Hello community,
here is the log from the commit of package vsftpd for openSUSE:11.3
checked in at Tue Mar 8 13:49:25 CET 2011.
--------
--- old-versions/11.3/all/vsftpd/vsftpd.changes 2010-05-25 15:05:53.000000000
+0200
+++ 11.3/vsftpd/vsftpd.changes 2011-03-08 09:26:34.000000000 +0100
@@ -1,0 +2,5 @@
+Tue Mar 8 08:26:17 UTC 2011 - mvysko...@suse.cz
+
+- fix bnc#676259 - VUL-0: vsftpd DoS
+
+-------------------------------------------------------------------
Package does not exist at destination yet. Using Fallback
old-versions/11.3/all/vsftpd
Destination is old-versions/11.3/UPDATES/all/vsftpd
calling whatdependson for 11.3-i586
New:
----
vsftpd-2.2.2-excessive-cpu-usage.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ vsftpd.spec ++++++
--- /var/tmp/diff_new_pack.llP8CT/_old 2011-03-08 13:49:03.000000000 +0100
+++ /var/tmp/diff_new_pack.llP8CT/_new 2011-03-08 13:49:03.000000000 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package vsftpd (Version 2.2.2)
+# spec file for package vsftpd
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
BuildRequires: libcap-devel
%endif
Version: 2.2.2
-Release: 2
+Release: 3.<RELEASE2>
Summary: Very Secure FTP Daemon - Written from Scratch
License: GPLv2+
Group: Productivity/Networking/Ftp/Servers
@@ -46,6 +46,7 @@
Patch7: %name-2.0.5-enable-debuginfo.patch
Patch8: %name-2.0.5-utf8-log-names.patch
Patch9: %name-2.0.4-conf.diff
+Patch10: vsftpd-2.2.2-excessive-cpu-usage.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: ftp-server
PreReq: %insserv_prereq /usr/sbin/useradd
@@ -71,6 +72,7 @@
%patch7
%patch8 -p1
%patch9
+%patch10 -p1
%build
rm -f dummyinc/sys/capability.h
++++++ vsftpd-2.2.2-excessive-cpu-usage.patch ++++++
Index: vsftpd-2.2.2/access.c
===================================================================
--- vsftpd-2.2.2.orig/access.c 2008-02-02 02:30:41.000000000 +0100
+++ vsftpd-2.2.2/access.c 2011-03-07 15:45:45.043332748 +0100
@@ -16,6 +16,7 @@
vsf_access_check_file(const struct mystr* p_filename_str)
{
static struct mystr s_access_str;
+ unsigned int iters = 0;
if (!tunable_deny_file)
{
@@ -25,7 +26,7 @@
{
str_alloc_text(&s_access_str, tunable_deny_file);
}
- if (vsf_filename_passes_filter(p_filename_str, &s_access_str))
+ if (vsf_filename_passes_filter(p_filename_str, &s_access_str, &iters))
{
return 0;
}
@@ -45,6 +46,7 @@
vsf_access_check_file_visible(const struct mystr* p_filename_str)
{
static struct mystr s_access_str;
+ unsigned int iters = 0;
if (!tunable_hide_file)
{
@@ -54,7 +56,7 @@
{
str_alloc_text(&s_access_str, tunable_hide_file);
}
- if (vsf_filename_passes_filter(p_filename_str, &s_access_str))
+ if (vsf_filename_passes_filter(p_filename_str, &s_access_str, &iters))
{
return 0;
}
Index: vsftpd-2.2.2/defs.h
===================================================================
--- vsftpd-2.2.2.orig/defs.h 2009-01-07 21:22:22.000000000 +0100
+++ vsftpd-2.2.2/defs.h 2011-03-07 15:45:45.044332787 +0100
@@ -10,6 +10,7 @@
#define VSFTP_MAX_COMMAND_LINE 4096
#define VSFTP_DATA_BUFSIZE 65536
#define VSFTP_DIR_BUFSIZE 16384
+#define VSFTP_MATCHITERS_MAX 1000
#define VSFTP_PATH_MAX 4096
#define VSFTP_CONF_FILE_MAX 100000
#define VSFTP_LISTEN_BACKLOG 32
Index: vsftpd-2.2.2/ftpdataio.c
===================================================================
--- vsftpd-2.2.2.orig/ftpdataio.c 2009-10-19 05:23:36.000000000 +0200
+++ vsftpd-2.2.2/ftpdataio.c 2011-03-07 15:45:45.100334985 +0100
@@ -116,7 +116,6 @@
else if (remote_fd == -2)
{
vsf_cmdio_write(p_sess, FTP_BADSENDCONN, "Security: Bad IP connecting.");
