Buffer overflow in Scp (#310)
1. Fix buffer overflow in scp 2. Update setup tests to take into account the windows inbox service startup type
This commit is contained in:
Yanbing
GitHub
parent
7b28a316eb
commit
a479737cd5
|
|
@ -121,7 +121,11 @@ WARNING: Following changes will be made to OpenSSH configuration
|
||||||
$con = (Get-Content $targetsshdConfig | Out-String).Replace("#SyslogFacility AUTH","SyslogFacility LOCAL0")
|
$con = (Get-Content $targetsshdConfig | Out-String).Replace("#SyslogFacility AUTH","SyslogFacility LOCAL0")
|
||||||
Set-Content -Path $targetsshdConfig -Value "$con" -Force
|
Set-Content -Path $targetsshdConfig -Value "$con" -Force
|
||||||
}
|
}
|
||||||
|
$sshdSvc = Get-service ssh-agent
|
||||||
|
if($sshdSvc.StartType -eq [System.ServiceProcess.ServiceStartMode]::Disabled)
|
||||||
|
{
|
||||||
|
Set-service ssh-agent -StartupType Manual
|
||||||
|
}
|
||||||
Start-Service ssh-agent
|
Start-Service ssh-agent
|
||||||
|
|
||||||
#copy sshtest keys
|
#copy sshtest keys
|
||||||
|
|
|
||||||
|
|
@ -103,7 +103,7 @@ Describe "Setup Tests" -Tags "Setup" {
|
||||||
}
|
}
|
||||||
|
|
||||||
$identities | % {
|
$identities | % {
|
||||||
(Get-UserAccount -UserSid $_) | Should BeIn $myACL.Access.IdentityReference
|
$myACL.Access.IdentityReference -contains (Get-UserAccount -UserSid $_) | Should Be $true
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($a in $myACL.Access) {
|
foreach ($a in $myACL.Access) {
|
||||||
|
|
@ -114,7 +114,7 @@ Describe "Setup Tests" -Tags "Setup" {
|
||||||
$id = Get-UserSID -User $idRefShortValue
|
$id = Get-UserSID -User $idRefShortValue
|
||||||
}
|
}
|
||||||
|
|
||||||
$id | Should BeIn $identities
|
$identities -contains $id | Should be $true
|
||||||
|
|
||||||
switch ($id)
|
switch ($id)
|
||||||
{
|
{
|
||||||
|
|
@ -306,8 +306,13 @@ Describe "Setup Tests" -Tags "Setup" {
|
||||||
|
|
||||||
It "$tC.$tI - Validate Registry key ssh-agent\Start" {
|
It "$tC.$tI - Validate Registry key ssh-agent\Start" {
|
||||||
$p = Get-ItemPropertyValue (Join-Path $servicePath "ssh-agent") -Name "Start"
|
$p = Get-ItemPropertyValue (Join-Path $servicePath "ssh-agent") -Name "Start"
|
||||||
|
if($windowsInBox) {
|
||||||
|
$p | Should Be 4
|
||||||
|
}
|
||||||
|
else {
|
||||||
$p | Should Be 3
|
$p | Should Be 3
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
It "$tC.$tI - Validate Registry key ssh-agent\Type" {
|
It "$tC.$tI - Validate Registry key ssh-agent\Type" {
|
||||||
$p = Get-ItemPropertyValue (Join-Path $servicePath "ssh-agent") -Name "Type"
|
$p = Get-ItemPropertyValue (Join-Path $servicePath "ssh-agent") -Name "Type"
|
||||||
|
|
@ -355,14 +360,17 @@ Describe "Setup Tests" -Tags "Setup" {
|
||||||
}
|
}
|
||||||
It "$tC.$tI - Validate Registry openssh\agent entry" {
|
It "$tC.$tI - Validate Registry openssh\agent entry" {
|
||||||
$agentPath = Join-Path $opensshRegPath "Agent"
|
$agentPath = Join-Path $opensshRegPath "Agent"
|
||||||
if(-not (Test-Path $agentPath -PathType Container))
|
if(Test-Path $agentPath -PathType Container)
|
||||||
|
{
|
||||||
|
ValidateRegistryACL -RegPath $agentPath -IdAcls $opensshACLs
|
||||||
|
}
|
||||||
|
elseif((-not $windowsInBox) -or ((Get-Service ssh-agent).StartType -ne ([System.ServiceProcess.ServiceStartMode]::Disabled)))
|
||||||
{
|
{
|
||||||
Start-Service ssh-agent
|
Start-Service ssh-agent
|
||||||
}
|
|
||||||
|
|
||||||
ValidateRegistryACL -RegPath $agentPath -IdAcls $opensshACLs
|
ValidateRegistryACL -RegPath $agentPath -IdAcls $opensshACLs
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Context "$tC - Validate service settings" {
|
