CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 17:28:58 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: version.h Log Message: Pull up following revision(s) (requested by lukem in ticket #390): libexec/ftpd/version.h: revision 1.80 NetBSD-ftpd 20230930 Update version to "NetBSD-ftpd 20230930" for changes: - fix uninitialized memory usage in count_users() - fix pam_set_item call with proper struct passed as PAM_SOCKADDR To generate a diff of this commit: cvs rdiff -u -r1.77.6.1 -r1.77.6.2 src/libexec/ftpd/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/ftpd/version.h diff -u src/libexec/ftpd/version.h:1.77.6.1 src/libexec/ftpd/version.h:1.77.6.2 --- src/libexec/ftpd/version.h:1.77.6.1 Mon Oct 2 13:45:42 2023 +++ src/libexec/ftpd/version.h Mon Oct 2 17:28:58 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: version.h,v 1.77.6.1 2023/10/02 13:45:42 martin Exp $ */ +/* $NetBSD: version.h,v 1.77.6.2 2023/10/02 17:28:58 martin Exp $ */ /*- * Copyright (c) 1999-2023 The NetBSD Foundation, Inc. * All rights reserved. @@ -29,5 +29,5 @@ */ #ifndef FTPD_VERSION -#define FTPD_VERSION "NetBSD-ftpd 20230902" +#define FTPD_VERSION "NetBSD-ftpd 20230930" #endif
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 17:28:58 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: version.h Log Message: Pull up following revision(s) (requested by lukem in ticket #390): libexec/ftpd/version.h: revision 1.80 NetBSD-ftpd 20230930 Update version to "NetBSD-ftpd 20230930" for changes: - fix uninitialized memory usage in count_users() - fix pam_set_item call with proper struct passed as PAM_SOCKADDR To generate a diff of this commit: cvs rdiff -u -r1.77.6.1 -r1.77.6.2 src/libexec/ftpd/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 17:24:44 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: ftpd.c Log Message: Pull up following revision(s) (requested by lukem in ticket #389): libexec/ftpd/ftpd.c: revision 1.208 pam_set_item PAM_SOCKADDR expects sockaddr_storage structure Instead, internal struct sockinet was used. Because it's length is shorter than sockaddr_storage, libpam was copying also memory outside of sockinet struct. To generate a diff of this commit: cvs rdiff -u -r1.206.2.1 -r1.206.2.2 src/libexec/ftpd/ftpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/ftpd/ftpd.c diff -u src/libexec/ftpd/ftpd.c:1.206.2.1 src/libexec/ftpd/ftpd.c:1.206.2.2 --- src/libexec/ftpd/ftpd.c:1.206.2.1 Mon Oct 2 13:45:42 2023 +++ src/libexec/ftpd/ftpd.c Mon Oct 2 17:24:44 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: ftpd.c,v 1.206.2.1 2023/10/02 13:45:42 martin Exp $ */ +/* $NetBSD: ftpd.c,v 1.206.2.2 2023/10/02 17:24:44 martin Exp $ */ /* * Copyright (c) 1997-2023 The NetBSD Foundation, Inc. @@ -97,7 +97,7 @@ __COPYRIGHT("@(#) Copyright (c) 1985, 19 #if 0 static char sccsid[] = "@(#)ftpd.c 8.5 (Berkeley) 4/28/95"; #else -__RCSID("$NetBSD: ftpd.c,v 1.206.2.1 2023/10/02 13:45:42 martin Exp $"); +__RCSID("$NetBSD: ftpd.c,v 1.206.2.2 2023/10/02 17:24:44 martin Exp $"); #endif #endif /* not lint */ @@ -3896,6 +3896,7 @@ auth_pam(void) int e; ftpd_cred_t auth_cred = { curname, 0 }; struct pam_conv conv = { _conv, _cred }; + struct sockaddr_storage ss; e = pam_start("ftpd", curname, , ); if (e != PAM_SUCCESS) { @@ -3918,7 +3919,9 @@ auth_pam(void) return -1; } - e = pam_set_item(pamh, PAM_SOCKADDR, _addr); + memset(, 0, sizeof(ss)); + memcpy(, _addr.si_su, his_addr.su_len); + e = pam_set_item(pamh, PAM_SOCKADDR, ); if (e != PAM_SUCCESS) { syslog(LOG_ERR, "pam_set_item(PAM_SOCKADDR): %s", pam_strerror(pamh, e));
