diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-11-15 17:13:45 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-11-15 17:13:45 +0000 |
commit | e2d84e38284aeb9d522a7e935554340ddf0e4a6f (patch) | |
tree | 5a7444ee5f2af59431481999f729676090b1e0f3 /net-misc/openssh/files/openssh-7.5_p1-CVE-2017-15906.patch | |
parent | 519e4d5d99fc43d5c9a038098c029dc4ef9d6792 (diff) |
gentoo resync : 15.11.2017
Diffstat (limited to 'net-misc/openssh/files/openssh-7.5_p1-CVE-2017-15906.patch')
-rw-r--r-- | net-misc/openssh/files/openssh-7.5_p1-CVE-2017-15906.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/net-misc/openssh/files/openssh-7.5_p1-CVE-2017-15906.patch b/net-misc/openssh/files/openssh-7.5_p1-CVE-2017-15906.patch new file mode 100644 index 000000000000..b97ceb4b2789 --- /dev/null +++ b/net-misc/openssh/files/openssh-7.5_p1-CVE-2017-15906.patch @@ -0,0 +1,31 @@ +From a6981567e8e215acc1ef690c8dbb30f2d9b00a19 Mon Sep 17 00:00:00 2001 +From: djm <djm@openbsd.org> +Date: Tue, 4 Apr 2017 00:24:56 +0000 +Subject: [PATCH] disallow creation (of empty files) in read-only mode; + reported by Michal Zalewski, feedback & ok deraadt@ + +--- + usr.bin/ssh/sftp-server.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/usr.bin/ssh/sftp-server.c b/usr.bin/ssh/sftp-server.c +index 2510d234a3a..42249ebd60d 100644 +--- a/usr.bin/ssh/sftp-server.c ++++ b/usr.bin/ssh/sftp-server.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: sftp-server.c,v 1.110 2016/09/12 01:22:38 deraadt Exp $ */ ++/* $OpenBSD: sftp-server.c,v 1.111 2017/04/04 00:24:56 djm Exp $ */ + /* + * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. + * +@@ -683,8 +683,8 @@ process_open(u_int32_t id) + logit("open \"%s\" flags %s mode 0%o", + name, string_from_portable(pflags), mode); + if (readonly && +- ((flags & O_ACCMODE) == O_WRONLY || +- (flags & O_ACCMODE) == O_RDWR)) { ++ ((flags & O_ACCMODE) != O_RDONLY || ++ (flags & (O_CREAT|O_TRUNC)) != 0)) { + verbose("Refusing open request in read-only mode"); + status = SSH2_FX_PERMISSION_DENIED; + } else { |