forked from rpms/openssh
Verify SCP vulnerabilities are fixed in the package testsuite
This commit is contained in:
Jakub Jelen
parent
b33caef080
commit
4feb6a973f
61
openssh-8.0p1-scp-tests.patch
Normal file
61
openssh-8.0p1-scp-tests.patch
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
diff --git a/regress/scp-ssh-wrapper.sh b/regress/scp-ssh-wrapper.sh
|
||||||
|
index 59f1ff63..dd48a482 100644
|
||||||
|
--- a/regress/scp-ssh-wrapper.sh
|
||||||
|
+++ b/regress/scp-ssh-wrapper.sh
|
||||||
|
@@ -51,6 +51,18 @@ badserver_4)
|
||||||
|
echo "C755 2 file"
|
||||||
|
echo "X"
|
||||||
|
;;
|
||||||
|
+badserver_5)
|
||||||
|
+ echo "D0555 0 "
|
||||||
|
+ echo "X"
|
||||||
|
+ ;;
|
||||||
|
+badserver_6)
|
||||||
|
+ echo "D0555 0 ."
|
||||||
|
+ echo "X"
|
||||||
|
+ ;;
|
||||||
|
+badserver_7)
|
||||||
|
+ echo "C0755 2 extrafile"
|
||||||
|
+ echo "X"
|
||||||
|
+ ;;
|
||||||
|
*)
|
||||||
|
set -- $arg
|
||||||
|
shift
|
||||||
|
diff --git a/regress/scp.sh b/regress/scp.sh
|
||||||
|
index 57cc7706..104c89e1 100644
|
||||||
|
--- a/regress/scp.sh
|
||||||
|
+++ b/regress/scp.sh
|
||||||
|
@@ -25,6 +25,7 @@ export SCP # used in scp-ssh-wrapper.scp
|
||||||
|
scpclean() {
|
||||||
|
rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2}
|
||||||
|
mkdir ${DIR} ${DIR2}
|
||||||
|
+ chmod 755 ${DIR} ${DIR2}
|
||||||
|
}
|
||||||
|
|
||||||
|
verbose "$tid: simple copy local file to local file"
|
||||||
|
@@ -101,7 +102,7 @@ if [ ! -z "$SUDO" ]; then
|
||||||
|
$SUDO rm ${DIR2}/copy
|
||||||
|
fi
|
||||||
|
|
||||||
|
-for i in 0 1 2 3 4; do
|
||||||
|
+for i in 0 1 2 3 4 5 6 7; do
|
||||||
|
verbose "$tid: disallow bad server #$i"
|
||||||
|
SCPTESTMODE=badserver_$i
|
||||||
|
export DIR SCPTESTMODE
|
||||||
|
@@ -113,6 +114,15 @@ for i in 0 1 2 3 4; do
|
||||||
|
scpclean
|
||||||
|
$SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
|
||||||
|
[ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir"
|
||||||
|
+
|
||||||
|
+ scpclean
|
||||||
|
+ $SCP -pr $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
|
||||||
|
+ [ ! -w ${DIR2} ] && fail "allows target root attribute change"
|
||||||
|
+
|
||||||
|
+ scpclean
|
||||||
|
+ $SCP $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
|
||||||
|
+ [ -e ${DIR2}/extrafile ] && fail "allows extranous object creation"
|
||||||
|
+ rm -f ${DIR2}/extrafile
|
||||||
|
done
|
||||||
|
|
||||||
|
verbose "$tid: detect non-directory target"
|
||||||
|
|
||||||
@ -207,6 +207,9 @@ Patch953: openssh-7.8p1-scp-ipv6.patch
|
|||||||
Patch958: openssh-7.9p1-ssh-copy-id.patch
|
Patch958: openssh-7.9p1-ssh-copy-id.patch
|
||||||
# Update cached passwd structure after PAM authentication (#1674541)
|
# Update cached passwd structure after PAM authentication (#1674541)
|
||||||
Patch960: openssh-7.9p1-updated-cached-pw.patch
|
Patch960: openssh-7.9p1-updated-cached-pw.patch
|
||||||
|
# Verify the SCP vulnerabilities are fixed in the package testsuite
|
||||||
|
# https://bugzilla.mindrot.org/show_bug.cgi?id=3007
|
||||||
|
Patch961: openssh-8.0p1-scp-tests.patch
|
||||||
|
|
||||||
License: BSD
|
License: BSD
|
||||||
Requires: /sbin/nologin
|
Requires: /sbin/nologin
|
||||||
@ -410,6 +413,7 @@ popd
|
|||||||
%patch953 -p1 -b .scp-ipv6
|
%patch953 -p1 -b .scp-ipv6
|
||||||
%patch958 -p1 -b .ssh-copy-id
|
%patch958 -p1 -b .ssh-copy-id
|
||||||
%patch960 -p1 -b .update-pw
|
%patch960 -p1 -b .update-pw
|
||||||
|
%patch961 -p1 -b .scp-tests
|
||||||
|
|
||||||
%patch200 -p1 -b .audit
|
%patch200 -p1 -b .audit
|
||||||
%patch201 -p1 -b .audit-race
|
%patch201 -p1 -b .audit-race
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user