diff options
author | nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2005-12-13 19:15:43 +0000 |
---|---|---|
committer | nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2005-12-13 19:15:43 +0000 |
commit | b59790f654a2df0896a48054cc26f4f37188d123 (patch) | |
tree | 459e7f053037158fb0b00f5370d67d271da3c741 /openwrt/package/dropbear/patches/authpubkey.patch | |
parent | 74f6ae6140b1d9d757841dd822263f94916b372e (diff) |
update dropbear to 0.47 (adds keyboard-interactive auth, fixes a potential security issue, fixes #59)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@2660 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'openwrt/package/dropbear/patches/authpubkey.patch')
-rw-r--r-- | openwrt/package/dropbear/patches/authpubkey.patch | 73 |
1 files changed, 0 insertions, 73 deletions
diff --git a/openwrt/package/dropbear/patches/authpubkey.patch b/openwrt/package/dropbear/patches/authpubkey.patch deleted file mode 100644 index 07beefe714..0000000000 --- a/openwrt/package/dropbear/patches/authpubkey.patch +++ /dev/null @@ -1,73 +0,0 @@ ---- dropbear-0.45.old/svr-authpubkey.c 2005-09-27 12:45:20.863639072 +0200 -+++ dropbear-0.45/svr-authpubkey.c 2005-09-27 13:15:09.066790872 +0200 -@@ -176,14 +176,10 @@ - goto out; - } - -- /* we don't need to check pw and pw_dir for validity, since -- * its been done in checkpubkeyperms. */ -- len = strlen(ses.authstate.pw->pw_dir); - /* allocate max required pathname storage, -- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -- filename = m_malloc(len + 22); -- snprintf(filename, len + 22, "%s/.ssh/authorized_keys", -- ses.authstate.pw->pw_dir); -+ * = "/etc/dropbear/authorized_keys" + '\0' = 30 */ -+ filename = m_malloc(30); -+ strncpy(filename, "/etc/dropbear/authorized_keys", 30); - - /* open the file */ - authfile = fopen(filename, "r"); -@@ -255,43 +251,33 @@ - - /* Returns DROPBEAR_SUCCESS if file permissions for pubkeys are ok, - * DROPBEAR_FAILURE otherwise. -- * Checks that the user's homedir, ~/.ssh, and -- * ~/.ssh/authorized_keys are all owned by either root or the user, and are -+ * Checks that /etc, /etc/dropbear and /etc/dropbear/authorized_keys -+ * are all owned by either root or the user, and are - * g-w, o-w */ - static int checkpubkeyperms() { - - char* filename = NULL; - int ret = DROPBEAR_FAILURE; -- unsigned int len; - - TRACE(("enter checkpubkeyperms")) - -- assert(ses.authstate.pw); -- if (ses.authstate.pw->pw_dir == NULL) { -- goto out; -- } -- -- if ((len = strlen(ses.authstate.pw->pw_dir)) == 0) { -- goto out; -- } -- - /* allocate max required pathname storage, -- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -- filename = m_malloc(len + 22); -- strncpy(filename, ses.authstate.pw->pw_dir, len+1); -+ * = "/etc/dropbear/authorized_keys" + '\0' = 30 */ -+ filename = m_malloc(30); -+ strncpy(filename, "/etc", 4); /* strlen("/etc") == 4 */ - -- /* check ~ */ -+ /* check /etc */ - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { - goto out; - } - -- /* check ~/.ssh */ -- strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ -+ /* check /etc/dropbear */ -+ strncat(filename, "/dropbear", 9); /* strlen("/dropbear") == 9 */ - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { - goto out; - } - -- /* now check ~/.ssh/authorized_keys */ -+ /* now check /etc/dropbear/authorized_keys */ - strncat(filename, "/authorized_keys", 16); - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { - goto out; |