dropbear: don't allow null characters in authorized_keys

cherry-pick upstream commit 27828c742c0c5e024aa5dd1a5333d64cb4a1b16c

Signed-off-by: Konstantin Demin <[email protected]>

diff --git a/package/network/services/dropbear/patches/006-dont-allow-null-characters-in-authorized_keys.patch b/package/network/services/dropbear/patches/006-dont-allow-null-characters-in-authorized_keys.patch
new file mode 100644 (file)
index 0000000..3437628
--- /dev/null
+++ b/package/network/services/dropbear/patches/006-dont-allow-null-characters-in-authorized_keys.patch
@@ -0,0 +1,15 @@
+--- a/svr-authpubkey.c
++++ b/svr-authpubkey.c
+@@ -197,7 +197,11 @@ static int checkpubkey_line(buffer* line
+ 
+       if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) {
+               TRACE(("checkpubkey_line: bad line length %d", line->len))
+-              return DROPBEAR_FAILURE;
++              goto out;
++      }
++
++      if (memchr(line->data, 0x0, line->len) != NULL) {
++              goto out;
+       }
+ 
+       /* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */

diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch b/package/network/services/dropbear/patches/100-pubkey_path.patch
index 6672b7633fe7e330fda03a699054d06fd04e0acf..019d3903091c72201079058499131fe55fd108ef 100644 (file)
--- a/package/network/services/dropbear/patches/100-pubkey_path.patch
+++ b/package/network/services/dropbear/patches/100-pubkey_path.patch
@@ -1,6 +1,6 @@
 --- a/svr-authpubkey.c
 +++ b/svr-authpubkey.c
-@@ -320,14 +320,20 @@ static int checkpubkey(const char* algo,
+@@ -324,14 +324,20 @@ static int checkpubkey(const char* algo,
                goto out;
        }
  
@@ -29,7 +29,7 @@
  
        /* open the file as the authenticating user. */
        origuid = getuid();
-@@ -404,26 +410,35 @@ static int checkpubkeyperms() {
+@@ -408,26 +414,35 @@ static int checkpubkeyperms() {
                goto out;
        }