Context "$tC - Validate service settings" {
|
||||||
BeforeAll {
|
BeforeAll {
|
||||||
|
|
@ -373,7 +381,12 @@ Describe "Setup Tests" -Tags "Setup" {
|
||||||
|
|
||||||
It "$tC.$tI - Validate properties of ssh-agent service" {
|
It "$tC.$tI - Validate properties of ssh-agent service" {
|
||||||
$sshdSvc = Get-service ssh-agent
|
$sshdSvc = Get-service ssh-agent
|
||||||
|
if($windowsInBox) {
|
||||||
|
$sshdSvc.StartType | Should Be ([System.ServiceProcess.ServiceStartMode]::Disabled)
|
||||||
|
}
|
||||||
|
else {
|
||||||
$sshdSvc.StartType | Should Be ([System.ServiceProcess.ServiceStartMode]::Manual)
|
$sshdSvc.StartType | Should Be ([System.ServiceProcess.ServiceStartMode]::Manual)
|
||||||
|
}
|
||||||
$sshdSvc.ServiceType | Should Be ([System.ServiceProcess.ServiceType]::Win32OwnProcess)
|
$sshdSvc.ServiceType | Should Be ([System.ServiceProcess.ServiceType]::Win32OwnProcess)
|
||||||
$sshdSvc.ServiceName | Should Be "ssh-agent"
|
$sshdSvc.ServiceName | Should Be "ssh-agent"
|
||||||
$sshdSvc.DisplayName | Should BeLike "OpenSSH*"
|
$sshdSvc.DisplayName | Should BeLike "OpenSSH*"
|
||||||
|
|
@ -407,11 +420,11 @@ Describe "Setup Tests" -Tags "Setup" {
|
||||||
$a = sc.exe qprivs sshd 256
|
$a = sc.exe qprivs sshd 256
|
||||||
$p = $a | % { if($_ -match "Se[\w]+Privilege" ) {$start = $_.IndexOf("Se");$_.Substring($start, $_.length-$start)}}
|
$p = $a | % { if($_ -match "Se[\w]+Privilege" ) {$start = $_.IndexOf("Se");$_.Substring($start, $_.length-$start)}}
|
||||||
$expected | % {
|
$expected | % {
|
||||||
$_ | Should BeIn $p
|
$p -contains $_ | Should be $true
|
||||||
}
|
}
|
||||||
|
|
||||||
$p | % {
|
$p | % {
|
||||||
$_ | Should BeIn $expected
|
$expected -contains $_ | Should be $true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -426,10 +439,10 @@ Describe "Setup Tests" -Tags "Setup" {
|
||||||
$actual_dacl_aces = $dacl_aces | ? { -not [string]::IsNullOrWhiteSpace($_) }
|
$actual_dacl_aces = $dacl_aces | ? { -not [string]::IsNullOrWhiteSpace($_) }
|
||||||
|
|
||||||
$expected_dacl_aces | % {
|
$expected_dacl_aces | % {
|
||||||
$_ | Should BeIn $actual_dacl_aces
|
$actual_dacl_aces -contains $_ | Should be $true
|
||||||
}
|
}
|
||||||
$actual_dacl_aces | % {
|
$actual_dacl_aces | % {
|
||||||
$_ | Should BeIn $expected_dacl_aces
|
$expected_dacl_aces -contains $_ | Should be $true
|
||||||
}
|
}
|
||||||
|
|
||||||
<# ignore sacl for now
|
<# ignore sacl for now
|
||||||
|
|
@ -449,10 +462,10 @@ Describe "Setup Tests" -Tags "Setup" {
|
||||||
$actual_dacl_aces = $dacl_aces | ? { -not [string]::IsNullOrWhiteSpace($_) }
|
$actual_dacl_aces = $dacl_aces | ? { -not [string]::IsNullOrWhiteSpace($_) }
|
||||||
|
|
||||||
$expected_dacl_aces | % {
|
$expected_dacl_aces | % {
|
||||||
$_ | Should BeIn $actual_dacl_aces
|
$actual_dacl_aces -contains $_ | Should be $true
|
||||||
}
|
}
|
||||||
$actual_dacl_aces | % {
|
$actual_dacl_aces | % {
|
||||||
$_ | Should BeIn $expected_dacl_aces
|
$expected_dacl_aces -contains $_ | Should be $true
|
||||||
}
|
}
|
||||||
|
|
||||||
<# ignore sacl for now
|
<# ignore sacl for now
|
||||||
|
|
|
||||||
5
scp.c
5
scp.c
|
|
@ -214,8 +214,9 @@ do_local_cmd(arglist *a)
|
||||||
cmd = xmalloc(cmdlen);
|
cmd = xmalloc(cmdlen);
|
||||||
cmd[0] = '\0';
|
cmd[0] = '\0';
|
||||||
for (i = 0; i < a->num; i++) {
|
for (i = 0; i < a->num; i++) {
|
||||||
strcat(cmd, a->list[i]);
|
if(i != 0)
|
||||||
strcat(cmd, " ");
|
strcat_s(cmd, cmdlen, " ");
|
||||||
|
strcat_s(cmd, cmdlen, a->list[i]);
|
||||||
}
|
}
|
||||||
if (system(cmd))
|
if (system(cmd))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue