diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2020-10-15 19:55:15 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2020-10-15 19:55:15 +0800 |
| commit | 0e3e8db5bfca0c579be55e7580a46c593c1384be (patch) | |
| tree | 2b1a718f633fb95c1f2d689a591cf9e8642697f3 /svr-agentfwd.c | |
| parent | 78e17f6ee9a944430da3e517ee1fe384fd6b275b (diff) | |
| parent | 17873e8c922eded2cec86184673a6d110df6403f (diff) | |
merge from main
--HG--
branch : fuzz
Diffstat (limited to 'svr-agentfwd.c')
| -rw-r--r-- | svr-agentfwd.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/svr-agentfwd.c b/svr-agentfwd.c index 6289b87..ac9475f 100644 --- a/svr-agentfwd.c +++ b/svr-agentfwd.c @@ -151,6 +151,7 @@ void svr_agentcleanup(struct ChanSess * chansess) { if (chansess->agentfile != NULL && chansess->agentdir != NULL) { +#if DROPBEAR_SVR_MULTIUSER /* Remove the dir as the user. That way they can't cause problems except * for themselves */ uid = getuid(); @@ -159,6 +160,7 @@ void svr_agentcleanup(struct ChanSess * chansess) { (seteuid(ses.authstate.pw_uid)) < 0) { dropbear_exit("Failed to set euid"); } +#endif /* 2 for "/" and "\0" */ len = strlen(chansess->agentdir) + strlen(chansess->agentfile) + 2; @@ -170,10 +172,12 @@ void svr_agentcleanup(struct ChanSess * chansess) { rmdir(chansess->agentdir); +#if DROPBEAR_SVR_MULTIUSER if ((seteuid(uid)) < 0 || (setegid(gid)) < 0) { dropbear_exit("Failed to revert euid"); } +#endif m_free(chansess->agentfile); m_free(chansess->agentdir); @@ -187,6 +191,7 @@ static const struct ChanType chan_svr_agent = { NULL, NULL, NULL, + NULL, NULL }; @@ -208,13 +213,14 @@ static int bindagent(int fd, struct ChanSess * chansess) { struct sockaddr_un addr; unsigned int prefix; - char path[sizeof(addr.sun_path)], sockfile[sizeof(addr.sun_path)]; + char path[(sizeof(addr.sun_path)-1)/2], sockfile[(sizeof(addr.sun_path)-1)/2]; mode_t mode; int i; uid_t uid; gid_t gid; int ret = DROPBEAR_FAILURE; +#if DROPBEAR_SVR_MULTIUSER /* drop to user privs to make the dir/file */ uid = getuid(); gid = getgid(); @@ -222,6 +228,7 @@ static int bindagent(int fd, struct ChanSess * chansess) { (seteuid(ses.authstate.pw_uid)) < 0) { dropbear_exit("Failed to set euid"); } +#endif memset((void*)&addr, 0x0, sizeof(addr)); addr.sun_family = AF_UNIX; @@ -261,10 +268,12 @@ bindsocket: out: +#if DROPBEAR_SVR_MULTIUSER if ((seteuid(uid)) < 0 || (setegid(gid)) < 0) { dropbear_exit("Failed to revert euid"); } +#endif return ret; } |