rpms/vsftpd
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Applied patches:

Browse Source 
- Readd seccomp disabled by default
- vsftpd local_max_rate option doesn't work as expected
- The vsftpd hangs in a SIGCHLD handler when the pam_exec.so is used in pam.d
- configuration
- The vsftpd doesn't remove failed upload when the delete_failed_uploads is
- enabled and the network cable is unplagged
- man pages bug
- vsftpd segfaults in vsf_sysutil_strndup
- Fix logging when syslog is used
This commit is contained in:
Martin Sehnoutka 2016-04-08 15:10:28 +02:00
parent 38e56d8e28
commit 8d113be502
8 changed files with 434 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
vsftpd-2.2.2-blank-chars-overflow.patch Normal file
View File

@ -0,0 +1,25 @@
From c7cbcc64c824d1a2a60f8d81c26d5c8215463623 Mon Sep 17 00:00:00 2001
From: Martin Sehnoutka <msehnout@redhat.com>
Date: Fri, 8 Apr 2016 15:05:06 +0200
Subject: [PATCH 6/7] vsftpd-2.2.2-blank-chars-overflow
---
str.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/str.c b/str.c
index 41b27db..82b8ae4 100644
--- a/str.c
+++ b/str.c
@@ -113,7 +113,7 @@ str_strdup_trimmed(const struct mystr* p_str)
for (h = 0; h < (int)str_getlen(p_str) && vsf_sysutil_isspace(p_trimmed[h]); h++) ;
for (t = str_getlen(p_str) - 1; t >= 0 && vsf_sysutil_isspace(p_trimmed[t]); t--) ;
newlen = t - h + 1;
- return newlen ? vsf_sysutil_strndup(p_trimmed+h, (unsigned int)newlen) : 0L;
+ return (newlen > 0) ? vsf_sysutil_strndup(p_trimmed+h, (unsigned int)newlen) : 0L;
}
void
--
2.5.5

26
vsftpd-2.2.2-man-pages.patch Normal file
View File

@ -0,0 +1,26 @@
From ab49bde79f81a422629210c23ccc83bc4e14ad2a Mon Sep 17 00:00:00 2001
From: Martin Sehnoutka <msehnout@redhat.com>
Date: Fri, 8 Apr 2016 15:03:16 +0200
Subject: [PATCH 5/7] vsftpd-2.2.2-man-pages
---
vsftpd.conf.5 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/vsftpd.conf.5 b/vsftpd.conf.5
index 7a8f130..45cd3c0 100644
--- a/vsftpd.conf.5
+++ b/vsftpd.conf.5
@@ -495,7 +495,8 @@ Default: NO
.TP
.B ssl_request_cert
If enabled, vsftpd will request (but not necessarily require; see
-.BR require_cert) a certificate on incoming SSL connections. Normally this
+.BR require_cert )
+a certificate on incoming SSL connections. Normally this
should not cause any trouble at all, but IBM zOS seems to have issues.
(New in v2.0.7).
--
2.5.5

25
vsftpd-2.2.2-syslog.patch Normal file
View File

@ -0,0 +1,25 @@
From a480a9659fb0cab1c44006f6c06013e6e7f78948 Mon Sep 17 00:00:00 2001
From: Martin Sehnoutka <msehnout@redhat.com>
Date: Fri, 8 Apr 2016 15:05:53 +0200
Subject: [PATCH 7/7] vsftpd-2.2.2-syslog
---
logging.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/logging.c b/logging.c
index 99671b4..c4461f7 100644
--- a/logging.c
+++ b/logging.c
@@ -32,7 +32,7 @@ vsf_log_init(struct vsf_session* p_sess)
{
if (tunable_syslog_enable || tunable_tcp_wrappers)
{
- vsf_sysutil_openlog(1);
+ vsf_sysutil_openlog(0);
}
if (!tunable_xferlog_enable && !tunable_dual_log_enable)
{
--
2.5.5

