A signal handler in sshd(8) calls a function that is not async-signal… · MidnightBSD/src@00adcc7

Commit

A signal handler in sshd(8) calls a function that is not async-signal…

…-safe.

The signal handler is invoked when a client does not authenticate within the
LoginGraceTime seconds (120 by default).  This signal handler executes in the
context of the sshd(8)'s privileged code, which is not sandboxed and runs
with full root privileges.

This issue is a regression of CVE-2006-5051 originally reported by Mark Dowd
and accidentally reintroduced in OpenSSH 8.5p1.

Obtained from: OpenSSH/FreeBSD

Loading branch information

laffer1 committed Jul 1, 2024

1 parent 9008029 commit 00adcc7

crypto/openssh/log.c

-Original file line number
+Diff line change
@@ Expand Up / @@ -451,12 +451,14 @@ void @@
     sshsigdie(const char *file, const char *func, int line, int showfunc,
         LogLevel level, const char *suffix, const char *fmt, ...)
     {
+    #if 0
     	va_list args;
     	va_start(args, fmt);
     	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
     	    suffix, fmt, args);
     	va_end(args);
+    #endif
     	_exit(1);
     }
@@ Expand Down @@

crypto/openssh/version.h

-Original file line number
+Diff line change
@@ Expand Up / @@ -5,4 +5,4 @@ @@
     #define SSH_PORTABLE	"p2"
     #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
-    #define SSH_VERSION_MIDNIGHTBSD	"MidnightBSD-20231226"
+    #define SSH_VERSION_MIDNIGHTBSD	"MidnightBSD-20240701"

0 comments on commit `00adcc7`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `00adcc7`

Commit

There are no files selected for viewing

0 comments on commit 00adcc7

0 comments on commit `00adcc7`