shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-12 03:00:26 +09:00
Code Issues Packages Projects Releases Wiki Activity

fix: create fopen wrapper and block default hostkey paths

Browse Source 
Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Gauravsingh Sisodia
2025-03-17 18:36:42 +00:00
committed by Jakub Jelen
parent c1aab9903f
commit f9d7cadf4b
2 changed files with 42 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/CMakeLists.txt
View File

@@ -332,7 +332,7 @@ if (CLIENT_TESTING OR SERVER_TESTING)
set(TORTURE_ENVIRONMENT set(TORTURE_ENVIRONMENT
"LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}:${CHROOT_WRAPPER}:${FS_WRAPPER}") "LD_PRELOAD=${FS_WRAPPER}:${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}:${CHROOT_WRAPPER}")
if (priv_wrapper_FOUND) if (priv_wrapper_FOUND)
list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER=1 PRIV_WRAPPER_CHROOT_DISABLE=1) list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER=1 PRIV_WRAPPER_CHROOT_DISABLE=1)
list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER_PRCTL_DISABLE="ALL" PRIV_WRAPPER_SETRLIMIT_DISABLE="ALL") list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER_PRCTL_DISABLE="ALL" PRIV_WRAPPER_SETRLIMIT_DISABLE="ALL")

41
tests/fs_wrapper.c
View File

@@ -6,6 +6,8 @@
#include <string.h> #include <string.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <unistd.h> #include <unistd.h>
#include <errno.h>
#include <sys/syscall.h>
/******************************************************************************* /*******************************************************************************
* Structs * Structs
@@ -211,3 +213,42 @@ statx(int dirfd,
return rc; return rc;
} }
static int is_file_blocked(const char *pathname)
{
if (pathname == NULL) {
return 0;
}
static const char *blocked_files[] = {
/* Block for torture_gssapi_server_key_exchange_null */
"/etc/ssh/ssh_host_ecdsa_key",
"/etc/ssh/ssh_host_rsa_key",
"/etc/ssh/ssh_host_ed25519_key"
};
for (size_t i = 0; i < sizeof(blocked_files) / sizeof(blocked_files[0]); i++) {
if (strcmp(pathname, blocked_files[i]) == 0) {
errno = ENOENT; /* No such file or directory */
return 1;
}
}
return 0;
}
#define WRAP_FOPEN(func_name) \
FILE *func_name(const char *pathname, const char *mode) \
{ \
typedef FILE *(*orig_func_t)(const char *pathname, const char *mode); \
static orig_func_t orig_func = NULL; \
if (orig_func == NULL) { \
orig_func = (orig_func_t)dlsym(RTLD_NEXT, #func_name); \
} \
if (is_file_blocked(pathname)) { \
return NULL; \
} \
return orig_func(pathname, mode); \
}
WRAP_FOPEN(fopen)
WRAP_FOPEN(fopen64)