diff options
| -rw-r--r-- | debian/changelog | 11 | ||||
| -rw-r--r-- | debian/patches/0009-Verify-scp-command-options.patch | 9 | ||||
| -rw-r--r-- | util.c | 4 |
3 files changed, 17 insertions, 7 deletions
diff --git a/debian/changelog b/debian/changelog index 04dea30..126180b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,15 @@ +rssh (2.3.4-12) unstable; urgency=high + + * The fix for the scp security vulnerability in 2.3.4-9 combined with + the regression fix in 2.3.4-10 rejected the -pf and -pt options, which + are sent by libssh2's scp support. Add support for those variants. + (LP #1815935) + + -- Russ Allbery <rra@debian.org> Mon, 18 Feb 2019 18:58:27 -0800 + rssh (2.3.4-11) unstable; urgency=high - * The fix for the scp security vulneraability in 2.3.4-9 introduced a + * The fix for the scp security vulnerability in 2.3.4-9 introduced a regression that blocked scp of multiple files from a server using rssh. Based on further analysis of scp's command-line parsing, relax the check to require the server command contain -f or -t, which should diff --git a/debian/patches/0009-Verify-scp-command-options.patch b/debian/patches/0009-Verify-scp-command-options.patch index da94f0c..390f4ac 100644 --- a/debian/patches/0009-Verify-scp-command-options.patch +++ b/debian/patches/0009-Verify-scp-command-options.patch @@ -17,7 +17,8 @@ first. Attempt to protect against this attack by checking the command line of scp and only allowing the options that are passed to the server end of the connection. Require either -f or -t be given, which -disables scp's attempts to connect to a remote host. +disables scp's attempts to connect to a remote host. Allow these as +-pf and -pt, which are sent by libssh2. Debian Bug#919623 --- @@ -25,7 +26,7 @@ Debian Bug#919623 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/util.c b/util.c -index 52a751b..391ad4a 100644 +index 52a751b..da97592 100644 --- a/util.c +++ b/util.c @@ -263,6 +263,43 @@ static int rsync_okay( char **vec ) @@ -48,11 +49,11 @@ index 52a751b..391ad4a 100644 + if ( strcmp(*vec, "-r") == 0 ) continue; + if ( strcmp(*vec, "-p") == 0 ) continue; + if ( strcmp(*vec, "-d") == 0 ) continue; -+ if ( strcmp(*vec, "-f") == 0 ){ ++ if ( strcmp(*vec, "-f") == 0 || strcmp(*vec, "-pf") == 0 ){ + saw_f_or_t = TRUE; + continue; + } -+ if ( strcmp(*vec, "-t") == 0 ){ ++ if ( strcmp(*vec, "-t") == 0 || strcmp(*vec, "-pt") == 0 ){ + saw_f_or_t = TRUE; + continue; + } @@ -279,11 +279,11 @@ static int scp_okay( char **vec ) if ( strcmp(*vec, "-r") == 0 ) continue; if ( strcmp(*vec, "-p") == 0 ) continue; if ( strcmp(*vec, "-d") == 0 ) continue; - if ( strcmp(*vec, "-f") == 0 ){ + if ( strcmp(*vec, "-f") == 0 || strcmp(*vec, "-pf") == 0 ){ saw_f_or_t = TRUE; continue; } - if ( strcmp(*vec, "-t") == 0 ){ + if ( strcmp(*vec, "-t") == 0 || strcmp(*vec, "-pt") == 0 ){ saw_f_or_t = TRUE; continue; } |