ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-01-01 19:46:51 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

dropbear: Fix CVE-2020-36254

Browse Source 
This backports a fix from dropbear 2020.81.
CVE-2020-36254 description:
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit is contained in:
Hauke Mehrtens 2021-05-02 17:35:16 +02:00
parent 08ef2073d4
commit a883e3af38
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
package/network/services/dropbear/patches/001-fix-CVE-2020-36254.patch Normal file
View File

@ -0,0 +1,21 @@
From 8f8a3dff705fad774a10864a2e3dbcfa9779ceff Mon Sep 17 00:00:00 2001
From: Haelwenn Monnier <contact+github.com@hacktivis.me>
Date: Mon, 25 May 2020 14:54:29 +0200
Subject: [PATCH] scp.c: Port OpenSSH CVE-2018-20685 fix (#80)
---
scp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/scp.c
+++ b/scp.c
@@ -935,7 +935,8 @@ sink(int argc, char **argv)
size = size * 10 + (*cp++ - '0');
if (*cp++ != ' ')
SCREWUP("size not delimited");
- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
+ if (*cp == '\0' || strchr(cp, '/') != NULL ||
+ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
run_err("error: unexpected filename: %s", cp);
exit(1);
}