Merge pull request #90 from rapier1/dev_minor

Resolve CVE aka regreSSHion bug.
rapier1 · Jul 2, 2024 · 52bc5fd · 52bc5fd
2 parents 783d8b2 + ad1e018
commit 52bc5fd
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 4 deletions.
diff --git a/clientloop.c b/clientloop.c
@@ -616,8 +616,9 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout,
 		if (timespeccmp(&now, &chaff_until, >=)) {
 			/* Stop if there have been no keystrokes for a while */
 			stop_reason = "chaff time expired";
-		} else if (timespeccmp(&now, &next_interval, >=)) {
-			/* Otherwise if we were due to send, then send chaff */
+		} else if (timespeccmp(&now, &next_interval, >=) &&
+		    !ssh_packet_have_data_to_write(ssh)) {
+			/* If due to send but have no data, then send chaff */
 			if (send_chaff(ssh))
 				nchaff++;
 		}

diff --git a/log.c b/log.c
@@ -458,12 +458,13 @@ void
 sshsigdie(const char *file, const char *func, int line, int showfunc,
     LogLevel level, const char *suffix, const char *fmt, ...)
 {
+#ifdef SYSLOG_R_SAFE_IN_SIGHAND
 	va_list args;
-
 	va_start(args, fmt);
 	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
 	    suffix, fmt, args);
 	va_end(args);
+#endif
 	_exit(1);
 }
 

diff --git a/version.h b/version.h
@@ -3,5 +3,5 @@
 #define SSH_VERSION	"OpenSSH_9.7"
 
 #define SSH_PORTABLE	"p1"
-#define SSH_HPN         "-hpn18.4.1"
+#define SSH_HPN         "-hpn18.4.2"
 #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE SSH_HPN