From 8a286ad72716a36b51c082d97e5dc1a9f97dfba4 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Mon, 29 Aug 2022 09:22:54 -0700
Subject: [PATCH] remove duplicate code and raise permissions for chroot

---
 apps/wolfsshd/configuration.c | 18 +++++++++---------
 apps/wolfsshd/wolfsshd.c      | 17 ++++++++++++++---
 2 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/apps/wolfsshd/configuration.c b/apps/wolfsshd/configuration.c
index 3766cd51..ab0d9f8c 100644
--- a/apps/wolfsshd/configuration.c
+++ b/apps/wolfsshd/configuration.c
@@ -255,12 +255,6 @@ static WOLFSSHD_CONFIG* wolfSSHD_ConfigCopy(WOLFSSHD_CONFIG* conf)
                                         newConf->heap);
         }
 
-        if (ret == WS_SUCCESS && conf->chrootDir) {
-            ret = CreateString(&newConf->chrootDir, conf->chrootDir,
-                                        (int)WSTRLEN(conf->chrootDir),
-                                        newConf->heap);
-        }
-
         if (ret == WS_SUCCESS) {
             newConf->loginTimer   = conf->loginTimer;
             newConf->port         = conf->port;
@@ -286,8 +280,14 @@ void wolfSSHD_ConfigFree(WOLFSSHD_CONFIG* conf)
         WOLFSSHD_CONFIG* next = current->next;
         heap = current->heap;
 
-        FreeString(&current->authKeysFile, heap);
-        FreeString(&current->hostKeyFile, heap);
+        FreeString(&current->banner,    heap);
+        FreeString(&current->chrootDir, heap);
+        FreeString(&current->ciphers,   heap);
+        FreeString(&current->kekAlgos,  heap);
+        FreeString(&current->hostKeyAlgos,  heap);
+        FreeString(&current->listenAddress, heap);
+        FreeString(&current->authKeysFile,  heap);
+        FreeString(&current->hostKeyFile,   heap);
 
         WFREE(current, heap, DYNTYPE_SSHD);
         current = next;
@@ -321,7 +321,7 @@ enum {
     OPT_INCLUDE                 = 16,
     OPT_CHROOT_DIR              = 17,
     OPT_MATCH                   = 18,
-    OPT_FORCE_CMD              = 19,
+    OPT_FORCE_CMD               = 19,
 };
 enum {
     NUM_OPTIONS = 20
diff --git a/apps/wolfsshd/wolfsshd.c b/apps/wolfsshd/wolfsshd.c
index c0bfe373..d92209db 100644
--- a/apps/wolfsshd/wolfsshd.c
+++ b/apps/wolfsshd/wolfsshd.c
@@ -679,11 +679,22 @@ static void* HandleConnection(void* arg)
         /* check for chroot set */
         cmd = wolfSSHD_ConfigGetChroot(usrConf);
         if (cmd != NULL) {
-            if (chroot(cmd) != 0) {
-                wolfSSH_Log(WS_LOG_ERROR,
-                    "[SSHD] chroot failed to path  %s", cmd);
+            if (wolfSSHD_AuthRaisePermissions(conn->auth) != WS_SUCCESS) {
+                wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Failure to raise permissions "
+                    "for auth");
                 ret = WS_FATAL_ERROR;
             }
+            else {
+                if (chroot(cmd) != 0) {
+                    wolfSSH_Log(WS_LOG_ERROR,
+                        "[SSHD] chroot failed to path  %s", cmd);
+                    ret = WS_FATAL_ERROR;
+                }
+
+                if (wolfSSHD_AuthReducePermissions(conn->auth) != WS_SUCCESS) {
+                    exit(1);
+                }
+        }
 
         #ifdef WOLFSSH_SFTP
             if (ret == WS_SFTP_COMPLETE) {