Farhan/openssh
| Revision | ab28f5495c85297e7a597c1ba62e996416da7c7e (tree) |
|---|---|
| Time | 2016-01-16 19:42:26 |
| Author | Keun Soo Yim <yim@goog...> |
| Commiter | Keun Soo Yim |
forcibly disable roaming support in the client
ssh client security bug fix from
http://www.openssh.com/txt/release-7.1p2
openssh client is installed in gce instances.
although it's private key is not that much sensitive
it's better to land this security patch than not.
reported initially as cve-2016-0777 and cve-2016-0778
(January 14th, 2016)
BUG: 26587626
Change-Id: I113d576a3522ded8cb0f4a2e117999b0c51d4364
readconf.c (diff) ssh.c (diff)| @@ -1660,7 +1660,7 @@ initialize_options(Options * options) | ||
| 1660 | 1660 | options->tun_remote = -1; |
| 1661 | 1661 | options->local_command = NULL; |
| 1662 | 1662 | options->permit_local_command = -1; |
| 1663 | - options->use_roaming = -1; | |
| 1663 | + options->use_roaming = 0; | |
| 1664 | 1664 | options->visual_host_key = -1; |
| 1665 | 1665 | options->ip_qos_interactive = -1; |
| 1666 | 1666 | options->ip_qos_bulk = -1; |
| @@ -1835,8 +1835,7 @@ fill_default_options(Options * options) | ||
| 1835 | 1835 | options->tun_remote = SSH_TUNID_ANY; |
| 1836 | 1836 | if (options->permit_local_command == -1) |
| 1837 | 1837 | options->permit_local_command = 0; |
| 1838 | - if (options->use_roaming == -1) | |
| 1839 | - options->use_roaming = 1; | |
| 1838 | + options->use_roaming = 0; | |
| 1840 | 1839 | if (options->visual_host_key == -1) |
| 1841 | 1840 | options->visual_host_key = 0; |
| 1842 | 1841 | if (options->ip_qos_interactive == -1) |
| @@ -1929,9 +1929,6 @@ ssh_session2(void) | ||
| 1929 | 1929 | fork_postauth(); |
| 1930 | 1930 | } |
| 1931 | 1931 | |
| 1932 | - if (options.use_roaming) | |
| 1933 | - request_roaming(); | |
| 1934 | - | |
| 1935 | 1932 | return client_loop(tty_flag, tty_flag ? |
| 1936 | 1933 | options.escape_char : SSH_ESCAPECHAR_NONE, id); |
| 1937 | 1934 | } |
Fork