Hello community, here is the log from the commit of package uftpd for openSUSE:Factory checked in at 2020-05-29 21:23:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/uftpd (Old) and /work/SRC/openSUSE:Factory/.uftpd.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "uftpd" Fri May 29 21:23:44 2020 rev:9 rq:809770 version:2.12 Changes: -------- --- /work/SRC/openSUSE:Factory/uftpd/uftpd.changes 2020-01-05 15:22:49.657611262 +0100 +++ /work/SRC/openSUSE:Factory/.uftpd.new.3606/uftpd.changes 2020-05-29 21:37:39.294699494 +0200 @@ -1,0 +2,16 @@ +Mon May 25 17:27:46 UTC 2020 - Martin Hauke <mar...@gmx.de> + +- Update to version 2.12 + Changes + * Use common log message format and log level when user enters + an invalid path. This unfortunately affects changes introduced + in v2.11 to increase logging at default log level. + * Fixes + Issue #30: When entering an invalid directory with the FTP + command CWD, a NULL ptr was deref. in a DBG() message even + though the log level is set to a value lower than LOG_DEBUG. + This caused uftpd to crash and cause denial of service. + Depending on the init/inetd system used this could be + permanent. + +------------------------------------------------------------------- Old: ---- uftpd-2.11.tar.gz New: ---- uftpd-2.12.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ uftpd.spec ++++++ --- /var/tmp/diff_new_pack.eXcYMf/_old 2020-05-29 21:37:39.638700518 +0200 +++ /var/tmp/diff_new_pack.eXcYMf/_new 2020-05-29 21:37:39.642700530 +0200 @@ -1,7 +1,7 @@ # # spec file for package uftpd # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # Copyright (c) 2018, Martin Hauke <mar...@gmx.de> # # All modifications and additions to the file contributed by third parties @@ -18,7 +18,7 @@ Name: uftpd -Version: 2.11 +Version: 2.12 Release: 0 Summary: A combined TFTP/FTP server License: ISC ++++++ uftpd-2.11.tar.gz -> uftpd-2.12.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.11/.travis.yml new/uftpd-2.12/.travis.yml --- old/uftpd-2.11/.travis.yml 2020-01-05 08:51:54.000000000 +0100 +++ new/uftpd-2.12/.travis.yml 2020-05-25 18:09:12.000000000 +0200 @@ -29,7 +29,7 @@ name: "troglobit/uftpd" description: "uftpd -- the no nonsense (T)FTP server" notification_email: troglo...@gmail.com - build_command_prepend: "./autogen.sh && PKG_CONFIG_PATH=/tmp/lib/pkgconfig ./configure --disable-silent-rules --prefix=/tmp" + build_command_prepend: "./autogen.sh && PKG_CONFIG_PATH=/tmp/lib/pkgconfig ./configure --disable-silent-rules --prefix=" build_command: "make -j5 clean all" branch_pattern: dev @@ -43,10 +43,10 @@ script: - ./autogen.sh - - PKG_CONFIG_PATH=/tmp/lib/pkgconfig ./configure --disable-silent-rules --prefix=/tmp + - PKG_CONFIG_PATH=/tmp/lib/pkgconfig ./configure --disable-silent-rules --prefix= - make clean - make -j5 - - make install-strip - - tree /tmp - - ldd /tmp/sbin/uftpd - - LD_LIBRARY_PATH=/tmp/lib /tmp/sbin/uftpd -h + - DESTDIR=~/tmp make install-strip + - tree ~/tmp + - ldd ~/tmp/sbin/uftpd + - LD_LIBRARY_PATH=/tmp/lib ~/tmp/sbin/uftpd -h diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.11/ChangeLog.md new/uftpd-2.12/ChangeLog.md --- old/uftpd-2.11/ChangeLog.md 2020-01-05 08:51:54.000000000 +0100 +++ new/uftpd-2.12/ChangeLog.md 2020-05-25 18:09:12.000000000 +0200 @@ -4,6 +4,22 @@ All notable changes to the project are documented in this file. +[v2.12][] - 2020-05-25 +---------------------- + +### Changes +- Use common log message format and log level when user enters an + invalid path. This unfortunately affects changes introduced in + [v2.11][] to increase logging at default log level. + +### Fixes +- Issue #30: When entering an invalid directory with the FTP command CWD, + a NULL ptr was deref. in a DBG() message even though the log level is + set to a value lower than `LOG_DEBUG`. This caused uftpd to crash + and cause denial of service. Depending on the init/inetd system used + this could be permanent. + + [v2.11][] - 2020-01-05 ---------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.11/README.md new/uftpd-2.12/README.md --- old/uftpd-2.11/README.md 2020-01-05 08:51:54.000000000 +0100 +++ new/uftpd-2.12/README.md 2020-05-25 18:09:12.000000000 +0200 @@ -104,6 +104,14 @@ Build & Install --------------- +### Debian/Ubuntu + + curl -sS https://deb.troglobit.com/pubkey.gpg | sudo apt-key add - + echo "deb [arch=amd64] https://deb.troglobit.com/debian stable main" | sudo tee /etc/apt/sources.list.d/troglobit.list + sudo apt-get update && sudo apt-get install uftpd + +### Building from Source + `uftpd` depends on two other projects to build from source, [libuEv][] and [lite][]. See their respective README for details, there should be no real surprises, both use the familiar configure, make, make install. