From a883e3af386a6aef80fae14facbf1981eb8e91bc Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sun, 2 May 2021 17:35:16 +0200 Subject: dropbear: Fix CVE-2020-36254 This backports a fix from dropbear 2020.81. CVE-2020-36254 description: scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685. Signed-off-by: Hauke Mehrtens --- .../dropbear/patches/001-fix-CVE-2020-36254.patch | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 package/network/services/dropbear/patches/001-fix-CVE-2020-36254.patch (limited to 'package') diff --git a/package/network/services/dropbear/patches/001-fix-CVE-2020-36254.patch b/package/network/services/dropbear/patches/001-fix-CVE-2020-36254.patch new file mode 100644 index 0000000000..03f8bf9a81 --- /dev/null +++ b/package/network/services/dropbear/patches/001-fix-CVE-2020-36254.patch @@ -0,0 +1,21 @@ +From 8f8a3dff705fad774a10864a2e3dbcfa9779ceff Mon Sep 17 00:00:00 2001 +From: Haelwenn Monnier +Date: Mon, 25 May 2020 14:54:29 +0200 +Subject: [PATCH] scp.c: Port OpenSSH CVE-2018-20685 fix (#80) + +--- + scp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/scp.c ++++ b/scp.c +@@ -935,7 +935,8 @@ sink(int argc, char **argv) + size = size * 10 + (*cp++ - '0'); + if (*cp++ != ' ') + SCREWUP("size not delimited"); +- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { ++ if (*cp == '\0' || strchr(cp, '/') != NULL || ++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { + run_err("error: unexpected filename: %s", cp); + exit(1); + } -- cgit v1.2.3