Hello community, here is the log from the commit of package vsftpd for openSUSE:11.4 checked in at Tue Mar 8 13:50:35 CET 2011.
-------- --- old-versions/11.4/all/vsftpd/vsftpd.changes 2010-09-21 18:40:38.000000000 +0200 +++ 11.4/vsftpd/vsftpd.changes 2011-03-08 09:26:04.000000000 +0100 @@ -1,0 +2,5 @@ +Tue Mar 8 08:25:26 UTC 2011 - mvysko...@suse.cz + +- fix bnc#676259 - VUL-0: vsftpd DoS + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/vsftpd Destination is old-versions/11.4/UPDATES/all/vsftpd calling whatdependson for 11.4-i586 New: ---- vsftpd-2.3.2-excessive-cpu-usage.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vsftpd.spec ++++++ --- /var/tmp/diff_new_pack.ORRDmb/_old 2011-03-08 13:50:14.000000000 +0100 +++ /var/tmp/diff_new_pack.ORRDmb/_new 2011-03-08 13:50:14.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package vsftpd (Version 2.3.2) +# spec file for package vsftpd # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ BuildRequires: libcap-devel %endif Version: 2.3.2 -Release: 1 +Release: 3.<RELEASE2> Summary: Very Secure FTP Daemon - Written from Scratch License: GPLv2+ Group: Productivity/Networking/Ftp/Servers @@ -46,6 +46,7 @@ Patch7: %name-2.0.5-enable-debuginfo.patch Patch8: %name-2.0.5-utf8-log-names.patch Patch9: %name-2.0.4-conf.diff +Patch10: vsftpd-2.3.2-excessive-cpu-usage.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: ftp-server PreReq: %insserv_prereq /usr/sbin/useradd @@ -72,6 +73,7 @@ %patch7 %patch8 %patch9 +%patch10 -p1 %build rm -f dummyinc/sys/capability.h ++++++ vsftpd-2.3.2-excessive-cpu-usage.patch ++++++ Index: vsftpd-2.3.2/access.c =================================================================== --- vsftpd-2.3.2.orig/access.c 2011-03-07 15:35:00.634054997 +0100 +++ vsftpd-2.3.2/access.c 2011-03-07 15:36:04.806572058 +0100 @@ -16,6 +16,7 @@ vsf_access_check_file(const struct mystr* p_filename_str) { static struct mystr s_access_str; + unsigned int iters = 0; if (!tunable_deny_file) { @@ -25,7 +26,7 @@ { str_alloc_text(&s_access_str, tunable_deny_file); } - if (vsf_filename_passes_filter(p_filename_str, &s_access_str)) + if (vsf_filename_passes_filter(p_filename_str, &s_access_str, &iters)) { return 0; } @@ -45,6 +46,7 @@ vsf_access_check_file_visible(const struct mystr* p_filename_str) { static struct mystr s_access_str; + unsigned int iters = 0; if (!tunable_hide_file) { @@ -54,7 +56,7 @@ { str_alloc_text(&s_access_str, tunable_hide_file); } - if (vsf_filename_passes_filter(p_filename_str, &s_access_str)) + if (vsf_filename_passes_filter(p_filename_str, &s_access_str, &iters)) { return 0; } Index: vsftpd-2.3.2/defs.h =================================================================== --- vsftpd-2.3.2.orig/defs.h 2011-03-07 15:35:00.634054997 +0100 +++ vsftpd-2.3.2/defs.h 2011-03-07 15:36:04.807572097 +0100 @@ -10,6 +10,7 @@ #define VSFTP_MAX_COMMAND_LINE 4096 #define VSFTP_DATA_BUFSIZE 65536 #define VSFTP_DIR_BUFSIZE 16384 +#define VSFTP_MATCHITERS_MAX 1000 #define VSFTP_PATH_MAX 4096 #define VSFTP_CONF_FILE_MAX 100000 #define VSFTP_LISTEN_BACKLOG 32 Index: vsftpd-2.3.2/ftpdataio.c =================================================================== --- vsftpd-2.3.2.orig/ftpdataio.c 2011-03-07 15:35:00.634054997 +0100 +++ vsftpd-2.3.2/ftpdataio.c 2011-03-07 15:36:04.842573470 +0100 @@ -116,7 +116,6 @@ else if (remote_fd == -2) { vsf_cmdio_write(p_sess, FTP_BADSENDCONN, "Security: Bad IP connecting."); - vsf_sysutil_close(remote_fd); return -1; } init_data_sock_params(p_sess, remote_fd); @@ -364,6 +363,7 @@ if (retval != 0) { failed = 1; + vsf_sysutil_closedir(p_subdir); break; } retval = transfer_dir_internal(p_sess, is_control, p_subdir, &sub_str, Index: vsftpd-2.3.2/ls.c =================================================================== --- vsftpd-2.3.2.orig/ls.c 2011-03-07 15:35:00.634054997 +0100 +++ vsftpd-2.3.2/ls.c 2011-03-07 15:36:04.892575431 +0100 @@ -9,6 +9,7 @@ #include "ls.h" #include "access.h" +#include "defs.h" #include "str.h" #include "strlist.h" #include "sysstr.h" @@ -118,7 +119,9 @@ /* If we have an ls option which is a filter, apply it */ if (!str_isempty(p_filter_str)) { - if (!vsf_filename_passes_filter(&s_next_filename_str, p_filter_str)) + unsigned int iters = 0; + if (!vsf_filename_passes_filter(&s_next_filename_str, p_filter_str, + &iters)) { continue; } @@ -217,7 +220,8 @@ int vsf_filename_passes_filter(const struct mystr* p_filename_str, - const struct mystr* p_filter_str) + const struct mystr* p_filter_str, + unsigned int* iters) { /* A simple routine to match a filename against a pattern. * This routine is used instead of e.g. fnmatch(3), because we should be @@ -244,12 +248,13 @@ str_copy(&filter_remain_str, p_filter_str); str_copy(&name_remain_str, p_filename_str); - while (!str_isempty(&filter_remain_str)) + while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX) { static struct mystr s_match_needed_str; /* Locate next special token */ struct str_locate_result locate_result = str_locate_chars(&filter_remain_str, "*?{"); + (*iters)++; /* Isolate text leading up to token (if any) - needs to be matched */ if (locate_result.found) { @@ -313,7 +318,8 @@ { str_copy(&new_filter_str, &brace_list_str); str_append_str(&new_filter_str, &filter_remain_str); - if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str)) + if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str, + iters)) { ret = 1; goto out; @@ -349,6 +355,9 @@ } /* OK, a match */ ret = 1; + if (*iters == VSFTP_MATCHITERS_MAX) { + ret = 0; + } out: str_free(&filter_remain_str); str_free(&name_remain_str); Index: vsftpd-2.3.2/ls.h =================================================================== --- vsftpd-2.3.2.orig/ls.h 2011-03-07 15:35:00.635055037 +0100 +++ vsftpd-2.3.2/ls.h 2011-03-07 15:36:04.916576372 +0100 @@ -35,11 +35,14 @@ * PARAMETERS * p_filename_str - the filename to match * p_filter_str - the filter to match against + * iters - pointer to a zero-seeded int which prevents the match + * loop from running an excessive number of times * RETURNS * Returns 1 if there is a match, 0 otherwise. */ int vsf_filename_passes_filter(const struct mystr* p_filename_str, - const struct mystr* p_filter_str); + const struct mystr* p_filter_str, + unsigned int* iters); #endif /* VSF_LS_H */ Index: vsftpd-2.3.2/sysutil.c =================================================================== --- vsftpd-2.3.2.orig/sysutil.c 2011-03-07 15:35:00.635055037 +0100 +++ vsftpd-2.3.2/sysutil.c 2011-03-07 15:36:04.942577392 +0100 @@ -2013,7 +2013,7 @@ static struct vsf_sysutil_sockaddr* s_p_sockaddr; vsf_sysutil_sockaddr_alloc_ipv4(&s_p_sockaddr); vsf_sysutil_memcpy(&s_p_sockaddr->u.u_sockaddr_in.sin_addr, p_raw, - sizeof(&s_p_sockaddr->u.u_sockaddr_in.sin_addr)); + sizeof(s_p_sockaddr->u.u_sockaddr_in.sin_addr)); vsf_sysutil_memcpy(&p_sockptr->u.u_sockaddr_in6.sin6_addr, vsf_sysutil_sockaddr_ipv4_v6(s_p_sockaddr), sizeof(p_sockptr->u.u_sockaddr_in6.sin6_addr)); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org