branch Attitude Adjustment

git-svn-id: svn://svn.openwrt.org/openwrt/branches/attitude_adjustment@33625 3c298f89-4303-0410-b956-a3cf2f4a3e73

10 files changed, 367 insertions, 0 deletions

diff --git a/package/dropbear/patches/100-pubkey_path.patch b/package/dropbear/patches/100-pubkey_path.patch
new file mode 100644
index 000000000..c1802f51e
--- /dev/null
+++ b/package/dropbear/patches/100-pubkey_path.patch
@@ -0,0 +1,91 @@
+--- a/svr-authpubkey.c
++++ b/svr-authpubkey.c
+@@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al
+ 		goto out;
+ 	}
+ 
+-	/* we don't need to check pw and pw_dir for validity, since
+-	 * its been done in checkpubkeyperms. */
+-	len = strlen(ses.authstate.pw_dir);
+-	/* allocate max required pathname storage,
+-	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+-	filename = m_malloc(len + 22);
+-	snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
+-				ses.authstate.pw_dir);
+-
+-	/* open the file */
+-	authfile = fopen(filename, "r");
++	if (ses.authstate.pw_uid != 0) {
++		/* we don't need to check pw and pw_dir for validity, since
++		 * its been done in checkpubkeyperms. */
++		len = strlen(ses.authstate.pw_dir);
++		/* allocate max required pathname storage,
++		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
++		filename = m_malloc(len + 22);
++		snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
++		         ses.authstate.pw_dir);
++
++		/* open the file */
++		authfile = fopen(filename, "r");
++	} else {
++		authfile = fopen("/etc/dropbear/authorized_keys","r");
++	}
+ 	if (authfile == NULL) {
+ 		goto out;
+ 	}
+@@ -372,26 +376,35 @@ static int checkpubkeyperms() {
+ 		goto out;
+ 	}
+ 
+-	/* allocate max required pathname storage,
+-	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+-	filename = m_malloc(len + 22);
+-	strncpy(filename, ses.authstate.pw_dir, len+1);
+-
+-	/* check ~ */
+-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-		goto out;
+-	}
+-
+-	/* check ~/.ssh */
+-	strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
+-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-		goto out;
+-	}
+-
+-	/* now check ~/.ssh/authorized_keys */
+-	strncat(filename, "/authorized_keys", 16);
+-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-		goto out;
++	if (ses.authstate.pw_uid == 0) {
++		if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++		if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++	} else {
++		/* allocate max required pathname storage,
++		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
++		filename = m_malloc(len + 22);
++		strncpy(filename, ses.authstate.pw_dir, len+1);
++
++		/* check ~ */
++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++
++		/* check ~/.ssh */
++		strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++
++		/* now check ~/.ssh/authorized_keys */
++		strncat(filename, "/authorized_keys", 16);
++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++			goto out;
++		}
+ 	}
+ 
+ 	/* file looks ok, return success */
diff --git a/package/dropbear/patches/110-change_user.patch b/package/dropbear/patches/110-change_user.patch
new file mode 100644
index 000000000..55747bc4d
--- /dev/null
+++ b/package/dropbear/patches/110-change_user.patch
@@ -0,0 +1,18 @@
+--- a/svr-chansession.c
++++ b/svr-chansession.c
+@@ -884,12 +884,12 @@ static void execchild(void *user_data) {
+ 	/* We can only change uid/gid as root ... */
+ 	if (getuid() == 0) {
+ 
+-		if ((setgid(ses.authstate.pw_gid) < 0) ||
++		if ((ses.authstate.pw_gid != 0) && ((setgid(ses.authstate.pw_gid) < 0) ||
+ 			(initgroups(ses.authstate.pw_name, 
+-						ses.authstate.pw_gid) < 0)) {
