From a016a0d6ae28ff94f7f25f1adf1db3838ea1f31f Mon Sep 17 00:00:00 2001 From: Tee KOBAYASHI Date: Wed, 15 Dec 2021 10:36:15 +0900 Subject: [PATCH] dropbear: Do not use `getpwnam()` --- packages/dropbear/build.sh | 2 +- packages/dropbear/common-session.c.patch | 12 ++++++++++++ packages/dropbear/loginrec.c.patch | 14 ++++++++++++++ packages/dropbear/svr-chansession.c.patch | 18 +++++++++++++++--- 4 files changed, 42 insertions(+), 4 deletions(-) create mode 100644 packages/dropbear/loginrec.c.patch diff --git a/packages/dropbear/build.sh b/packages/dropbear/build.sh index 19fc9b5f32..bf14e651a2 100644 --- a/packages/dropbear/build.sh +++ b/packages/dropbear/build.sh @@ -3,7 +3,7 @@ TERMUX_PKG_DESCRIPTION="Small SSH server and client" TERMUX_PKG_LICENSE="BSD" TERMUX_PKG_MAINTAINER="@termux" TERMUX_PKG_VERSION=2020.81 -TERMUX_PKG_REVISION=1 +TERMUX_PKG_REVISION=2 TERMUX_PKG_SRCURL=https://matt.ucc.asn.au/dropbear/releases/dropbear-${TERMUX_PKG_VERSION}.tar.bz2 TERMUX_PKG_SHA256=48235d10b37775dbda59341ac0c4b239b82ad6318c31568b985730c788aac53b TERMUX_PKG_DEPENDS="termux-auth, zlib" diff --git a/packages/dropbear/common-session.c.patch b/packages/dropbear/common-session.c.patch index bb40f1350b..d83d70c86f 100644 --- a/packages/dropbear/common-session.c.patch +++ b/packages/dropbear/common-session.c.patch @@ -27,3 +27,15 @@ diff -u -r ../dropbear-2019.77/common-session.c ./common-session.c } else { return ses.authstate.pw_shell; } +@@ -628,7 +618,11 @@ + if (ses.authstate.pw_passwd) + m_free(ses.authstate.pw_passwd); + ++#ifdef __ANDROID__ ++ pw = getpwuid(getuid()); ++#else + pw = getpwnam(username); ++#endif + if (!pw) { + return; + } diff --git a/packages/dropbear/loginrec.c.patch b/packages/dropbear/loginrec.c.patch new file mode 100644 index 0000000000..f3ba306879 --- /dev/null +++ b/packages/dropbear/loginrec.c.patch @@ -0,0 +1,14 @@ +--- a/loginrec.c ++++ b/loginrec.c +@@ -275,7 +275,11 @@ + + if (username) { + strlcpy(li->username, username, sizeof(li->username)); ++#ifdef __ANDROID__ ++ pw = getpwuid(getuid()); ++#else + pw = getpwnam(li->username); ++#endif + if (pw == NULL) + dropbear_exit("login_init_entry: Cannot find user \"%s\"", + li->username); diff --git a/packages/dropbear/svr-chansession.c.patch b/packages/dropbear/svr-chansession.c.patch index 01df39d58d..77ac5181ac 100644 --- a/packages/dropbear/svr-chansession.c.patch +++ b/packages/dropbear/svr-chansession.c.patch @@ -1,7 +1,19 @@ diff -uNr dropbear-2018.76/svr-chansession.c dropbear-2018.76.mod/svr-chansession.c --- dropbear-2018.76/svr-chansession.c 2018-02-27 16:25:12.000000000 +0200 +++ dropbear-2018.76.mod/svr-chansession.c 2018-04-21 13:45:06.707063974 +0300 -@@ -919,6 +919,8 @@ +@@ -607,7 +607,11 @@ + dropbear_exit("Out of memory"); /* TODO disconnect */ + } + ++#ifdef __ANDROID__ ++ pw = getpwuid(getuid()); ++#else + pw = getpwnam(ses.authstate.pw_name); ++#endif + if (!pw) + dropbear_exit("getpwnam failed after succeeding previously"); + pty_setowner(pw, chansess->tty); +@@ -919,6 +923,8 @@ #endif /* clear environment */ @@ -10,7 +22,7 @@ diff -uNr dropbear-2018.76/svr-chansession.c dropbear-2018.76.mod/svr-chansessio /* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD * etc. This is hazardous, so should only be used for debugging. */ #ifndef DEBUG_VALGRIND -@@ -931,6 +933,7 @@ +@@ -931,6 +937,7 @@ } #endif /* HAVE_CLEARENV */ #endif /* DEBUG_VALGRIND */ @@ -18,7 +30,7 @@ diff -uNr dropbear-2018.76/svr-chansession.c dropbear-2018.76.mod/svr-chansessio /* We can only change uid/gid as root ... */ if (getuid() == 0) { -@@ -956,12 +959,14 @@ +@@ -956,12 +963,14 @@ } }