rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

fix globbing patch port mode (#139075)

Browse Source
This commit is contained in:
Nalin Dahyabhai 2004-11-17 00:42:19 +00:00
parent cfebff4939
commit bd5b8f0617
2 changed files with 34 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
krb5-1.3-ftp-glob.patch
View File

@ -1,31 +1,28 @@
--- krb5-1.3/src/appl/gssftp/ftp/cmds.c --- krb5-1.3/src/appl/gssftp/ftp/cmds.c
+++ krb5-1.3/src/appl/gssftp/ftp/cmds.c +++ krb5-1.3/src/appl/gssftp/ftp/cmds.c
@@ -99,6 +99,65 @@ @@ -99,6 +99,62 @@
static void quote1 (char *, int, char **); static void quote1 (char *, int, char **);
static char *dotrans (char *); static char *dotrans (char *);
static char *domap (char *); static char *domap (char *);
+static int checkglob(int fd, const char *pattern); +static int checkglob(const char *filename, const char *pattern);
+ +
+/* +/*
+ * pipeprotect: protect against "special" local filenames by prepending + * pipeprotect: protect against "special" local filenames by prepending
+ * "./". Special local filenames are "-" and "|..." AND "/...". + * "./". Special local filenames are "-" and any "filename" which begins
+ * with either "|" or "/".
+ */ + */
+static char *pipeprotect(char *name) +static char *pipeprotect(char *name)
+{ +{
+ char *nu; + static char nu[MAXPATHLEN];
+ if (strcmp(name, "-") && *name!='|' && *name!='/') { + if ((name == NULL) ||
+ ((strcmp(name, "-") != 0) && (*name != '|') && (*name != '/'))) {
+ return name; + return name;
+ } + }
+
+ /* We're going to leak this memory. XXX. */
+ nu = malloc(strlen(name)+3);
+ if (nu==NULL) {
+ perror("malloc");
+ code = -1;
+ return NULL;
+ }
+ strcpy(nu, "."); + strcpy(nu, ".");
+ if (*name != '/') strcat(nu, "/"); + if (*name != '/') strcat(nu, "/");
+ if (strlen(nu) + strlen(name) >= sizeof(nu)) {
+ return NULL;
+ }
+ strcat(nu, name); + strcat(nu, name);
+ return nu; + return nu;
+} +}
@ -60,13 +57,13 @@
+ else if (name[i]=='/') gotdots = 0; + else if (name[i]=='/') gotdots = 0;
+ else gotdots = -1; + else gotdots = -1;
+ } + }
+ name[len-1] = 0; + name[len-1] = '\0';
+ return name; + return name;
+} +}
/* /*
* `Another' gets another argument, and stores the new argc and argv. * `Another' gets another argument, and stores the new argc and argv.
@@ -844,7 +903,15 @@ @@ -844,7 +900,15 @@
if (argc == 2) { if (argc == 2) {
argc++; argc++;
@ -83,7 +80,7 @@
loc++; loc++;
} }
if (argc < 2 && !another(&argc, &argv, "remote-file")) if (argc < 2 && !another(&argc, &argv, "remote-file"))
@@ -1016,8 +1083,19 @@ @@ -1016,8 +1080,19 @@
if (mapflag) { if (mapflag) {
tp = domap(tp); tp = domap(tp);
} }
@ -105,7 +102,7 @@
if (!mflag && fromatty) { if (!mflag && fromatty) {
ointer = interactive; ointer = interactive;
interactive = 1; interactive = 1;
@@ -1045,8 +1123,8 @@ @@ -1045,8 +1120,8 @@
static char buf[MAXPATHLEN]; static char buf[MAXPATHLEN];
static FILE *ftemp = NULL; static FILE *ftemp = NULL;
static char **args; static char **args;
@ -116,14 +113,15 @@
if (!mflag) { if (!mflag) {
if (!doglob) { if (!doglob) {
@@ -1075,23 +1153,46 @@ @@ -1075,23 +1150,46 @@
return (NULL); return (NULL);
} }
#else #else
- (void) strncpy(temp, _PATH_TMP, sizeof(temp) - 1); - (void) strncpy(temp, _PATH_TMP, sizeof(temp) - 1);
- temp[sizeof(temp) - 1] = '\0'; - temp[sizeof(temp) - 1] = '\0';
- (void) mktemp(temp); - (void) mktemp(temp);
+ int oldumask, fd; + int fd;
+ mode_t oldumask;
+ (void) strcpy(temp, _PATH_TMP); + (void) strcpy(temp, _PATH_TMP);
+ +
