Bug#984940: CVE-2021-28041

To: Moritz Muehlenhoff <jmm@debian.org>, 984940@bugs.debian.org, OpenSSH Devel List <openssh-unix-dev@mindrot.org>
Subject: Bug#984940: CVE-2021-28041
From: Darren Tucker <dtucker@dtucker.net>
Date: Sat, 13 Mar 2021 14:55:48 +1100
Message-id: <[🔎] CALDDTe0eGuZqFUdhwSsFQDvsLwduauvUJ6yvDwQaFgooedNSAw@mail.gmail.com>
Reply-to: Darren Tucker <dtucker@dtucker.net>, 984940@bugs.debian.org
In-reply-to: <[🔎] 20210312225610.GI26923@riva.ucam.org>
References: <[🔎] 161539547234.237906.666230999315751909.reportbug@hullmann.westfalen.local> <[🔎] 20210312225610.GI26923@riva.ucam.org> <[🔎] 161539547234.237906.666230999315751909.reportbug@hullmann.westfalen.local>

On Sat, 13 Mar 2021 at 10:01, Colin Watson <cjwatson@debian.org> wrote:
> This patch unfortunately doesn't apply terribly cleanly to OpenSSH
> 8.4p1, [...]
> If I understand the vulnerability correctly, then it seems to me that
> the following shorter patch would fix it, and would run less risk of me
> fouling something else up by backporting the refactoring wrongly:

There's a patch against 8.4 here:
https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig

It has the first of the two changes in your diff.  The second is
harmless but unnecessary as it's on the exit path from the function
and there can't be a following call to free.

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Reply to:

Follow-Ups:
- Bug#984940: CVE-2021-28041
  - From: Colin Watson <cjwatson@debian.org>

References:
- Bug#984940: CVE-2021-28041
  - From: Moritz Muehlenhoff <jmm@debian.org>
- Bug#984940: CVE-2021-28041
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Bug#984940: CVE-2021-28041
Next by Date: Bug#984940: CVE-2021-28041
Previous by thread: Bug#984940: CVE-2021-28041
Next by thread: Bug#984940: CVE-2021-28041
Index(es):
- Date
- Thread