Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits 378aaac
Revert "Fix pkg-ssh."
Vsevolod Stakhov committed 11 years ago
commit 378aaac0f6e9fdb76f25125d8dd437d57542aabd
parent ed37d1e
1 file changed +20 -5
modified libpkg/ssh.c
@@ -45,9 +45,6 @@
#include "pkg.h"

#include "private/event.h"
- 
/*
- 
 * Fd here is a descriptor of an opened restricted dir.
- 
 */

int

pkg_sshserve(int fd)

{
@@ -60,6 +57,10 @@ pkg_sshserve(int fd)
	const char *errstr;

	int ffd;

	char buf[BUFSIZ];
+ 
	char fpath[MAXPATHLEN];
+ 
	const char *restricted = NULL;
+
+ 
	restricted = pkg_object_string(pkg_config_get("SSH_RESTRICT_DIR"));



	printf("ok: pkg "PKGVERSION"\n");

	for (;;) {
@@ -128,7 +129,21 @@ pkg_sshserve(int fd)
			continue;

		}
- 
		if (fstatat(fd, file, &st, 0) == -1) {
+ 
#ifdef HAVE_CAPSICUM
+ 
		if (!cap_sandboxed() && restricted != NULL) {
+ 
#else
+ 
		if (restricted != NULL) {
+ 
#endif
+ 
			chdir(restricted);
+
+ 
			if (realpath(file, fpath) == NULL ||
+ 
					strncmp(file, restricted, strlen(restricted)) != 0) {
+ 
				printf("ko: file not found\n");
+ 
				continue;
+ 
			}
+ 
		}
+
+ 
		if (fstatat(fd, fpath, &st, 0) == -1) {

			pkg_debug(1, "SSH server> fstatat failed");

			printf("ko: file not found\n");

			continue;
@@ -144,7 +159,7 @@ pkg_sshserve(int fd)
			continue;

		}
- 
		if ((ffd = openat(fd, file, O_RDONLY)) == -1) {
+ 
		if ((ffd = openat(fd, fpath, O_RDONLY)) == -1) {

			printf("ko: file not found\n");

			continue;

		}