diff --git a/package/dropbear/Makefile b/package/dropbear/Makefile index 871a5c710..72697be19 100644 --- a/package/dropbear/Makefile +++ b/package/dropbear/Makefile @@ -4,7 +4,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear PKG_VERSION:=0.45 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_MD5SUM:=2bcc46e4c239aec982bf36a723dd0b0e PKG_SOURCE_URL:=http://matt.ucc.asn.au/dropbear/releases/ diff --git a/package/dropbear/patches/authpubkey.patch b/package/dropbear/patches/authpubkey.patch new file mode 100644 index 000000000..07beefe71 --- /dev/null +++ b/package/dropbear/patches/authpubkey.patch @@ -0,0 +1,73 @@ +--- dropbear-0.45.old/svr-authpubkey.c 2005-09-27 12:45:20.863639072 +0200 ++++ dropbear-0.45/svr-authpubkey.c 2005-09-27 13:15:09.066790872 +0200 +@@ -176,14 +176,10 @@ + goto out; + } + +- /* we don't need to check pw and pw_dir for validity, since +- * its been done in checkpubkeyperms. */ +- len = strlen(ses.authstate.pw->pw_dir); + /* allocate max required pathname storage, +- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ +- filename = m_malloc(len + 22); +- snprintf(filename, len + 22, "%s/.ssh/authorized_keys", +- ses.authstate.pw->pw_dir); ++ * = "/etc/dropbear/authorized_keys" + '\0' = 30 */ ++ filename = m_malloc(30); ++ strncpy(filename, "/etc/dropbear/authorized_keys", 30); + + /* open the file */ + authfile = fopen(filename, "r"); +@@ -255,43 +251,33 @@ + + /* Returns DROPBEAR_SUCCESS if file permissions for pubkeys are ok, + * DROPBEAR_FAILURE otherwise. +- * Checks that the user's homedir, ~/.ssh, and +- * ~/.ssh/authorized_keys are all owned by either root or the user, and are ++ * Checks that /etc, /etc/dropbear and /etc/dropbear/authorized_keys ++ * are all owned by either root or the user, and are + * g-w, o-w */ + static int checkpubkeyperms() { + + char* filename = NULL; + int ret = DROPBEAR_FAILURE; +- unsigned int len; + + TRACE(("enter checkpubkeyperms")) + +- assert(ses.authstate.pw); +- if (ses.authstate.pw->pw_dir == NULL) { +- goto out; +- } +- +- if ((len = strlen(ses.authstate.pw->pw_dir)) == 0) { +- goto out; +- } +- + /* allocate max required pathname storage, +- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ +- filename = m_malloc(len + 22); +- strncpy(filename, ses.authstate.pw->pw_dir, len+1); ++ * = "/etc/dropbear/authorized_keys" + '\0' = 30 */ ++ filename = m_malloc(30); ++ strncpy(filename, "/etc", 4); /* strlen("/etc") == 4 */ + +- /* check ~ */ ++ /* check /etc */ + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { + goto out; + } + +- /* check ~/.ssh */ +- strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ ++ /* check /etc/dropbear */ ++ strncat(filename, "/dropbear", 9); /* strlen("/dropbear") == 9 */ + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { + goto out; + } + +- /* now check ~/.ssh/authorized_keys */ ++ /* now check /etc/dropbear/authorized_keys */ + strncat(filename, "/authorized_keys", 16); + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { + goto out;