From 4bd615b547625392fd1e05e70d690b5eb8cda5a4 Mon Sep 17 00:00:00 2001 From: chxssg Date: Tue, 20 Jul 2021 20:56:20 +0800 Subject: [PATCH] move closefrom to before first malloc --- ...ove-closefrom-to-before-first-malloc.patch | 46 +++++++++++++++++++ openssh.spec | 10 +++- 2 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 backport-move-closefrom-to-before-first-malloc.patch diff --git a/backport-move-closefrom-to-before-first-malloc.patch b/backport-move-closefrom-to-before-first-malloc.patch new file mode 100644 index 0000000..b94c365 --- /dev/null +++ b/backport-move-closefrom-to-before-first-malloc.patch @@ -0,0 +1,46 @@ +From c9f7bba2e6f70b7ac1f5ea190d890cb5162ce127 Mon Sep 17 00:00:00 2001 +From: Darren Tucker +Date: Fri, 25 Jun 2021 15:08:18 +1000 +Subject: Move closefrom() to before first malloc. + +When built against tcmalloc, tcmalloc allocates a descriptor for its +internal use, so calling closefrom() afterward causes the descriptor +number to be reused resulting in a corrupted connection. Moving the +closefrom a little earlier should resolve this. From kircherlike at +outlook.com via bz#3321, ok djm@ +--- + ssh.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/ssh.c b/ssh.c +index cf8c018e..0343cba3 100644 +--- a/ssh.c ++++ b/ssh.c +@@ -609,6 +609,12 @@ main(int ac, char **av) + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + ++ /* ++ * Discard other fds that are hanging around. These can cause problem ++ * with backgrounded ssh processes started by ControlPersist. ++ */ ++ closefrom(STDERR_FILENO + 1); ++ + __progname = ssh_get_progname(av[0]); + #if OPENSSL_VERSION_NUMBER < 0x10100000L + SSLeay_add_all_algorithms(); +@@ -638,12 +644,6 @@ main(int ac, char **av) + debug("FIPS mode initialized"); + } + +- /* +- * Discard other fds that are hanging around. These can cause problem +- * with backgrounded ssh processes started by ControlPersist. +- */ +- closefrom(STDERR_FILENO + 1); +- + /* Get user data. */ + pw = getpwuid(getuid()); + if (!pw) { +-- +cgit v1.2.3 diff --git a/openssh.spec b/openssh.spec index 0218b1d..cd515fe 100644 --- a/openssh.spec +++ b/openssh.spec @@ -6,7 +6,7 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 10 +%global openssh_release 11 Name: openssh Version: 8.2p1 @@ -92,6 +92,7 @@ Patch59: upstream-expose-vasnmprintf.patch Patch60: CVE-2018-15919.patch Patch61: CVE-2020-14145.patch Patch62: add-strict-scp-check-for-CVE-2020-15778.patch +Patch63: backport-move-closefrom-to-before-first-malloc.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -256,6 +257,7 @@ popd %patch60 -p1 %patch61 -p1 %patch62 -p1 +%patch63 -p1 autoreconf pushd pam_ssh_agent_auth-0.10.3 @@ -471,6 +473,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Tue Jul 20 2021 seuzw<930zhaowei@163.com> - 8.2P1-11 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:move classfrom to before first malloc + * Tue Jul 20 2021 chxssg - 8.2P1-10 - Type:cves - CVE:CVE-2020-15778 -- Gitee