- vsf_sysutil_close(remote_fd);
return -1;
}
init_data_sock_params(p_sess, remote_fd);
@@ -364,6 +363,7 @@
if (retval != 0)
{
failed = 1;
+ vsf_sysutil_closedir(p_subdir);
break;
}
retval = transfer_dir_internal(p_sess, is_control, p_subdir, &sub_str,
Index: vsftpd-2.2.2/ls.c
===================================================================
--- vsftpd-2.2.2.orig/ls.c 2009-10-19 05:22:57.000000000 +0200
+++ vsftpd-2.2.2/ls.c 2011-03-07 15:45:45.116335613 +0100
@@ -9,6 +9,7 @@
#include "ls.h"
#include "access.h"
+#include "defs.h"
#include "str.h"
#include "strlist.h"
#include "sysstr.h"
@@ -118,7 +119,9 @@
/* If we have an ls option which is a filter, apply it */
if (!str_isempty(p_filter_str))
{
- if (!vsf_filename_passes_filter(&s_next_filename_str, p_filter_str))
+ unsigned int iters = 0;
+ if (!vsf_filename_passes_filter(&s_next_filename_str, p_filter_str,
+ &iters))
{
continue;
}
@@ -217,7 +220,8 @@
int
vsf_filename_passes_filter(const struct mystr* p_filename_str,
- const struct mystr* p_filter_str)
+ const struct mystr* p_filter_str,
+ unsigned int* iters)
{
/* A simple routine to match a filename against a pattern.
* This routine is used instead of e.g. fnmatch(3), because we should be
@@ -244,12 +248,13 @@
str_copy(&filter_remain_str, p_filter_str);
str_copy(&name_remain_str, p_filename_str);
- while (!str_isempty(&filter_remain_str))
+ while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
{
static struct mystr s_match_needed_str;
/* Locate next special token */
struct str_locate_result locate_result =
str_locate_chars(&filter_remain_str, "*?{");
+ (*iters)++;
/* Isolate text leading up to token (if any) - needs to be matched */
if (locate_result.found)
{
@@ -313,7 +318,8 @@
{
str_copy(&new_filter_str, &brace_list_str);
str_append_str(&new_filter_str, &filter_remain_str);
- if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str))
+ if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str,
+ iters))
{
ret = 1;
goto out;
@@ -349,6 +355,9 @@
}
/* OK, a match */
ret = 1;
+ if (*iters == VSFTP_MATCHITERS_MAX) {
+ ret = 0;
+ }
out:
str_free(&filter_remain_str);
str_free(&name_remain_str);
Index: vsftpd-2.2.2/ls.h
===================================================================
--- vsftpd-2.2.2.orig/ls.h 2008-02-02 02:30:41.000000000 +0100
+++ vsftpd-2.2.2/ls.h 2011-03-07 15:45:45.198338829 +0100
@@ -35,11 +35,14 @@
* PARAMETERS
* p_filename_str - the filename to match
* p_filter_str - the filter to match against
+ * iters - pointer to a zero-seeded int which prevents the match
+ * loop from running an excessive number of times
* RETURNS
* Returns 1 if there is a match, 0 otherwise.
*/
int vsf_filename_passes_filter(const struct mystr* p_filename_str,
- const struct mystr* p_filter_str);
+ const struct mystr* p_filter_str,
+ unsigned int* iters);
#endif /* VSF_LS_H */
Index: vsftpd-2.2.2/sysutil.c
===================================================================
--- vsftpd-2.2.2.orig/sysutil.c 2009-11-12 03:03:19.000000000 +0100
+++ vsftpd-2.2.2/sysutil.c 2011-03-07 15:45:45.216339534 +0100
@@ -2003,7 +2003,7 @@
static struct vsf_sysutil_sockaddr* s_p_sockaddr;
vsf_sysutil_sockaddr_alloc_ipv4(&s_p_sockaddr);
vsf_sysutil_memcpy(&s_p_sockaddr->u.u_sockaddr_in.sin_addr, p_raw,
- sizeof(&s_p_sockaddr->u.u_sockaddr_in.sin_addr));
+ sizeof(s_p_sockaddr->u.u_sockaddr_in.sin_addr));
vsf_sysutil_memcpy(&p_sockptr->u.u_sockaddr_in6.sin6_addr,
vsf_sysutil_sockaddr_ipv4_v6(s_p_sockaddr),
sizeof(p_sockptr->u.u_sockaddr_in6.sin6_addr));
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
