Verify SCP vulnerabilities are fixed in the package testsuite
This commit is contained in:
parent
b33caef080
commit
4feb6a973f
61
openssh-8.0p1-scp-tests.patch
Normal file
61
openssh-8.0p1-scp-tests.patch
Normal file
@ -0,0 +1,61 @@
|
||||
diff --git a/regress/scp-ssh-wrapper.sh b/regress/scp-ssh-wrapper.sh
|
||||
index 59f1ff63..dd48a482 100644
|
||||
--- a/regress/scp-ssh-wrapper.sh
|
||||
+++ b/regress/scp-ssh-wrapper.sh
|
||||
@@ -51,6 +51,18 @@ badserver_4)
|
||||
echo "C755 2 file"
|
||||
echo "X"
|
||||
;;
|
||||
+badserver_5)
|
||||
+ echo "D0555 0 "
|
||||
+ echo "X"
|
||||
+ ;;
|
||||
+badserver_6)
|
||||
+ echo "D0555 0 ."
|
||||
+ echo "X"
|
||||
+ ;;
|
||||
+badserver_7)
|
||||
+ echo "C0755 2 extrafile"
|
||||
+ echo "X"
|
||||
+ ;;
|
||||
*)
|
||||
set -- $arg
|
||||
shift
|
||||
diff --git a/regress/scp.sh b/regress/scp.sh
|
||||
index 57cc7706..104c89e1 100644
|
||||
--- a/regress/scp.sh
|
||||
+++ b/regress/scp.sh
|
||||
@@ -25,6 +25,7 @@ export SCP # used in scp-ssh-wrapper.scp
|
||||
scpclean() {
|
||||
rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2}
|
||||
mkdir ${DIR} ${DIR2}
|
||||
+ chmod 755 ${DIR} ${DIR2}
|
||||
}
|
||||
|
||||
verbose "$tid: simple copy local file to local file"
|
||||
@@ -101,7 +102,7 @@ if [ ! -z "$SUDO" ]; then
|
||||
$SUDO rm ${DIR2}/copy
|
||||
fi
|
||||
|
||||
-for i in 0 1 2 3 4; do
|
||||
+for i in 0 1 2 3 4 5 6 7; do
|
||||
verbose "$tid: disallow bad server #$i"
|
||||
SCPTESTMODE=badserver_$i
|
||||
export DIR SCPTESTMODE
|
||||
@@ -113,6 +114,15 @@ for i in 0 1 2 3 4; do
|
||||
scpclean
|
||||
$SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
|
||||
[ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir"
|
||||
+
|
||||
+ scpclean
|
||||
+ $SCP -pr $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
|
||||
+ [ ! -w ${DIR2} ] && fail "allows target root attribute change"
|
||||
+
|
||||
+ scpclean
|
||||
+ $SCP $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
|
||||
+ [ -e ${DIR2}/extrafile ] && fail "allows extranous object creation"
|
||||
+ rm -f ${DIR2}/extrafile
|
||||
done
|
||||
|
||||
verbose "$tid: detect non-directory target"
|
||||
|
@ -207,6 +207,9 @@ Patch953: openssh-7.8p1-scp-ipv6.patch
|
||||
Patch958: openssh-7.9p1-ssh-copy-id.patch
|
||||
# Update cached passwd structure after PAM authentication (#1674541)
|
||||
Patch960: openssh-7.9p1-updated-cached-pw.patch
|
||||
# Verify the SCP vulnerabilities are fixed in the package testsuite
|
||||
# https://bugzilla.mindrot.org/show_bug.cgi?id=3007
|
||||
Patch961: openssh-8.0p1-scp-tests.patch
|
||||
|
||||
License: BSD
|
||||
Requires: /sbin/nologin
|
||||
@ -410,6 +413,7 @@ popd
|
||||
%patch953 -p1 -b .scp-ipv6
|
||||
%patch958 -p1 -b .ssh-copy-id
|
||||
%patch960 -p1 -b .update-pw
|
||||
%patch961 -p1 -b .scp-tests
|
||||
|
||||
%patch200 -p1 -b .audit
|
||||
%patch201 -p1 -b .audit-race
|
||||
|
Loading…
Reference in New Issue
Block a user