main/openssh/CVE-2021-28041.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

untrusted comment: verify with openbsd-68-base.pub
RWQZj25CSG5R2lgsgSLgQjjy3/BFahe7C64NJOej05Naf0mm//TKykuXL7pxOVsY5rnXH0A6vBdO5UNx7PkuTxLOACHx5xV7Gws=

OpenBSD 6.8 errata 015, March 4, 2021:

Double free in ssh-agent(1)

Apply by doing:
    signify -Vep /etc/signify/openbsd-68-base.pub -x 015_sshagent.patch.sig \
        -m - | (cd /usr/src && patch -p0)

And then rebuild and install ssh (as well as ssh-agent)
    cd /usr/src/usr.bin/ssh
    make obj
    make clean
    make
    make install

Index: usr.bin/ssh/ssh-agent.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-agent.c,v
diff -u -p -u -r1.264 ssh-agent.c
--- ./ssh-agent.c	18 Sep 2020 08:16:38 -0000	1.264
+++ ./ssh-agent.c	3 Mar 2021 01:08:25 -0000
@@ -567,6 +567,7 @@ process_add_identity(SocketEntry *e)
 				goto err;
 			}
 			free(ext_name);
+			ext_name = NULL;
 			break;
 		default:
 			error("%s: Unknown constraint %d", __func__, ctype);