Overview

File openssh-CVE-2023-38408-PKCS11-execution.patch of Package openssh-askpass-gnome.31630

From 892506b13654301f69f9545f48213fc210e5c5cc Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 19 Jul 2023 13:55:53 +0000
Subject: [PATCH] upstream: terminate process if requested to load a PKCS#11
 provider

that isn't a PKCS#11 provider; from / ok markus@

OpenBSD-Commit-ID: 39532cf18b115881bb4cfaee32084497aadfa05c
---
 ssh-pkcs11.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

Index: openssh-8.4p1/ssh-pkcs11.c
===================================================================
--- openssh-8.4p1.orig/ssh-pkcs11.c
+++ openssh-8.4p1/ssh-pkcs11.c
@@ -1519,10 +1519,8 @@ pkcs11_register_provider(char *provider_
 		error("dlopen %s failed: %s", provider_id, dlerror());
 		goto fail;
 	}
-	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
-		error("dlsym(C_GetFunctionList) failed: %s", dlerror());
-		goto fail;
-	}
+	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
+		fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
 	p = xcalloc(1, sizeof(*p));
 	p->name = xstrdup(provider_id);
 	p->handle = handle;
openSUSE Build Service is sponsored by
Places