136
vsftpd-3.0.2-del-upl.patch Normal file
View File

@ -0,0 +1,136 @@
From 9be8a4188420bba2075eacf9aea8fa26b6ebdcc5 Mon Sep 17 00:00:00 2001
From: Martin Sehnoutka <msehnout@redhat.com>
Date: Fri, 8 Apr 2016 15:03:16 +0200
Subject: [PATCH 4/7] vsftpd-3.0.2-del-upl
---
ftpcodes.h | 3 ++-
ftpdataio.c | 8 ++++++++
main.c | 2 +-
postlogin.c | 9 ++++++++-
session.h | 1 +
sysutil.c | 10 ++++++++++
sysutil.h | 1 +
7 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/ftpcodes.h b/ftpcodes.h
index 3950f92..97801f3 100644
--- a/ftpcodes.h
+++ b/ftpcodes.h
@@ -15,7 +15,8 @@
#define FTP_PBSZOK 200
#define FTP_PROTOK 200
#define FTP_OPTSOK 200
-#define FTP_ALLOOK 202
+#define FTP_ALLOOK 200
+#define FTP_ALLOIGN 202
#define FTP_FEAT 211
#define FTP_STATOK 211
#define FTP_SIZEOK 213
diff --git a/ftpdataio.c b/ftpdataio.c
index 00f9021..c859d80 100644
--- a/ftpdataio.c
+++ b/ftpdataio.c
@@ -242,6 +242,10 @@ init_data_sock_params(struct vsf_session* p_sess, int sock_fd)
/* Start the timeout monitor */
vsf_sysutil_install_io_handler(handle_io, p_sess);
start_data_alarm(p_sess);
+ if(tunable_delete_failed_uploads)
+ {
+ vsf_sysutil_rcvtimeo(sock_fd);
+ }
}
static void
@@ -615,6 +619,10 @@ do_file_recv(struct vsf_session* p_sess, int file_fd, int is_ascii)
else if (retval == 0 && !prev_cr)
{
/* Transfer done, nifty */
+ if (tunable_delete_failed_uploads &&
+ !is_ascii && p_sess->upload_size > 0 &&
+ p_sess->upload_size != ret_struct.transferred)
+ ret_struct.retval = -2;
return ret_struct;
}
num_to_write = (unsigned int) retval;
diff --git a/main.c b/main.c
index f1e2f69..f039081 100644
--- a/main.c
+++ b/main.c
@@ -44,7 +44,7 @@ main(int argc, const char* argv[])
/* Login */
1, 0, INIT_MYSTR, INIT_MYSTR,
/* Protocol state */
- 0, 1, INIT_MYSTR, 0, 0,
+ 0, 0, 1, INIT_MYSTR, 0, 0,
/* HTTP hacks */
0, INIT_MYSTR,
/* Session state */
diff --git a/postlogin.c b/postlogin.c
index 154c16a..8363c9c 100644
--- a/postlogin.c
+++ b/postlogin.c
@@ -358,7 +358,14 @@ process_post_login(struct vsf_session* p_sess)
}
else if (str_equal_text(&p_sess->ftp_cmd_str, "ALLO"))
{
- vsf_cmdio_write(p_sess, FTP_ALLOOK, "ALLO command ignored.");
+ if (tunable_delete_failed_uploads && !p_sess->is_ascii)
+ {
+ p_sess->upload_size = (filesize_t)vsf_sysutil_atoi(str_getbuf(&p_sess->ftp_cmd_str)+5);
+ vsf_cmdio_write(p_sess, FTP_ALLOOK, "The filesize has been allocated.");
+ }
+ else {
+ vsf_cmdio_write(p_sess, FTP_ALLOIGN, "ALLO command ignored.");
+ }
}
else if (str_equal_text(&p_sess->ftp_cmd_str, "REIN"))
{
diff --git a/session.h b/session.h
index 3e8fdd5..4eccf46 100644
--- a/session.h
+++ b/session.h
@@ -41,6 +41,7 @@ struct vsf_session
struct mystr anon_pass_str;
/* Details of the FTP protocol state */
+ filesize_t upload_size;
filesize_t restart_pos;
int is_ascii;
struct mystr rnfr_filename_str;
diff --git a/sysutil.c b/sysutil.c
index 61d9f28..3c4a337 100644
--- a/sysutil.c
+++ b/sysutil.c
@@ -681,6 +681,16 @@ vsf_sysutil_activate_keepalive(int fd)
}
void
+vsf_sysutil_rcvtimeo(int fd)
+{
+ struct timeval tv;
+
+ tv.tv_sec = tunable_data_connection_timeout;
+ tv.tv_usec = 0;
+ setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(struct timeval));
+}
+
+void
vsf_sysutil_activate_reuseaddr(int fd)
{
int reuseaddr = 1;
diff --git a/sysutil.h b/sysutil.h
index d341b5d..be727f5 100644
--- a/sysutil.h
+++ b/sysutil.h
@@ -267,6 +267,7 @@ void vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr,
const char* p_name);
/* Option setting on sockets */
void vsf_sysutil_activate_keepalive(int fd);
+void vsf_sysutil_rcvtimeo(int fd);
void vsf_sysutil_set_iptos_throughput(int fd);
void vsf_sysutil_activate_reuseaddr(int fd);
void vsf_sysutil_set_nodelay(int fd);
--
2.5.5