+ /* libc 5.2.18 creates with mode 0666, which is dumb */ + /* libc 5.2.18 creates with mode 0666, which is dumb */
@ -135,6 +133,7 @@
+ printf("Error creating temporary file, oops\n"); + printf("Error creating temporary file, oops\n");
+ return NULL; + return NULL;
+ } + }
+ close(fd);
#endif /* !_WIN32 */ #endif /* !_WIN32 */
oldverbose = verbose, verbose = 0; oldverbose = verbose, verbose = 0;
oldhash = hash, hash = 0; oldhash = hash, hash = 0;
@ -145,40 +144,28 @@
- recvrequest ("NLST", temp, *argv, rmode, 0, 0); - recvrequest ("NLST", temp, *argv, rmode, 0, 0);
+ +
+ while (*++argv != NULL) { + while (*++argv != NULL) {
+ int dupfd = dup(fd);
+
+ recvrequest ("NLST", temp, *argv, "a", 0, 0); + recvrequest ("NLST", temp, *argv, "a", 0, 0);
+ if (!checkglob(dupfd, *argv)) { + if (!checkglob(temp, *argv)) {
+ badglob = 1; + badglob = 1;
+ break; + break;
+ } + }
+ } + }
+ unlink(temp);
+ +
if (doswitch) { if (doswitch) {
pswitch(!proxy); pswitch(!proxy);
} }
verbose = oldverbose; hash = oldhash; verbose = oldverbose; hash = oldhash;
- ftemp = fopen(temp, "r"); ftemp = fopen(temp, "r");
- (void) unlink(temp); (void) unlink(temp);
+ if (badglob) { + if (badglob) {
+ printf("Refusing to handle insecure file list\n"); + printf("Refusing to handle insecure file list\n");
+ close(fd); + fclose(ftemp);
+ return NULL; + return NULL;
+ } + }
+ ftemp = fdopen(fd, "r");
#ifdef _WIN32 #ifdef _WIN32
free(temp); free(temp);
temp = NULL; temp = NULL;
@@ -1100,6 +1201,7 @@ @@ -1110,6 +1208,105 @@
printf("can't find list of remote files, oops\n");
return (NULL);
}
+ rewind(ftemp);
}
if (fgets(buf, sizeof (buf), ftemp) == NULL) {
(void) fclose(ftemp), ftemp = NULL;
@@ -1110,6 +1212,100 @@
return (buf); return (buf);
} }
@ -222,7 +209,7 @@
+ * --okir + * --okir
+ */ + */
+static int +static int
+checkglob(int fd, const char *pattern) +checkglob(const char *filename, const char *pattern)
+{ +{
+ const char *sp; + const char *sp;
+ char buffer[MAXPATHLEN], dotdot[MAXPATHLEN]; + char buffer[MAXPATHLEN], dotdot[MAXPATHLEN];
@ -243,7 +230,12 @@
+ dotdot[nrslash++] = isdotdotglob(sp); + dotdot[nrslash++] = isdotdotglob(sp);
+ } + }
+ +
+ fp = fdopen(fd, "r"); + fp = fopen(filename, "r");
+ if (fp == NULL) {
+ perror("fopen");
+ return 0;
+ }
+
+ while (okay && fgets(buffer, sizeof(buffer), fp) != NULL) { + while (okay && fgets(buffer, sizeof(buffer), fp) != NULL) {
+ char *sp; + char *sp;
+ +

5
krb5.spec
View File

@ -7,7 +7,7 @@
Summary: The Kerberos network authentication system. Summary: The Kerberos network authentication system.
Name: krb5 Name: krb5
Version: 1.3.5 Version: 1.3.5
Release: 1 Release: 2
# Maybe we should explode from the now-available-to-everybody tarball instead? # Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/www/dist/krb5/1.3/krb5-1.3.5.tar # http://web.mit.edu/kerberos/www/dist/krb5/1.3/krb5-1.3.5.tar
Source0: krb5-%{version}.tar.gz Source0: krb5-%{version}.tar.gz
@ -117,6 +117,9 @@ network uses Kerberos, this package should be installed on every
workstation. workstation.
%changelog %changelog
* Tue Nov 16 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.5-2
- fix globbing patch port mode (#139075)
* Mon Nov 1 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.5-1 * Mon Nov 1 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.5-1
- fix segfault in telnet due to incorrect checking of gethostbyname_r result - fix segfault in telnet due to incorrect checking of gethostbyname_r result
codes (#129059) codes (#129059)