CVS commit: src/crypto/external/bsd/openssh/dist

Mon, 01 Jul 2024 08:42:50 -0700 

Module Name:    src
Committed By:   riastradh
Date:           Mon Jul  1 15:42:42 UTC 2024

Modified Files:
        src/crypto/external/bsd/openssh/dist: log.c

Log Message:
sshd(8): Avoid strnvis and syslog_r in signal handler context.

CVE-2024-6387

PR security/58386


To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/openssh/dist/log.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/external/bsd/openssh/dist/log.c
diff -u src/crypto/external/bsd/openssh/dist/log.c:1.28 src/crypto/external/bsd/openssh/dist/log.c:1.29
--- src/crypto/external/bsd/openssh/dist/log.c:1.28	Sat Jun 29 18:03:32 2024
+++ src/crypto/external/bsd/openssh/dist/log.c	Mon Jul  1 15:42:42 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: log.c,v 1.28 2024/06/29 18:03:32 riastradh Exp $	*/
+/*	$NetBSD: log.c,v 1.29 2024/07/01 15:42:42 riastradh Exp $	*/
 /* $OpenBSD: log.c,v 1.61 2023/12/06 21:06:48 djm Exp $ */
 
 /*
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: log.c,v 1.28 2024/06/29 18:03:32 riastradh Exp $");
+__RCSID("$NetBSD: log.c,v 1.29 2024/07/01 15:42:42 riastradh Exp $");
 #include <sys/types.h>
 #include <sys/uio.h>
 
@@ -422,12 +422,14 @@ void
 sshsigdie(const char *file, const char *func, int line, int showfunc,
     LogLevel level, const char *suffix, const char *fmt, ...)
 {
+#ifdef SYSLOG_R_SAFE_IN_SIGHAND
 	va_list args;
 
 	va_start(args, fmt);
 	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
 	    suffix, fmt, args);
 	va_end(args);
+#endif
 	_exit(1);
 }

Reply via email to