Re: [squid-dev] [PATCH] Segfault via Ftp::Client::readControlReply.
On 12/11/2016 5:36 a.m., Christos Tsantilas wrote: > The patch applied to trunk as r14936 and r14937. > I am attaching a patch for squid-3.5 release. > This was applied in the 3.5.23 release as rev.14115 to fix bug 4004. Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
Re: [squid-dev] [PATCH] Segfault via Ftp::Client::readControlReply.
On 11/11/2016 06:36 PM, Christos Tsantilas wrote: The patch applied to trunk as r14936 and r14937. I mean applied to "squid-5". I am attaching a patch for squid-3.5 release. On 11/11/2016 07:37 AM, Amos Jeffries wrote: On 11/11/2016 6:03 a.m., Christos Tsantilas wrote: Added nil dereference checks for Ftp::Client::ctrl.conn, including: - Ftp::Client::handlePasvReply() and handleEpsvReply() that dereference ctrl.conn in DBG_IMPORTANT messages. - Many functions inside FtpClient.cc and FtpGateway.cc files. TODO: We need to find a better way to handle nil ctrl.conn. It is only a matter of time when we forget to add another dereference check or discover a place we missed during this change. Also disabled forwarding of EPRT and PORT commands to origin servers. Squid support for those commands is broken and their forwarding may cause segfaults (bug #4004). Active FTP is still supported, of course. This is a Measurement Factory project. in ftpReadPasv() - please leave the ftpSendEPRT where it was (but comment out). As-is this will just add a new Coverity issue about dead/unreachable code. in completeForwarding() - sic you are changing the debugs line please polish it all up to remove the HERE - also s/completeForwarding avoids /avoid / +1 with the above polish. pPS. please remember to apply on the squid-5 branchnow, not trunk or v4. Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
Re: [squid-dev] [PATCH] Segfault via Ftp::Client::readControlReply.
The patch applied to trunk as r14936 and r14937. I am attaching a patch for squid-3.5 release. On 11/11/2016 07:37 AM, Amos Jeffries wrote: On 11/11/2016 6:03 a.m., Christos Tsantilas wrote: Added nil dereference checks for Ftp::Client::ctrl.conn, including: - Ftp::Client::handlePasvReply() and handleEpsvReply() that dereference ctrl.conn in DBG_IMPORTANT messages. - Many functions inside FtpClient.cc and FtpGateway.cc files. TODO: We need to find a better way to handle nil ctrl.conn. It is only a matter of time when we forget to add another dereference check or discover a place we missed during this change. Also disabled forwarding of EPRT and PORT commands to origin servers. Squid support for those commands is broken and their forwarding may cause segfaults (bug #4004). Active FTP is still supported, of course. This is a Measurement Factory project. in ftpReadPasv() - please leave the ftpSendEPRT where it was (but comment out). As-is this will just add a new Coverity issue about dead/unreachable code. in completeForwarding() - sic you are changing the debugs line please polish it all up to remove the HERE - also s/completeForwarding avoids /avoid / +1 with the above polish. pPS. please remember to apply on the squid-5 branchnow, not trunk or v4. Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev Segfault via Ftp::Client::readControlReply. Added nil dereference checks for Ftp::Client::ctrl.conn, including: - Ftp::Client::handlePasvReply() and handleEpsvReply() that dereference ctrl.conn in DBG_IMPORTANT messages. - Many functions inside FtpClient.cc and FtpGateway.cc files. TODO: We need to find a better way to handle nil ctrl.conn. It is only a matter of time when we forget to add another dereference check or discover a place we missed during this change. Also disabled forwarding of EPRT and PORT commands to origin servers. Squid support for those commands is broken and