Commit 8cddb6e7 authored by Niels Möller's avatar Niels Möller
Browse files

(canonicalize_file_name): As a fallback, try

implementing canonicalize_file_name on top of the broken realpath
function. Not 100% robust.
(start_service): Avoid using canonicalize_file_name for absolute

Rev: src/lshd-userauth.c:1.3
parent a050b4f0
......@@ -536,6 +536,50 @@ format_env_pair(const char *name, const char *value)
return lsh_get_cstring(ssh_format("%lz=%lz", name, value));
/* NOTE: This is a best effort function. It's really not possible to
use realpath in a safe and robust way. This function is used only
for the name of the service executable, from the configuration file
or the LSHD_CONNECTION environment variable, not on any names
supplied by the remote user. */
/* FIXME: Some alternatives: Use getcwd and catenate cwd "/" name. Or
refuse to handle absolute filenames at all? */
static char *
canonicalize_file_name (const char *name)
char *res;
long path_max; /* Must use a signed type, to check for errors from pathconf */
#ifdef PATH_MAX
path_max = PATH_MAX;
path_max = pathconf (path, _PC_PATH_MAX);
if (path_max <= 0)
path_max = 4096;
res = malloc(path_max + 1);
if (!res)
return NULL;
/* To ensure NUL-termination, and to try to detect buffer overruns
by realpath. */
res[path_max] = '\0';
if (!realpath(name, res))
return NULL;
if (res[path_max])
fatal("realpath overwriting it's buffer!\n");
return res;
/* Change persona, set up new environment, change directory, and exec
the service process. */
static void
......@@ -575,7 +619,7 @@ start_service(struct lshd_user *user, char **argv)
assert(i <= ENV_MAX);
/* To allow for a relative path, even when we cd to $HOME. */
argv[0] = canonicalize_file_name(argv[0]);
argv[0] = (argv[0][0] == '/' ? argv[0] : canonicalize_file_name(argv[0]));
if (!argv[0])
werror("start_service: canonicalize_file_name failed: %e\n", errno);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment