meta/recipes-connectivity/openssh/openssh/CVE-2021-28041.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Description: fix double-free memory corruption in ssh-agent
Author: Marc Deslauriers <marc.deslauriers@canonical.com>
Origin: minimal fix for https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db

Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>

CVE: CVE-2021-28041
Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_8.2p1-4ubuntu0.3.debian.tar.xz]
Comment: No change in any hunk

--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -496,6 +496,7 @@ process_add_identity(SocketEntry *e)
				goto err;
			}
			free(ext_name);
+			ext_name = NULL;
			break;
		default:
			error("%s: Unknown constraint %d", __func__, ctype);