From d27e9056a96b8eebd987e039d0c5a54023a35577 Mon Sep 17 00:00:00 2001
From: Waldemar Brodkorb <wbx@openadk.org>
Date: Wed, 24 May 2017 16:49:09 +0200
Subject: dropbear: update to 2017.75

---
 package/dropbear/Makefile                       |   6 +-
 package/dropbear/patches/patch-svr-authpubkey_c | 109 ++++++++++++++++++------
 2 files changed, 88 insertions(+), 27 deletions(-)

(limited to 'package/dropbear')

diff --git a/package/dropbear/Makefile b/package/dropbear/Makefile
index f92f6609c..7a3f2b074 100644
--- a/package/dropbear/Makefile
+++ b/package/dropbear/Makefile
@@ -4,9 +4,9 @@
 include $(ADK_TOPDIR)/rules.mk
 
 PKG_NAME:=		dropbear
-PKG_VERSION:=		2016.74
-PKG_RELEASE:=		2
-PKG_HASH:=		2720ea54ed009af812701bcc290a2a601d5c107d12993e5d92c0f5f81f718891
+PKG_VERSION:=		2017.75
+PKG_RELEASE:=		1
+PKG_HASH:=		6cbc1dcb1c9709d226dff669e5604172a18cf5dbf9a201474d5618ae4465098c
 PKG_DESCR:=		ssh server/client designed for embedded systems
 PKG_SECTION:=		net/security
 PKG_URL:=		http://matt.ucc.asn.au/dropbear/
diff --git a/package/dropbear/patches/patch-svr-authpubkey_c b/package/dropbear/patches/patch-svr-authpubkey_c
index 90ec56d9e..fe63792f7 100644
--- a/package/dropbear/patches/patch-svr-authpubkey_c
+++ b/package/dropbear/patches/patch-svr-authpubkey_c
@@ -1,46 +1,107 @@
-$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
---- dropbear-2014.63.orig/svr-authpubkey.c	2014-02-19 15:05:24.000000000 +0100
-+++ dropbear-2014.63/svr-authpubkey.c	2014-02-27 16:29:05.000000000 +0100
-@@ -208,6 +208,8 @@ static int checkpubkey(unsigned char* al
+--- dropbear-2017.75.orig/svr-authpubkey.c	2017-05-18 16:47:02.000000000 +0200
++++ dropbear-2017.75/svr-authpubkey.c	2017-05-24 00:12:02.175883130 +0200
+@@ -220,24 +220,31 @@ static int checkpubkey(char* algo, unsig
  		goto out;
  	}
  
+-	/* we don't need to check pw and pw_dir for validity, since
+-	 * its been done in checkpubkeyperms. */
+-	len = strlen(ses.authstate.pw_dir);
+-	/* allocate max required pathname storage,
+-	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+-	filename = m_malloc(len + 22);
+-	snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
+-				ses.authstate.pw_dir);
++	/* special case for root authorized_keys in /etc/dropbear/authorized_keys */
 +	if (ses.authstate.pw_uid != 0) {
-+
- 	/* we don't need to check pw and pw_dir for validity, since
- 	 * its been done in checkpubkeyperms. */
- 	len = strlen(ses.authstate.pw_dir);
-@@ -219,6 +221,9 @@ static int checkpubkey(unsigned char* al
  
- 	/* open the file */
- 	authfile = fopen(filename, "r");
+-	/* open the file as the authenticating user. */
+-	origuid = getuid();
+-	origgid = getgid();
+-	if ((setegid(ses.authstate.pw_gid)) < 0 ||
+-		(seteuid(ses.authstate.pw_uid)) < 0) {
+-		dropbear_exit("Failed to set euid");
+-	}
++		/* we don't need to check pw and pw_dir for validity, since
++		 * its been done in checkpubkeyperms. */
++		len = strlen(ses.authstate.pw_dir);
++		/* allocate max required pathname storage,
++		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
++		filename = m_malloc(len + 22);
++		snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
++					ses.authstate.pw_dir);
+ 
+-	authfile = fopen(filename, "r");
++		/* open the file as the authenticating user. */
++		origuid = getuid();
++		origgid = getgid();
++		if ((setegid(ses.authstate.pw_gid)) < 0 ||
++			(seteuid(ses.authstate.pw_uid)) < 0) {
++			dropbear_exit("Failed to set euid");
++		}
++
++		authfile = fopen(filename, "r");
++
 +	} else {
 +		authfile = fopen("/etc/dropbear/authorized_keys","r");
 +	}
- 	if (authfile == NULL) {
- 		goto out;
- 	}
-@@ -371,6 +376,8 @@ static int checkpubkeyperms() {
+ 
+ 	if ((seteuid(origuid)) < 0 ||
+ 		(setegid(origgid)) < 0) {
+@@ -396,26 +403,39 @@ static int checkpubkeyperms() {
  		goto out;
  	}
  
+-	/* allocate max required pathname storage,
+-	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+-	filename = m_malloc(len + 22);
+-	strncpy(filename, ses.authstate.pw_dir, len+1);
 +	if (ses.authstate.pw_uid != 0) {
+ 
+-	/* check ~ */
+-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-		goto out;
+-	}
++		/* allocate max required pathname storage,
++		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
++		filename = m_malloc(len + 22);
++		strncpy(filename, ses.authstate.pw_dir, len+1);
+ 
+-	/* check ~/.ssh */
+-	strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
+-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-		goto out;
+-	}
++		/* check ~ */
++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++
++		/* check ~/.ssh */
++		strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++
++		/* now check ~/.ssh/authorized_keys */
++		strncat(filename, "/authorized_keys", 16);
++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++			goto out;
++		}
 +
- 	/* allocate max required pathname storage,
- 	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
- 	filename = m_malloc(len + 22);
-@@ -392,6 +399,14 @@ static int checkpubkeyperms() {
- 	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
- 		goto out;
- 	}
 +	} else {
++
 +		if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
 +			goto out;
 +		}
 +		if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
 +			goto out;
 +		}
-+	}
+ 
+-	/* now check ~/.ssh/authorized_keys */
+-	strncat(filename, "/authorized_keys", 16);
+-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-		goto out;
+ 	}
  
  	/* file looks ok, return success */
- 	ret = DROPBEAR_SUCCESS;
-- 
cgit v1.2.3