Compare commits
2 Commits
| Author | SHA1 | Date |
|---|---|---|
Jakub Jelen
|
f0641c35a9 | |
|
Jakub Jelen
|
efe3befaff |
|
|
@ -0,0 +1,35 @@
|
|||
From 4d827f0d75a53d3952288ab882efbddea7ffadfe Mon Sep 17 00:00:00 2001
|
||||
From: "djm@openbsd.org" <djm@openbsd.org>
|
||||
Date: Tue, 4 Apr 2017 00:24:56 +0000
|
||||
Subject: [PATCH] upstream commit
|
||||
|
||||
disallow creation (of empty files) in read-only mode;
|
||||
reported by Michal Zalewski, feedback & ok deraadt@
|
||||
|
||||
Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b
|
||||
---
|
||||
sftp-server.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/sftp-server.c b/sftp-server.c
|
||||
index 3619cdfc0..df0fb5068 100644
|
||||
--- a/sftp-server.c
|
||||
+++ b/sftp-server.c
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $OpenBSD: sftp-server.c,v 1.110 2016/09/12 01:22:38 deraadt Exp $ */
|
||||
+/* $OpenBSD: sftp-server.c,v 1.111 2017/04/04 00:24:56 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@@ -691,8 +691,8 @@ process_open(u_int32_t id)
|
||||
logit("open \"%s\" flags %s mode 0%o",
|
||||
name, string_from_portable(pflags), mode);
|
||||
if (readonly &&
|
||||
- ((flags & O_ACCMODE) == O_WRONLY ||
|
||||
- (flags & O_ACCMODE) == O_RDWR)) {
|
||||
+ ((flags & O_ACCMODE) != O_RDONLY ||
|
||||
+ (flags & (O_CREAT|O_TRUNC)) != 0)) {
|
||||
verbose("Refusing open request in read-only mode");
|
||||
status = SSH2_FX_PERMISSION_DENIED;
|
||||
} else {
|
||||
|
||||
|
|
@ -66,7 +66,7 @@
|
|||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%global openssh_ver 7.4p1
|
||||
%global openssh_rel 4
|
||||
%global openssh_rel 5
|
||||
%global pam_ssh_agent_ver 0.10.3
|
||||
%global pam_ssh_agent_rel 1
|
||||
|
||||
|
|
@ -232,6 +232,8 @@ Patch946: openssh-7.4p1-pkcs11-whitelist.patch
|
|||
Patch947: openssh-7.4p1-include-errors.patch
|
||||
# Help systemd to track the running service
|
||||
Patch948: openssh-7.4p1-systemd.patch
|
||||
# Avoid creation of zero-length files in readonly mode (#1506631)
|
||||
Patch949: openssh-7.5p1-sftp-empty-files.patch
|
||||
|
||||
|
||||
License: BSD
|
||||
|
|
@ -469,6 +471,7 @@ popd
|
|||
%patch946 -p1 -b .pkcs11-whitelist
|
||||
%patch947 -p1 -b .include-errors
|
||||
%patch948 -p1 -b .systemd
|
||||
%patch949 -p1 -b .sftp-empty
|
||||
|
||||
%patch200 -p1 -b .audit
|
||||
%patch201 -p1 -b .audit-race
|
||||
|
|
@ -811,6 +814,9 @@ getent passwd sshd >/dev/null || \
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Nov 22 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-5 + 0.10.3-1
|
||||
- CVE-2017-15906: Avoid improper write operations in readonly mode (#1506630)
|
||||
|
||||
* Fri Mar 03 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-4 + 0.10.3-1
|
||||
- Avoid sending the SD_NOTIFY messages from wrong processes (#1427526)
|
||||
- Address reports by coverity
|
||||
|
|
|
|||
Loading…
Reference in New Issue