[pkg-remote-commits] [xrdp] 01/05: Fix CVE-2017-6967.
Dominik George
natureshadow-guest at moszumanska.debian.org
Mon Apr 24 18:43:11 UTC 2017
This is an automated email from the git hooks/post-receive script.
natureshadow-guest pushed a commit to branch master
in repository xrdp.
commit 69bdd1a6b7b278e2343fce0d988a7590177b901c
Author: Dominik George <nik at naturalnet.de>
Date: Mon Apr 24 20:15:26 2017 +0200
Fix CVE-2017-6967.
---
debian/changelog | 6 +++
debian/patches/cve-2017-6967.diff | 96 +++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 103 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 8dd5b11..d1af752 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xrdp (0.9.1-8) unstable; urgency=medium
+
+ * Fix CVE-2017-6967. (Closes: #858143)
+
+ -- Dominik George <nik at naturalnet.de> Mon, 24 Apr 2017 20:14:36 +0200
+
xrdp (0.9.1-7) unstable; urgency=medium
* Fix RFX with large tile sets, e.g. full HD displays. (Closes: #855387)
diff --git a/debian/patches/cve-2017-6967.diff b/debian/patches/cve-2017-6967.diff
new file mode 100644
index 0000000..956f1a1
--- /dev/null
+++ b/debian/patches/cve-2017-6967.diff
@@ -0,0 +1,96 @@
+From 4b8a33e087ee9cf5556b40b717cd7e8ff243b3c3 Mon Sep 17 00:00:00 2001
+From: Jay Sorg <jay.sorg at gmail.com>
+Date: Mon, 20 Mar 2017 18:59:44 -0700
+Subject: [PATCH] sesman: move auth/pam calls to main process
+
+---
+ sesman/scp_v0.c | 9 ++++++++-
+ sesman/scp_v1.c | 20 +++++++++++++++-----
+ sesman/session.c | 6 +++---
+ 3 files changed, 26 insertions(+), 9 deletions(-)
+
+--- a/sesman/scp_v0.c
++++ b/sesman/scp_v0.c
+@@ -36,6 +36,7 @@ scp_v0_process(struct SCP_CONNECTION *c,
+ tbus data;
+ struct session_item *s_item;
+ int errorcode = 0;
++ bool_t do_auth_end = 1;
+
+ data = auth_userpass(s->username, s->password, &errorcode);
+
+@@ -131,6 +132,9 @@ scp_v0_process(struct SCP_CONNECTION *c,
+ log_message(LOG_LEVEL_INFO, "starting Xorg session...");
+ display = session_start(data, SESMAN_SESSION_TYPE_XORG, s);
+ }
++ /* if the session started up ok, auth_end will be called on
++ sig child */
++ do_auth_end = display == 0;
+ }
+ else
+ {
+@@ -151,5 +155,8 @@ scp_v0_process(struct SCP_CONNECTION *c,
+ {
+ scp_v0s_deny_connection(c);
+ }
+- auth_end(data);
++ if (do_auth_end)
++ {
++ auth_end(data);
++ }
+ }
+--- a/sesman/scp_v1.c
++++ b/sesman/scp_v1.c
+@@ -38,7 +38,7 @@ void DEFAULT_CC
+ scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
+ {
+ long data;
+- int display;
++ int display = 0;
+ int retries;
+ int current_try;
+ enum SCP_SERVER_STATES_E e;
+@@ -46,6 +46,7 @@ scp_v1_process(struct SCP_CONNECTION *c,
+ struct session_item *sitem;
+ int scount;
+ SCP_SID sid;
++ bool_t do_auth_end = 1;
+
+ retries = g_cfg->sec.login_retry;
+ current_try = retries;
+@@ -124,14 +125,21 @@ scp_v1_process(struct SCP_CONNECTION *c,
+ log_message(LOG_LEVEL_INFO, "starting Xvnc session...");
+ display = session_start(data, SESMAN_SESSION_TYPE_XVNC, s);
+ }
+- else
++ else if (SCP_SESSION_TYPE_XRDP == s->type)
+ {
+ log_message(LOG_LEVEL_INFO, "starting X11rdp session...");
+ display = session_start(data, SESMAN_SESSION_TYPE_XRDP, s);
+ }
++ else if (SCP_SESSION_TYPE_XORG == s->type)
++ {
++ log_message(LOG_LEVEL_INFO, "starting Xorg session...");
++ display = session_start(data, SESMAN_SESSION_TYPE_XORG, c, s);
++ }
++ /* if the session started up ok, auth_end will be called on
++ sig child */
++ do_auth_end = display == 0;
+
+ e = scp_v1s_connect_new_session(c, display);
+-
+ switch (e)
+ {
+ case SCP_SERVER_STATE_OK:
+@@ -197,7 +205,10 @@ scp_v1_process(struct SCP_CONNECTION *c,
+ }
+
+ /* cleanup */
+- auth_end(data);
++ if (do_auth_end)
++ {
++ auth_end(data);
++ }
+ g_free(slist);
+ }
+
diff --git a/debian/patches/series b/debian/patches/series
index f0e195c..bd3f630 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@ systemd.diff
lfs.diff
kb_jp.diff
highres.diff
+cve-2017-6967.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-remote/xrdp.git
More information about the pkg-remote-commits
mailing list