloop.c
 index 87ceb3d..1e05cba 100644
 --- a/clientloop.c
 +++ b/clientloop.c
 @@ -1,4 +1,4 @@
 -/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */
 +/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 @@ -311,11 +311,10 @@ client_x11_get_proto(const char *display, const char *xauth_path,
  	static char proto[512], data[512];
  	FILE *f;
  	int got_data = 0, generated = 0, do_unlink = 0, i;
 -	char *xauthdir, *xauthfile;
 +	char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = "";
  	struct stat st;
  	u_int now, x11_timeout_real;

 -	xauthdir = xauthfile = NULL;
  	*_proto = proto;
  	*_data = data;
  	proto[0] = data[0] = '\0';
 @@ -343,8 +342,6 @@ client_x11_get_proto(const char *display, const char *xauth_path,
  			display = xdisplay;
  		}
  		if (trusted == 0) {
 -			xauthdir = xmalloc(PATH_MAX);
 -			xauthfile = xmalloc(PATH_MAX);
  			mktemp_proto(xauthdir, PATH_MAX);
  			/*
  			 * The authentication cookie should briefly outlive
 @@ -407,8 +404,6 @@ client_x11_get_proto(const char *display, const char *xauth_path,
  		unlink(xauthfile);
  		rmdir(xauthdir);
  	}
 -	free(xauthdir);
 -	free(xauthfile);

  	/*
  	 * If we didn't get authentication data, just make up some
 --
 1.9.1
	From f98a09cacff7baad8748c9aa217afd155a4d493f Mon Sep 17 00:00:00 2001
	From: "mmcc@openbsd.org" <mmcc@openbsd.org>
	Date: Tue, 20 Oct 2015 03:36:35 +0000
	Subject: [PATCH] upstream commit

	Replace a function-local allocation with stack memory.

	ok djm@

	Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e
	Upstream-Status: Backport
	CVE: CVE-2016-1907

	[YOCTO #8935]

	Signed-off-by: Armin Kuster <akuster@mvista.com>

	---
	clientloop.c \| 9 ++-------
	1 file changed, 2 insertions(+), 7 deletions(-)

	diff --git a/clientloop.c b/clientloop.c
	index 87ceb3d..1e05cba 100644
	--- a/clientloop.c
	+++ b/clientloop.c
	@@ -1,4 +1,4 @@
	-/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */
	+/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */
	/*
	* Author: Tatu Ylonen <ylo@cs.hut.fi>
	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	@@ -311,11 +311,10 @@ client_x11_get_proto(const char display, const char xauth_path,
	static char proto[512], data[512];
	FILE *f;
	int got_data = 0, generated = 0, do_unlink = 0, i;
	- char xauthdir, xauthfile;
	+ char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = "";
	struct stat st;
	u_int now, x11_timeout_real;

	- xauthdir = xauthfile = NULL;
	*_proto = proto;
	*_data = data;
	proto[0] = data[0] = '\0';
	@@ -343,8 +342,6 @@ client_x11_get_proto(const char display, const char xauth_path,
	display = xdisplay;
	}
	if (trusted == 0) {
	- xauthdir = xmalloc(PATH_MAX);
	- xauthfile = xmalloc(PATH_MAX);
	mktemp_proto(xauthdir, PATH_MAX);
	/*
	* The authentication cookie should briefly outlive
	@@ -407,8 +404,6 @@ client_x11_get_proto(const char display, const char xauth_path,
	unlink(xauthfile);
	rmdir(xauthdir);
	}
	- free(xauthdir);
	- free(xauthfile);

	/*
	* If we didn't get authentication data, just make up some
	--
	1.9.1