8e73f87 need to realpath restricted if it's symlink/amd-automount — HardenedBSD-pkg

rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9

HardenedBSD Package Manager

need to realpath restricted if it's symlink/amd-automount

Derek Schrock committed 11 years ago

commit 8e73f8791a763ed1b91eb69fa4645a795a20759c
parent 58bcb25

1 file changed +3 -1

modified libpkg/ssh.c

@@ -59,6 +59,7 @@ pkg_sshserve(int fd)

 	int ffd;
 	char buf[BUFSIZ];
 	char fpath[MAXPATHLEN];
 	char rpath[MAXPATHLEN];
 	const char *restricted = NULL;
 	restricted = pkg_object_string(pkg_config_get("SSH_RESTRICT_DIR"));

@@ -137,7 +138,8 @@ pkg_sshserve(int fd)

 #endif
 			chdir(restricted);
 			if (realpath(file, fpath) == NULL ||
 					strncmp(fpath, restricted, strlen(restricted)) != 0) {
 			    realpath(restricted, rpath) == NULL ||
 			    strncmp(fpath, rpath, strlen(rpath)) != 0) {
 				printf("ko: file not found\n");
 				continue;
 			}