>Number: 145940 >Category: amd64 >Synopsis: [BUG] OpenSSH_5.4p1 - do not prepend AuthorizedKeysFile with >getcwd(), unbreaks relative paths >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-amd64 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Apr 22 10:50:00 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Andrei Lavreniyuk >Release: FreeBSD 8.0-STABLE >Organization: Technica-03, Inc. >Environment: FreeBSD opensolaris.technica-03.local 8.0-STABLE FreeBSD 8.0-STABLE #0: Thu Apr 22 08:26:26 UTC 2010 [email protected]:/usr/obj/usr/src/sys/SMP64R amd64 >Description: grab fixes from upstream for relative AuthorizedKeysFile handling
https://bugs.gentoo.org/308939 Author: djm <djm> Date: Sun Mar 21 18:53:04 2010 +0000 - [email protected] 2010/03/12 11:37:40 [servconf.c] do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths Author: djm <djm> Date: Sun Mar 21 18:52:26 2010 +0000 - [email protected] 2010/03/12 01:06:25 [servconf.c] unbreak AuthorizedKeys option with a $HOME-relative path; reported by vinschen AT redhat.com, ok dtucker@ >How-To-Repeat: >Fix: Patch attached with submission follows: --- crypto/openssh/servconf.c 4 Mar 2010 10:36:03 -0000 1.204 +++ crypto/openssh/servconf.c 12 Mar 2010 11:37:40 -0000 1.206 @@ -1180,7 +1180,17 @@ process_server_config_line(ServerOptions *options, cha charptr = (opcode == sAuthorizedKeysFile) ? &options->authorized_keys_file : &options->authorized_keys_file2; - goto parse_filename; + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing file name.", + filename, linenum); + if (*activep && *charptr == NULL) { + *charptr = tilde_expand_filename(arg, getuid()); + /* increase optional counter */ + if (intptr != NULL) + *intptr = *intptr + 1; + } + break; case sClientAliveInterval: intptr = &options->client_alive_interval; >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-amd64 To unsubscribe, send any mail to "[email protected]"
