meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.5/vsftpd-2.1.0-filter.patch - openbmc/openbmc - Gitiles

 From b756444854c5ab3b1284fd7113043fe8860e99ec Mon Sep 17 00:00:00 2001
 From: Roy Li <rongqing.li@windriver.com>
 Date: Fri, 24 Apr 2015 09:36:48 +0800
 Subject: [PATCH] Fix the CVE-2015-1419

 Upstream-Status: Pending

 Try to fix deny_file parsing to do more what is expected. Taken
 from fedora. CVE-2015-1419

 ftp://195.220.108.108/linux/fedora/linux/development/rawhide/source/SRPMS/v/vsftpd-3.0.2-13.fc22.src.rpm

 Signed-off-by: Roy Li <rongqing.li@windriver.com>

 ---
  ls.c  | 26 ++++++++++++++++++++++++--
  str.c | 11 +++++++++++
  str.h |  1 +
  3 files changed, 36 insertions(+), 2 deletions(-)

 diff --git a/ls.c b/ls.c
 index 7e1376d..e9302dd 100644
 --- a/ls.c
 +++ b/ls.c
 @@ -246,9 +246,31 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str,
    int ret = 0;
    char last_token = 0;
    int must_match_at_current_pos = 1;
 +
 +
    str_copy(&filter_remain_str, p_filter_str);
 -  str_copy(&name_remain_str, p_filename_str);
 -
 +
 +  if (!str_isempty (&filter_remain_str) && !str_isempty(p_filename_str)) {
 +    if (str_get_char_at(p_filter_str, 0) == '/') {
 +      if (str_get_char_at(p_filename_str, 0) != '/') {
 +        str_getcwd (&name_remain_str);
 +
 +        if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
 +          str_append_char (&name_remain_str, '/');
 +
 +        str_append_str (&name_remain_str, p_filename_str);
 +      }
 +      else
 +       str_copy (&name_remain_str, p_filename_str);
 +    } else {
 +      if (str_get_char_at(p_filter_str, 0) != '{')
 +        str_basename (&name_remain_str, p_filename_str);
 +      else
 +        str_copy (&name_remain_str, p_filename_str);
 +    }
 +  } else
 +    str_copy(&name_remain_str, p_filename_str);
 +
    while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
    {
      static struct mystr s_match_needed_str;
 diff --git a/str.c b/str.c
 index 6596204..ba4b92a 100644
 --- a/str.c
 +++ b/str.c
 @@ -711,3 +711,14 @@ str_replace_unprintable(struct mystr* p_str, char new_char)
    }
  }

 +void
 +str_basename (struct mystr* d_str, const struct mystr* path)
 +{
 +  static struct mystr tmp;
 +
 +  str_copy (&tmp, path);
 +  str_split_char_reverse(&tmp, d_str, '/');
 +
 +  if (str_isempty(d_str))
 +   str_copy (d_str, path);
 +}
 diff --git a/str.h b/str.h
 index ab0a9a4..3a21b50 100644
 --- a/str.h
 +++ b/str.h
 @@ -100,6 +100,7 @@ void str_replace_unprintable(struct mystr* p_str, char new_char);
  int str_atoi(const struct mystr* p_str);
  filesize_t str_a_to_filesize_t(const struct mystr* p_str);
  unsigned int str_octal_to_uint(const struct mystr* p_str);
 +void str_basename (struct mystr* d_str, const struct mystr* path);

  /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string
   * buffer, starting at character position 'p_pos'. The extracted line will
	From b756444854c5ab3b1284fd7113043fe8860e99ec Mon Sep 17 00:00:00 2001
	From: Roy Li <rongqing.li@windriver.com>
	Date: Fri, 24 Apr 2015 09:36:48 +0800
	Subject: [PATCH] Fix the CVE-2015-1419

	Upstream-Status: Pending

	Try to fix deny_file parsing to do more what is expected. Taken
	from fedora. CVE-2015-1419

	ftp://195.220.108.108/linux/fedora/linux/development/rawhide/source/SRPMS/v/vsftpd-3.0.2-13.fc22.src.rpm

	Signed-off-by: Roy Li <rongqing.li@windriver.com>

	---
	ls.c \| 26 ++++++++++++++++++++++++--
	str.c \| 11 +++++++++++
	str.h \| 1 +
	3 files changed, 36 insertions(+), 2 deletions(-)

	diff --git a/ls.c b/ls.c
	index 7e1376d..e9302dd 100644
	--- a/ls.c
	+++ b/ls.c
	@@ -246,9 +246,31 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str,
	int ret = 0;
	char last_token = 0;
	int must_match_at_current_pos = 1;
	+
	+
	str_copy(&filter_remain_str, p_filter_str);
	- str_copy(&name_remain_str, p_filename_str);
	-
	+
	+ if (!str_isempty (&filter_remain_str) && !str_isempty(p_filename_str)) {
	+ if (str_get_char_at(p_filter_str, 0) == '/') {
	+ if (str_get_char_at(p_filename_str, 0) != '/') {
	+ str_getcwd (&name_remain_str);
	+
	+ if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
	+ str_append_char (&name_remain_str, '/');
	+
	+ str_append_str (&name_remain_str, p_filename_str);
	+ }
	+ else
	+ str_copy (&name_remain_str, p_filename_str);
	+ } else {
	+ if (str_get_char_at(p_filter_str, 0) != '{')
	+ str_basename (&name_remain_str, p_filename_str);
	+ else
	+ str_copy (&name_remain_str, p_filename_str);
	+ }
	+ } else
	+ str_copy(&name_remain_str, p_filename_str);
	+
	while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
	{
	static struct mystr s_match_needed_str;
	diff --git a/str.c b/str.c
	index 6596204..ba4b92a 100644
	--- a/str.c
	+++ b/str.c
	@@ -711,3 +711,14 @@ str_replace_unprintable(struct mystr* p_str, char new_char)
	}
	}

	+void
	+str_basename (struct mystr* d_str, const struct mystr* path)
	+{
	+ static struct mystr tmp;
	+
	+ str_copy (&tmp, path);
	+ str_split_char_reverse(&tmp, d_str, '/');
	+
	+ if (str_isempty(d_str))
	+ str_copy (d_str, path);
	+}
	diff --git a/str.h b/str.h
	index ab0a9a4..3a21b50 100644
	--- a/str.h
	+++ b/str.h
	@@ -100,6 +100,7 @@ void str_replace_unprintable(struct mystr* p_str, char new_char);
	int str_atoi(const struct mystr* p_str);
	filesize_t str_a_to_filesize_t(const struct mystr* p_str);
	unsigned int str_octal_to_uint(const struct mystr* p_str);
	+void str_basename (struct mystr* d_str, const struct mystr* path);

	/* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string
	* buffer, starting at character position 'p_pos'. The extracted line will