Bug#921655: marked as done (rssh 2.3.4-4+deb8u2 breaks download of multiple files.)

Mon, 11 Feb 2019 14:51:32 -0800 

Your message dated Mon, 11 Feb 2019 22:47:08 +0000
with message-id <[email protected]>
and subject line Bug#921655: fixed in rssh 2.3.4-5+deb9u3
has caused the Debian Bug report #921655,
regarding rssh 2.3.4-4+deb8u2 breaks download of multiple files.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
921655: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921655
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: rssh
Version: 2.3.4-4+deb8u2 
Severity: important

Since our fileserver auto patched to rssh 2.3.4-4+deb8u2 this morning, our 
automated scp requests have been failing if we try get multiple files from the 
server in one wildcarded request.

So to recreate 
---------
$ scp [email protected]://directory//file.x86_64_*.*.zip .
The authenticity of host 'example.com (192.168.60.224)' can't be established.
ECDSA key fingerprint is ########################
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'example.com (192.168.60.224)' (ECDSA) to the list 
of known hosts.

insecure scp option not allowed.
This account is restricted by rssh.
Allowed commands: scp sftp rsync 

If you believe this is in error, please contact your system administrator.
----------
where example.com://directory//file.x86_64_*.*.zip matched 2 or more files

Moving files from the fileserver until there's only one match results in a 
successful download.
Not using wildcards is also ok.

I believe this was caused by the new method " static int scp_okay( char **vec ) 
" which seems to deliberately fail if there are multiple files seen. The end of 
the loop seems designed to fail if saw_file is already true?

---------------------
+/*
+ * scp_okay() - take the command line and check that it is a hopefully-safe scp
+ *        server command line, accepting only very specific options.
+ *        Returns FALSE if the command line should not be allowed, TRUE
+ *        if it is okay.
+ */
+static int scp_okay( char **vec )
+{
+    int saw_file = FALSE;
+    int saw_end  = FALSE;
+
+    for ( vec++; vec && *vec; vec++ ){
+        /* Allowed options. */
+        if ( !saw_end ) {
+            if ( strcmp(*vec, "-v") == 0 ) continue;
+            if ( strcmp(*vec, "-r") == 0 ) continue;
+            if ( strcmp(*vec, "-p") == 0 ) continue;
+            if ( strcmp(*vec, "-d") == 0 ) continue;
+            if ( strcmp(*vec, "-f") == 0 ) continue;
+            if ( strcmp(*vec, "-t") == 0 ) continue;
+        }
+
+        /* End of arguments.  One more argument allowed after this. */
+        if ( !saw_end && strcmp(*vec, "--") == 0 ){
+            saw_end = TRUE;
+            continue;
+        }
+
+        /* No other options allowed, but allow file starting with -. */
+        if ( *vec[0] == '-' && !saw_end ) return FALSE;
+        if ( saw_file ) return FALSE;
+        saw_file = TRUE;
+    }
+
+    /* We must have seen a single file. */
+    return saw_file;
+}
--------------

This is on an Ubuntu14:04 machine. I've marked it "severity important" as it's 
a regression that caused a set of 3 fileservers who'd been happy for ~ 5 years 
to stop serving the required files and took a fair while to debug as this was 
an automated process and we didn't suspect a fileservr change for a fair while.

I hope this is explanatory enough but please ask for more details if needed.

thanks 
            Martin

--- End Message ---
--- Begin Message --- 
Source: rssh
Source-Version: 2.3.4-5+deb9u3

