CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 17:28:58 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: version.h Log Message: Pull up following revision(s) (requested by lukem in ticket #390): libexec/ftpd/version.h: revision 1.80 NetBSD-ftpd 20230930 Update version to "NetBSD-ftpd 20230930" for changes: - fix uninitialized memory usage in count_users() - fix pam_set_item call with proper struct passed as PAM_SOCKADDR To generate a diff of this commit: cvs rdiff -u -r1.77.6.1 -r1.77.6.2 src/libexec/ftpd/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/ftpd/version.h diff -u src/libexec/ftpd/version.h:1.77.6.1 src/libexec/ftpd/version.h:1.77.6.2 --- src/libexec/ftpd/version.h:1.77.6.1 Mon Oct 2 13:45:42 2023 +++ src/libexec/ftpd/version.h Mon Oct 2 17:28:58 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: version.h,v 1.77.6.1 2023/10/02 13:45:42 martin Exp $ */ +/* $NetBSD: version.h,v 1.77.6.2 2023/10/02 17:28:58 martin Exp $ */ /*- * Copyright (c) 1999-2023 The NetBSD Foundation, Inc. * All rights reserved. @@ -29,5 +29,5 @@ */ #ifndef FTPD_VERSION -#define FTPD_VERSION "NetBSD-ftpd 20230902" +#define FTPD_VERSION "NetBSD-ftpd 20230930" #endif
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 17:28:58 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: version.h Log Message: Pull up following revision(s) (requested by lukem in ticket #390): libexec/ftpd/version.h: revision 1.80 NetBSD-ftpd 20230930 Update version to "NetBSD-ftpd 20230930" for changes: - fix uninitialized memory usage in count_users() - fix pam_set_item call with proper struct passed as PAM_SOCKADDR To generate a diff of this commit: cvs rdiff -u -r1.77.6.1 -r1.77.6.2 src/libexec/ftpd/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src
Committed By: martin
Date: Mon Oct 2 17:24:44 UTC 2023
Modified Files:
src/libexec/ftpd [netbsd-10]: ftpd.c
Log Message:
Pull up following revision(s) (requested by lukem in ticket #389):
libexec/ftpd/ftpd.c: revision 1.208
pam_set_item PAM_SOCKADDR expects sockaddr_storage structure
Instead, internal struct sockinet was used. Because it's length is shorter
than sockaddr_storage, libpam was copying also memory outside of sockinet
struct.
To generate a diff of this commit:
cvs rdiff -u -r1.206.2.1 -r1.206.2.2 src/libexec/ftpd/ftpd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/ftpd/ftpd.c
diff -u src/libexec/ftpd/ftpd.c:1.206.2.1 src/libexec/ftpd/ftpd.c:1.206.2.2
--- src/libexec/ftpd/ftpd.c:1.206.2.1 Mon Oct 2 13:45:42 2023
+++ src/libexec/ftpd/ftpd.c Mon Oct 2 17:24:44 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: ftpd.c,v 1.206.2.1 2023/10/02 13:45:42 martin Exp $ */
+/* $NetBSD: ftpd.c,v 1.206.2.2 2023/10/02 17:24:44 martin Exp $ */
/*
* Copyright (c) 1997-2023 The NetBSD Foundation, Inc.
