From 8d113be5023bcc5625fa0ee5167198d7305eadc3 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Fri, 8 Apr 2016 15:10:28 +0200 Subject: [PATCH] Applied patches: - Readd seccomp disabled by default - vsftpd local_max_rate option doesn't work as expected - The vsftpd hangs in a SIGCHLD handler when the pam_exec.so is used in pam.d - configuration - The vsftpd doesn't remove failed upload when the delete_failed_uploads is - enabled and the network cable is unplagged - man pages bug - vsftpd segfaults in vsf_sysutil_strndup - Fix logging when syslog is used --- vsftpd-2.2.2-blank-chars-overflow.patch | 25 +++++ vsftpd-2.2.2-man-pages.patch | 26 +++++ vsftpd-2.2.2-syslog.patch | 25 +++++ vsftpd-3.0.2-del-upl.patch | 136 ++++++++++++++++++++++++ vsftpd-3.0.2-mrate.patch | 89 ++++++++++++++++ vsftpd-3.0.2-seccomp.patch | 25 +++++ vsftpd-3.0.2-wnohang.patch | 79 ++++++++++++++ vsftpd.spec | 30 +++++- 8 files changed, 434 insertions(+), 1 deletion(-) create mode 100644 vsftpd-2.2.2-blank-chars-overflow.patch create mode 100644 vsftpd-2.2.2-man-pages.patch create mode 100644 vsftpd-2.2.2-syslog.patch create mode 100644 vsftpd-3.0.2-del-upl.patch create mode 100644 vsftpd-3.0.2-mrate.patch create mode 100644 vsftpd-3.0.2-seccomp.patch create mode 100644 vsftpd-3.0.2-wnohang.patch diff --git a/vsftpd-2.2.2-blank-chars-overflow.patch b/vsftpd-2.2.2-blank-chars-overflow.patch new file mode 100644 index 0000000..c558db0 --- /dev/null +++ b/vsftpd-2.2.2-blank-chars-overflow.patch @@ -0,0 +1,25 @@ +From c7cbcc64c824d1a2a60f8d81c26d5c8215463623 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Fri, 8 Apr 2016 15:05:06 +0200 +Subject: [PATCH 6/7] vsftpd-2.2.2-blank-chars-overflow + +--- + str.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/str.c b/str.c +index 41b27db..82b8ae4 100644 +--- a/str.c ++++ b/str.c +@@ -113,7 +113,7 @@ str_strdup_trimmed(const struct mystr* p_str) + for (h = 0; h < (int)str_getlen(p_str) && vsf_sysutil_isspace(p_trimmed[h]); h++) ; + for (t = str_getlen(p_str) - 1; t >= 0 && vsf_sysutil_isspace(p_trimmed[t]); t--) ; + newlen = t - h + 1; +- return newlen ? vsf_sysutil_strndup(p_trimmed+h, (unsigned int)newlen) : 0L; ++ return (newlen > 0) ? vsf_sysutil_strndup(p_trimmed+h, (unsigned int)newlen) : 0L; + } + + void +-- +2.5.5 + diff --git a/vsftpd-2.2.2-man-pages.patch b/vsftpd-2.2.2-man-pages.patch new file mode 100644 index 0000000..d59104a --- /dev/null +++ b/vsftpd-2.2.2-man-pages.patch @@ -0,0 +1,26 @@ +From ab49bde79f81a422629210c23ccc83bc4e14ad2a Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Fri, 8 Apr 2016 15:03:16 +0200 +Subject: [PATCH 5/7] vsftpd-2.2.2-man-pages + +--- + vsftpd.conf.5 | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 7a8f130..45cd3c0 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -495,7 +495,8 @@ Default: NO + .TP + .B ssl_request_cert + If enabled, vsftpd will request (but not necessarily require; see +-.BR require_cert) a certificate on incoming SSL connections. Normally this ++.BR require_cert ) ++a certificate on incoming SSL connections. Normally this + should not cause any trouble at all, but IBM zOS seems to have issues. + (New in v2.0.7). + +-- +2.5.5 + diff --git a/vsftpd-2.2.2-syslog.patch b/vsftpd-2.2.2-syslog.patch new file mode 100644 index 0000000..d92cdae --- /dev/null +++ b/vsftpd-2.2.2-syslog.patch @@ -0,0 +1,25 @@ +From a480a9659fb0cab1c44006f6c06013e6e7f78948 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Fri, 8 Apr 2016 15:05:53 +0200 +Subject: [PATCH 7/7] vsftpd-2.2.2-syslog + +--- + logging.