++						ses.authstate.pw_gid) < 0))) {
+ 			dropbear_exit("Error changing user group");
+ 		}
+-		if (setuid(ses.authstate.pw_uid) < 0) {
++		if ((ses.authstate.pw_uid != 0) && (setuid(ses.authstate.pw_uid) < 0)) {
+ 			dropbear_exit("Error changing user");
+ 		}
+ 	} else {
diff --git a/package/dropbear/patches/120-openwrt_options.patch b/package/dropbear/patches/120-openwrt_options.patch
new file mode 100644
index 000000000..42204aa64
--- /dev/null
+++ b/package/dropbear/patches/120-openwrt_options.patch
@@ -0,0 +1,67 @@
+--- a/options.h
++++ b/options.h
+@@ -38,7 +38,7 @@
+  * Both of these flags can be defined at once, don't compile without at least
+  * one of them. */
+ #define NON_INETD_MODE
+-#define INETD_MODE
++/*#define INETD_MODE*/
+ 
+ /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
+  * perhaps 20% slower for pubkey operations (it is probably worth experimenting
+@@ -49,7 +49,7 @@
+ several kB in binary size however will make the symmetrical ciphers and hashes
+ slower, perhaps by 50%. Recommended for small systems that aren't doing
+ much traffic. */
+-/*#define DROPBEAR_SMALL_CODE*/
++#define DROPBEAR_SMALL_CODE
+ 
+ /* Enable X11 Forwarding - server only */
+ #define ENABLE_X11FWD
+@@ -78,7 +78,7 @@ much traffic. */
+ 
+ /* Enable "Netcat mode" option. This will forward standard input/output
+  * to a remote TCP-forwarded connection */
+-#define ENABLE_CLI_NETCAT
++/*#define ENABLE_CLI_NETCAT*/
+ 
+ /* Encryption - at least one required.
+  * Protocol RFC requires 3DES and recommends AES128 for interoperability.
+@@ -89,8 +89,8 @@ much traffic. */
+ #define DROPBEAR_AES256
+ /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
+ /*#define DROPBEAR_BLOWFISH*/
+-#define DROPBEAR_TWOFISH256
+-#define DROPBEAR_TWOFISH128
++/*#define DROPBEAR_TWOFISH256
++#define DROPBEAR_TWOFISH128*/
+ 
+ /* Enable "Counter Mode" for ciphers. This is more secure than normal
+  * CBC mode against certain attacks. This adds around 1kB to binary 
+@@ -110,7 +110,7 @@ much traffic. */
+  * If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
+  * which are not the standard form. */
+ #define DROPBEAR_SHA1_HMAC
+-#define DROPBEAR_SHA1_96_HMAC
++/*#define DROPBEAR_SHA1_96_HMAC*/
+ #define DROPBEAR_MD5_HMAC
+ 
+ /* Hostkey/public key algorithms - at least one required, these are used
+@@ -148,7 +148,7 @@ much traffic. */
+ 
+ /* Whether to print the message of the day (MOTD). This doesn't add much code
+  * size */
+-#define DO_MOTD
++/*#define DO_MOTD*/
+ 
+ /* The MOTD file path */
+ #ifndef MOTD_FILENAME
+@@ -192,7 +192,7 @@ much traffic. */
+  * note that it will be provided for all "hidden" client-interactive
+  * style prompts - if you want something more sophisticated, use 
+  * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
+-#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
++/*#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"*/
+ 
+ /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
+  * a helper program for the ssh client. The helper program should be
diff --git a/package/dropbear/patches/130-ssh_ignore_o_and_x_args.patch b/package/dropbear/patches/130-ssh_ignore_o_and_x_args.patch
new file mode 100644
index 000000000..93647a99e
--- /dev/null
+++ b/package/dropbear/patches/130-ssh_ignore_o_and_x_args.patch
@@ -0,0 +1,21 @@
+--- a/cli-runopts.c
++++ b/cli-runopts.c
+@@ -287,6 +287,10 @@ void cli_getopts(int argc, char ** argv)
+ 					debug_trace = 1;
+ 					break;
+ #endif
++				case 'o':
++					next = &dummy;
++				case 'x':
++					break;
+ 				case 'F':
+ 				case 'e':
+ 				case 'c':