@@ -97,7 +97,7 @@ __COPYRIGHT("@(#) Copyright (c) 1985, 19
#if 0
static char sccsid[] = "@(#)ftpd.c 8.5 (Berkeley) 4/28/95";
#else
-__RCSID("$NetBSD: ftpd.c,v 1.206.2.1 2023/10/02 13:45:42 martin Exp $");
+__RCSID("$NetBSD: ftpd.c,v 1.206.2.2 2023/10/02 17:24:44 martin Exp $");
#endif
#endif /* not lint */
@@ -3896,6 +3896,7 @@ auth_pam(void)
int e;
ftpd_cred_t auth_cred = { curname, 0 };
struct pam_conv conv = { _conv, _cred };
+ struct sockaddr_storage ss;
e = pam_start("ftpd", curname, , );
if (e != PAM_SUCCESS) {
@@ -3918,7 +3919,9 @@ auth_pam(void)
return -1;
}
- e = pam_set_item(pamh, PAM_SOCKADDR, _addr);
+ memset(, 0, sizeof(ss));
+ memcpy(, _addr.si_su, his_addr.su_len);
+ e = pam_set_item(pamh, PAM_SOCKADDR, );
if (e != PAM_SUCCESS) {
syslog(LOG_ERR, "pam_set_item(PAM_SOCKADDR): %s",
pam_strerror(pamh, e));
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 17:24:44 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: ftpd.c Log Message: Pull up following revision(s) (requested by lukem in ticket #389): libexec/ftpd/ftpd.c: revision 1.208 pam_set_item PAM_SOCKADDR expects sockaddr_storage structure Instead, internal struct sockinet was used. Because it's length is shorter than sockaddr_storage, libpam was copying also memory outside of sockinet struct. To generate a diff of this commit: cvs rdiff -u -r1.206.2.1 -r1.206.2.2 src/libexec/ftpd/ftpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src
Committed By: martin
Date: Mon Oct 2 17:21:07 UTC 2023
Modified Files:
src/libexec/ftpd [netbsd-10]: conf.c
Log Message:
Pull up following revision(s) (requested by lukem in ticket #388):
libexec/ftpd/conf.c: revision 1.65
Fix uninitialized memory usage in count_users()
If the file was previously empty, pids table is not set, the code however used
pids[0] which is uninitialized in this case. In some scenarios it may lead to
propagate garbage value from pids[0] to the file and cause writing outside of
allocated memory.
OK lukem@
To generate a diff of this commit:
cvs rdiff -u -r1.64 -r1.64.40.1 src/libexec/ftpd/conf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/ftpd/conf.c
diff -u src/libexec/ftpd/conf.c:1.64 src/libexec/ftpd/conf.c:1.64.40.1
--- src/libexec/ftpd/conf.c:1.64 Sun Nov 4 20:46:46 2012
+++ src/libexec/ftpd/conf.c Mon Oct 2 17:21:07 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: conf.c,v 1.64 2012/11/04 20:46:46 christos Exp $ */
+/* $NetBSD: conf.c,v 1.64.40.1 2023/10/02 17:21:07 martin Exp $ */
/*-
* Copyright (c) 1997-2009 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
#include
#ifndef lint
-__RCSID("$NetBSD: conf.c,v 1.64 2012/11/04 20:46:46 christos Exp $");
+__RCSID("$NetBSD: conf.c,v 1.64.40.1 2023/10/02 17:21:07 martin Exp $");
#endif /* not lint */
#include
@@ -909,7 +909,7 @@ count_users(void)
goto cleanup_count;
if (fstat(fd, ) == -1)
goto cleanup_count;
- if ((pids = malloc(sb.st_size + sizeof(pid_t))) == NULL)
+ if ((pids = calloc(sb.st_size + sizeof(pid_t), 1)) == NULL)
goto cleanup_count;
/* XXX: implement a better read loop */
scount = read(fd, pids, sb.st_size);
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 17:21:07 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: conf.c Log Message: Pull up following revision(s) (requested by lukem in ticket #388): libexec/ftpd/conf.c: revision 1.65 Fix uninitialized memory usage in count_users() If the file was previously empty, pids table is not set, the code however used pids[0] which is uninitialized in this case. In some scenarios it may lead to propagate garbage value from pids[0] to the file and cause writing outside of allocated memory. OK lukem@ To generate a diff of this commit: cvs rdiff -u -r1.64 -r1.64.40.1 src/libexec/ftpd/conf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src
Committed By: martin
Date: Mon Oct 2 17:15:34 UTC 2023
Modified Files:
src/libexec/ftpd [netbsd-10]: ftpcmd.y
Log Message:
Pull up following revision(s) (requested by lukem in ticket #386):
libexec/ftpd/ftpcmd.y: revision 1.95
Add missing check_login checks for MLST and MLSD
To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.94.26.1 src/libexec/ftpd/ftpcmd.y
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/ftpd/ftpcmd.y
diff -u src/libexec/ftpd/ftpcmd.y:1.94 src/libexec/ftpd/ftpcmd.y:1.94.26.1
--- src/libexec/ftpd/ftpcmd.y:1.94 Mon Aug 10 07:45:50 2015
+++ src/libexec/ftpd/ftpcmd.y Mon Oct 2 17:15:33 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: ftpcmd.y,v 1.94 2015/08/10 07:45:50 shm Exp $ */
+/* $NetBSD: ftpcmd.y,v 1.94.26.1 2023/10/02 17:15:33 martin Exp $ */
/*-
* Copyright (c) 1997-2009 The NetBSD Foundation, Inc.
