diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | auth.c | 12 |
2 files changed, 10 insertions, 8 deletions
| @@ -9,6 +9,10 @@ | |||
| 9 | - markus@cvs.openbsd.org 2002/10/23 10:40:16 | 9 | - markus@cvs.openbsd.org 2002/10/23 10:40:16 |
| 10 | [bufaux.c] | 10 | [bufaux.c] |
| 11 | %u for u_int | 11 | %u for u_int |
| 12 | - markus@cvs.openbsd.org 2002/11/04 10:07:53 | ||
| 13 | [auth.c] | ||
| 14 | don't compare against pw_home if realpath fails for pw_home (seen | ||
| 15 | on AFS); ok djm@ | ||
| 12 | 16 | ||
| 13 | 20021021 | 17 | 20021021 |
| 14 | - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from | 18 | - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from |
| @@ -786,4 +790,4 @@ | |||
| 786 | save auth method before monitor_reset_key_state(); bugzilla bug #284; | 790 | save auth method before monitor_reset_key_state(); bugzilla bug #284; |
| 787 | ok provos@ | 791 | ok provos@ |
| 788 | 792 | ||
| 789 | $Id: ChangeLog,v 1.2502 2002/11/09 15:43:23 mouring Exp $ | 793 | $Id: ChangeLog,v 1.2503 2002/11/09 15:45:12 mouring Exp $ |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: auth.c,v 1.45 2002/09/20 18:41:29 stevesk Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.46 2002/11/04 10:07:53 markus Exp $"); |
| 27 | 27 | ||
| 28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
| 29 | #include <login.h> | 29 | #include <login.h> |
| @@ -423,6 +423,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, | |||
| 423 | uid_t uid = pw->pw_uid; | 423 | uid_t uid = pw->pw_uid; |
| 424 | char buf[MAXPATHLEN], homedir[MAXPATHLEN]; | 424 | char buf[MAXPATHLEN], homedir[MAXPATHLEN]; |
| 425 | char *cp; | 425 | char *cp; |
| 426 | int comparehome = 0; | ||
| 426 | struct stat st; | 427 | struct stat st; |
| 427 | 428 | ||
| 428 | if (realpath(file, buf) == NULL) { | 429 | if (realpath(file, buf) == NULL) { |
| @@ -430,11 +431,8 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, | |||
| 430 | strerror(errno)); | 431 | strerror(errno)); |
| 431 | return -1; | 432 | return -1; |
| 432 | } | 433 | } |
| 433 | if (realpath(pw->pw_dir, homedir) == NULL) { | 434 | if (realpath(pw->pw_dir, homedir) != NULL) |
| 434 | snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir, | 435 | comparehome = 1; |
| 435 | strerror(errno)); | ||
| 436 | return -1; | ||
| 437 | } | ||
| 438 | 436 | ||
| 439 | /* check the open file to avoid races */ | 437 | /* check the open file to avoid races */ |
| 440 | if (fstat(fileno(f), &st) < 0 || | 438 | if (fstat(fileno(f), &st) < 0 || |
| @@ -463,7 +461,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, | |||
| 463 | } | 461 | } |
| 464 | 462 | ||
| 465 | /* If are passed the homedir then we can stop */ | 463 | /* If are passed the homedir then we can stop */ |
| 466 | if (strcmp(homedir, buf) == 0) { | 464 | if (comparehome && strcmp(homedir, buf) == 0) { |
| 467 | debug3("secure_filename: terminating check at '%s'", | 465 | debug3("secure_filename: terminating check at '%s'", |
| 468 | buf); | 466 | buf); |
| 469 | break; | 467 | break; |