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/logging.c b/logging.c +index 99671b4..c4461f7 100644 +--- a/logging.c ++++ b/logging.c +@@ -32,7 +32,7 @@ vsf_log_init(struct vsf_session* p_sess) + { + if (tunable_syslog_enable || tunable_tcp_wrappers) + { +- vsf_sysutil_openlog(1); ++ vsf_sysutil_openlog(0); + } + if (!tunable_xferlog_enable && !tunable_dual_log_enable) + { +-- +2.5.5 + diff --git a/vsftpd-3.0.2-del-upl.patch b/vsftpd-3.0.2-del-upl.patch new file mode 100644 index 0000000..e1216a8 --- /dev/null +++ b/vsftpd-3.0.2-del-upl.patch @@ -0,0 +1,136 @@ +From 9be8a4188420bba2075eacf9aea8fa26b6ebdcc5 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Fri, 8 Apr 2016 15:03:16 +0200 +Subject: [PATCH 4/7] vsftpd-3.0.2-del-upl + +--- + ftpcodes.h | 3 ++- + ftpdataio.c | 8 ++++++++ + main.c | 2 +- + postlogin.c | 9 ++++++++- + session.h | 1 + + sysutil.c | 10 ++++++++++ + sysutil.h | 1 + + 7 files changed, 31 insertions(+), 3 deletions(-) + +diff --git a/ftpcodes.h b/ftpcodes.h +index 3950f92..97801f3 100644 +--- a/ftpcodes.h ++++ b/ftpcodes.h +@@ -15,7 +15,8 @@ + #define FTP_PBSZOK 200 + #define FTP_PROTOK 200 + #define FTP_OPTSOK 200 +-#define FTP_ALLOOK 202 ++#define FTP_ALLOOK 200 ++#define FTP_ALLOIGN 202 + #define FTP_FEAT 211 + #define FTP_STATOK 211 + #define FTP_SIZEOK 213 +diff --git a/ftpdataio.c b/ftpdataio.c +index 00f9021..c859d80 100644 +--- a/ftpdataio.c ++++ b/ftpdataio.c +@@ -242,6 +242,10 @@ init_data_sock_params(struct vsf_session* p_sess, int sock_fd) + /* Start the timeout monitor */ + vsf_sysutil_install_io_handler(handle_io, p_sess); + start_data_alarm(p_sess); ++ if(tunable_delete_failed_uploads) ++ { ++ vsf_sysutil_rcvtimeo(sock_fd); ++ } + } + + static void +@@ -615,6 +619,10 @@ do_file_recv(struct vsf_session* p_sess, int file_fd, int is_ascii) + else if (retval == 0 && !prev_cr) + { + /* Transfer done, nifty */ ++ if (tunable_delete_failed_uploads && ++ !is_ascii && p_sess->upload_size > 0 && ++ p_sess->upload_size != ret_struct.transferred) ++ ret_struct.retval = -2; + return ret_struct; + } + num_to_write = (unsigned int) retval; +diff --git a/main.c b/main.c +index f1e2f69..f039081 100644 +--- a/main.c ++++ b/main.c +@@ -44,7 +44,7 @@ main(int argc, const char* argv[]) + /* Login */ + 1, 0, INIT_MYSTR, INIT_MYSTR, + /* Protocol state */ +- 0, 1, INIT_MYSTR, 0, 0, ++ 0, 0, 1, INIT_MYSTR, 0, 0, + /* HTTP hacks */ + 0, INIT_MYSTR, + /* Session state */ +diff --git a/postlogin.c b/postlogin.c +index 154c16a..8363c9c 100644 +--- a/postlogin.c ++++ b/postlogin.c +@@ -358,7 +358,14 @@ process_post_login(struct vsf_session* p_sess) + } + else if (str_equal_text(&p_sess->ftp_cmd_str, "ALLO")) + { +- vsf_cmdio_write(p_sess, FTP_ALLOOK, "ALLO command ignored."); ++ if (tunable_delete_failed_uploads && !p_sess->is_ascii) ++ { ++ p_sess->upload_size = (filesize_t)vsf_sysutil_atoi(str_getbuf(&p_sess->ftp_cmd_str)+5); ++ vsf_cmdio_write(p_sess, FTP_ALLOOK, "The filesize has been allocated."); ++ } ++ else { ++ vsf_cmdio_write(p_sess, FTP_ALLOIGN, "ALLO command ignored."); ++ } + } + else if (str_equal_text(&p_sess->ftp_cmd_str, "REIN")) + { +diff --git a/session.h b/session.h +index 3e8fdd5..4eccf46 100644 +--- a/session.h ++++ b/session.h +@@ -41,6 +41,7 @@ struct vsf_session + struct mystr anon_pass_str; + + /* Details of the FTP protocol state */ ++ filesize_t upload_size; + filesize_t restart_pos; + int is_ascii; + struct mystr rnfr_filename_str; +diff --git a/sysutil.c b/sysutil.c +index 61d9f28..3c4a337 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -681,6 +681,16 @@ vsf_sysutil_activate_keepalive(int fd) + } + + void ++vsf_sysutil_rcvtimeo(int fd) ++{ ++ struct timeval tv; ++ ++ tv.tv_sec = tunable_data_connection_timeout; ++ tv.tv_usec = 0; ++ setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(struct timeval)); ++} ++ ++void + vsf_sysutil_activate_reuseaddr(int fd) + { + int reuseaddr = 1; +diff --git a/sysutil.h b/sysutil.h +index d341b5d..be727f5 100644 +--- a/sysutil.h ++++ b/sysutil.h +@@ -267,6 +267,7 @@ void vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr, + const char* p_name); + /* Option setting on sockets */ + void vsf_sysutil_activate_keepalive(int fd); ++void vsf_sysutil_rcvtimeo(int fd); + void vsf_sysutil_set_iptos_throughput(int fd); + void vsf_sysutil_activate_reuseaddr(int fd); + void vsf_sysutil_set_nodelay(int fd); +-- +2.5.5 + diff --git a/vsftpd-3.0.2-mrate.patch b/vsftpd-3.0.2-mrate.patch new file mode 100644 index 0000000..a3622a2 --- /dev/null +++ b/vsftpd-3.0.2-mrate.patch @@ -0,0 +1,89 @@ +From 4700495a07fe9423c8411a018cde4de413407f42 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Fri, 8 Apr 2016 15:03:16 +0200 +Subject: [PATCH 2/7] vsftpd-3.0.2-mrate + +--- + ftpdataio.c | 14 +++++++------- + main.c | 2 +- + session.h | 3 ++- + 3 files changed, 10 insertions(+), 9 deletions(-) + +diff --git a/ftpdataio.c b/ftpdataio.c +index 3e4e9c9..00f9021 100644 +--- a/ftpdataio.c ++++ b/ftpdataio.c +@@ -249,7 +249,7 @@ handle_io(int retval, int fd, void* p_private) + { + long curr_sec; + long curr_usec; +- unsigned int bw_rate; ++ unsigned long bw_rate; + double elapsed; + double pause_time; + double rate_ratio; +@@ -276,19 +276,16 @@ handle_io(int retval, int fd, void* p_private) + { + elapsed = (double) 0.01; + } +- bw_rate = (unsigned int) ((double) retval / elapsed); +- if (bw_rate <= p_sess->bw_rate_max) ++ p_sess->bw_retval += retval; ++ bw_rate = (unsigned long) ((double) p_sess->bw_retval / elapsed); ++ if (bw_rate <= p_sess->bw_rate_max || p_sess->bw_retval < (unsigned long)(10*retval)) + { +- p_sess->bw_send_start_sec = curr_sec; +- p_sess->bw_send_start_usec = curr_usec; + return; + } + /* Tut! Rate exceeded, calculate a pause to bring things back into line */ + rate_ratio = (double) bw_rate / (double) p_sess->bw_rate_max; + pause_time = (rate_ratio - (double) 1) * elapsed; + vsf_sysutil_sleep(pause_time); +- p_sess->bw_send_start_sec = vsf_sysutil_get_time_sec(); +- p_sess->bw_send_start_usec = vsf_sysutil_get_time_usec(); + } + + int +@@ -441,6 +438,9 @@ struct vsf_transfer_ret + vsf_ftpdataio_transfer_file(struct vsf_session* p_sess, int remote_fd, + int file_fd, int is_recv, int is_ascii) + { ++ p_sess->bw_send_start_sec = vsf_sysutil_get_time_sec(); ++ p_sess->bw_send_start_usec = vsf_sysutil_get_time_usec(); ++ p_sess->bw_retval = 0; + if (!is_recv) + { + if (is_ascii || p_sess->data_use_ssl) +diff --git a/main.c b/main.c +index eaba265..f1e2f69 100644 +--- a/main.c ++++ b/main.c +@@ -40,7 +40,7 @@ main(int argc, const char* argv[]) + /* Control connection */ + 0, 0, 0, 0, 0, + /* Data connection */ +- -1, 0, -1, 0, 0, 0, 0, ++ -1, 0, -1, 0, 0, 0, 0, 0, + /* Login */ + 1, 0, INIT_MYSTR, INIT_MYSTR, + /* Protocol state */ +diff --git a/session.h b/session.h +index 956bfb7..3e8fdd5 100644 +--- a/session.h ++++ b/session.h +@@ -29,9 +29,10 @@ struct vsf_session + struct vsf_sysutil_sockaddr* p_port_sockaddr; + int data_fd; + int data_progress; +- unsigned int bw_rate_max; ++ unsigned long bw_rate_max; + long bw_send_start_sec; + long bw_send_start_usec; ++ unsigned long bw_retval; + + /* Details of the login */ + int is_anonymous; +-- +2.5.5 + diff --git a/vsftpd-3.0.2-seccomp.patch b/vsftpd-3.0.2-seccomp.patch new file mode 100644 index 0000000..ebf2a64 --- /dev/null +++ b/vsftpd-3.0.2-seccomp.patch @@ -0,0 +1,25 @@ +From dd86a1c28f11fa67b1263d5dc79fa9953629d30d Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Fri, 8 Apr 2016 15:03:16 +0200 +Subject: [PATCH 1/7] vsftpd-3.0.2-seccomp + +--- + tunables.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tunables.c b/tunables.c +index 93f85b1..b024be4 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -232,7 +232,7 @@ tunables_load_defaults() + tunable_isolate_network = 1; + tunable_ftp_enable = 1; + tunable_http_enable = 0; +- tunable_seccomp_sandbox = 1; ++ tunable_seccomp_sandbox = 0; + tunable_allow_writeable_chroot = 0; + + tunable_accept_timeout = 60; +-- +2.5.5 + diff --git a/vsftpd-3.0.2-wnohang.patch b/vsftpd-3.0.2-wnohang.patch new file mode 100644 index 0000000..a4dd4d1 --- /dev/null +++ b/vsftpd-3.0.2-wnohang.patch @@ -0,0 +1,79 @@ +From 1a14b13a1684f71ecfd5ed94b1aae7541b1a77a8 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Fri, 8 Apr 2016 15:03:16 +0200 +Subject: [PATCH 3/7] vsftpd-3.0.2-wnohang + +--- + sysutil.c | 4 ++-- + sysutil.h | 2 +- + twoprocess.c | 13 +++++++++++-- + 3 files changed, 14 insertions(+), 5 deletions(-) + +diff --git a/sysutil.c b/sysutil.c +index 6dfe350..61d9f28 100644 +--- a/sysutil.c ++++ b/sysutil.c +@@ -608,13 +608,13 @@ vsf_sysutil_exit(int exit_code) + } + + struct vsf_sysutil_wait_retval +-vsf_sysutil_wait(void) ++vsf_sysutil_wait(int hang) + { + struct vsf_sysutil_wait_retval retval; + vsf_sysutil_memclr(&retval, sizeof(retval)); + while (1) + { +- int sys_ret = wait(&retval.exit_status); ++ int sys_ret = waitpid(-1, &retval.exit_status, hang ? 