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 17:24:44 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: ftpd.c Log Message: Pull up following revision(s) (requested by lukem in ticket #389): libexec/ftpd/ftpd.c: revision 1.208 pam_set_item PAM_SOCKADDR expects sockaddr_storage structure Instead, internal struct sockinet was used. Because it's length is shorter than sockaddr_storage, libpam was copying also memory outside of sockinet struct. To generate a diff of this commit: cvs rdiff -u -r1.206.2.1 -r1.206.2.2 src/libexec/ftpd/ftpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 17:21:07 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: conf.c Log Message: Pull up following revision(s) (requested by lukem in ticket #388): libexec/ftpd/conf.c: revision 1.65 Fix uninitialized memory usage in count_users() If the file was previously empty, pids table is not set, the code however used pids[0] which is uninitialized in this case. In some scenarios it may lead to propagate garbage value from pids[0] to the file and cause writing outside of allocated memory. OK lukem@ To generate a diff of this commit: cvs rdiff -u -r1.64 -r1.64.40.1 src/libexec/ftpd/conf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/ftpd/conf.c diff -u src/libexec/ftpd/conf.c:1.64 src/libexec/ftpd/conf.c:1.64.40.1 --- src/libexec/ftpd/conf.c:1.64 Sun Nov 4 20:46:46 2012 +++ src/libexec/ftpd/conf.c Mon Oct 2 17:21:07 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: conf.c,v 1.64 2012/11/04 20:46:46 christos Exp $ */ +/* $NetBSD: conf.c,v 1.64.40.1 2023/10/02 17:21:07 martin Exp $ */ /*- * Copyright (c) 1997-2009 The NetBSD Foundation, Inc. @@ -31,7 +31,7 @@ #include #ifndef lint -__RCSID("$NetBSD: conf.c,v 1.64 2012/11/04 20:46:46 christos Exp $"); +__RCSID("$NetBSD: conf.c,v 1.64.40.1 2023/10/02 17:21:07 martin Exp $"); #endif /* not lint */ #include @@ -909,7 +909,7 @@ count_users(void) goto cleanup_count; if (fstat(fd, ) == -1) goto cleanup_count; - if ((pids = malloc(sb.st_size + sizeof(pid_t))) == NULL) + if ((pids = calloc(sb.st_size + sizeof(pid_t), 1)) == NULL) goto cleanup_count; /* XXX: implement a better read loop */ scount = read(fd, pids, sb.st_size);
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 17:21:07 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: conf.c Log Message: Pull up following revision(s) (requested by lukem in ticket #388): libexec/ftpd/conf.c: revision 1.65 Fix uninitialized memory usage in count_users() If the file was previously empty, pids table is not set, the code however used pids[0] which is uninitialized in this case. In some scenarios it may lead to propagate garbage value from pids[0] to the file and cause writing outside of allocated memory. OK lukem@ To generate a diff of this commit: cvs rdiff -u -r1.64 -r1.64.40.1 src/libexec/ftpd/conf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 17:15:34 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: ftpcmd.y Log Message: Pull up following revision(s) (requested by lukem in ticket #386): libexec/ftpd/ftpcmd.y: revision 1.95 Add missing check_login checks