+@@ -298,7 +302,6 @@ void cli_getopts(int argc, char ** argv)
+ #ifndef ENABLE_CLI_LOCALTCPFWD
+ 				case 'L':
+ #endif
+-				case 'o':
+ 				case 'b':
+ 					next = &dummy;
+ 				default:
diff --git a/package/dropbear/patches/140-disable_assert.patch b/package/dropbear/patches/140-disable_assert.patch
new file mode 100644
index 000000000..e99376333
--- /dev/null
+++ b/package/dropbear/patches/140-disable_assert.patch
@@ -0,0 +1,14 @@
+--- a/dbutil.h
++++ b/dbutil.h
+@@ -94,6 +94,10 @@ int m_str_to_uint(const char* str, unsig
+ #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}
+ 
+ /* Dropbear assertion */
+-#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0)
++#ifndef DROPBEAR_ASSERT_ENABLED
++#define DROPBEAR_ASSERT_ENABLED 0
++#endif
++
++#define dropbear_assert(X) do { if (DROPBEAR_ASSERT_ENABLED && !(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0)
+ 
+ #endif /* _DBUTIL_H_ */
diff --git a/package/dropbear/patches/150-dbconvert_standalone.patch b/package/dropbear/patches/150-dbconvert_standalone.patch
new file mode 100644
index 000000000..3e0b00855
--- /dev/null
+++ b/package/dropbear/patches/150-dbconvert_standalone.patch
@@ -0,0 +1,14 @@
+--- a/options.h
++++ b/options.h
+@@ -5,6 +5,11 @@
+ #ifndef _OPTIONS_H_
+ #define _OPTIONS_H_
+ 
++#if !defined(DROPBEAR_CLIENT) && !defined(DROPBEAR_SERVER)
++#define DROPBEAR_SERVER
++#define DROPBEAR_CLIENT
++#endif
++
+ /******************************************************************
+  * Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
+  * parts are to allow for commandline -DDROPBEAR_XXX options etc.
diff --git a/package/dropbear/patches/200-lcrypt_bsdfix.patch b/package/dropbear/patches/200-lcrypt_bsdfix.patch
new file mode 100644
index 000000000..57eb9670d
--- /dev/null
+++ b/package/dropbear/patches/200-lcrypt_bsdfix.patch
@@ -0,0 +1,29 @@
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -56,7 +56,7 @@ HEADERS=options.h dbutil.h session.h pac
+ 		loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
+ 		listener.h fake-rfc2553.h
+ 
+-dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) @CRYPTLIB@ 
++dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS)
+ dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
+ dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
+ dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
+@@ -77,7 +77,7 @@ STRIP=@STRIP@
+ INSTALL=@INSTALL@
+ CPPFLAGS=@CPPFLAGS@
+ CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@
+-LIBS+=@LIBS@
++LIBS+=@CRYPTLIB@ @LIBS@
+ LDFLAGS=@LDFLAGS@
+ 
+ EXEEXT=@EXEEXT@
+@@ -169,7 +169,7 @@ scp: $(SCPOBJS)  $(HEADERS) Makefile
+ # multi-binary compilation.
+ MULTIOBJS=
+ ifeq ($(MULTI),1)
+-	MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs))) @CRYPTLIB@ 
++	MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs)))
+ 	CFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI
+ endif
+ 
diff --git a/package/dropbear/patches/300-ipv6_addr_port_split.patch b/package/dropbear/patches/300-ipv6_addr_port_split.patch
new file mode 100644
index 000000000..7da435ab1
--- /dev/null
+++ b/package/dropbear/patches/300-ipv6_addr_port_split.patch
@@ -0,0 +1,11 @@
+--- a/svr-runopts.c
++++ b/svr-runopts.c
+@@ -325,7 +325,7 @@ static void addportandaddress(char* spec
+ 		myspec = m_strdup(spec);
+ 
+ 		/* search for ':', that separates address and port */
+-		svr_opts.ports[svr_opts.portcount] = strchr(myspec, ':');
++		svr_opts.ports[svr_opts.portcount] = strrchr(myspec, ':');
+ 
+ 		if (svr_opts.ports[svr_opts.portcount] == NULL) {
+ 			/* no ':' -> the whole string specifies just a port */
