diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-11-16 03:26:01 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-11-16 14:37:33 +1100 |
commit | 2a35862e664afde774d4a72497d394fe7306ccb5 (patch) | |
tree | 501d6d170178b037829003b76cbd32e23e6080bb | |
parent | d0d1dfa55be1c5c0d77ab3096b198a64235f936d (diff) |
upstream: use path_absolute() for pathname checks; from Manoj Ampalam
OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
-rw-r--r-- | auth.c | 6 | ||||
-rw-r--r-- | misc.c | 9 | ||||
-rw-r--r-- | misc.h | 3 | ||||
-rw-r--r-- | readconf.c | 4 | ||||
-rw-r--r-- | servconf.c | 4 | ||||
-rw-r--r-- | session.c | 4 | ||||
-rw-r--r-- | sftp.c | 8 | ||||
-rw-r--r-- | sshd.c | 4 |
8 files changed, 25 insertions, 17 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.133 2018/09/12 01:19:12 djm Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.134 2018/11/16 03:26:01 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -437,7 +437,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw) | |||
437 | * Ensure that filename starts anchored. If not, be backward | 437 | * Ensure that filename starts anchored. If not, be backward |
438 | * compatible and prepend the '%h/' | 438 | * compatible and prepend the '%h/' |
439 | */ | 439 | */ |
440 | if (*file == '/') | 440 | if (path_absolute(file)) |
441 | return (file); | 441 | return (file); |
442 | 442 | ||
443 | i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file); | 443 | i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file); |
@@ -893,7 +893,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command, | |||
893 | * If executing an explicit binary, then verify the it exists | 893 | * If executing an explicit binary, then verify the it exists |
894 | * and appears safe-ish to execute | 894 | * and appears safe-ish to execute |
895 | */ | 895 | */ |
896 | if (*av[0] != '/') { | 896 | if (!path_absolute(av[0])) { |
897 | error("%s path is not absolute", tag); | 897 | error("%s path is not absolute", tag); |
898 | return 0; | 898 | return 0; |
899 | } | 899 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.c,v 1.133 2018/10/05 14:26:09 naddy Exp $ */ | 1 | /* $OpenBSD: misc.c,v 1.134 2018/11/16 03:26:01 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. |
@@ -2037,3 +2037,10 @@ format_absolute_time(uint64_t t, char *buf, size_t len) | |||
2037 | localtime_r(&tt, &tm); | 2037 | localtime_r(&tt, &tm); |
2038 | strftime(buf, len, "%Y-%m-%dT%H:%M:%S", &tm); | 2038 | strftime(buf, len, "%Y-%m-%dT%H:%M:%S", &tm); |
2039 | } | 2039 | } |
2040 | |||
2041 | /* check if path is absolute */ | ||
2042 | int | ||
2043 | path_absolute(const char *path) | ||
2044 | { | ||
2045 | return (*path == '/') ? 1 : 0; | ||
2046 | } | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.h,v 1.75 2018/10/03 06:38:35 djm Exp $ */ | 1 | /* $OpenBSD: misc.h,v 1.76 2018/11/16 03:26:01 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -78,6 +78,7 @@ int valid_env_name(const char *); | |||
78 | const char *atoi_err(const char *, int *); | 78 | const char *atoi_err(const char *, int *); |
79 | int parse_absolute_time(const char *, uint64_t *); | 79 | int parse_absolute_time(const char *, uint64_t *); |
80 | void format_absolute_time(uint64_t, char *, size_t); | 80 | void format_absolute_time(uint64_t, char *, size_t); |
81 | int path_absolute(const char *); | ||
81 | 82 | ||
82 | void sock_set_v6only(int); | 83 | void sock_set_v6only(int); |
83 | 84 | ||
diff --git a/readconf.c b/readconf.c index 433811521..7850f2f59 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.300 2018/10/05 14:26:09 naddy Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.301 2018/11/16 03:26:01 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1521,7 +1521,7 @@ parse_keytypes: | |||
1521 | if (*arg == '~' && (flags & SSHCONF_USERCONF) == 0) | 1521 | if (*arg == '~' && (flags & SSHCONF_USERCONF) == 0) |
1522 | fatal("%.200s line %d: bad include path %s.", | 1522 | fatal("%.200s line %d: bad include path %s.", |
1523 | filename, linenum, arg); | 1523 | filename, linenum, arg); |
1524 | if (*arg != '/' && *arg != '~') { | 1524 | if (!path_absolute(arg) && *arg != '~') { |
1525 | xasprintf(&arg2, "%s/%s", | 1525 | xasprintf(&arg2, "%s/%s", |
