Overview

File openssh-7.2p2-stricter_readonly_sftp.patch of Package openssh.29886

From 1a61141078f813f59f266ed7b609016ecea3872b Mon Sep 17 00:00:00 2001
From: Old openssh patches <pcerny@suse.com>
Date: Wed, 26 Oct 2022 09:58:32 +0200
Subject: [PATCH] openssh-7.2p2-stricter_readonly_sftp

# HG changeset patch
# Parent  3986b0c08254f62c63c04b828dc25efb2d7b91e9
Stricter checking for write actions in read-only mode in the stfp server
CVE-2017-15906
bsc#1065000

backoported upstream commit 4d827f0d75a53d3952288ab882efbddea7ffadfe
---
 sftp-server.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sftp-server.c b/sftp-server.c
index 84cbb4b0..bb49e250 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -705,8 +705,8 @@ process_open(u_int32_t id)
 	logit("open \"%s\" flags %s mode 0%o",
 	    name, string_from_portable(pflags), mode);
 	if (readonly &&
-	    ((flags & O_ACCMODE) == O_WRONLY ||
-	    (flags & O_ACCMODE) == O_RDWR)) {
+	    ((flags & O_ACCMODE) != O_RDONLY ||
+	    (flags & (O_CREAT|O_TRUNC)) != 0)) {
 		verbose("Refusing open request in read-only mode");
 		status = SSH2_FX_PERMISSION_DENIED;
 	} else {
-- 
2.38.0
openSUSE Build Service is sponsored by
Places