From aac1bc6ac6d2bf9ef148f1d569c26414e94e3246 Mon Sep 17 00:00:00 2001 From: Konstantin Demin Date: Tue, 16 Oct 2018 16:31:37 +0300 Subject: [PATCH] dropbear: don't allow null characters in authorized_keys cherry-pick upstream commit 27828c742c0c5e024aa5dd1a5333d64cb4a1b16c Signed-off-by: Konstantin Demin --- ...allow-null-characters-in-authorized_keys.patch | 15 +++++++++++++++ .../dropbear/patches/100-pubkey_path.patch | 4 ++-- 2 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 package/network/services/dropbear/patches/006-dont-allow-null-characters-in-authorized_keys.patch diff --git a/package/network/services/dropbear/patches/006-dont-allow-null-characters-in-authorized_keys.patch b/package/network/services/dropbear/patches/006-dont-allow-null-characters-in-authorized_keys.patch new file mode 100644 index 0000000000..3437628279 --- /dev/null +++ b/package/network/services/dropbear/patches/006-dont-allow-null-characters-in-authorized_keys.patch @@ -0,0 +1,15 @@ +--- a/svr-authpubkey.c ++++ b/svr-authpubkey.c +@@ -197,7 +197,11 @@ static int checkpubkey_line(buffer* line + + if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) { + TRACE(("checkpubkey_line: bad line length %d", line->len)) +- return DROPBEAR_FAILURE; ++ goto out; ++ } ++ ++ if (memchr(line->data, 0x0, line->len) != NULL) { ++ goto out; + } + + /* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */ diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch b/package/network/services/dropbear/patches/100-pubkey_path.patch index 6672b7633f..019d390309 100644 --- a/package/network/services/dropbear/patches/100-pubkey_path.patch +++ b/package/network/services/dropbear/patches/100-pubkey_path.patch @@ -1,6 +1,6 @@ --- a/svr-authpubkey.c +++ b/svr-authpubkey.c -@@ -320,14 +320,20 @@ static int checkpubkey(const char* algo, +@@ -324,14 +324,20 @@ static int checkpubkey(const char* algo, goto out; } @@ -29,7 +29,7 @@ /* open the file as the authenticating user. */ origuid = getuid(); -@@ -404,26 +410,35 @@ static int checkpubkeyperms() { +@@ -408,26 +414,35 @@ static int checkpubkeyperms() { goto out; } -- 2.30.2