Antonio Larrosa
d7201bdb47
client and a DoS attack against OpenSSH's client and server (bsc#1237040, CVE-2025-26465, bsc#1237041, CVE-2025-26466): * fix-CVE-2025-26465-and-CVE-2025-26466.patch OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=282
24 lines
714 B
Diff
24 lines
714 B
Diff
Index: openssh-9.8p1/sshd-session.c
|
|
===================================================================
|
|
--- openssh-9.8p1.orig/sshd-session.c
|
|
+++ openssh-9.8p1/sshd-session.c
|
|
@@ -1624,9 +1624,6 @@ cleanup_exit(int i)
|
|
}
|
|
}
|
|
}
|
|
- /* Override default fatal exit value when auth was attempted */
|
|
- if (i == 255 && auth_attempted)
|
|
- _exit(EXIT_AUTH_ATTEMPTED);
|
|
#ifdef SSH_AUDIT_EVENTS
|
|
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
|
|
if (the_active_state != NULL &&
|
|
@@ -1636,5 +1633,8 @@ cleanup_exit(int i)
|
|
#endif
|
|
|
|
clobber_stack();
|
|
+ /* Override default fatal exit value when auth was attempted */
|
|
+ if (i == 255 && auth_attempted)
|
|
+ _exit(EXIT_AUTH_ATTEMPTED);
|
|
_exit(i);
|
|
}
|