-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
dropbear: cherry-pick upstream commit 544f28a0
Resolves #10081 Reported-By: Chen Minqiang <ptpt52@gmail.com> Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- Loading branch information
1 parent
d60cfa5
commit f98bb1f
Showing
1 changed file
with
134 additions
and
0 deletions.
There are no files selected for viewing
134 changes: 134 additions & 0 deletions
134
package/network/services/dropbear/patches/001-fix-MAX_UNAUTH_CLIENTS-regression.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,134 @@ | ||
| From: Matt Johnston <matt@ucc.asn.au> | ||
| Date: Wed, 8 Jun 2022 21:26:20 +0800 | ||
| Subject: Fix MAX_UNAUTH_CLIENTS regression | ||
|
|
||
| Since re-exec change in 2022.82 Dropbear count | ||
| treat authenticated sessions towards the unauthenticated | ||
| session limit. This is fixed by passing the childpipe FD | ||
| through to the re-execed process. | ||
| --- | ||
| runopts.h | 5 +++-- | ||
| svr-main.c | 21 +++++++++++---------- | ||
| svr-runopts.c | 15 ++++++++++++--- | ||
| 3 files changed, 26 insertions(+), 15 deletions(-) | ||
|
|
||
| --- a/runopts.h | ||
| +++ b/runopts.h | ||
| @@ -79,8 +79,9 @@ typedef struct svr_runopts { | ||
| char *addresses[DROPBEAR_MAX_PORTS]; | ||
|
|
||
| int inetdmode; | ||
| - /* Hidden "-2" flag indicates it's re-executing itself */ | ||
| - int reexec_child; | ||
| + /* Hidden "-2 childpipe_fd" flag indicates it's re-executing itself, | ||
| + stores the childpipe preauth file descriptor. Set to -1 otherwise. */ | ||
| + int reexec_childpipe; | ||
|
|
||
| /* Flags indicating whether to use ipv4 and ipv6 */ | ||
| /* not used yet | ||
| --- a/svr-main.c | ||
| +++ b/svr-main.c | ||
| @@ -71,7 +71,7 @@ int main(int argc, char ** argv) | ||
| #endif | ||
|
|
||
| #if DROPBEAR_DO_REEXEC | ||
| - if (svr_opts.reexec_child) { | ||
| + if (svr_opts.reexec_childpipe >= 0) { | ||
| #ifdef PR_SET_NAME | ||
| /* Fix the "Name:" in /proc/pid/status, otherwise it's | ||
| a FD number from fexecve. | ||
| @@ -102,7 +102,7 @@ static void main_inetd() { | ||
|
|
||
| seedrandom(); | ||
|
|
||
| - if (!svr_opts.reexec_child) { | ||
| + if (svr_opts.reexec_childpipe < 0) { | ||
| /* In case our inetd was lax in logging source addresses */ | ||
| get_socket_address(0, NULL, NULL, &host, &port, 0); | ||
| dropbear_log(LOG_INFO, "Child connection from %s:%s", host, port); | ||
| @@ -115,10 +115,8 @@ static void main_inetd() { | ||
| setsid(); | ||
| } | ||
|
|
||
| - /* Start service program | ||
| - * -1 is a dummy childpipe, just something we can close() without | ||
| - * mattering. */ | ||
| - svr_session(0, -1); | ||
| + /* -1 for childpipe in the inetd case is discarded */ | ||
| + svr_session(0, svr_opts.reexec_childpipe); | ||
|
|
||
| /* notreached */ | ||
| } | ||
| @@ -347,9 +345,10 @@ static void main_noinetd(int argc, char | ||
|
|
||
| if (execfd >= 0) { | ||
| #if DROPBEAR_DO_REEXEC | ||
| - /* Add "-2" to the args and re-execute ourself. */ | ||
| - char **new_argv = m_malloc(sizeof(char*) * (argc+3)); | ||
| - int pos0 = 0, new_argc = argc+1; | ||
| + /* Add "-2 childpipe[1]" to the args and re-execute ourself. */ | ||
| + char **new_argv = m_malloc(sizeof(char*) * (argc+4)); | ||
| + char buf[10]; | ||
| + int pos0 = 0, new_argc = argc+2; | ||
|
|
||
| /* We need to specially handle "dropbearmulti dropbear". */ | ||
| if (multipath) { | ||
| @@ -359,7 +358,9 @@ static void main_noinetd(int argc, char | ||
| } | ||
|
|
||
| memcpy(&new_argv[pos0], argv, sizeof(char*) * argc); | ||
| - new_argv[new_argc-1] = "-2"; | ||
| + new_argv[new_argc-2] = "-2"; | ||
| + snprintf(buf, sizeof(buf), "%d", childpipe[1]); | ||
| + new_argv[new_argc-1] = buf; | ||
| new_argv[new_argc] = NULL; | ||
|
|
||
| if ((dup2(childsock, STDIN_FILENO) < 0)) { | ||
| --- a/svr-runopts.c | ||
| +++ b/svr-runopts.c | ||
| @@ -138,6 +138,7 @@ void svr_getopts(int argc, char ** argv) | ||
| char* keepalive_arg = NULL; | ||
| char* idle_timeout_arg = NULL; | ||
| char* maxauthtries_arg = NULL; | ||
| + char* reexec_fd_arg = NULL; | ||
| char* keyfile = NULL; | ||
| char c; | ||
| #if DROPBEAR_PLUGIN | ||
| @@ -175,6 +176,7 @@ void svr_getopts(int argc, char ** argv) | ||
| svr_opts.pubkey_plugin_options = NULL; | ||
| #endif | ||
| svr_opts.pass_on_env = 0; | ||
| + svr_opts.reexec_childpipe = -1; | ||
|
|
||
| #ifndef DISABLE_ZLIB | ||
| opts.compress_mode = DROPBEAR_COMPRESS_DELAYED; | ||
| @@ -250,12 +252,12 @@ void svr_getopts(int argc, char ** argv) | ||
| #if DROPBEAR_DO_REEXEC && NON_INETD_MODE | ||
| /* For internal use by re-exec */ | ||
| case '2': | ||
| - svr_opts.reexec_child = 1; | ||
| + next = &reexec_fd_arg; | ||
| break; | ||
| #endif | ||
| case 'p': | ||
| - nextisport = 1; | ||
| - break; | ||
| + nextisport = 1; | ||
| + break; | ||
| case 'P': | ||
| next = &svr_opts.pidfile; | ||
| break; | ||
| @@ -426,6 +428,13 @@ void svr_getopts(int argc, char ** argv) | ||
| dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command); | ||
| } | ||
|
|
||
| + if (reexec_fd_arg) { | ||
| + if (m_str_to_uint(reexec_fd_arg, &svr_opts.reexec_childpipe) == DROPBEAR_FAILURE | ||
| + || svr_opts.reexec_childpipe < 0) { | ||
| + dropbear_exit("Bad -2"); | ||
| + } | ||
| + } | ||
| + | ||
| #if INETD_MODE | ||
| if (svr_opts.inetdmode && ( | ||
| opts.usingsyslog == 0 |