Diffusion FreeBSD src repository f41c11d7f209

sshd: remove blacklist call from grace_alarm_timer
f41c11d7f209
Actions

Description

sshd: remove blacklist call from grace_alarm_timer

Under certain circumstances it may call log(3), which is not async-
signal-safe.

For now just remove the blacklist integration from this path, which
means that blacklistd will not detect and firewall hosts that establish
a connection but do nothing further.

Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46203

(cherry picked from commit 2739a6845031e69be7c03461a9335d8bbb9f59bd)
(cherry picked from commit 3d3bae9b95388169d396adc8007585699c5a23e0)
(cherry picked from commit 73466449a9bf1888147c53d622236cebc0aa591b)

Approved by: so
Security: FreeBSD-SA-24:08.openssh
Security: CVE-2024-7589

(cherry picked from commit d5f16ef6463d73270e4380f3498410c8ad91f495)

Details

Provenance

emaste	Authored on Aug 1 2024, 12:04 AM
markj	Committed on Aug 7 2024, 1:37 PM

Differential Revision

Restricted Differential Revision

Parents

rG5eb30c313cb0: pf: allow MLD LR to be sent without state

Branches

Unknown

Tags

Unknown

Event Timeline

markj committed rGf41c11d7f209: sshd: remove blacklist call from grace_alarm_timer (authored by emaste).Aug 7 2024, 1:37 PM

markj added an edge: Restricted Differential Revision.Aug 7 2024, 1:50 PM

Changes (2)

Path

Size

crypto/

openssh/

sshd.c

version.h

rGf41c11d7f209

View Options

crypto/openssh/sshd.c