| 1234567891011121314151617181920212223242526272829303132333435363738394041 |
- From 7f4a743171f9e6b283207d448de6562219774fbf Mon Sep 17 00:00:00 2001
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Tue, 25 Jun 2024 12:24:29 +0100
- Subject: Disable async-signal-unsafe code from the sshsigdie() function
- Address signal handler race condition: if a client does not authenticate
- within LoginGraceTime seconds (120 by default, 600 in old OpenSSH
- versions), then sshd's SIGALRM handler is called asynchronously, but
- this signal handler calls various functions that are not
- async-signal-safe (for example, syslog()).
- This is a regression from CVE-2006-5051 ("Signal handler race condition
- in OpenSSH before 4.4 allows remote attackers to cause a denial of
- service (crash), and possibly execute arbitrary code")
- Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
- Upstream: https://salsa.debian.org/ssh-team/openssh/-/blob/525bb16e45edac4c03b95e106380d70aecbaf27e/debian/patches/sshsigdie-async-signal-unsafe.patch
- Patch-Name: sshsigdie-async-signal-unsafe.patch
- ---
- log.c | 2 ++
- 1 file changed, 2 insertions(+)
- diff --git a/log.c b/log.c
- index 6a8b1fc4a..57256660f 100644
- --- a/log.c
- +++ b/log.c
- @@ -452,12 +452,14 @@ void
- sshsigdie(const char *file, const char *func, int line, int showfunc,
- LogLevel level, const char *suffix, const char *fmt, ...)
- {
- +#if 0
- va_list args;
-
- va_start(args, fmt);
- sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
- suffix, fmt, args);
- va_end(args);
- +#endif
- _exit(1);
- }
-
|