89
vsftpd-3.0.2-mrate.patch Normal file
View File

@ -0,0 +1,89 @@
From 4700495a07fe9423c8411a018cde4de413407f42 Mon Sep 17 00:00:00 2001
From: Martin Sehnoutka <msehnout@redhat.com>
Date: Fri, 8 Apr 2016 15:03:16 +0200
Subject: [PATCH 2/7] vsftpd-3.0.2-mrate
---
ftpdataio.c | 14 +++++++-------
main.c | 2 +-
session.h | 3 ++-
3 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/ftpdataio.c b/ftpdataio.c
index 3e4e9c9..00f9021 100644
--- a/ftpdataio.c
+++ b/ftpdataio.c
@@ -249,7 +249,7 @@ handle_io(int retval, int fd, void* p_private)
{
long curr_sec;
long curr_usec;
- unsigned int bw_rate;
+ unsigned long bw_rate;
double elapsed;
double pause_time;
double rate_ratio;
@@ -276,19 +276,16 @@ handle_io(int retval, int fd, void* p_private)
{
elapsed = (double) 0.01;
}
- bw_rate = (unsigned int) ((double) retval / elapsed);
- if (bw_rate <= p_sess->bw_rate_max)
+ p_sess->bw_retval += retval;
+ bw_rate = (unsigned long) ((double) p_sess->bw_retval / elapsed);
+ if (bw_rate <= p_sess->bw_rate_max || p_sess->bw_retval < (unsigned long)(10*retval))
{
- p_sess->bw_send_start_sec = curr_sec;
- p_sess->bw_send_start_usec = curr_usec;
return;
}
/* Tut! Rate exceeded, calculate a pause to bring things back into line */
rate_ratio = (double) bw_rate / (double) p_sess->bw_rate_max;
pause_time = (rate_ratio - (double) 1) * elapsed;
vsf_sysutil_sleep(pause_time);
- p_sess->bw_send_start_sec = vsf_sysutil_get_time_sec();
- p_sess->bw_send_start_usec = vsf_sysutil_get_time_usec();
}
int
@@ -441,6 +438,9 @@ struct vsf_transfer_ret
vsf_ftpdataio_transfer_file(struct vsf_session* p_sess, int remote_fd,
int file_fd, int is_recv, int is_ascii)
{
+ p_sess->bw_send_start_sec = vsf_sysutil_get_time_sec();
+ p_sess->bw_send_start_usec = vsf_sysutil_get_time_usec();
+ p_sess->bw_retval = 0;
if (!is_recv)
{
if (is_ascii || p_sess->data_use_ssl)
diff --git a/main.c b/main.c
index eaba265..f1e2f69 100644
--- a/main.c
+++ b/main.c
@@ -40,7 +40,7 @@ main(int argc, const char* argv[])
/* Control connection */
0, 0, 0, 0, 0,
/* Data connection */
- -1, 0, -1, 0, 0, 0, 0,
+ -1, 0, -1, 0, 0, 0, 0, 0,
/* Login */
1, 0, INIT_MYSTR, INIT_MYSTR,
/* Protocol state */
diff --git a/session.h b/session.h
index 956bfb7..3e8fdd5 100644
--- a/session.h
+++ b/session.h
@@ -29,9 +29,10 @@ struct vsf_session
struct vsf_sysutil_sockaddr* p_port_sockaddr;
int data_fd;
int data_progress;
- unsigned int bw_rate_max;
+ unsigned long bw_rate_max;
long bw_send_start_sec;
long bw_send_start_usec;
+ unsigned long bw_retval;
/* Details of the login */
int is_anonymous;
--
2.5.5