We believe that the bug you reported is fixed in the latest version of
rssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Russ Allbery <[email protected]> (supplier of updated rssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 10 Feb 2019 11:26:30 -0800
Source: rssh
Binary: rssh
Architecture: source amd64
Version: 2.3.4-5+deb9u3
Distribution: stretch-security
Urgency: high
Maintainer: Russ Allbery <[email protected]>
Changed-By: Russ Allbery <[email protected]>
Description:
 rssh       - Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist
Closes: 921655
Changes:
 rssh (2.3.4-5+deb9u3) stretch-security; urgency=high
 .
   * The fix for the scp security vulneraability in 2.3.4-5+deb9u1
     introduced a regression that blocked scp of multiple files from a
     server using rssh.  Based on further analysis of scp's command-line
     parsing, relax the check to require the server command contain -f or
     -t, which should deactivate scp's support for remote files.
     (Closes: #921655)
Checksums-Sha1:
 3982b46e88e40a1e9162966912f11a7ccdfa2a0b 1514 rssh_2.3.4-5+deb9u3.dsc
 f4d52e2f3a7bcd9eb997afa71b59e061bf5d320c 30352 
rssh_2.3.4-5+deb9u3.debian.tar.xz
 5a239f4a85d41a864852f46fee2fdc03ec5f191b 50364 
rssh-dbgsym_2.3.4-5+deb9u3_amd64.deb
 b65cc26a739159390b42a004e66279fb2ea26b92 5735 
rssh_2.3.4-5+deb9u3_amd64.buildinfo
 ac1a38c6b8d3f9e09ab0dd469d601f0d687a5e34 55758 rssh_2.3.4-5+deb9u3_amd64.deb
Checksums-Sha256:
 7143fb2c087d20a632784a3e5e80d601b6ddfaa92b23ca9398fbd58be49d9136 1514 
rssh_2.3.4-5+deb9u3.dsc
 7299e65139bb167c001f4cfc40d23fdc768757be63ee16a77f1524729687c1c0 30352 
rssh_2.3.4-5+deb9u3.debian.tar.xz
 3e476b1fd343a15c3d46888e8fc2bcfc3c60caeed4b1bb1e3bc54e81a5f072d8 50364 
rssh-dbgsym_2.3.4-5+deb9u3_amd64.deb
 d5e62e72c67db120d64bf6fcc4e8bee36f603e6262b55fd00ae373c01d9aaaf3 5735 
rssh_2.3.4-5+deb9u3_amd64.buildinfo
 1e4ed3d96feeddd0258dd506275430789ea83ca89d7745526d6928bcd7d0565e 55758 
rssh_2.3.4-5+deb9u3_amd64.deb
Files:
 74de536a3b1fecdccc96e112716420b4 1514 net optional rssh_2.3.4-5+deb9u3.dsc
 6260aedc7fcd708a2e855a9dad4e2882 30352 net optional 
rssh_2.3.4-5+deb9u3.debian.tar.xz
 21eeb983f80935548f1c126d3605db31 50364 debug extra 
rssh-dbgsym_2.3.4-5+deb9u3_amd64.deb
 4a0f1689988d2291d7e38fd1b29385fb 5735 net optional 
rssh_2.3.4-5+deb9u3_amd64.buildinfo
 59834f06be5dbe58e4dbda2f9d10effb 55758 net optional 
rssh_2.3.4-5+deb9u3_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE1zk0tJZ0z1zNmsJ4fYAxXFc23nUFAlxghswACgkQfYAxXFc2
3nXN+ggAsg9sVDDgwPNnOeN3NUabWVJgytgn+U0KZn19G+I5r7ByASt0Rtj3Gd+4
zgtdAbSK9oDSICG6HMAY12VSgybBh/069zhg2GMn8bx5UnyTZUmQ4BUJxEQUGfHQ
m7JEdQ+nIS5oyagNMCo2YRgDtXnW82oMIXQZozLO7JooWVNlWKdkDP1va8ACl0oI
H5d9NFXWMI4Lqjno6Hb2We32uZcrGnyaxHHzzOCcJq4kjabYFDsHDauslJyUZY74
SLCZyQb1+KSxdOwfgdpt6AkJ1dSrMzTL6TRfgb1unSXlOsUlMU4FCMyKVe6vZ8VM
cbBlhvdJw7XN3953rSKuc/Axl9atlQ==
=lc+n
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to