for MLST and MLSD To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.94.26.1 src/libexec/ftpd/ftpcmd.y Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/ftpd/ftpcmd.y diff -u src/libexec/ftpd/ftpcmd.y:1.94 src/libexec/ftpd/ftpcmd.y:1.94.26.1 --- src/libexec/ftpd/ftpcmd.y:1.94 Mon Aug 10 07:45:50 2015 +++ src/libexec/ftpd/ftpcmd.y Mon Oct 2 17:15:33 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: ftpcmd.y,v 1.94 2015/08/10 07:45:50 shm Exp $ */ +/* $NetBSD: ftpcmd.y,v 1.94.26.1 2023/10/02 17:15:33 martin Exp $ */ /*- * Copyright (c) 1997-2009 The NetBSD Foundation, Inc. @@ -72,7 +72,7 @@ #if 0 static char sccsid[] = "@(#)ftpcmd.y 8.3 (Berkeley) 4/6/94"; #else -__RCSID("$NetBSD: ftpcmd.y,v 1.94 2015/08/10 07:45:50 shm Exp $"); +__RCSID("$NetBSD: ftpcmd.y,v 1.94.26.1 2023/10/02 17:15:33 martin Exp $"); #endif #endif /* not lint */ @@ -855,7 +855,8 @@ cmd | MLST check_login CRLF { - mlst(NULL); + if ($2) +mlst(NULL); } | MLSD check_login SP pathname CRLF @@ -868,7 +869,8 @@ cmd | MLSD check_login CRLF { - mlsd(NULL); + if ($2) +mlsd(NULL); } | error CRLF
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 17:15:34 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: ftpcmd.y Log Message: Pull up following revision(s) (requested by lukem in ticket #386): libexec/ftpd/ftpcmd.y: revision 1.95 Add missing check_login checks for MLST and MLSD To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.94.26.1 src/libexec/ftpd/ftpcmd.y Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 13:45:42 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: ftpd.c version.h Log Message: Pull up following revision(s) (requested by lukem in ticket #385): libexec/ftpd/ftpd.c: revision 1.207 libexec/ftpd/version.h: revision 1.78 ftpd: improve seteuid error handling Handle seteuid() failures. Per suggestion by Simon Josefsson. Consistent logging and fatal exit if uid/gid switching fails. Log correct errno if dataconn() fails. To generate a diff of this commit: cvs rdiff -u -r1.206 -r1.206.2.1 src/libexec/ftpd/ftpd.c cvs rdiff -u -r1.77 -r1.77.6.1 src/libexec/ftpd/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 13:45:42 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: ftpd.c version.h Log Message: Pull up following revision(s) (requested by lukem in ticket #385): libexec/ftpd/ftpd.c: revision 1.207 libexec/ftpd/version.h: revision 1.78 ftpd: improve seteuid error handling Handle seteuid() failures. Per suggestion by Simon Josefsson. Consistent logging and fatal exit if uid/gid switching fails. Log correct errno if dataconn() fails. To generate a diff of this commit: cvs rdiff -u -r1.206 -r1.206.2.1 src/libexec/ftpd/ftpd.c cvs rdiff -u -r1.77 -r1.77.6.1 src/libexec/ftpd/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/ftpd/ftpd.c diff -u src/libexec/ftpd/ftpd.c:1.206 src/libexec/ftpd/ftpd.c:1.206.2.1 --- src/libexec/ftpd/ftpd.c:1.206 Sat Jul 3 14:59:49 2021 +++ src/libexec/ftpd/ftpd.c Mon Oct 2 13:45:42 2023 @@ -1,7 +1,7 @@ -/* $NetBSD: ftpd.c,v 1.206 2021/07/03 14:59:49 christos Exp $ */ +/* $NetBSD: ftpd.c,v 1.206.2.1 2023/10/02 13:45:42 martin Exp $ */ /* - * Copyright (c) 1997-2009 The NetBSD Foundation, Inc. + * Copyright (c) 1997-2023 The NetBSD Foundation, Inc. * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation @@ -97,7 +97,7 @@ __COPYRIGHT("@(#) Copyright (c) 