fix globbing patch port mode (#139075)
This commit is contained in:
parent
cfebff4939
commit
bd5b8f0617
@ -1,31 +1,28 @@
|
|||||||
--- krb5-1.3/src/appl/gssftp/ftp/cmds.c
|
--- krb5-1.3/src/appl/gssftp/ftp/cmds.c
|
||||||
+++ krb5-1.3/src/appl/gssftp/ftp/cmds.c
|
+++ krb5-1.3/src/appl/gssftp/ftp/cmds.c
|
||||||
@@ -99,6 +99,65 @@
|
@@ -99,6 +99,62 @@
|
||||||
static void quote1 (char *, int, char **);
|
static void quote1 (char *, int, char **);
|
||||||
static char *dotrans (char *);
|
static char *dotrans (char *);
|
||||||
static char *domap (char *);
|
static char *domap (char *);
|
||||||
+static int checkglob(int fd, const char *pattern);
|
+static int checkglob(const char *filename, const char *pattern);
|
||||||
+
|
+
|
||||||
+/*
|
+/*
|
||||||
+ * pipeprotect: protect against "special" local filenames by prepending
|
+ * pipeprotect: protect against "special" local filenames by prepending
|
||||||
+ * "./". Special local filenames are "-" and "|..." AND "/...".
|
+ * "./". Special local filenames are "-" and any "filename" which begins
|
||||||
|
+ * with either "|" or "/".
|
||||||
+ */
|
+ */
|
||||||
+static char *pipeprotect(char *name)
|
+static char *pipeprotect(char *name)
|
||||||
+{
|
+{
|
||||||
+ char *nu;
|
+ static char nu[MAXPATHLEN];
|
||||||
+ if (strcmp(name, "-") && *name!='|' && *name!='/') {
|
+ if ((name == NULL) ||
|
||||||
|
+ ((strcmp(name, "-") != 0) && (*name != '|') && (*name != '/'))) {
|
||||||
+ return name;
|
+ return name;
|
||||||
+ }
|
+ }
|
||||||
+
|
|
||||||
+ /* We're going to leak this memory. XXX. */
|
|
||||||
+ nu = malloc(strlen(name)+3);
|
|
||||||
+ if (nu==NULL) {
|
|
||||||
+ perror("malloc");
|
|
||||||
+ code = -1;
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+ strcpy(nu, ".");
|
+ strcpy(nu, ".");
|
||||||
+ if (*name != '/') strcat(nu, "/");
|
+ if (*name != '/') strcat(nu, "/");
|
||||||
|
+ if (strlen(nu) + strlen(name) >= sizeof(nu)) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
+ strcat(nu, name);
|
+ strcat(nu, name);
|
||||||
+ return nu;
|
+ return nu;
|
||||||
+}
|
+}
|
||||||
@ -60,13 +57,13 @@
|
|||||||
+ else if (name[i]=='/') gotdots = 0;
|
+ else if (name[i]=='/') gotdots = 0;
|
||||||
+ else gotdots = -1;
|
+ else gotdots = -1;
|
||||||
+ }
|
+ }
|
||||||
+ name[len-1] = 0;
|
+ name[len-1] = '\0';
|
||||||
+ return name;
|
+ return name;
|
||||||
+}
|
+}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* `Another' gets another argument, and stores the new argc and argv.
|
* `Another' gets another argument, and stores the new argc and argv.
|
||||||
@@ -844,7 +903,15 @@
|
@@ -844,7 +900,15 @@
|
||||||
|
|
||||||
if (argc == 2) {
|
if (argc == 2) {
|
||||||
argc++;
|
argc++;
|
||||||
@ -83,7 +80,7 @@
|
|||||||
loc++;
|
loc++;
|
||||||
}
|
}
|
||||||
if (argc < 2 && !another(&argc, &argv, "remote-file"))
|
if (argc < 2 && !another(&argc, &argv, "remote-file"))
|
||||||
@@ -1016,8 +1083,19 @@
|
@@ -1016,8 +1080,19 @@
|
||||||
if (mapflag) {
|
if (mapflag) {
|
||||||
tp = domap(tp);
|
tp = domap(tp);
|
||||||
}
|
}
|
||||||
@ -105,7 +102,7 @@
|
|||||||
if (!mflag && fromatty) {
|
if (!mflag && fromatty) {
|
||||||
ointer = interactive;
|
ointer = interactive;
|
||||||
interactive = 1;
|
interactive = 1;
|
||||||
@@ -1045,8 +1123,8 @@
|
@@ -1045,8 +1120,8 @@
|
||||||
static char buf[MAXPATHLEN];
|
static char buf[MAXPATHLEN];
|
||||||
static FILE *ftemp = NULL;
|
static FILE *ftemp = NULL;
|
||||||
static char **args;
|
static char **args;
|
||||||
@ -116,14 +113,15 @@
|
|||||||
|
|
||||||
if (!mflag) {
|
if (!mflag) {
|
||||||
if (!doglob) {
|
if (!doglob) {
|
||||||
@@ -1075,23 +1153,46 @@
|
@@ -1075,23 +1150,46 @@
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
- (void) strncpy(temp, _PATH_TMP, sizeof(temp) - 1);
|
- (void) strncpy(temp, _PATH_TMP, sizeof(temp) - 1);
|
||||||
- temp[sizeof(temp) - 1] = '\0';
|
- temp[sizeof(temp) - 1] = '\0';
|
||||||
- (void) mktemp(temp);
|
- (void) mktemp(temp);
|
||||||
+ int oldumask, fd;
|
+ int fd;
|
||||||
|
+ mode_t oldumask;
|
||||||
+ (void) strcpy(temp, _PATH_TMP);
|
+ (void) strcpy(temp, _PATH_TMP);
|
||||||
+
|
+
|
||||||
+ /* libc 5.2.18 creates with mode 0666, which is dumb */
|
+ /* libc 5.2.18 creates with mode 0666, which is dumb */
|
||||||
@ -135,6 +133,7 @@
|
|||||||
