openwrt/package/network/services/dropbear/patches/110-change_user.patch
Florian Fainelli 9e355444a6 dropbear: update to 2012.55 and refresh patches
Upstream has a few code cleanups, more eagerly burns sensitive memory and
includes the fix for CVE-2012-0920. Full changelog:
https://matt.ucc.asn.au/dropbear/CHANGES

Local changes:
- Removed PKG_MULTI which is no longer in options.h (even before 2011.54)
- Merged DO_HOST_LOOKUP into 120-openwrt_options.patch
- Removed LD from make opts (now included in TARGET_CONFIGURE_OPTS)
- Removed 400-CVE-2012-0920.patch which is included in 2012.55

Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 34496
2012-12-04 16:40:17 +00:00

19 lines
650 B
Diff

--- a/svr-chansession.c
+++ b/svr-chansession.c
@@ -891,12 +891,12 @@ static void execchild(void *user_data) {
/* We can only change uid/gid as root ... */
if (getuid() == 0) {
- if ((setgid(ses.authstate.pw_gid) < 0) ||
+ if ((ses.authstate.pw_gid != 0) && ((setgid(ses.authstate.pw_gid) < 0) ||
(initgroups(ses.authstate.pw_name,
- ses.authstate.pw_gid) < 0)) {
+ ses.authstate.pw_gid) < 0))) {
dropbear_exit("Error changing user group");
}
- if (setuid(ses.authstate.pw_uid) < 0) {
+ if ((ses.authstate.pw_uid != 0) && (setuid(ses.authstate.pw_uid) < 0)) {
dropbear_exit("Error changing user");
}
} else {