shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 18:50:28 +09:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2025-14821 cmake: Fix global config location on Windows

Browse Source 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Andreas Schneider
2025-11-21 08:14:38 +01:00
committed by Jakub Jelen
parent 12ccea8dd8
commit 6a7f19ec34
3 changed files with 29 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
DefineOptions.cmake
View File

@@ -71,18 +71,34 @@ if (WITH_ABI_BREAK)
set(WITH_SYMBOL_VERSIONING ON) set(WITH_SYMBOL_VERSIONING ON)
endif (WITH_ABI_BREAK) endif (WITH_ABI_BREAK)
set(GLOBAL_CONF_DIR "/etc/ssh")
if (WIN32)
# Use PROGRAMDATA on Windows
if (DEFINED ENV{PROGRAMDATA})
set(GLOBAL_CONF_DIR "$ENV{PROGRAMDATA}/ssh")
else ()
set(GLOBAL_CONF_DIR "C:/ProgramData/ssh")
endif ()
if (WITH_HERMETIC_USR)
set(USR_GLOBAL_CONF_DIR "/usr${GLOBAL_CONF_DIR}")
endif ()
endif ()
if (NOT GLOBAL_BIND_CONFIG) if (NOT GLOBAL_BIND_CONFIG)
set(GLOBAL_BIND_CONFIG "/etc/ssh/libssh_server_config") set(GLOBAL_BIND_CONFIG "${GLOBAL_CONF_DIR}/libssh_server_config")
if (WITH_HERMETIC_USR)
set(USR_GLOBAL_BIND_CONFIG "/usr${GLOBAL_BIND_CONFIG}")
endif ()
endif (NOT GLOBAL_BIND_CONFIG) endif (NOT GLOBAL_BIND_CONFIG)
if (NOT GLOBAL_CLIENT_CONFIG) if (NOT GLOBAL_CLIENT_CONFIG)
set(GLOBAL_CLIENT_CONFIG "/etc/ssh/ssh_config") set(GLOBAL_CLIENT_CONFIG "${GLOBAL_CONF_DIR}/ssh_config")
endif (NOT GLOBAL_CLIENT_CONFIG)
if (WITH_HERMETIC_USR) if (WITH_HERMETIC_USR)
set(USR_GLOBAL_BIND_CONFIG "/usr${GLOBAL_BIND_CONFIG}") set(USR_GLOBAL_CLIENT_CONFIG "/usr${GLOBAL_CLIENT_CONFIG}")
set(USR_GLOBAL_CLIENT_CONFIG "/usr${GLOBAL_CLIENT_CONFIG}") endif ()
endif (WITH_HERMETIC_USR) endif (NOT GLOBAL_CLIENT_CONFIG)
if (FUZZ_TESTING) if (FUZZ_TESTING)
set(WITH_INSECURE_NONE ON) set(WITH_INSECURE_NONE ON)

4
config.h.cmake
View File

@@ -8,6 +8,10 @@
#cmakedefine BINARYDIR "${BINARYDIR}" #cmakedefine BINARYDIR "${BINARYDIR}"
#cmakedefine SOURCEDIR "${SOURCEDIR}" #cmakedefine SOURCEDIR "${SOURCEDIR}"
/* Global configuration directory */
#cmakedefine USR_GLOBAL_CONF_DIR "${USR_GLOBAL_CONF_DIR}"
#cmakedefine GLOBAL_CONF_DIR "${GLOBAL_CONF_DIR}"
/* Global bind configuration file path */ /* Global bind configuration file path */
#cmakedefine USR_GLOBAL_BIND_CONFIG "${USR_GLOBAL_BIND_CONFIG}" #cmakedefine USR_GLOBAL_BIND_CONFIG "${USR_GLOBAL_BIND_CONFIG}"
#cmakedefine GLOBAL_BIND_CONFIG "${GLOBAL_BIND_CONFIG}" #cmakedefine GLOBAL_BIND_CONFIG "${GLOBAL_BIND_CONFIG}"

4
src/options.c
View File

@@ -907,7 +907,7 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
SAFE_FREE(session->opts.global_knownhosts); SAFE_FREE(session->opts.global_knownhosts);
if (v == NULL) { if (v == NULL) {
session->opts.global_knownhosts = session->opts.global_knownhosts =
strdup("/etc/ssh/ssh_known_hosts"); strdup(GLOBAL_CONF_DIR "/ssh_known_hosts");
if (session->opts.global_knownhosts == NULL) { if (session->opts.global_knownhosts == NULL) {
ssh_set_error_oom(session); ssh_set_error_oom(session);
return -1; return -1;
@@ -2072,7 +2072,7 @@ int ssh_options_apply(ssh_session session)
if ((session->opts.exp_flags & SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS) == 0) { if ((session->opts.exp_flags & SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS) == 0) {
if (session->opts.global_knownhosts == NULL) { if (session->opts.global_knownhosts == NULL) {
tmp = strdup("/etc/ssh/ssh_known_hosts"); tmp = strdup(GLOBAL_CONF_DIR "/ssh_known_hosts");
} else { } else {
tmp = ssh_path_expand_escape(session, tmp = ssh_path_expand_escape(session,
session->opts.global_knownhosts); session->opts.global_knownhosts);