their forwarding may cause segfaults (bug #4004). Active FTP is still supported, of course. This is a Measurement Factory project. === modified file 'src/clients/FtpClient.cc' --- src/clients/FtpClient.cc 2016-07-27 09:44:39 + +++ src/clients/FtpClient.cc 2016-11-11 16:19:47 + @@ -425,71 +425,81 @@ if (ctrl.offset == bytes_used) { /* used it all up */ ctrl.offset = 0; } else { /* Got some data past the complete reply */ assert(bytes_used < ctrl.offset); ctrl.offset -= bytes_used; memmove(ctrl.buf, ctrl.buf + bytes_used, ctrl.offset); } debugs(9, 3, "state=" << state << ", code=" << ctrl.replycode); } bool Ftp::Client::handlePasvReply(Ip::Address ) { int code = ctrl.replycode; char *buf; debugs(9, 3, status()); +if (!Comm::IsConnOpen(ctrl.conn)) { +debugs(9, 5, "The control connection to the remote end is closed"); +return false; +} + if (code != 227) { debugs(9, 2, "PASV not supported by remote end"); return false; } /* 227 Entering Passive Mode (h1,h2,h3,h4,p1,p2). */ /* ANSI sez [^0-9] is undefined, it breaks on Watcom cc */ debugs(9, 5, "scanning: " << ctrl.last_reply); buf = ctrl.last_reply + strcspn(ctrl.last_reply, "0123456789"); const char *forceIp = Config.Ftp.sanitycheck ? fd_table[ctrl.conn->fd].ipaddr : NULL; if (!Ftp::ParseIpPort(buf, forceIp, srvAddr)) { debugs(9, DBG_IMPORTANT, "Unsafe PASV reply from " << ctrl.conn->remote << ": " << ctrl.last_reply); return false; } data.addr(srvAddr); return true; } bool Ftp::Client::handleEpsvReply(Ip::Address ) { int code = ctrl.replycode; char *buf; debugs(9, 3, status()); +if (!Comm::IsConnOpen(ctrl.conn)) { +debugs(9, 5, "The control connection to the remote end is closed"); +return false; +} + if (code != 229 && code != 522) { if (code == 200) { /* handle broken servers (RFC 2428 says OK code for EPSV MUST be 229 not 200) */ /* vsftpd for one send '200 EPSV ALL ok.' without even port info. * Its okay to re-send EPSV 1/2 but nothing else. */ debugs(9, DBG_IMPORTANT, "Broken FTP Server at " << ctrl.conn->remote << ". Wrong accept code for EPSV"); } else { debugs(9, 2, "EPSV not supported by remote end"); } return sendPassive(); } if (code == 522) { /* Peer responded with a list of supported methods: * 522 Network protocol not supported, use (1) * 522 Network protocol not supported, use (1,2) * 522 Network protocol not supported, use (2) * TODO: Handle the (1,2) case which may happen after EPSV ALL. Close * data + control without self-destructing and
Re: [squid-dev] [PATCH] Segfault via Ftp::Client::readControlReply.
On 11/11/2016 6:03 a.m., Christos Tsantilas wrote: > > Added nil dereference checks for Ftp::Client::ctrl.conn, including: > - Ftp::Client::handlePasvReply() and handleEpsvReply() that dereference > ctrl.conn in DBG_IMPORTANT messages. > - Many functions inside FtpClient.cc and FtpGateway.cc files. > > TODO: We need to find a better way to handle nil ctrl.conn. It is only a > matter of time when we forget to add another dereference check or > discover a place we missed during this change. > > Also disabled forwarding of EPRT and PORT commands to origin servers. > Squid support for those commands is broken and their forwarding may > cause segfaults (bug #4004). Active FTP is still supported, of course. > > This is a Measurement Factory project. in ftpReadPasv() - please leave the ftpSendEPRT where it was (but comment out). As-is this will just add a new Coverity issue about dead/unreachable code. in completeForwarding() - sic you are changing the debugs line please polish it all up to remove the HERE - also s/completeForwarding avoids /avoid / +1 with the above polish. pPS. please remember to apply on the squid-5 branchnow, not trunk or v4. Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
[squid-dev] [PATCH] Segfault via Ftp::Client::readControlReply.
