1.5.5.diff 633 Bytes
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
From upstream 1.5.5:

   Fix remote crash - invalid packet order causes lookup of NULL pointer.
   Not exploitable, just DoS.

CVE-2015-4054
http://www.openwall.com/lists/oss-security/2015/05/22/5

--- a/src/client.c
+++ b/src/client.c
@@ -262,6 +262,12 @@ static bool handle_client_startup(PgSock
 		}
 		break;
 	case 'p':		/* PasswordMessage */
+		/* too early */
+		if (!client->auth_user) {
+			disconnect_client(client, true, "client password pkt before startup packet");
+			return false;
+		}
+
 		/* haven't requested it */
 		if (cf_auth_type <= AUTH_TRUST) {
 			disconnect_client(client, true, "unrequested passwd pkt");