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.11/configure.ac new/uftpd-2.12/configure.ac --- old/uftpd-2.11/configure.ac 2020-01-05 08:51:54.000000000 +0100 +++ new/uftpd-2.12/configure.ac 2020-05-25 18:09:12.000000000 +0200 @@ -1,4 +1,4 @@ -AC_INIT([uftpd], [2.11], [https://github.com/troglobit/uftpd/issues],, +AC_INIT([uftpd], [2.12], [https://github.com/troglobit/uftpd/issues],, [https://troglobit.com/projects/uftpd/]) AM_INIT_AUTOMAKE([1.11 foreign no-dist-gzip dist-xz]) AM_SILENT_RULES([yes]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.11/debian/changelog new/uftpd-2.12/debian/changelog --- old/uftpd-2.11/debian/changelog 2020-01-05 08:51:54.000000000 +0100 +++ new/uftpd-2.12/debian/changelog 2020-05-25 18:09:12.000000000 +0200 @@ -1,3 +1,10 @@ +uftpd (2.12) stable; urgency=medium + + * Fix issue #30: uftpd crashes when an invalid CWD is entered + * Use common log message format and log level for all path refs. + + -- Joachim Nilsson <troglo...@gmail.com> Mon, 25 May 2020 18:08:32 +0200 + uftpd (2.11) unstable; urgency=medium * Increased logging at default log level. Now all relevant interaction diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.11/docs/SECURITY.md new/uftpd-2.12/docs/SECURITY.md --- old/uftpd-2.11/docs/SECURITY.md 1970-01-01 01:00:00.000000000 +0100 +++ new/uftpd-2.12/docs/SECURITY.md 2020-05-25 18:09:12.000000000 +0200 @@ -0,0 +1,12 @@ +# Security Policy + +## Supported Versions + +uftpd is a small project, as such we have no possibility to support older versions. +The only supported version is the latest released on GitHub: + +<https://github.com/troglobit/uftpd/releases> + +## Reporting a Vulnerability + +Contact the project's main author and owner to report and discuss vulnerabilities. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uftpd-2.11/src/ftpcmd.c new/uftpd-2.12/src/ftpcmd.c --- old/uftpd-2.11/src/ftpcmd.c 2020-01-05 08:51:54.000000000 +0100 +++ new/uftpd-2.12/src/ftpcmd.c 2020-05-25 18:09:12.000000000 +0200 @@ -404,19 +404,13 @@ */ dir = compose_abspath(ctrl, path); if (!dir || stat(dir, &st) || !S_ISDIR(st.st_mode)) { - DBG("chrooted:%d, ctrl->cwd: %s, home:%s, dir:%s, len:%zd, dirlen:%zd", - chrooted, ctrl->cwd, home, dir, strlen(home), strlen(dir)); + INFO("%s: CWD: invalid path to %s: %m", ctrl->clientaddr, path); send_msg(ctrl->sd, "550 No such directory.\r\n"); return; } - if (!chrooted) { - size_t len = strlen(home); - - DBG("non-chrooted CWD, home:%s, dir:%s, len:%zd, dirlen:%zd", - home, dir, len, strlen(dir)); - dir += len; - } + if (!chrooted) + dir += strlen(home); snprintf(ctrl->cwd, sizeof(ctrl->cwd), "%s", dir); if (ctrl->cwd[0] == 0) @@ -711,7 +705,7 @@ path = compose_path(ctrl, cwd); if (!path) { fail: - LOGIT(LOG_INFO, errno, "Failed reading status for %s", path ? path : name); + INFO("%s: LIST: Failed reading status for %s: %m", ctrl->clientaddr, path ? path : name); continue; } @@ -735,7 +729,7 @@ ERR(errno, "Failed sending file %s to client", ctrl->file); while (ctrl->i < ctrl->d_num) { - struct dirent *entry = ctrl->d[ctrl->i++]; + entry = ctrl->d[ctrl->i++]; free(entry); } do_abort(ctrl); @@ -757,6 +751,18 @@ send_msg(ctrl->sd, "226 Transfer complete.\r\n"); } +static const char *mode2op(int mode) +{ + switch (mode) { + case 0: return "LIST"; + case 1: return "NLST"; + case 2: return "MLST"; + case 3: return "MLSD"; + } + + return "LST?"; +} + static void list(ctrl_t *ctrl, char *arg, int mode) { char *path; @@ -797,6 +803,7 @@ else path = compose_path(ctrl, arg); if (!path) { + INFO("%s: %s: invalid path to %s: %m", ctrl->clientaddr, mode2op(mode), arg); send_msg(ctrl->sd, "550 No such file or directory.\r\n"); return; } @@ -1102,7 +1109,7 @@ path = compose_abspath(ctrl, file); if (!path || stat(path, &st)) { - LOG("%s: Failed opening '%s'. No such file or directory", ctrl->clientaddr, path); + INFO("%s: RETR: invalid path to %s: %m", ctrl->clientaddr, file); send_msg(ctrl->sd, "550 No such file or directory.\r\n"); return; } @@ -1163,6 +1170,7 @@ path = compose_abspath(ctrl, file); if (!path || stat(path, &st) || !S_ISREG(st.st_mode)) { missing: + INFO("MDTM: invalid path to %s: %m", file); send_msg(ctrl->sd, "550 Not a regular file.\r\n"); return; } @@ -1256,7 +1264,7 @@ path = compose_abspath(ctrl, file); if (!path) { - INFO("Invalid path for %s: %m", file); + INFO("STOR: invalid path to %s: %m", file); goto fail; } @@ -1297,7 +1305,7 @@ path = compose_abspath(ctrl, file); if (!path) { - ERR(errno, "Cannot find %s", file); + INFO("DELE: invalid path to %s: %m", file); goto fail; } @@ -1323,7 +1331,7 @@ path = compose_abspath(ctrl, arg); if (!path) { - INFO("Invalid path for %s: %m", arg); + INFO("MKD: invalid path to %s: %m", arg); goto fail; }