Added nil dereference checks for Ftp::Client::ctrl.conn, including: - Ftp::Client::handlePasvReply() and handleEpsvReply() that dereference ctrl.conn in DBG_IMPORTANT messages. - Many functions inside FtpClient.cc and FtpGateway.cc files. TODO: We need to find a better way to handle nil ctrl.conn. It is only a matter of time when we forget to add another dereference check or discover a place we missed during this change. Also disabled forwarding of EPRT and PORT commands to origin servers. Squid support for those commands is broken and their forwarding may cause segfaults (bug #4004). Active FTP is still supported, of course. This is a Measurement Factory project. Segfault via Ftp::Client::readControlReply. Added nil dereference checks for Ftp::Client::ctrl.conn, including: - Ftp::Client::handlePasvReply() and handleEpsvReply() that dereference ctrl.conn in DBG_IMPORTANT messages. - Many functions inside FtpClient.cc and FtpGateway.cc files. TODO: We need to find a better way to handle nil ctrl.conn. It is only a matter of time when we forget to add another dereference check or discover a place we missed during this change. Also disabled forwarding of EPRT and PORT commands to origin servers. Squid support for those commands is broken and their forwarding may cause segfaults (bug #4004). Active FTP is still supported, of course. This is a Measurement Factory project. === modified file 'src/clients/FtpClient.cc' --- src/clients/FtpClient.cc 2016-07-27 08:18:03 + +++ src/clients/FtpClient.cc 2016-11-10 16:17:11 + @@ -425,71 +425,81 @@ if (ctrl.offset == bytes_used) { /* used it all up */ ctrl.offset = 0; } else { /* Got some data past the complete reply */ assert(bytes_used < ctrl.offset); ctrl.offset -= bytes_used; memmove(ctrl.buf, ctrl.buf + bytes_used, ctrl.offset); } debugs(9, 3, "state=" << state << ", code=" << ctrl.replycode); } bool Ftp::Client::handlePasvReply(Ip::Address ) { int code = ctrl.replycode; char *buf; debugs(9, 3, status()); +if (!Comm::IsConnOpen(ctrl.conn)) { +debugs(9, 5, "The control connection to the remote end is closed"); +return false; +} + if (code != 227) { debugs(9, 2, "PASV not supported by remote end"); return false; } /* 227 Entering Passive Mode (h1,h2,h3,h4,p1,p2). */ /* ANSI sez [^0-9] is undefined, it breaks on Watcom cc */ debugs(9, 5, "scanning: " << ctrl.last_reply); buf = ctrl.last_reply + strcspn(ctrl.last_reply, "0123456789"); const char *forceIp = Config.Ftp.sanitycheck ? fd_table[ctrl.conn->fd].ipaddr : NULL; if (!Ftp::ParseIpPort(buf, forceIp, srvAddr)) { debugs(9, DBG_IMPORTANT, "Unsafe PASV reply from " << ctrl.conn->remote << ": " << ctrl.last_reply); return false; } data.addr(srvAddr); return true; } bool Ftp::Client::handleEpsvReply(Ip::Address ) { int code = ctrl.replycode; char *buf; debugs(9, 3, status()); +if (!Comm::IsConnOpen(ctrl.conn)) { +debugs(9, 5, "The control connection to the remote end is closed"); +return false; +} + if (code != 229 && code != 522) { if (code == 200) { /* handle broken servers (RFC 2428 says OK code for EPSV MUST be 229 not 200) */ /* vsftpd for one send '200 EPSV ALL ok.' without even port info. * Its okay to re-send EPSV 1/2 but nothing else. */ debugs(9, DBG_IMPORTANT, "Broken FTP Server at " << ctrl.conn->remote << ". Wrong accept code for EPSV"); } else { debugs(9, 2, "EPSV not supported by remote end"); } return sendPassive(); } if (code == 522) { /* Peer responded with a list of supported methods: * 522 Network protocol not supported, use (1) * 522 Network protocol not supported, use (1,2) * 522 Network protocol not supported, use (2) * TODO: Handle the (1,2) case which may happen after EPSV ALL. Close * data + control without self-destructing and re-open from scratch. */ @@ -718,40 +728,45 @@ } } break; } } if (ctrl.message) wordlistDestroy(); ctrl.message = NULL; //No message to return to client. ctrl.offset = 0; //reset readed response, to make room read the next response writeCommand(mb.content()); shortenReadTimeout = true; return true; } void Ftp::Client::connectDataChannel() { +if (!Comm::IsConnOpen(ctrl.conn)) { +debugs(9, 5, "The control connection to the remote end is closed"); +return; +} + safe_free(ctrl.last_command); safe_free(ctrl.last_reply); ctrl.last_command = xstrdup("Connect to server data port"); // Generate a new data channel