From bb7c4cff2086fffddf5cb20e40cfe4979ba1a7e6 Mon Sep 17 00:00:00 2001
From: Hans Dedecker <dedeckeh@gmail.com>
Date: Fri, 24 Aug 2018 15:02:24 +0200
Subject: dropbear: backport upstream fix for CVE-2018-15599

CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
---
 package/network/services/dropbear/patches/100-pubkey_path.patch | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'package/network/services/dropbear/patches/100-pubkey_path.patch')

diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch b/package/network/services/dropbear/patches/100-pubkey_path.patch
index 401c7e1..274d3af 100644
--- a/package/network/services/dropbear/patches/100-pubkey_path.patch
+++ b/package/network/services/dropbear/patches/100-pubkey_path.patch
@@ -1,6 +1,6 @@
 --- a/svr-authpubkey.c
 +++ b/svr-authpubkey.c
-@@ -220,14 +220,20 @@ static int checkpubkey(char* algo, unsig
+@@ -229,14 +229,20 @@ static int checkpubkey(char* algo, unsig
  		goto out;
  	}
  
@@ -29,7 +29,7 @@
  
  	/* open the file as the authenticating user. */
  	origuid = getuid();
-@@ -396,26 +402,35 @@ static int checkpubkeyperms() {
+@@ -405,26 +411,35 @@ static int checkpubkeyperms() {
  		goto out;
  	}
  
-- 
cgit v1.1