Mercurial > dropbear
diff svr-authpubkey.c @ 1344:b90da477ab63 coverity
merge coverity
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 18 May 2017 23:02:39 +0800 |
| parents | 8747c2b19152 |
| children | 10df23099071 |
line wrap: on
line diff
--- a/svr-authpubkey.c Fri Jul 22 00:08:02 2016 +0800 +++ b/svr-authpubkey.c Thu May 18 23:02:39 2017 +0800 @@ -201,6 +201,8 @@ unsigned int len, pos; buffer * options_buf = NULL; int line_num; + uid_t origuid; + gid_t origgid; TRACE(("enter checkpubkey")) @@ -227,8 +229,21 @@ snprintf(filename, len + 22, "%s/.ssh/authorized_keys", ses.authstate.pw_dir); - /* open the file */ + /* open the file as the authenticating user. */ + origuid = getuid(); + origgid = getgid(); + if ((setegid(ses.authstate.pw_gid)) < 0 || + (seteuid(ses.authstate.pw_uid)) < 0) { + dropbear_exit("Failed to set euid"); + } + authfile = fopen(filename, "r"); + + if ((seteuid(origuid)) < 0 || + (setegid(origgid)) < 0) { + dropbear_exit("Failed to revert euid"); + } + if (authfile == NULL) { goto out; }