From b5cde260487eae86db1661a53e5e5e0823936aab Mon Sep 17 00:00:00 2001 From: Konstantin Demin Date: Tue, 9 Jan 2024 03:40:01 +0300 Subject: dropbear: cherry-pick upstream patches critical fixes: - libtommath: possible integer overflow (CVE-2023-36328) - implement Strict KEX mode (CVE-2023-48795) various fixes: - fix DROPBEAR_DSS and DROPBEAR_RSA config options - y2038 issues - remove SO_LINGER socket option - make banner reading failure non-fatal - fix "noremotetcp" behavior - don't try to shutdown a pty - fix test for multiuser kernels adds new features: - option to bind to interface - allow inetd with non-syslog - ignore unsupported command line options with dropbearkey Signed-off-by: Konstantin Demin --- ...write-rather-than-fprintf-in-segv-handler.patch | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 package/network/services/dropbear/patches/009-use-write-rather-than-fprintf-in-segv-handler.patch (limited to 'package/network/services/dropbear/patches/009-use-write-rather-than-fprintf-in-segv-handler.patch') diff --git a/package/network/services/dropbear/patches/009-use-write-rather-than-fprintf-in-segv-handler.patch b/package/network/services/dropbear/patches/009-use-write-rather-than-fprintf-in-segv-handler.patch new file mode 100644 index 00000000000..e1538a4c1f7 --- /dev/null +++ b/package/network/services/dropbear/patches/009-use-write-rather-than-fprintf-in-segv-handler.patch @@ -0,0 +1,27 @@ +From 3292b8c6f1e5fcc405fa0f7a20e90a60f74037b2 Mon Sep 17 00:00:00 2001 +From: Matt Johnston +Date: Sun, 12 Feb 2023 23:00:00 +0800 +Subject: Use write() rather than fprintf() in segv handler + +fprintf isn't guaranteed safe (though hasn't had any problems reported). +--- + svr-main.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/svr-main.c ++++ b/svr-main.c +@@ -420,8 +420,12 @@ static void sigchld_handler(int UNUSED(u + + /* catch any segvs */ + static void sigsegv_handler(int UNUSED(unused)) { +- fprintf(stderr, "Aiee, segfault! You should probably report " +- "this as a bug to the developer\n"); ++ int i; ++ const char *msg = "Aiee, segfault! You should probably report " ++ "this as a bug to the developer\n"; ++ i = write(STDERR_FILENO, msg, strlen(msg)); ++ /* ignore short writes */ ++ (void)i; + _exit(EXIT_FAILURE); + } + -- cgit v1.2.3