1985, 19 #if 0 static char sccsid[] = "@(#)ftpd.c 8.5 (Berkeley) 4/28/95"; #else -__RCSID("$NetBSD: ftpd.c,v 1.206 2021/07/03 14:59:49 christos Exp $"); +__RCSID("$NetBSD: ftpd.c,v 1.206.2.1 2023/10/02 13:45:42 martin Exp $"); #endif #endif /* not lint */ @@ -1300,7 +1300,12 @@ end_login(void) quietmessages = 0; gidcount = 0; curclass.type = CLASS_REAL; - (void) seteuid((uid_t)0); + if (!dropprivs) { + if (seteuid((uid_t)0) < 0) { + syslog(LOG_NOTICE, "end_login: can't seteuid 0: %m"); + fatal("Can't reset privileges."); + } + } #ifdef LOGIN_CAP setusercontext(NULL, getpwuid(0), 0, LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK); @@ -1441,8 +1446,8 @@ do_pass(int pass_checked, int pass_rval, login_attempts = 0; /* this time successful */ if (setegid((gid_t)pw->pw_gid) < 0) { - reply(550, "Can't set gid."); - goto bad; + syslog(LOG_NOTICE, "user %s: can't setegid: %m", pw->pw_name); + fatal("Can't drop privileges."); } #ifdef LOGIN_CAP if ((lc = login_getpwclass(pw)) != NULL) { @@ -1615,17 +1620,17 @@ do_pass(int pass_checked, int pass_rval, ntohs(ctrl_addr.su_port) > IPPORT_RESERVED + 1)) { dropprivs++; if (setgid((gid_t)pw->pw_gid) < 0) { - reply(550, "Can't set gid."); - goto bad_perms; + syslog(LOG_NOTICE, "user %s: can't setgid: %m", pw->pw_name); + fatal("Can't drop privileges."); } if (setuid((uid_t)pw->pw_uid) < 0) { - reply(550, "Can't set uid."); - goto bad_perms; + syslog(LOG_NOTICE, "user %s: can't setuid: %m", pw->pw_name); + fatal("Can't drop privileges."); } } else { if (seteuid((uid_t)pw->pw_uid) < 0) { - reply(550, "Can't set uid."); - goto bad_perms; + syslog(LOG_NOTICE, "user %s: can't seteuid: %m", pw->pw_name); + fatal("Can't drop privileges."); } } setenv("HOME", homedir, 1); @@ -1684,11 +1689,6 @@ do_pass(int pass_checked, int pass_rval, #endif /* Forget all about it... */ end_login(); - return; - -bad_perms: - syslog(LOG_NOTICE, "user %s: can't setuid/gid: %m", pw->pw_name); - fatal("Can't drop privileges."); } void @@ -1924,8 +1924,12 @@ getdatasock(const char *fmode) on = 1; if (data >= 0) return (fdopen(data, fmode)); - if (! dropprivs) - (void) seteuid((uid_t)0); + if (! dropprivs) { + if (seteuid((uid_t)0) < 0) { + syslog(LOG_NOTICE, "getdatasock: can't seteuid 0: %m"); + fatal("Can't reset privileges."); + } + } s = socket(ctrl_addr.su_family, SOCK_STREAM, 0); if (s < 0) goto bad; @@ -1960,8 +1964,12 @@ getdatasock(const char *fmode) goto bad; sleep(tries); } - if (! dropprivs) - (void) seteuid((uid_t)pw->pw_uid); + if (! dropprivs) { + if (seteuid((uid_t)pw->pw_uid) < 0) { + syslog(LOG_NOTICE, "user %s: can't seteuid: %m", pw->pw_name); + fatal("Can't drop privileges."); + } + } #ifdef IP_TOS if (!mapped && ctrl_addr.su_family == AF_INET) { on = IPTOS_THROUGHPUT; @@ -1974,8 +1982,12 @@ getdatasock(const char *fmode) bad: /* Return the real value of errno (close may change it) */ t = errno; - if (! dropprivs) - (void) seteuid((uid_t)pw->pw_uid); + if (! dropprivs) { + if (seteuid((uid_t)pw->pw_uid) < 0) { + syslog(LOG_NOTICE, "user %s: can't seteuid: %m", pw->pw_name); + fatal("Can't drop privileges."); + } + } if (s >= 0) (void) close(s); errno = t; @@ -2048,13 +2060,13 @@ dataconn(const char *name, off_t size, c if (file == NULL) { char hbuf[NI_MAXHOST]; char pbuf[NI_MAXSERV]; - + conerrno = errno; if (getnameinfo((struct sockaddr *)_source.si_su,