rpms/scponly/EL-4 scponly-4.6-CVE-2007-6415.patch,NONE,1.1

[Toshio くらとみ (toshio)]

Author: toshio

Update of /cvs/pkgs/rpms/scponly/EL-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22369

Added Files:
	scponly-4.6-CVE-2007-6415.patch 
Log Message:
* Wed Feb 13 2008 Tomas Hoger <thoger at redhat.com> - 4.6-10
- Add patch to prevent restriction bypass using OpenSSH's scp options -F
  and -o (CVE-2007-6415, #426072)


scponly-4.6-CVE-2007-6415.patch:

--- NEW FILE scponly-4.6-CVE-2007-6415.patch ---
diff -pruN scponly-4.6.orig/helper.c scponly-4.6/helper.c
--- scponly-4.6.orig/helper.c	2006-01-31 23:04:16.000000000 +0100
+++ scponly-4.6/helper.c	2008-02-13 20:11:58.000000000 +0100
@@ -181,10 +181,10 @@ int check_dangerous_args(char **av)
 				 */
 				opterr=cmdarg->strict;
 				while ((ch = getopt(ac, av, cmdarg->opts)) != -1)
-					if (ch == cmdarg->badarg[0])
+					if (strchr(cmdarg->badarg, ch) || (cmdarg->strict && ch == '?'))
 					{
-						syslog(LOG_ERR, "option %s is not permitted for use with %s (arg was %s)(%s))", 
-							cmdarg->badarg, cmdarg->name, optarg, logstamp());
+						syslog(LOG_ERR, "option -%c is not permitted for use with %s (arg was %s)(%s))", 
+							ch, cmdarg->name, optarg, logstamp());
 						return 1;
 					}
 #elif
diff -pruN scponly-4.6.orig/scponly.c scponly-4.6/scponly.c
--- scponly-4.6.orig/scponly.c	2006-01-31 00:09:40.000000000 +0100
+++ scponly-4.6/scponly.c	2008-02-13 20:11:58.000000000 +0100
@@ -92,7 +92,7 @@ cmd_arg_t dangerous_args[] =
 	 * program name		use getopt?		strict optlist?	optname			optlist
 	 */
 #ifdef ENABLE_SCP2
-	{ PROG_SCP, 		1, 				1,				"S",			"dfl:prtvBCc:i:P:q1246S:o:F:" },
+	{ PROG_SCP, 		1, 				1,				"SoF",			"dfl:prtvBCc:i:P:q1246S:o:F:" },
 #endif
 #ifdef RSYNC_COMPAT
 	{ PROG_RSYNC, 		1, 				0,				"e",			"e:" },