tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: use path_absolute() for pathname checks; from Manoj Ampalam 

OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
This commit is contained in:
djm@openbsd.org 2018-11-16 03:26:01 +00:00 committed by Damien Miller
parent d0d1dfa55b
commit 2a35862e66
8 changed files with 25 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
auth.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth.c,v 1.133 2018/09/12 01:19:12 djm Exp $ */ /* $OpenBSD: auth.c,v 1.134 2018/11/16 03:26:01 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -437,7 +437,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
* Ensure that filename starts anchored. If not, be backward * Ensure that filename starts anchored. If not, be backward
* compatible and prepend the '%h/' * compatible and prepend the '%h/'
*/ */
if (*file == '/') if (path_absolute(file))
return (file); return (file);
i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file); i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
@ -893,7 +893,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
* If executing an explicit binary, then verify the it exists * If executing an explicit binary, then verify the it exists
* and appears safe-ish to execute * and appears safe-ish to execute
*/ */
if (*av[0] != '/') { if (!path_absolute(av[0])) {
error("%s path is not absolute", tag); error("%s path is not absolute", tag);
return 0; return 0;
} }

9
misc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.c,v 1.133 2018/10/05 14:26:09 naddy Exp $ */ /* $OpenBSD: misc.c,v 1.134 2018/11/16 03:26:01 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@ -2037,3 +2037,10 @@ format_absolute_time(uint64_t t, char *buf, size_t len)
localtime_r(&tt, &tm); localtime_r(&tt, &tm);
strftime(buf, len, "%Y-%m-%dT%H:%M:%S", &tm); strftime(buf, len, "%Y-%m-%dT%H:%M:%S", &tm);
} }
/* check if path is absolute */
int
path_absolute(const char *path)
{
return (*path == '/') ? 1 : 0;
}

3
misc.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.h,v 1.75 2018/10/03 06:38:35 djm Exp $ */ /* $OpenBSD: misc.h,v 1.76 2018/11/16 03:26:01 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -78,6 +78,7 @@ int valid_env_name(const char *);
const char *atoi_err(const char *, int *); const char *atoi_err(const char *, int *);
int parse_absolute_time(const char *, uint64_t *); int parse_absolute_time(const char *, uint64_t *);
void format_absolute_time(uint64_t, char *, size_t); void format_absolute_time(uint64_t, char *, size_t);
int path_absolute(const char *);
void sock_set_v6only(int); void sock_set_v6only(int);

4
readconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.300 2018/10/05 14:26:09 naddy Exp $ */ /* $OpenBSD: readconf.c,v 1.301 2018/11/16 03:26:01 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1521,7 +1521,7 @@ parse_keytypes:
if (*arg == '~' && (flags & SSHCONF_USERCONF) == 0) if (*arg == '~' && (flags & SSHCONF_USERCONF) == 0)
fatal("%.200s line %d: bad include path %s.", fatal("%.200s line %d: bad include path %s.",
filename, linenum, arg); filename, linenum, arg);
if (*arg != '/' && *arg != '~') { if (!path_absolute(arg) && *arg != '~') {
xasprintf(&arg2, "%s/%s", xasprintf(&arg2, "%s/%s",
(flags & SSHCONF_USERCONF) ? (flags & SSHCONF_USERCONF) ?
"~/" _PATH_SSH_USER_DIR : SSHDIR, arg); "~/" _PATH_SSH_USER_DIR : SSHDIR, arg);

4
servconf.c
View File

@ -1,5 +1,5 @@
/* $OpenBSD: servconf.c,v 1.342 2018/09/20 23:40:16 djm Exp $ */ /* $OpenBSD: servconf.c,v 1.343 2018/11/16 03:26:01 djm Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -702,7 +702,7 @@ derelativise_path(const char *path)
if (strcasecmp(path, "none") == 0) if (strcasecmp(path, "none") == 0)
return xstrdup("none"); return xstrdup("none");
expanded = tilde_expand_filename(path, getuid()); expanded = tilde_expand_filename(path, getuid());
if (*expanded == '/') if (path_absolute(expanded))
return expanded; return expanded;
if (getcwd(cwd, sizeof(cwd)) == NULL) if (getcwd(cwd, sizeof(cwd)) == NULL)
fatal("%s: getcwd: %s", __func__, strerror(errno)); fatal("%s: getcwd: %s", __func__, strerror(errno));

4
session.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: session.c,v 1.307 2018/10/04 00:10:11 djm Exp $ */ /* $OpenBSD: session.c,v 1.308 2018/11/16 03:26:01 djm Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -1334,7 +1334,7 @@ safely_chroot(const char *path, uid_t uid)
char component[PATH_MAX]; char component[PATH_MAX];
struct stat st; struct stat st;
if (*path != '/') if (!path_absolute(path))
fatal("chroot path does not begin at root"); fatal("chroot path does not begin at root");
if (strlen(path) >= sizeof(component)) if (strlen(path) >= sizeof(component))
fatal("chroot path too long"); fatal("chroot path too long");

8
sftp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp.c,v 1.187 2018/11/16 02:30:20 djm Exp $ */ /* $OpenBSD: sftp.c,v 1.188 2018/11/16 03:26:01 djm Exp $ */
/* /*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
* *
@ -389,7 +389,7 @@ make_absolute(char *p, const char *pwd)
char *abs_str; char *abs_str;
/* Derelativise */ /* Derelativise */
if (p && p[0] != '/') { if (p && !path_absolute(p)) {
abs_str = path_append(pwd, p); abs_str = path_append(pwd, p);
free(p); free(p);
return(abs_str); return(abs_str);
@ -1623,7 +1623,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
/* Strip pwd off beginning of non-absolute paths */ /* Strip pwd off beginning of non-absolute paths */
tmp = NULL; tmp = NULL;
if (*path1 != '/') if (!path_absolute(path1))
tmp = *pwd; tmp = *pwd;
path1 = make_absolute(path1, *pwd); path1 = make_absolute(path1, *pwd);
@ -1951,7 +1951,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path,
xasprintf(&tmp, "%s*", file); xasprintf(&tmp, "%s*", file);
/* Check if the path is absolute. */ /* Check if the path is absolute. */
isabs = tmp[0] == '/'; isabs = path_absolute(tmp);
memset(&g, 0, sizeof(g)); memset(&g, 0, sizeof(g));
if (remote != LOCAL) { if (remote != LOCAL) {

4
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.517 2018/10/23 05:56:35 djm Exp $ */ /* $OpenBSD: sshd.c,v 1.518 2018/11/16 03:26:01 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1624,7 +1624,7 @@ main(int ac, char **av)
} }
if (rexeced_flag || inetd_flag) if (rexeced_flag || inetd_flag)
rexec_flag = 0; rexec_flag = 0;
if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/'))) if (!test_flag && rexec_flag && !path_absolute(av[0]))
fatal("sshd re-exec requires execution with an absolute path"); fatal("sshd re-exec requires execution with an absolute path");
if (rexeced_flag) if (rexeced_flag)
closefrom(REEXEC_MIN_FREE_FD); closefrom(REEXEC_MIN_FREE_FD);