1526 | (flags & SSHCONF_USERCONF) ? | 1526 | (flags & SSHCONF_USERCONF) ? |
1527 | "~/" _PATH_SSH_USER_DIR : SSHDIR, arg); | 1527 | "~/" _PATH_SSH_USER_DIR : SSHDIR, arg); |
diff --git a/servconf.c b/servconf.c index 932d363bb..a8727c0fa 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.342 2018/09/20 23:40:16 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.343 2018/11/16 03:26:01 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -702,7 +702,7 @@ derelativise_path(const char *path) | |||
702 | if (strcasecmp(path, "none") == 0) | 702 | if (strcasecmp(path, "none") == 0) |
703 | return xstrdup("none"); | 703 | return xstrdup("none"); |
704 | expanded = tilde_expand_filename(path, getuid()); | 704 | expanded = tilde_expand_filename(path, getuid()); |
705 | if (*expanded == '/') | 705 | if (path_absolute(expanded)) |
706 | return expanded; | 706 | return expanded; |
707 | if (getcwd(cwd, sizeof(cwd)) == NULL) | 707 | if (getcwd(cwd, sizeof(cwd)) == NULL) |
708 | fatal("%s: getcwd: %s", __func__, strerror(errno)); | 708 | fatal("%s: getcwd: %s", __func__, strerror(errno)); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.307 2018/10/04 00:10:11 djm Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.308 2018/11/16 03:26:01 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -1334,7 +1334,7 @@ safely_chroot(const char *path, uid_t uid) | |||
1334 | char component[PATH_MAX]; | 1334 | char component[PATH_MAX]; |
1335 | struct stat st; | 1335 | struct stat st; |
1336 | 1336 | ||
1337 | if (*path != '/') | 1337 | if (!path_absolute(path)) |
1338 | fatal("chroot path does not begin at root"); | 1338 | fatal("chroot path does not begin at root"); |
1339 | if (strlen(path) >= sizeof(component)) | 1339 | if (strlen(path) >= sizeof(component)) |
1340 | fatal("chroot path too long"); | 1340 | fatal("chroot path too long"); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp.c,v 1.187 2018/11/16 02:30:20 djm Exp $ */ | 1 | /* $OpenBSD: sftp.c,v 1.188 2018/11/16 03:26:01 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -389,7 +389,7 @@ make_absolute(char *p, const char *pwd) | |||
389 | char *abs_str; | 389 | char *abs_str; |
390 | 390 | ||
391 | /* Derelativise */ | 391 | /* Derelativise */ |
392 | if (p && p[0] != '/') { | 392 | if (p && !path_absolute(p)) { |
393 | abs_str = path_append(pwd, p); | 393 | abs_str = path_append(pwd, p); |
394 | free(p); | 394 | free(p); |
395 | return(abs_str); | 395 | return(abs_str); |
@@ -1623,7 +1623,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1623 | 1623 | ||
1624 | /* Strip pwd off beginning of non-absolute paths */ | 1624 | /* Strip pwd off beginning of non-absolute paths */ |
1625 | tmp = NULL; | 1625 | tmp = NULL; |
1626 | if (*path1 != '/') | 1626 | if (!path_absolute(path1)) |
1627 | tmp = *pwd; | 1627 | tmp = *pwd; |
1628 | 1628 | ||
1629 | path1 = make_absolute(path1, *pwd); | 1629 | path1 = make_absolute(path1, *pwd); |
@@ -1951,7 +1951,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, | |||
1951 | xasprintf(&tmp, "%s*", file); | 1951 | xasprintf(&tmp, "%s*", file); |
1952 | 1952 | ||
1953 | /* Check if the path is absolute. */ | 1953 | /* Check if the path is absolute. */ |
1954 | isabs = tmp[0] == '/'; | 1954 | isabs = path_absolute(tmp); |
1955 | 1955 | ||
1956 | memset(&g, 0, sizeof(g)); | 1956 | memset(&g, 0, sizeof(g)); |
1957 | if (remote != LOCAL) { | 1957 | if (remote != LOCAL) { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.517 2018/10/23 05:56:35 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.518 2018/11/16 03:26:01 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1624,7 +1624,7 @@ main(int ac, char **av) | |||
1624 | } | 1624 | } |
1625 | if (rexeced_flag || inetd_flag) | 1625 | if (rexeced_flag || inetd_flag) |
1626 | rexec_flag = 0; | 1626 | rexec_flag = 0; |
1627 | if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/'))) | 1627 | if (!test_flag && rexec_flag && !path_absolute(av[0])) |
1628 | fatal("sshd re-exec requires execution with an absolute path"); | 1628 | fatal("sshd re-exec requires execution with an absolute path"); |
1629 | if (rexeced_flag) | 1629 | if (rexeced_flag) |
1630 | closefrom(REEXEC_MIN_FREE_FD); | 1630 | closefrom(REEXEC_MIN_FREE_FD); |