mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-24 15:56:49 +00:00
b5cde26048
critical fixes: - libtommath: possible integer overflow (CVE-2023-36328) - implement Strict KEX mode (CVE-2023-48795) various fixes: - fix DROPBEAR_DSS and DROPBEAR_RSA config options - y2038 issues - remove SO_LINGER socket option - make banner reading failure non-fatal - fix "noremotetcp" behavior - don't try to shutdown a pty - fix test for multiuser kernels adds new features: - option to bind to interface - allow inetd with non-syslog - ignore unsupported command line options with dropbearkey Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
34 lines
952 B
Diff
34 lines
952 B
Diff
From 9ac650401ffc2fb05c9328d26e76a5e7ae39152a Mon Sep 17 00:00:00 2001
|
|
From: Matt Johnston <matt@ucc.asn.au>
|
|
Date: Mon, 11 Dec 2023 23:31:22 +0800
|
|
Subject: Fix test for multiuser kernels
|
|
|
|
getuid() succeeds even on non-multiuser kernels. Instead
|
|
getgroups() is a valid test.
|
|
|
|
Fixes #214 on github
|
|
---
|
|
common-session.c | 11 +++++++----
|
|
1 file changed, 7 insertions(+), 4 deletions(-)
|
|
|
|
--- a/common-session.c
|
|
+++ b/common-session.c
|
|
@@ -71,10 +71,13 @@ void common_session_init(int sock_in, in
|
|
#if !DROPBEAR_SVR_MULTIUSER
|
|
/* A sanity check to prevent an accidental configuration option
|
|
leaving multiuser systems exposed */
|
|
- errno = 0;
|
|
- getuid();
|
|
- if (errno != ENOSYS) {
|
|
- dropbear_exit("Non-multiuser Dropbear requires a non-multiuser kernel");
|
|
+ {
|
|
+ int ret;
|
|
+ errno = 0;
|
|
+ ret = getgroups(0, NULL);
|
|
+ if (!(ret == -1 && errno == ENOSYS)) {
|
|
+ dropbear_exit("Non-multiuser Dropbear requires a non-multiuser kernel");
|
|
+ }
|
|
}
|
|
#endif
|
|
|