mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-23 15:32:33 +00:00
9e355444a6
Upstream has a few code cleanups, more eagerly burns sensitive memory and includes the fix for CVE-2012-0920. Full changelog: https://matt.ucc.asn.au/dropbear/CHANGES Local changes: - Removed PKG_MULTI which is no longer in options.h (even before 2011.54) - Merged DO_HOST_LOOKUP into 120-openwrt_options.patch - Removed LD from make opts (now included in TARGET_CONFIGURE_OPTS) - Removed 400-CVE-2012-0920.patch which is included in 2012.55 Signed-off-by: Catalin Patulea <cat@vv.carleton.ca> Signed-off-by: Florian Fainelli <florian@openwrt.org> SVN-Revision: 34496
19 lines
650 B
Diff
19 lines
650 B
Diff
--- a/svr-chansession.c
|
|
+++ b/svr-chansession.c
|
|
@@ -891,12 +891,12 @@ static void execchild(void *user_data) {
|
|
/* We can only change uid/gid as root ... */
|
|
if (getuid() == 0) {
|
|
|
|
- if ((setgid(ses.authstate.pw_gid) < 0) ||
|
|
+ if ((ses.authstate.pw_gid != 0) && ((setgid(ses.authstate.pw_gid) < 0) ||
|
|
(initgroups(ses.authstate.pw_name,
|
|
- ses.authstate.pw_gid) < 0)) {
|
|
+ ses.authstate.pw_gid) < 0))) {
|
|
dropbear_exit("Error changing user group");
|
|
}
|
|
- if (setuid(ses.authstate.pw_uid) < 0) {
|
|
+ if ((ses.authstate.pw_uid != 0) && (setuid(ses.authstate.pw_uid) < 0)) {
|
|
dropbear_exit("Error changing user");
|
|
}
|
|
} else {
|