16accb6b24
- 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
36 lines
1.5 KiB
Diff
36 lines
1.5 KiB
Diff
From 146c420d29d055cc75c8606327a1cf8439fe3a08 Mon Sep 17 00:00:00 2001
|
|
From: "djm@openbsd.org" <djm@openbsd.org>
|
|
Date: Mon, 1 Jul 2024 04:31:17 +0000
|
|
Subject: [PATCH] upstream: when sending ObscureKeystrokeTiming chaff packets,
|
|
we
|
|
|
|
can't rely on channel_did_enqueue to tell that there is data to send. This
|
|
flag indicates that the channels code enqueued a packet on _this_ ppoll()
|
|
iteration, not that data was enqueued in _any_ ppoll() iteration in the
|
|
timeslice. ok markus@
|
|
|
|
OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136
|
|
|
|
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/openssh/tree/debian/patches/CVE-2024-39894.patch?h=ubuntu/noble-security
|
|
Upstream commit https://github.com/openssh/openssh-portable/commit/146c420d29d055cc75c8606327a1cf8439fe3a08]
|
|
CVE: CVE-2024-39894
|
|
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
|
|
---
|
|
clientloop.c | 7 ++++---
|
|
1 file changed, 4 insertions(+), 3 deletions(-)
|
|
|
|
--- a/clientloop.c
|
|
+++ b/clientloop.c
|
|
@@ -612,8 +612,9 @@ obfuscate_keystroke_timing(struct ssh *s
|
|
if (timespeccmp(&now, &chaff_until, >=)) {
|
|
/* Stop if there have been no keystrokes for a while */
|
|
stop_reason = "chaff time expired";
|
|
- } else if (timespeccmp(&now, &next_interval, >=)) {
|
|
- /* Otherwise if we were due to send, then send chaff */
|
|
+ } else if (timespeccmp(&now, &next_interval, >=) &&
|
|
+ !ssh_packet_have_data_to_write(ssh)) {
|
|
+ /* If due to send but have no data, then send chaff */
|
|
if (send_chaff(ssh))
|
|
nchaff++;
|
|
}
|