Overview

File openssh-6.6p1-stricter_readonly_sftp.patch of Package openssh.10780

# HG changeset patch
# Parent  e183b69b4d94ee9abcf5120bc43f2edd743d3667
Stricter checking for write actions in read-only mode in the stfp server
CVE-2017-15906
bsc#1065000

backoported upstream commit 4d827f0d75a53d3952288ab882efbddea7ffadfe

diff --git a/openssh-6.6p1/sftp-server.c b/openssh-6.6p1/sftp-server.c
--- a/openssh-6.6p1/sftp-server.c
+++ b/openssh-6.6p1/sftp-server.c
@@ -686,18 +686,18 @@ process_open(u_int32_t id)
 	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
     if (permforce == 1) {
         mode = permforcemode;
         (void)umask(0); /* so umask does not interfere */
     }
 	logit("open \"%s\" flags %s mode 0%o",
 	    name, string_from_portable(pflags), mode);
 	if (readonly &&
-	    ((flags & O_ACCMODE) == O_WRONLY ||
-	    (flags & O_ACCMODE) == O_RDWR)) {
+	    ((flags & O_ACCMODE) != O_RDONLY ||
+	    (flags & (O_CREAT|O_TRUNC)) != 0)) {
 		verbose("Refusing open request in read-only mode");
 	  	status = SSH2_FX_PERMISSION_DENIED;
 	} else {
 		fd = open(name, flags, mode);
 		if (fd < 0) {
 			status = errno_to_portable(errno);
 		} else {
 			handle = handle_new(HANDLE_FILE, name, fd, flags, NULL);
openSUSE Build Service is sponsored by
Places