Hi Mike, On Fri, 08 Mar 2019 22:40:52 +0000 Mike Gabriel <sunweaver@debian.org> wrote: [...] > The critical patch is CVE-2019-6111-2.patch. With that patch added I > get segfaults with scp. Without that patch scp works, but is > susceptible to the earlier mentioned exploit for CVE-2019-6111. > > I am a bit lost here and would appreciate some ideas about what is > going wrong here. [...] I think I have found the root cause of the segfault. In order to fix CVE-2019-6111 we have to backport two functions, reallocarray and recallocarray. There are some conditionals which must be defined first, otherwise those functions won't be compiled and are not available at runtime. For instance ifndef HAVE_REALLOCARRAY So the solution is to define them in openbsd-compat/openbsd-compat.h #ifndef HAVE_REALLOCARRAY void *reallocarray(void *, size_t, size_t); #endif #ifndef HAVE_RECALLOCARRAY void *recallocarray(void *, size_t, size_t, size_t); #endif and in config.h.in add /* Define to 1 if you have the `reallocarray' function. */ #undef HAVE_REALLOCARRAY /* Define to 1 if you have the `recallocarray' function. */ #undef HAVE_RECALLOCARRAY After that all patches work as intended and I consider this issue to be resolved for Wheezy. I'm going to upload a new revision now. Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature