Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame] | 1 | From b756444854c5ab3b1284fd7113043fe8860e99ec Mon Sep 17 00:00:00 2001 |
| 2 | From: Roy Li <rongqing.li@windriver.com> |
| 3 | Date: Fri, 24 Apr 2015 09:36:48 +0800 |
| 4 | Subject: [PATCH] Fix the CVE-2015-1419 |
Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame] | 5 | |
| 6 | Upstream-Status: Pending |
| 7 | |
| 8 | Try to fix deny_file parsing to do more what is expected. Taken |
| 9 | from fedora. CVE-2015-1419 |
| 10 | |
| 11 | ftp://195.220.108.108/linux/fedora/linux/development/rawhide/source/SRPMS/v/vsftpd-3.0.2-13.fc22.src.rpm |
| 12 | |
| 13 | Signed-off-by: Roy Li <rongqing.li@windriver.com> |
| 14 | |
Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame] | 15 | --- |
| 16 | ls.c | 26 ++++++++++++++++++++++++-- |
| 17 | str.c | 11 +++++++++++ |
| 18 | str.h | 1 + |
| 19 | 3 files changed, 36 insertions(+), 2 deletions(-) |
| 20 | |
| 21 | diff --git a/ls.c b/ls.c |
| 22 | index 7e1376d..e9302dd 100644 |
| 23 | --- a/ls.c |
| 24 | +++ b/ls.c |
| 25 | @@ -246,9 +246,31 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, |
Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame] | 26 | int ret = 0; |
| 27 | char last_token = 0; |
| 28 | int must_match_at_current_pos = 1; |
| 29 | + |
| 30 | + |
| 31 | str_copy(&filter_remain_str, p_filter_str); |
| 32 | - str_copy(&name_remain_str, p_filename_str); |
| 33 | - |
| 34 | + |
| 35 | + if (!str_isempty (&filter_remain_str) && !str_isempty(p_filename_str)) { |
| 36 | + if (str_get_char_at(p_filter_str, 0) == '/') { |
| 37 | + if (str_get_char_at(p_filename_str, 0) != '/') { |
| 38 | + str_getcwd (&name_remain_str); |
| 39 | + |
| 40 | + if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */ |
| 41 | + str_append_char (&name_remain_str, '/'); |
| 42 | + |
| 43 | + str_append_str (&name_remain_str, p_filename_str); |
| 44 | + } |
| 45 | + else |
| 46 | + str_copy (&name_remain_str, p_filename_str); |
| 47 | + } else { |
| 48 | + if (str_get_char_at(p_filter_str, 0) != '{') |
| 49 | + str_basename (&name_remain_str, p_filename_str); |
| 50 | + else |
| 51 | + str_copy (&name_remain_str, p_filename_str); |
| 52 | + } |
| 53 | + } else |
| 54 | + str_copy(&name_remain_str, p_filename_str); |
| 55 | + |
| 56 | while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX) |
| 57 | { |
| 58 | static struct mystr s_match_needed_str; |
Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame] | 59 | diff --git a/str.c b/str.c |
| 60 | index 6596204..ba4b92a 100644 |
| 61 | --- a/str.c |
| 62 | +++ b/str.c |
| 63 | @@ -711,3 +711,14 @@ str_replace_unprintable(struct mystr* p_str, char new_char) |
Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame] | 64 | } |
| 65 | } |
| 66 | |
| 67 | +void |
| 68 | +str_basename (struct mystr* d_str, const struct mystr* path) |
| 69 | +{ |
| 70 | + static struct mystr tmp; |
| 71 | + |
| 72 | + str_copy (&tmp, path); |
| 73 | + str_split_char_reverse(&tmp, d_str, '/'); |
| 74 | + |
| 75 | + if (str_isempty(d_str)) |
| 76 | + str_copy (d_str, path); |
| 77 | +} |
Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame] | 78 | diff --git a/str.h b/str.h |
| 79 | index ab0a9a4..3a21b50 100644 |
| 80 | --- a/str.h |
| 81 | +++ b/str.h |
| 82 | @@ -100,6 +100,7 @@ void str_replace_unprintable(struct mystr* p_str, char new_char); |
Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame] | 83 | int str_atoi(const struct mystr* p_str); |
| 84 | filesize_t str_a_to_filesize_t(const struct mystr* p_str); |
| 85 | unsigned int str_octal_to_uint(const struct mystr* p_str); |
| 86 | +void str_basename (struct mystr* d_str, const struct mystr* path); |
| 87 | |
| 88 | /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string |
| 89 | * buffer, starting at character position 'p_pos'. The extracted line will |