Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
openssh
openssh-7.2p2-stricter_readonly_sftp.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssh-7.2p2-stricter_readonly_sftp.patch of Package openssh
# HG changeset patch # Parent 3986b0c08254f62c63c04b828dc25efb2d7b91e9 Stricter checking for write actions in read-only mode in the stfp server CVE-2017-15906 bsc#1065000 backoported upstream commit 4d827f0d75a53d3952288ab882efbddea7ffadfe diff --git a/openssh-7.2p2/sftp-server.c b/openssh-7.2p2/sftp-server.c --- a/openssh-7.2p2/sftp-server.c +++ b/openssh-7.2p2/sftp-server.c @@ -700,18 +700,18 @@ process_open(u_int32_t id) mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666; if (permforce == 1) { mode = permforcemode; (void)umask(0); /* so umask does not interfere */ } logit("open \"%s\" flags %s mode 0%o", name, string_from_portable(pflags), mode); if (readonly && - ((flags & O_ACCMODE) == O_WRONLY || - (flags & O_ACCMODE) == O_RDWR)) { + ((flags & O_ACCMODE) != O_RDONLY || + (flags & (O_CREAT|O_TRUNC)) != 0)) { verbose("Refusing open request in read-only mode"); status = SSH2_FX_PERMISSION_DENIED; } else { fd = open(name, flags, mode); if (fd < 0) { status = errno_to_portable(errno); } else { handle = handle_new(HANDLE_FILE, name, fd, flags, NULL);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor