56e0af8154
temporarily downgrading to 7.2p2 to run tests on additional 7.2p2 patches OBS-URL: https://build.opensuse.org/request/show/547144 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=124
33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
# HG changeset patch
|
|
# Parent 70f144cf46b999eed1eebda70cb27cadc4e49b82
|
|
Stricter checking for write actions in read-only mode in the stfp server
|
|
CVE-2017-15906
|
|
bsc#1065000
|
|
|
|
backoported upstream commit 4d827f0d75a53d3952288ab882efbddea7ffadfe
|
|
|
|
diff --git a/openssh-7.2p2/sftp-server.c b/openssh-7.2p2/sftp-server.c
|
|
--- a/openssh-7.2p2/sftp-server.c
|
|
+++ b/openssh-7.2p2/sftp-server.c
|
|
@@ -700,18 +700,18 @@ process_open(u_int32_t id)
|
|
mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666;
|
|
if (permforce == 1) {
|
|
mode = permforcemode;
|
|
(void)umask(0); /* so umask does not interfere */
|
|
}
|
|
logit("open \"%s\" flags %s mode 0%o",
|
|
name, string_from_portable(pflags), mode);
|
|
if (readonly &&
|
|
- ((flags & O_ACCMODE) == O_WRONLY ||
|
|
- (flags & O_ACCMODE) == O_RDWR)) {
|
|
+ ((flags & O_ACCMODE) != O_RDONLY ||
|
|
+ (flags & (O_CREAT|O_TRUNC)) != 0)) {
|
|
verbose("Refusing open request in read-only mode");
|
|
status = SSH2_FX_PERMISSION_DENIED;
|
|
} else {
|
|
fd = open(name, flags, mode);
|
|
if (fd < 0) {
|
|
status = errno_to_portable(errno);
|
|
} else {
|
|
handle = handle_new(HANDLE_FILE, name, fd, flags, NULL);
|