openwrt-mirror/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-12-21 17:04:28 +04:00
Code Issues Packages Projects Releases Wiki Activity
Files
0bfc66e7b50ef5d0653bc209a7d29ab8e3a7c6b2
openwrt/package/network/services/dropbear/patches/050-dropbear-multihop-fix.patch
Konstantin Demin 68e5f46899 dropbear: relax path permission checks for authorized keys 
Check permissions of correct folder for certificates too.

Fixes: bbe4d6ddb2 ("dropbear: bump to 2025.88")
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19611
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2025-08-07 16:46:30 +02:00

71 lines
2.0 KiB
Diff
Raw Blame History

From 5cc0127000db5f7567b54d0495fb91a8e452fe09 Mon Sep 17 00:00:00 2001
From: Konstantin Demin <rockdrilla@gmail.com>
Date: Fri, 9 May 2025 22:39:35 +0300
Subject: Fix proxycmd without netcat
fixes e5a0ef27c2 "Execute multihop commands directly, no shell"
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Forwarded: https://github.com/mkj/dropbear/pull/363
---
src/cli-main.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/src/cli-main.c
+++ b/src/cli-main.c
@@ -77,7 +77,11 @@ int main(int argc, char ** argv) {
}
#if DROPBEAR_CLI_PROXYCMD
- if (cli_opts.proxycmd || cli_opts.proxyexec) {
+ if (cli_opts.proxycmd
+#if DROPBEAR_CLI_MULTIHOP
+ || cli_opts.proxyexec
+#endif
+ ) {
cli_proxy_cmd(&sock_in, &sock_out, &proxy_cmd_pid);
if (signal(SIGINT, kill_proxy_sighandler) == SIG_ERR ||
signal(SIGTERM, kill_proxy_sighandler) == SIG_ERR ||
@@ -110,11 +114,13 @@ static void shell_proxy_cmd(const void *
dropbear_exit("Failed to run '%s'\n", cmd);
}
+#if DROPBEAR_CLI_MULTIHOP
static void exec_proxy_cmd(const void *unused) {
(void)unused;
run_command(cli_opts.proxyexec[0], cli_opts.proxyexec, ses.maxfd);
dropbear_exit("Failed to run '%s'\n", cli_opts.proxyexec[0]);
}
+#endif
static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out) {
char * cmd_arg = NULL;
@@ -145,9 +151,11 @@ static void cli_proxy_cmd(int *sock_in,
cmd_arg = m_malloc(shell_cmdlen);
snprintf(cmd_arg, shell_cmdlen, "exec %s", cli_opts.proxycmd);
exec_fn = shell_proxy_cmd;
+#if DROPBEAR_CLI_MULTIHOP
} else {
/* No shell */
exec_fn = exec_proxy_cmd;
+#endif
}
ret = spawn_command(exec_fn, cmd_arg, sock_out, sock_in, NULL, pid_out);
@@ -159,6 +167,7 @@ static void cli_proxy_cmd(int *sock_in,
cleanup:
m_free(cli_opts.proxycmd);
m_free(cmd_arg);
+#if DROPBEAR_CLI_MULTIHOP
if (cli_opts.proxyexec) {
char **a = NULL;
for (a = cli_opts.proxyexec; *a; a++) {
@@ -166,6 +175,7 @@ cleanup:
}
m_free(cli_opts.proxyexec);
}
+#endif
}
static void kill_proxy_sighandler(int UNUSED(signo)) {
Reference in New Issue View Git Blame Copy Permalink