I realized that the "mask" parsing was intended to parse a dotted-quad
mask format, and not "prefix" network/size format. I fixed the
parsing to error if not in the expected format.
I also changed the fix for pathname munging memory access errors,
since I didn't review enough of the code to know if or where a root
path is stored/compared as a null string.
I'm not sure if the allocation of utils.c:outstr requires 2 bytes in
some case, allocation of a single byte caused no issues in my testing
under valgrind.
Unfortunately, the added error checking ("Bad IP mask" and "UID not
found") occurs at runtime (during a client connection); ideally, full
parsing of the config file would happen at startup to identify all
such problems.
Updated patch attached.
diff -u muddleftpd-1.3.13.1/modules/auth/authlibsmb/smbval/smblib.c
muddleftpd-1.3.13.1/modules/auth/authlibsmb/smbval/smblib.c
--- muddleftpd-1.3.13.1/modules/auth/authlibsmb/smbval/smblib.c
+++ muddleftpd-1.3.13.1/modules/auth/authlibsmb/smbval/smblib.c
@@ -26,6 +26,7 @@
#include "../config.h"
#include <malloc.h>
#include <string.h>
+#include <ctype.h>
int SMBlib_errno;
int SMBlib_SMB_Error;
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/src/dir.c
+++ muddleftpd-1.3.13.1/src/dir.c
@@ -68,7 +68,7 @@
moddir = *pwd + strlen(peer->basedir);
/* if the directory is /, set it to nothing */
- if (moddir[1] == 0)
+ if (moddir[0] && moddir[1] == 0)
moddir[0] = 0;
if (newdir[0] == '/') /* absolute filename */
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/src/ftplist.c
+++ muddleftpd-1.3.13.1/src/ftplist.c
@@ -108,7 +108,9 @@
strcache_add(uidcache, (int)fileinfo->st_uid,
username);
}
- username[8] = 0;
+
+ if (strlen(username)>6)
+ username[8] = 0;
/* do group */
if (peer->fakegroup)
@@ -124,7 +126,9 @@
strcache_add(gidcache, (int)fileinfo->st_gid, group);
}
- group[8] = 0;
+
+ if (strlen(group)>6)
+ group[8] = 0;
/* Do symbolic links */
if (permissions[0] == 'l')
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/src/auth.c
+++ muddleftpd-1.3.13.1/src/auth.c
@@ -314,7 +314,7 @@
if (pwdent)
peer->uidt_asuid = pwdent->pw_uid;
else
- peer->uidt_asuid = config->uidt_nobodyuid;
+ ERRORMSGFATAL(safe_snprintf("UID not found: %s", data));
}
else
{
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/src/file.c
+++ muddleftpd-1.3.13.1/src/file.c
@@ -286,7 +286,7 @@
char *pdir = mallocwrapper(dirlen + 2);
memcpy(pdir, dir, dirlen);
- if (pdir[dirlen-1] == '/')
+ if (dirlen>1 && pdir[dirlen-1]=='/')
dirlen--;
pdir[dirlen] = '/';
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/src/ftpd.h
+++ muddleftpd-1.3.13.1/src/ftpd.h
@@ -515,6 +515,7 @@
/* utils.h */
+void fd_closeall_nonterminal(void);
void *mallocwrapper(int size);
void reallocwrapper(int size, void **inarea);
char *strdupwrapper(char *s);
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/src/checkip.c
+++ muddleftpd-1.3.13.1/src/checkip.c
@@ -14,6 +14,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
+#include <limits.h>
#include "ftpd.h"
int checknamelist(CONFIGFILECACHE *cf, int section, char *username)
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/src/procnum.c
+++ muddleftpd-1.3.13.1/src/procnum.c
@@ -506,7 +506,7 @@
int shinfo_adduser_inetd(unsigned int ip, int slimit, int iplimit, int *error)
{
SCRFILEREC d;
- int scount, ipcount, pos, full;
+ int scount, ipcount=0, pos, full;
/* we are running inetd. go through scratch file, find an
empty record, and count space in file. */
