From 072596e07d41747b0fc717844cf87678df258696 Mon Sep 17 00:00:00 2001
From: Rimsky <349157738@qq.com>
Date: Sat, 25 Jun 2022 17:05:11 +0800
Subject: [PATCH] fix-possible-NULL-deref-when-built-without-FIDO

---
 ...e-NULL-deref-when-built-without-FIDO.patch | 30 +++++++++++++++++++
 openssh.spec                                  | 11 ++++++-
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 backport-fix-possible-NULL-deref-when-built-without-FIDO.patch

diff --git a/backport-fix-possible-NULL-deref-when-built-without-FIDO.patch b/backport-fix-possible-NULL-deref-when-built-without-FIDO.patch
new file mode 100644
index 0000000..125a41b
--- /dev/null
+++ b/backport-fix-possible-NULL-deref-when-built-without-FIDO.patch
@@ -0,0 +1,30 @@
+From 7d25b37fb2a5ff4dadabcbdac6087a97479434f5 Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm@mindrot.org>
+Date: Fri, 24 Jun 2022 13:46:39 +1000
+Subject: [PATCH] fix possible NULL deref when built without FIDO
+
+Analysis/fix from kircher in bz3443; ok dtucker@
+---
+ ssh-sk.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ssh-sk.c b/ssh-sk.c
+index d254e77..79bc682 100644
+--- a/ssh-sk.c
++++ b/ssh-sk.c
+@@ -118,10 +118,11 @@ sshsk_open(const char *path)
+ 		ret->sk_enroll = ssh_sk_enroll;
+ 		ret->sk_sign = ssh_sk_sign;
+ 		ret->sk_load_resident_keys = ssh_sk_load_resident_keys;
++		return ret;
+ #else
+ 		error("internal security key support not enabled");
++		goto fail;
+ #endif
+-		return ret;
+ 	}
+ 	if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) {
+ 		error("Provider \"%s\" dlopen failed: %s", path, dlerror());
+-- 
+1.8.3.1
+
diff --git a/openssh.spec b/openssh.spec
index edd89e8..7752af3 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 3
+%global openssh_release 4
 
 Name:           openssh
 Version:        8.8p1
@@ -88,6 +88,8 @@ Patch57:        feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch
 Patch58:        bugfix-openssh-fix-sftpserver.patch
 Patch59:        set-sshd-config.patch
 
+Patch6001:	backport-fix-possible-NULL-deref-when-built-without-FIDO.patch
+
 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
 Requires:       openssh-server = %{version}-%{release}
@@ -224,6 +226,7 @@ popd
 %patch57 -p1
 %patch58 -p1
 %patch59 -p1
+%patch6001 -p1
 
 autoreconf
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
@@ -422,6 +425,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Sat Jun 25 2022 Rimsky<3491577@qq.com> - 8.8p1-4
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix possible NULL deref when built without FIDO
+
 * Mon Apr 25 2022 Kai Liu <kai.liu@suse.com> - 8.8p1-3
 - Type:bugfix
 - CVE:NA
-- 
Gitee