diff --git a/package/dropbear/patches/400-CVE-2012-0920.patch b/package/dropbear/patches/400-CVE-2012-0920.patch
new file mode 100644
index 000000000..164909f56
--- /dev/null
+++ b/package/dropbear/patches/400-CVE-2012-0920.patch
@@ -0,0 +1,91 @@
+
+# HG changeset patch
+# User Matt Johnston <matt@ucc.asn.au>
+# Date 1322947885 -28800
+# Node ID 818108bf7749bfecd4715a30e2583aac9dbe25e8
+# Parent  5e8d84f3ee7256d054ecf7e9f248765ccaa7f24f
+- Fix use-after-free if multiple command requests were sent. Move
+the original_command into chansess struct since that makes more sense
+
+--- a/auth.h
++++ b/auth.h
+@@ -133,7 +133,6 @@ struct PubKeyOptions {
+ 	int no_pty_flag;
+ 	/* "command=" option. */
+ 	unsigned char * forced_command;
+-	unsigned char * original_command;
+ };
+ #endif
+ 
+--- a/chansession.h
++++ b/chansession.h
+@@ -69,6 +69,10 @@ struct ChanSess {
+ 	char * agentfile;
+ 	char * agentdir;
+ #endif
++
++#ifdef ENABLE_SVR_PUBKEY_OPTIONS
++	char *original_command;
++#endif
+ };
+ 
+ struct ChildPid {
+--- a/svr-authpubkeyoptions.c
++++ b/svr-authpubkeyoptions.c
+@@ -92,14 +92,15 @@ int svr_pubkey_allows_pty() {
+  * by any 'command' public key option. */
+ void svr_pubkey_set_forced_command(struct ChanSess *chansess) {
+ 	if (ses.authstate.pubkey_options) {
+-		ses.authstate.pubkey_options->original_command = chansess->cmd;
+-		if (!chansess->cmd)
+-		{
+-			ses.authstate.pubkey_options->original_command = m_strdup("");
++		if (chansess->cmd) {
++			/* original_command takes ownership */
++			chansess->original_command = chansess->cmd;
++		} else {
++			chansess->original_command = m_strdup("");
+ 		}
+-		chansess->cmd = ses.authstate.pubkey_options->forced_command;
++		chansess->cmd = m_strdup(ses.authstate.pubkey_options->forced_command);
+ #ifdef LOG_COMMANDS
+-		dropbear_log(LOG_INFO, "Command forced to '%s'", ses.authstate.pubkey_options->original_command);
++		dropbear_log(LOG_INFO, "Command forced to '%s'", chansess->original_command);
+ #endif
+ 	}
+ }
+--- a/svr-chansession.c
++++ b/svr-chansession.c
+@@ -217,6 +217,8 @@ static int newchansess(struct Channel *c
+ 
+ 	struct ChanSess *chansess;
+ 
++	TRACE(("new chansess %p", channel))
++
+ 	dropbear_assert(channel->typedata == NULL);
+ 
+ 	chansess = (struct ChanSess*)m_malloc(sizeof(struct ChanSess));
+@@ -279,6 +281,10 @@ static void closechansess(struct Channel
+ 	m_free(chansess->cmd);
+ 	m_free(chansess->term);
+ 
++#ifdef ENABLE_SVR_PUBKEY_OPTIONS
++	m_free(chansess->original_command);
++#endif
++
+ 	if (chansess->tty) {
+ 		/* write the utmp/wtmp login record */
+ 		li = chansess_login_alloc(chansess);
+@@ -924,10 +930,8 @@ static void execchild(void *user_data) {
+ 	}
+ 	
+ #ifdef ENABLE_SVR_PUBKEY_OPTIONS
+-	if (ses.authstate.pubkey_options &&
+-			ses.authstate.pubkey_options->original_command) {
+-		addnewvar("SSH_ORIGINAL_COMMAND", 
+-			ses.authstate.pubkey_options->original_command);
++	if (chansess->original_command) {
++		addnewvar("SSH_ORIGINAL_COMMAND", chansess->original_command);
+ 	}
+ #endif
+ 
diff --git a/package/dropbear/patches/500-set-default-path.patch b/package/dropbear/patches/500-set-default-path.patch
new file mode 100644
index 000000000..0bd3ffcc3
--- /dev/null
+++ b/package/dropbear/patches/500-set-default-path.patch
@@ -0,0 +1,11 @@
+--- a/options.h
++++ b/options.h
+@@ -297,7 +297,7 @@ be overridden at runtime with -I. 0 disa
+ #define DEFAULT_IDLE_TIMEOUT 0
+ 
+ /* The default path. This will often get replaced by the shell */
+-#define DEFAULT_PATH "/usr/bin:/bin"
++#define DEFAULT_PATH "/bin:/sbin:/usr/bin:/usr/sbin"
+ 
+ /* Some other defines (that mostly should be left alone) are defined
+  * in sysoptions.h */