Attachment 1277 Details for Bug 177 – Pre-shell tilde expantion proof-of-concept hack

[patch] Pre-shell tilde expantion proof-of-concept hack

subsystem-tilde-expansion-kludge.patch (text/plain), 1.24 KB, created by Joshua Pettett on 2007-05-11 08:02:44 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Joshua Pettett

Created: 2007-05-11 08:02:44 AEST

Size: 1.24 KB

patch

obsolete

>--- session.c.orig      2007-05-10 17:20:53.000000000 -0400
>+++ session.c   2007-05-10 17:22:07.000000000 -0400
>@@ -87,6 +87,7 @@
> #include "session.h"
> #include "kex.h"
> #include "monitor_wrap.h"
>+#include "misc.h"
>
> #if defined(KRB5) && defined(USE_AFS)
> #include <kafs.h>
>@@ -1861,9 +1862,9 @@
> session_subsystem_req(Session *s)
> {
> 	struct stat st;
>-	u_int len;
>+	u_int len, arglen = 0;
> 	int success = 0;
>-	char *prog, *cmd, *subsys = packet_get_string(&len);
>+	char *prog, *cmd, *arg, *p, *subsys = packet_get_string(&len);
> 	u_int i;
> 
> 	packet_check_eom();
>@@ -1878,9 +1879,22 @@
> 				strerror(errno));
> 				break;
> 			}
>-			debug("subsystem: exec() %s", cmd);
>+
>+			// Munch on arguments to do tilde expansion; entire subsystem argument processing should probably be refactored
>+			p = xstrdup("");
>+			arglen = strlen(p) + 1;
>+			while ((arg = strdelim(&cmd)) != NULL && *arg != '\0') {
>+				arg = tilde_expand_filename(arg, s->pw->pw_uid);
>+				arglen += 1 + strlen(arg);
>+				p = xrealloc(p, 1, arglen);
>+				strlcat(p, arg, arglen);
>+				strlcat(p, " ", arglen);
>+				debug("Processed subsystem arg: %s", arg);
>+			}
>+
>+			debug("subsystem: exec() %s", p);
> 			s->is_subsystem = 1;
>-			do_exec(s, cmd);
>+			do_exec(s, p);
> 			success = 1;
> 			break;
> 		}

Actions: View | Diff

Attachments on bug 177: 683 | 1018 | 1156 | 1206 | 1277 | 1346