Attachment #1681 for bug #1637




#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <selinux/selinux.h>

#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"


	if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
		extern int optind, optreset;
		int i, l;
		char *p, *args, *c1, *c2, *cx;

		setproctitle("%s@internal-sftp-server", s->pw->pw_name);
		args = xstrdup(command ? command : "sftp-server");

		argv[i] = NULL;
		optind = optreset = 1;
		__progname = argv[0];
		if (getcon (&c1) < 0) {
			logit("do_child: getcon failed witch %s", strerror (errno));
		} else {
			c2 = xmalloc (strlen (c1) + 8);
			if (!(cx = index (c1, ':')))
				goto badcontext;
			if (!(cx = index (cx + 1, ':'))) {
badcontext:
				logit ("do_child: unparseable context %s", c1);
			} else {
				l = cx - c1 + 1;
				memcpy (c2, c1, l);
				strcpy (c2 + l, "sftpd_t");
				if ((cx = index (cx + 1, ':')))
					strcat (c2, cx);
				if (setcon (c2) < 0) 
					logit("do_child: setcon failed witch %s", strerror (errno));
			
			}
		}		
			
		exit(sftp_server_main(i, argv, s->pw));
	}


Return to bug 1637

Lines 58-63 Link Here

(-)openssh-5.2p1/session.c.sesftp (-2 / +24 lines)
58	#include <stdlib.h>	58	#include <stdlib.h>
59	#include <string.h>	59	#include <string.h>
60	#include <unistd.h>	60	#include <unistd.h>
		61	#include <selinux/selinux.h>
61		62
62	#include "openbsd-compat/sys-queue.h"	63	#include "openbsd-compat/sys-queue.h"
63	#include "xmalloc.h"	64	#include "xmalloc.h"
Lines 1791-1798 do_child(Session s, const char command Link Here
1791		1792
1792	if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {	1793	if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
1793	extern int optind, optreset;	1794	extern int optind, optreset;
1794	int i;	1795	int i, l;
1795	char p, args;	1796	char p, args, c1, c2, *cx;
1796		1797
1797	setproctitle("%s@internal-sftp-server", s->pw->pw_name);	1798	setproctitle("%s@internal-sftp-server", s->pw->pw_name);
1798	args = xstrdup(command ? command : "sftp-server");	1799	args = xstrdup(command ? command : "sftp-server");
Lines 1802-1807 do_child(Session s, const char command Link Here
1802	argv[i] = NULL;	1803	argv[i] = NULL;
1803	optind = optreset = 1;	1804	optind = optreset = 1;
1804	__progname = argv[0];	1805	__progname = argv[0];
		1806	if (getcon (&c1) < 0) {
		1807	logit("do_child: getcon failed witch %s", strerror (errno));
		1808	} else {
		1809	c2 = xmalloc (strlen (c1) + 8);
		1810	if (!(cx = index (c1, ':')))
		1811	goto badcontext;
		1812	if (!(cx = index (cx + 1, ':'))) {
		1813	badcontext:
		1814	logit ("do_child: unparseable context %s", c1);
		1815	} else {
		1816	l = cx - c1 + 1;
		1817	memcpy (c2, c1, l);
		1818	strcpy (c2 + l, "sftpd_t");
		1819	if ((cx = index (cx + 1, ':')))
		1820	strcat (c2, cx);
		1821	if (setcon (c2) < 0)
		1822	logit("do_child: setcon failed witch %s", strerror (errno));
		1823
		1824	}
		1825	}
		1826
1805	exit(sftp_server_main(i, argv, s->pw));	1827	exit(sftp_server_main(i, argv, s->pw));
1806	}	1828	}
1807		1829