On Sat, Mar 13, 2021 at 02:55:48PM +1100, Darren Tucker wrote: > On Sat, 13 Mar 2021 at 10:01, Colin Watson <cjwatson@xxxxxxxxxx> wrote: > > This patch unfortunately doesn't apply terribly cleanly to OpenSSH > > 8.4p1, [...] > > If I understand the vulnerability correctly, then it seems to me that > > the following shorter patch would fix it, and would run less risk of me > > fouling something else up by backporting the refactoring wrongly: > > There's a patch against 8.4 here: > https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig > > It has the first of the two changes in your diff. The second is > harmless but unnecessary as it's on the exit path from the function > and there can't be a following call to free. Ah yes, indeed. I'll use that patch then. Thanks, -- Colin Watson (he/him) [cjwatson@xxxxxxxxxx] _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