0 : WNOHANG); + if (sys_ret < 0 && errno == EINTR) + { + vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0); +diff --git a/sysutil.h b/sysutil.h +index 26698cd..d341b5d 100644 +--- a/sysutil.h ++++ b/sysutil.h +@@ -178,7 +178,7 @@ struct vsf_sysutil_wait_retval + int PRIVATE_HANDS_OFF_syscall_retval; + int PRIVATE_HANDS_OFF_exit_status; + }; +-struct vsf_sysutil_wait_retval vsf_sysutil_wait(void); ++struct vsf_sysutil_wait_retval vsf_sysutil_wait(int hang); + int vsf_sysutil_wait_reap_one(void); + int vsf_sysutil_wait_get_retval( + const struct vsf_sysutil_wait_retval* p_waitret); +diff --git a/twoprocess.c b/twoprocess.c +index 33d84dc..b1891e7 100644 +--- a/twoprocess.c ++++ b/twoprocess.c +@@ -47,8 +47,17 @@ static void + handle_sigchld(void* duff) + { + +- struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait(); ++ struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait(0); + (void) duff; ++ if (!vsf_sysutil_wait_get_exitcode(&wait_retval) && ++ !vsf_sysutil_wait_get_retval(&wait_retval)) ++ /* There was nobody to wait for, possibly caused by underlying library ++ * which created a new process through fork()/vfork() and already picked ++ * it up, e.g. by pam_exec.so or integrity check routines for libraries ++ * when FIPS mode is on (nss freebl), which can lead to calling prelink ++ * if the prelink package is installed. ++ */ ++ return; + /* Child died, so we'll do the same! Report it as an error unless the child + * exited normally with zero exit code + */ +@@ -390,7 +399,7 @@ common_do_login(struct vsf_session* p_sess, const struct mystr* p_user_str, + priv_sock_send_result(p_sess->parent_fd, PRIV_SOCK_RESULT_OK); + if (!p_sess->control_use_ssl) + { +- (void) vsf_sysutil_wait(); ++ (void) vsf_sysutil_wait(1); + } + else + { +-- +2.5.5 + diff --git a/vsftpd.spec b/vsftpd.spec index d4fa0ce..a8e95be 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -3,7 +3,7 @@ Name: vsftpd Version: 3.0.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -65,6 +65,13 @@ Patch28: vsftpd-3.0.2-dh.patch Patch29: vsftpd-3.0.2-ecdh.patch Patch30: vsftpd-3.0.2-docupd.patch Patch31: vsftpd-3.0.2-rc450.patch +Patch32: vsftpd-3.0.2-seccomp.patch +Patch33: vsftpd-3.0.2-mrate.patch +Patch34: vsftpd-3.0.2-wnohang.patch +Patch35: vsftpd-3.0.2-del-upl.patch +Patch36: vsftpd-2.2.2-man-pages.patch +Patch37: vsftpd-2.2.2-blank-chars-overflow.patch +Patch38: vsftpd-2.2.2-syslog.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -101,6 +108,15 @@ cp %{SOURCE1} . %patch29 -p1 -b .ecdh %patch30 -p1 -b .docupd %patch31 -p1 -b .rc450 +%patch32 -p1 -b .seccomp +%patch33 -p1 -b .mrate +%patch34 -p1 -b .wnohang +%patch35 -p1 -b .del-upl +%patch36 -p1 -b .man_pages +%patch37 -p1 -b .blank-char-overflow +%patch38 -p1 -b .syslog + + %build %ifarch s390x sparcv9 sparc64 @@ -167,6 +183,18 @@ rm -rf $RPM_BUILD_ROOT %{_var}/ftp %changelog +* Fri Apr 08 2016 Martin Sehnoutka - 3.0.3-2 +- Applied patches: +- Readd seccomp disabled by default +- vsftpd local_max_rate option doesn't work as expected +- The vsftpd hangs in a SIGCHLD handler when the pam_exec.so is used in pam.d +- configuration +- The vsftpd doesn't remove failed upload when the delete_failed_uploads is +- enabled and the network cable is unplagged +- man pages bug +- vsftpd segfaults in vsf_sysutil_strndup +- Fix logging when syslog is used + * Thu Mar 17 2016 Martin Sehnoutka - 3.0.3-1 - Update to 3.0.3 version