@@ -72,7 +72,7 @@
#if 0
static char sccsid[] = "@(#)ftpcmd.y 8.3 (Berkeley) 4/6/94";
#else
-__RCSID("$NetBSD: ftpcmd.y,v 1.94 2015/08/10 07:45:50 shm Exp $");
+__RCSID("$NetBSD: ftpcmd.y,v 1.94.26.1 2023/10/02 17:15:33 martin Exp $");
#endif
#endif /* not lint */
@@ -855,7 +855,8 @@ cmd
| MLST check_login CRLF
{
- mlst(NULL);
+ if ($2)
+mlst(NULL);
}
| MLSD check_login SP pathname CRLF
@@ -868,7 +869,8 @@ cmd
| MLSD check_login CRLF
{
- mlsd(NULL);
+ if ($2)
+mlsd(NULL);
}
| error CRLF
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 17:15:34 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: ftpcmd.y Log Message: Pull up following revision(s) (requested by lukem in ticket #386): libexec/ftpd/ftpcmd.y: revision 1.95 Add missing check_login checks for MLST and MLSD To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.94.26.1 src/libexec/ftpd/ftpcmd.y Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src Committed By: martin Date: Mon Oct 2 13:45:42 UTC 2023 Modified Files: src/libexec/ftpd [netbsd-10]: ftpd.c version.h Log Message: Pull up following revision(s) (requested by lukem in ticket #385): libexec/ftpd/ftpd.c: revision 1.207 libexec/ftpd/version.h: revision 1.78 ftpd: improve seteuid error handling Handle seteuid() failures. Per suggestion by Simon Josefsson. Consistent logging and fatal exit if uid/gid switching fails. Log correct errno if dataconn() fails. To generate a diff of this commit: cvs rdiff -u -r1.206 -r1.206.2.1 src/libexec/ftpd/ftpd.c cvs rdiff -u -r1.77 -r1.77.6.1 src/libexec/ftpd/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-10] src/libexec/ftpd
Module Name:src
Committed By: martin
Date: Mon Oct 2 13:45:42 UTC 2023
Modified Files:
src/libexec/ftpd [netbsd-10]: ftpd.c version.h
Log Message:
Pull up following revision(s) (requested by lukem in ticket #385):
libexec/ftpd/ftpd.c: revision 1.207
libexec/ftpd/version.h: revision 1.78
ftpd: improve seteuid error handling
Handle seteuid() failures. Per suggestion by Simon Josefsson.
Consistent logging and fatal exit if uid/gid switching fails.
Log correct errno if dataconn() fails.
To generate a diff of this commit:
cvs rdiff -u -r1.206 -r1.206.2.1 src/libexec/ftpd/ftpd.c
cvs rdiff -u -r1.77 -r1.77.6.1 src/libexec/ftpd/version.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/ftpd/ftpd.c
diff -u src/libexec/ftpd/ftpd.c:1.206 src/libexec/ftpd/ftpd.c:1.206.2.1
--- src/libexec/ftpd/ftpd.c:1.206 Sat Jul 3 14:59:49 2021
+++ src/libexec/ftpd/ftpd.c Mon Oct 2 13:45:42 2023
@@ -1,7 +1,7 @@
-/* $NetBSD: ftpd.c,v 1.206 2021/07/03 14:59:49 christos Exp $ */
+/* $NetBSD: ftpd.c,v 1.206.2.1 2023/10/02 13:45:42 martin Exp $ */
/*
- * Copyright (c) 1997-2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 1997-2023 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
@@ -97,7 +97,7 @@ __COPYRIGHT("@(#) Copyright (c) 1985, 19
#if 0
static char sccsid[] = "@(#)ftpd.c 8.5 (Berkeley) 4/28/95";
#else
-__RCSID("$NetBSD: ftpd.c,v 1.206 2021/07/03 14:59:49 christos Exp $");
+__RCSID("$NetBSD: ftpd.c,v 1.206.2.1 2023/10/02 13:45:42 martin Exp $");
#endif
#endif /* not lint */