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/src/utils.c
+++ muddleftpd-1.3.13.1/src/utils.c
@@ -81,7 +81,7 @@
assert(s != NULL);
- outstr = malloc(strlen(s) + 2);
+ outstr = malloc(strlen(s) + 1);
if (outstr == NULL)
ERRORMSGFATAL("strdup error, out of memory");
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/src/logger.c
+++ muddleftpd-1.3.13.1/src/logger.c
@@ -34,13 +34,16 @@
{
if ((logoutfd != -1) && (((logoutmask) & type) == type))
{
- int currenttime = time(NULL);
- int outlen,i;
+ time_t currenttime = time(NULL);
+ int outlen;
char *timestr = ctime((time_t *)¤ttime);
char *outstring;
int writeresult;
- timestr[strlen(timestr) - 1] = '\0';
+
+ // Truncate newline
+ if (timestr)
+ timestr[strlen(timestr) - 1] = '\0';
switch(type)
{
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/src/version.c
+++ muddleftpd-1.3.13.1/src/version.c
@@ -16,6 +16,7 @@
#include "../defaults.h"
#include <stdio.h>
+#include <stdlib.h>
void showversion(char *desc)
{
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/src/socket.c
+++ muddleftpd-1.3.13.1/src/socket.c
@@ -100,14 +100,15 @@
pos = 0;
while (server[pos] != 0)
{
- if (server[pos] == 46)
- buffertmp[pos] = 65;
+ if (server[pos] == 46) // dotted-quad octet separator
+ buffertmp[pos] = 65; // capital "A" flag, see
sscanf below
else
buffertmp[pos] = server[pos];
pos = pos + 1;
}
buffertmp[pos] = 0;
- sscanf(buffertmp, "%uA%uA%uA%u", &a1, &a2, &a3,&a4);
+ if (4!=sscanf(buffertmp, "%uA%uA%uA%u", &a1, &a2, &a3,&a4))
+ ERRORMSGFATAL(safe_snprintf("Bad IP mask: %s",
buffertmp));
l = ((a1 * 256 * 256 * 256) + (a2 * 256 * 256) + (a3 * 256) +
a4);
freewrapper(buffertmp);
}
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/modules/auth/authlibmud/auth.h
+++ muddleftpd-1.3.13.1/modules/auth/authlibmud/auth.h
@@ -20,6 +20,7 @@
#include <unistd.h>
#include <sys/types.h>
#include <stdarg.h>
+#include "../../../config.h"
#ifndef INT_MAX
#define INT_MAX 0x7FFFFFFF
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/modules/auth/authlibmud/authmud.c
+++ muddleftpd-1.3.13.1/modules/auth/authlibmud/authmud.c
@@ -14,7 +14,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
-#include "config.h"
+#include <string.h>
#include "auth.h"
/* This file contains code to autheticate for mud users */
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/modules/auth/authlibsmb/smbval/smblib-util.c
+++ muddleftpd-1.3.13.1/modules/auth/authlibsmb/smbval/smblib-util.c
@@ -25,6 +25,7 @@
#include "smblib-priv.h"
#include <malloc.h>
+#include <string.h>
#include "rfcnb.h"
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/modules/auth/authlibsmb/smbval/session.c
+++ muddleftpd-1.3.13.1/modules/auth/authlibsmb/smbval/session.c
@@ -25,6 +25,7 @@
#include <malloc.h>
#include <string.h>
+#include <stdlib.h>
int RFCNB_errno = 0;
int RFCNB_saved_errno = 0;
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/modules/auth/authlibsmb/smbval/smbencrypt.c
+++ muddleftpd-1.3.13.1/modules/auth/authlibsmb/smbval/smbencrypt.c
@@ -26,6 +26,7 @@
#include <string.h>
#include <sys/vfs.h>
#include <netinet/in.h>
+#include <ctype.h>
#include "smblib-priv.h"
#define uchar unsigned char
only in patch2:
unchanged:
--- muddleftpd-1.3.13.1.orig/modules/auth/authlibsmb/smbval/rfcnb-util.c
+++ muddleftpd-1.3.13.1/modules/auth/authlibsmb/smbval/rfcnb-util.c
@@ -26,6 +26,10 @@
#include <string.h>
#include <malloc.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
#include "std-includes.h"
#include "rfcnb-priv.h"
#include "rfcnb-util.h"