[openwrt/openwrt] dropbear: Fix CVE-2020-36254
LEDE Commits
lede-commits at lists.infradead.org
Tue May 4 21:56:08 BST 2021
hauke pushed a commit to openwrt/openwrt.git, branch openwrt-19.07:
https://git.openwrt.org/a883e3af386a6aef80fae14facbf1981eb8e91bc
commit a883e3af386a6aef80fae14facbf1981eb8e91bc
Author: Hauke Mehrtens <hauke at hauke-m.de>
AuthorDate: Sun May 2 17:35:16 2021 +0200
dropbear: Fix CVE-2020-36254
This backports a fix from dropbear 2020.81.
CVE-2020-36254 description:
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
.../dropbear/patches/001-fix-CVE-2020-36254.patch | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/package/network/services/dropbear/patches/001-fix-CVE-2020-36254.patch b/package/network/services/dropbear/patches/001-fix-CVE-2020-36254.patch
new file mode 100644
index 0000000000..03f8bf9a81
--- /dev/null
+++ b/package/network/services/dropbear/patches/001-fix-CVE-2020-36254.patch
@@ -0,0 +1,21 @@
+From 8f8a3dff705fad774a10864a2e3dbcfa9779ceff Mon Sep 17 00:00:00 2001
+From: Haelwenn Monnier <contact+github.com at hacktivis.me>
+Date: Mon, 25 May 2020 14:54:29 +0200
+Subject: [PATCH] scp.c: Port OpenSSH CVE-2018-20685 fix (#80)
+
+---
+ scp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/scp.c
++++ b/scp.c
+@@ -935,7 +935,8 @@ sink(int argc, char **argv)
+ size = size * 10 + (*cp++ - '0');
+ if (*cp++ != ' ')
+ SCREWUP("size not delimited");
+- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
++ if (*cp == '\0' || strchr(cp, '/') != NULL ||
++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
+ run_err("error: unexpected filename: %s", cp);
+ exit(1);
+ }
More information about the lede-commits
mailing list