@@ -1300,7 +1300,12 @@ end_login(void)
quietmessages = 0;
gidcount = 0;
curclass.type = CLASS_REAL;
- (void) seteuid((uid_t)0);
+ if (!dropprivs) {
+ if (seteuid((uid_t)0) < 0) {
+ syslog(LOG_NOTICE, "end_login: can't seteuid 0: %m");
+ fatal("Can't reset privileges.");
+ }
+ }
#ifdef LOGIN_CAP
setusercontext(NULL, getpwuid(0), 0,
LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK);
@@ -1441,8 +1446,8 @@ do_pass(int pass_checked, int pass_rval,
login_attempts = 0; /* this time successful */
if (setegid((gid_t)pw->pw_gid) < 0) {
- reply(550, "Can't set gid.");
- goto bad;
+ syslog(LOG_NOTICE, "user %s: can't setegid: %m", pw->pw_name);
+ fatal("Can't drop privileges.");
}
#ifdef LOGIN_CAP
if ((lc = login_getpwclass(pw)) != NULL) {
@@ -1615,17 +1620,17 @@ do_pass(int pass_checked, int pass_rval,
ntohs(ctrl_addr.su_port) > IPPORT_RESERVED + 1)) {
dropprivs++;
if (setgid((gid_t)pw->pw_gid) < 0) {
- reply(550, "Can't set gid.");
- goto bad_perms;
+ syslog(LOG_NOTICE, "user %s: can't setgid: %m", pw->pw_name);
+ fatal("Can't drop privileges.");
}
if (setuid((uid_t)pw->pw_uid) < 0) {
- reply(550, "Can't set uid.");
- goto bad_perms;
+ syslog(LOG_NOTICE, "user %s: can't setuid: %m", pw->pw_name);
+ fatal("Can't drop privileges.");
}
} else {
if (seteuid((uid_t)pw->pw_uid) < 0) {
- reply(550, "Can't set uid.");
- goto bad_perms;
+ syslog(LOG_NOTICE, "user %s: can't seteuid: %m", pw->pw_name);
+ fatal("Can't drop privileges.");
}
}
setenv("HOME", homedir, 1);
@@ -1684,11 +1689,6 @@ do_pass(int pass_checked, int pass_rval,
#endif
/* Forget all about it... */
end_login();
- return;
-
-bad_perms:
- syslog(LOG_NOTICE, "user %s: can't setuid/gid: %m", pw->pw_name);
- fatal("Can't drop privileges.");
}
void
@@ -1924,8 +1924,12 @@ getdatasock(const char *fmode)
on = 1;
if (data >= 0)
return (fdopen(data, fmode));
- if (! dropprivs)
- (void) seteuid((uid_t)0);
+ if (! dropprivs) {
+ if (seteuid((uid_t)0) < 0) {
+ syslog(LOG_NOTICE, "getdatasock: can't seteuid 0: %m");
+ fatal("Can't reset privileges.");
+ }
+ }
s = socket(ctrl_addr.su_family, SOCK_STREAM, 0);
if (s < 0)
goto bad;
@@ -1960,8 +1964,12 @@ getdatasock(const char *fmode)
goto bad;
sleep(tries);
}
- if (! dropprivs)
- (void) seteuid((uid_t)pw->pw_uid);
+ if (! dropprivs) {
+ if (seteuid((uid_t)pw->pw_uid) < 0) {
+ syslog(LOG_NOTICE, "user %s: can't seteuid: %m", pw->pw_name);
+ fatal("Can't drop privileges.");
+ }
+ }
#ifdef IP_TOS
if (!mapped && ctrl_addr.su_family == AF_INET) {
on = IPTOS_THROUGHPUT;
@@ -1974,8 +1982,12 @@ getdatasock(const char *fmode)
bad:
/* Return the real value of errno (close may change it) */
t = errno;
- if (! dropprivs)
- (void) seteuid((uid_t)pw->pw_uid);
+ if (! dropprivs) {
+ if (seteuid((uid_t)pw->pw_uid) < 0) {
+ syslog(LOG_NOTICE, "user %s: can't seteuid: %m", pw->pw_name);
+ fatal("Can't drop privileges.");
+ }
+ }
if (s >= 0)
(void) close(s);
errno = t;
@@ -2048,13 +2060,13 @@ dataconn(const char *name, off_t size, c
if (file == NULL) {
char hbuf[NI_MAXHOST];
char pbuf[NI_MAXSERV];
-
+ conerrno = errno;
if (getnameinfo((struct sockaddr *)_source.si_su,