+ printf("Error creating temporary file, oops\n");
|
+ printf("Error creating temporary file, oops\n");
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+ }
|
+ }
|
||||||
|
+ close(fd);
|
||||||
#endif /* !_WIN32 */
|
#endif /* !_WIN32 */
|
||||||
oldverbose = verbose, verbose = 0;
|
oldverbose = verbose, verbose = 0;
|
||||||
oldhash = hash, hash = 0;
|
oldhash = hash, hash = 0;
|
||||||
@ -145,40 +144,28 @@
|
|||||||
- recvrequest ("NLST", temp, *argv, rmode, 0, 0);
|
- recvrequest ("NLST", temp, *argv, rmode, 0, 0);
|
||||||
+
|
+
|
||||||
+ while (*++argv != NULL) {
|
+ while (*++argv != NULL) {
|
||||||
+ int dupfd = dup(fd);
|
|
||||||
+
|
|
||||||
+ recvrequest ("NLST", temp, *argv, "a", 0, 0);
|
+ recvrequest ("NLST", temp, *argv, "a", 0, 0);
|
||||||
+ if (!checkglob(dupfd, *argv)) {
|
+ if (!checkglob(temp, *argv)) {
|
||||||
+ badglob = 1;
|
+ badglob = 1;
|
||||||
+ break;
|
+ break;
|
||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+ unlink(temp);
|
|
||||||
+
|
+
|
||||||
if (doswitch) {
|
if (doswitch) {
|
||||||
pswitch(!proxy);
|
pswitch(!proxy);
|
||||||
}
|
}
|
||||||
verbose = oldverbose; hash = oldhash;
|
verbose = oldverbose; hash = oldhash;
|
||||||
- ftemp = fopen(temp, "r");
|
ftemp = fopen(temp, "r");
|
||||||
- (void) unlink(temp);
|
(void) unlink(temp);
|
||||||
+ if (badglob) {
|
+ if (badglob) {
|
||||||
+ printf("Refusing to handle insecure file list\n");
|
+ printf("Refusing to handle insecure file list\n");
|
||||||
+ close(fd);
|
+ fclose(ftemp);
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+ }
|
+ }
|
||||||
+ ftemp = fdopen(fd, "r");
|
|
||||||
#ifdef _WIN32
|
#ifdef _WIN32
|
||||||
free(temp);
|
free(temp);
|
||||||
temp = NULL;
|
temp = NULL;
|
||||||
@@ -1100,6 +1201,7 @@
|
@@ -1110,6 +1208,105 @@
|
||||||
printf("can't find list of remote files, oops\n");
|
|
||||||
return (NULL);
|
|
||||||
}
|
|
||||||
+ rewind(ftemp);
|
|
||||||
}
|
|
||||||
if (fgets(buf, sizeof (buf), ftemp) == NULL) {
|
|
||||||
(void) fclose(ftemp), ftemp = NULL;
|
|
||||||
@@ -1110,6 +1212,100 @@
|
|
||||||
return (buf);
|
return (buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -222,7 +209,7 @@
|
|||||||
+ * --okir
|
+ * --okir
|
||||||
+ */
|
+ */
|
||||||
+static int
|
+static int
|
||||||
+checkglob(int fd, const char *pattern)
|
+checkglob(const char *filename, const char *pattern)
|
||||||
+{
|
+{
|
||||||
+ const char *sp;
|
+ const char *sp;
|
||||||
+ char buffer[MAXPATHLEN], dotdot[MAXPATHLEN];
|
+ char buffer[MAXPATHLEN], dotdot[MAXPATHLEN];
|
||||||
@ -243,7 +230,12 @@
|
|||||||
+ dotdot[nrslash++] = isdotdotglob(sp);
|
+ dotdot[nrslash++] = isdotdotglob(sp);
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ fp = fdopen(fd, "r");
|
+ fp = fopen(filename, "r");
|
||||||
|
+ if (fp == NULL) {
|
||||||
|
+ perror("fopen");
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
+ while (okay && fgets(buffer, sizeof(buffer), fp) != NULL) {
|
+ while (okay && fgets(buffer, sizeof(buffer), fp) != NULL) {
|
||||||
+ char *sp;
|
+ char *sp;
|
||||||
+
|
+
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
Summary: The Kerberos network authentication system.
|
Summary: The Kerberos network authentication system.
|
||||||
Name: krb5
|
Name: krb5
|
||||||
Version: 1.3.5
|
Version: 1.3.5
|
||||||
Release: 1
|
Release: 2
|
||||||
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||||
# http://web.mit.edu/kerberos/www/dist/krb5/1.3/krb5-1.3.5.tar
|
# http://web.mit.edu/kerberos/www/dist/krb5/1.3/krb5-1.3.5.tar
|
||||||
Source0: krb5-%{version}.tar.gz
|
Source0: krb5-%{version}.tar.gz
|
||||||
@ -117,6 +117,9 @@ network uses Kerberos, this package should be installed on every
|
|||||||
workstation.
|
workstation.
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Nov 16 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.5-2
|
||||||
|
- fix globbing patch port mode (#139075)
|
||||||
|
|
||||||
* Mon Nov 1 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.5-1
|
* Mon Nov 1 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.5-1
|
||||||
- fix segfault in telnet due to incorrect checking of gethostbyname_r result
|
- fix segfault in telnet due to incorrect checking of gethostbyname_r result
|
||||||
codes (#129059)
|
codes (#129059)
|
||||||
|
Loading…
Reference in New Issue
Block a user