dropbear: avoid leak of pubkey_options

cherry-pick upstream commit e9edbe8bb204b00c7f4b4fda7eeee9d0177934ae

Signed-off-by: Konstantin Demin <[email protected]>

diff --git a/package/network/services/dropbear/patches/008-avoid-leak-of-pubkey_options.patch b/package/network/services/dropbear/patches/008-avoid-leak-of-pubkey_options.patch
new file mode 100644 (file)
index 0000000..af3e5ab
--- /dev/null
+++ b/package/network/services/dropbear/patches/008-avoid-leak-of-pubkey_options.patch
@@ -0,0 +1,22 @@
+--- a/svr-authpubkey.c
++++ b/svr-authpubkey.c
+@@ -167,6 +167,9 @@ out:
+               sign_key_free(key);
+               key = NULL;
+       }
++      if (!ses.authstate.authdone) {
++              svr_pubkey_options_cleanup();
++      }
+       TRACE(("leave pubkeyauth"))
+ }
+ 
+--- a/svr-authpubkeyoptions.c
++++ b/svr-authpubkeyoptions.c
+@@ -113,7 +113,6 @@ void svr_pubkey_options_cleanup() {
+                       m_free(ses.authstate.pubkey_options->forced_command);
+               }
+               m_free(ses.authstate.pubkey_options);
+-              ses.authstate.pubkey_options = NULL;
+       }
+ }
+ 

diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch b/package/network/services/dropbear/patches/100-pubkey_path.patch
index 019d3903091c72201079058499131fe55fd108ef..280606be03d14d53bfb45f98abf1bfb488be1227 100644 (file)
--- a/package/network/services/dropbear/patches/100-pubkey_path.patch
+++ b/package/network/services/dropbear/patches/100-pubkey_path.patch
@@ -1,6 +1,6 @@
 --- a/svr-authpubkey.c
 +++ b/svr-authpubkey.c
-@@ -324,14 +324,20 @@ static int checkpubkey(const char* algo,
+@@ -327,14 +327,20 @@ static int checkpubkey(const char* algo,
                goto out;
        }
  
@@ -29,7 +29,7 @@
  
        /* open the file as the authenticating user. */
        origuid = getuid();
-@@ -408,26 +414,35 @@ static int checkpubkeyperms() {
+@@ -411,26 +417,35 @@ static int checkpubkeyperms() {
                goto out;
        }