25
vsftpd-3.0.2-seccomp.patch Normal file
View File

@ -0,0 +1,25 @@
From dd86a1c28f11fa67b1263d5dc79fa9953629d30d Mon Sep 17 00:00:00 2001
From: Martin Sehnoutka <msehnout@redhat.com>
Date: Fri, 8 Apr 2016 15:03:16 +0200
Subject: [PATCH 1/7] vsftpd-3.0.2-seccomp
---
tunables.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tunables.c b/tunables.c
index 93f85b1..b024be4 100644
--- a/tunables.c
+++ b/tunables.c
@@ -232,7 +232,7 @@ tunables_load_defaults()
tunable_isolate_network = 1;
tunable_ftp_enable = 1;
tunable_http_enable = 0;
- tunable_seccomp_sandbox = 1;
+ tunable_seccomp_sandbox = 0;
tunable_allow_writeable_chroot = 0;
tunable_accept_timeout = 60;
--
2.5.5

79
vsftpd-3.0.2-wnohang.patch Normal file
View File

@ -0,0 +1,79 @@
From 1a14b13a1684f71ecfd5ed94b1aae7541b1a77a8 Mon Sep 17 00:00:00 2001
From: Martin Sehnoutka <msehnout@redhat.com>
Date: Fri, 8 Apr 2016 15:03:16 +0200
Subject: [PATCH 3/7] vsftpd-3.0.2-wnohang
---
sysutil.c | 4 ++--
sysutil.h | 2 +-
twoprocess.c | 13 +++++++++++--
3 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/sysutil.c b/sysutil.c
index 6dfe350..61d9f28 100644
--- a/sysutil.c
+++ b/sysutil.c
@@ -608,13 +608,13 @@ vsf_sysutil_exit(int exit_code)
}
struct vsf_sysutil_wait_retval
-vsf_sysutil_wait(void)
+vsf_sysutil_wait(int hang)
{
struct vsf_sysutil_wait_retval retval;
vsf_sysutil_memclr(&retval, sizeof(retval));
while (1)
{
- int sys_ret = wait(&retval.exit_status);
+ int sys_ret = waitpid(-1, &retval.exit_status, hang ? 0 : WNOHANG);
if (sys_ret < 0 && errno == EINTR)
{
vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0);
diff --git a/sysutil.h b/sysutil.h
index 26698cd..d341b5d 100644
--- a/sysutil.h
+++ b/sysutil.h
@@ -178,7 +178,7 @@ struct vsf_sysutil_wait_retval
int PRIVATE_HANDS_OFF_syscall_retval;
int PRIVATE_HANDS_OFF_exit_status;
};
-struct vsf_sysutil_wait_retval vsf_sysutil_wait(void);
+struct vsf_sysutil_wait_retval vsf_sysutil_wait(int hang);
int vsf_sysutil_wait_reap_one(void);
int vsf_sysutil_wait_get_retval(
const struct vsf_sysutil_wait_retval* p_waitret);
diff --git a/twoprocess.c b/twoprocess.c
index 33d84dc..b1891e7 100644
--- a/twoprocess.c
+++ b/twoprocess.c
@@ -47,8 +47,17 @@ static void
handle_sigchld(void* duff)
{
- struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait();
+ struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait(0);
(void) duff;
+ if (!vsf_sysutil_wait_get_exitcode(&wait_retval) &&
+ !vsf_sysutil_wait_get_retval(&wait_retval))
+ /* There was nobody to wait for, possibly caused by underlying library
+ * which created a new process through fork()/vfork() and already picked
+ * it up, e.g. by pam_exec.so or integrity check routines for libraries
+ * when FIPS mode is on (nss freebl), which can lead to calling prelink
+ * if the prelink package is installed.
+ */
+ return;
/* Child died, so we'll do the same! Report it as an error unless the child
* exited normally with zero exit code
*/
@@ -390,7 +399,7 @@ common_do_login(struct vsf_session* p_sess, const struct mystr* p_user_str,
priv_sock_send_result(p_sess->parent_fd, PRIV_SOCK_RESULT_OK);
if (!p_sess->control_use_ssl)
{
- (void) vsf_sysutil_wait();
+ (void) vsf_sysutil_wait(1);
}
else
{
--
2.5.5

30
vsftpd.spec
View File

@ -3,7 +3,7 @@
Name: vsftpd
Version: 3.0.3
Release: 1%{?dist}
Release: 2%{?dist}
Summary: Very Secure Ftp Daemon
Group: System Environment/Daemons
@ -65,6 +65,13 @@ Patch28: vsftpd-3.0.2-dh.patch
Patch29: vsftpd-3.0.2-ecdh.patch
Patch30: vsftpd-3.0.2-docupd.patch
Patch31: vsftpd-3.0.2-rc450.patch
Patch32: vsftpd-3.0.2-seccomp.patch
Patch33: vsftpd-3.0.2-mrate.patch
Patch34: vsftpd-3.0.2-wnohang.patch
Patch35: vsftpd-3.0.2-del-upl.patch
Patch36: vsftpd-2.2.2-man-pages.patch
Patch37: vsftpd-2.2.2-blank-chars-overflow.patch
Patch38: vsftpd-2.2.2-syslog.patch
%description
vsftpd is a Very Secure FTP daemon. It was written completely from
@ -101,6 +108,15 @@ cp %{SOURCE1} .
%patch29 -p1 -b .ecdh
%patch30 -p1 -b .docupd
%patch31 -p1 -b .rc450
%patch32 -p1 -b .seccomp
%patch33 -p1 -b .mrate
%patch34 -p1 -b .wnohang
%patch35 -p1 -b .del-upl
%patch36 -p1 -b .man_pages
%patch37 -p1 -b .blank-char-overflow
%patch38 -p1 -b .syslog
%build
%ifarch s390x sparcv9 sparc64
@ -167,6 +183,18 @@ rm -rf $RPM_BUILD_ROOT
%{_var}/ftp
%changelog
* Fri Apr 08 2016 Martin Sehnoutka <msehnout@redhat.com> - 3.0.3-2
- Applied patches:
- Readd seccomp disabled by default
- vsftpd local_max_rate option doesn't work as expected
- The vsftpd hangs in a SIGCHLD handler when the pam_exec.so is used in pam.d
- configuration
- The vsftpd doesn't remove failed upload when the delete_failed_uploads is
- enabled and the network cable is unplagged
- man pages bug
- vsftpd segfaults in vsf_sysutil_strndup
- Fix logging when syslog is used
* Thu Mar 17 2016 Martin Sehnoutka <msehnout@redhat.com> - 3.0.3-1
- Update to 3.0.3 version