SFTP subsystem and umask

[Damien Miller]

On Tue, 2 Nov 2010, Rob C wrote:

> Hello,
> 
> I have noticed that the -u parameter to the sftp-server or
> internal-sftp subsystem is not working correctly. For openssh-5.6p1 I
> believe that the problem lies in this code, starting at line 1414 in
> sftp-server.c:
>
> ----------------------------------------------------------
> case 'u':
>         mask = (mode_t)strtonum(optarg, 0, 0777, &errmsg);
>         if (errmsg != NULL)
>                 fatal("Invalid umask \"%s\": %s",
>                     optarg, errmsg);
>         (void)umask(mask);
>         break;
> ----------------------------------------------------------

Yep, that is completely broken. Please try this patch:


Index: sftp-server.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sftp-server.c,v
retrieving revision 1.91
diff -u -p -r1.91 sftp-server.c
--- sftp-server.c	13 Jan 2010 01:40:16 -0000	1.91
+++ sftp-server.c	3 Nov 2010 01:52:50 -0000
@@ -1349,8 +1349,7 @@ sftp_server_main(int argc, char **argv, 
 	ssize_t len, olen, set_size;
 	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
 	char *cp, buf[4*4096];
-	const char *errmsg;
-	mode_t mask;
+	long mask;
 
 	extern char *optarg;
 	extern char *__progname;
@@ -1383,11 +1382,12 @@ sftp_server_main(int argc, char **argv, 
 				error("Invalid log facility \"%s\"", optarg);
 			break;
 		case 'u':
-			mask = (mode_t)strtonum(optarg, 0, 0777, &errmsg);
-			if (errmsg != NULL)
-				fatal("Invalid umask \"%s\": %s",
-				    optarg, errmsg);
-			(void)umask(mask);
+			errno = 0;
+			mask = strtol(optarg, &cp, 8);
+			if (mask < 0 || mask > 0777 || *cp != '\0' ||
+			    cp == optarg || (mask == 0 && errno != 0))
+				fatal("Invalid umask \"%s\"", optarg);
+			(void)umask((mode_t)mask);
 			break;
 		case 'h':
 		default: