Hello community,
here is the log from the commit of package vsftpd for openSUSE:11.2
checked in at Tue Mar 8 13:48:28 CET 2011.
--------
--- old-versions/11.2/UPDATES/all/vsftpd/vsftpd.changes 2010-02-08
14:53:53.000000000 +0100
+++ 11.2/vsftpd/vsftpd.changes 2011-03-08 09:27:11.000000000 +0100
@@ -1,0 +2,5 @@
+Tue Mar 8 08:26:37 UTC 2011 - mvysko...@suse.cz
+
+- fix bnc#676259 - VUL-0: vsftpd DoS
+
+-------------------------------------------------------------------
calling whatdependson for 11.2-i586
New:
----
vsftpd-2.0.7-excessive-cpu-usage.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ vsftpd.spec ++++++
--- /var/tmp/diff_new_pack.5rJmmn/_old 2011-03-08 13:47:58.000000000 +0100
+++ /var/tmp/diff_new_pack.5rJmmn/_new 2011-03-08 13:47:58.000000000 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package vsftpd (Version 2.0.7)
+# spec file for package vsftpd
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
BuildRequires: libcap-devel
%endif
Version: 2.0.7
-Release: 5.<RELEASE2>
+Release: 5.<RELEASE4>
Summary: Very Secure FTP Daemon - Written from Scratch
License: GPLv2+
Group: Productivity/Networking/Ftp/Servers
@@ -51,6 +51,7 @@
Patch10: %name-2.0.6-write_race.patch
#fix connection issues with ipv6-link local address (bnc#574366)
Patch11: %name-2.0.6-use-ipv6-scope-id.patch
+Patch12: vsftpd-2.0.7-excessive-cpu-usage.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: ftp-server
PreReq: %insserv_prereq /usr/sbin/useradd
@@ -86,6 +87,7 @@
%patch10
%patch
%patch11 -p1
+%patch12 -p1
%build
rm -f dummyinc/sys/capability.h
++++++ vsftpd-2.0.7-excessive-cpu-usage.patch ++++++
Index: vsftpd-2.0.7/access.c
===================================================================
--- vsftpd-2.0.7.orig/access.c 2008-02-02 02:30:41.000000000 +0100
+++ vsftpd-2.0.7/access.c 2011-03-07 15:47:30.879484659 +0100
@@ -16,6 +16,7 @@
vsf_access_check_file(const struct mystr* p_filename_str)
{
static struct mystr s_access_str;
+ unsigned int iters = 0;
if (!tunable_deny_file)
{
@@ -25,7 +26,7 @@
{
str_alloc_text(&s_access_str, tunable_deny_file);
}
- if (vsf_filename_passes_filter(p_filename_str, &s_access_str))
+ if (vsf_filename_passes_filter(p_filename_str, &s_access_str, &iters))
{
return 0;
}
@@ -45,6 +46,7 @@
vsf_access_check_file_visible(const struct mystr* p_filename_str)
{
static struct mystr s_access_str;
+ unsigned int iters = 0;
if (!tunable_hide_file)
{
@@ -54,7 +56,7 @@
{
str_alloc_text(&s_access_str, tunable_hide_file);
}
- if (vsf_filename_passes_filter(p_filename_str, &s_access_str))
+ if (vsf_filename_passes_filter(p_filename_str, &s_access_str, &iters))
{
return 0;
}
Index: vsftpd-2.0.7/defs.h
===================================================================
--- vsftpd-2.0.7.orig/defs.h 2008-02-02 02:30:41.000000000 +0100
+++ vsftpd-2.0.7/defs.h 2011-03-07 15:47:30.880484698 +0100
@@ -10,6 +10,7 @@
#define VSFTP_MAX_COMMAND_LINE 4096
#define VSFTP_DATA_BUFSIZE 65536
#define VSFTP_DIR_BUFSIZE 16384
+#define VSFTP_MATCHITERS_MAX 1000
#define VSFTP_PATH_MAX 4096
#define VSFTP_CONF_FILE_MAX 100000
#define VSFTP_LISTEN_BACKLOG 32
Index: vsftpd-2.0.7/ftpdataio.c
===================================================================
--- vsftpd-2.0.7.orig/ftpdataio.c 2008-07-29 06:54:55.000000000 +0200
+++ vsftpd-2.0.7/ftpdataio.c 2011-03-07 15:49:09.341347358 +0100
@@ -104,7 +104,6 @@
if (!vsf_sysutil_sockaddr_addr_equal(p_sess->p_remote_addr, p_accept_addr))
{
vsf_cmdio_write(p_sess, FTP_BADSENDCONN, "Security: Bad IP connecting.");
- vsf_sysutil_close(remote_fd);
vsf_sysutil_sockaddr_clear(&p_accept_addr);
return -1;
}
@@ -346,6 +345,7 @@
if (retval != 0)
{
failed = 1;
+ vsf_sysutil_closedir(p_subdir);
break;
}
retval = transfer_dir_internal(p_sess, is_control, p_subdir, &sub_str,
Index: vsftpd-2.0.7/ls.c
===================================================================
--- vsftpd-2.0.7.orig/ls.c 2008-02-02 02:30:41.000000000 +0100
+++ vsftpd-2.0.7/ls.c 2011-03-07 15:47:30.924486425 +0100
@@ -9,6 +9,7 @@
#include "ls.h"
#include "access.h"
+#include "defs.h"
#include "str.h"
#include "strlist.h"
#include "sysstr.h"
@@ -116,7 +117,9 @@
/* If we have an ls option which is a filter, apply it */
if (!str_isempty(p_filter_str))
{
- if (!vsf_filename_passes_filter(&s_next_filename_str, p_filter_str))
+ unsigned int iters = 0;
+ if (!vsf_filename_passes_filter(&s_next_filename_str, p_filter_str,
+ &iters))
{
continue;
}
@@ -215,7 +218,8 @@
int
vsf_filename_passes_filter(const struct mystr* p_filename_str,
- const struct mystr* p_filter_str)
+ const struct mystr* p_filter_str,
+ unsigned int* iters)
{
/* A simple routine to match a filename against a pattern.
* This routine is used instead of e.g. fnmatch(3), because we should be
@@ -242,12 +246,13 @@
str_copy(&filter_remain_str, p_filter_str);
str_copy(&name_remain_str, p_filename_str);
- while (!str_isempty(&filter_remain_str))
+ while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
{
static struct mystr s_match_needed_str;
/* Locate next special token */
struct str_locate_result locate_result =
str_locate_chars(&filter_remain_str, "*?{");
+ (*iters)++;
/* Isolate text leading up to token (if any) - needs to be matched */
if (locate_result.found)
{
@@ -311,7 +316,8 @@
{
str_copy(&new_filter_str, &brace_list_str);
str_append_str(&new_filter_str, &filter_remain_str);
- if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str))
+ if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str,
+ iters))
{
ret = 1;
goto out;
@@ -347,6 +353,9 @@
}
/* OK, a match */
ret = 1;
+ if (*iters == VSFTP_MATCHITERS_MAX) {
+ ret = 0;
+ }
out:
str_free(&filter_remain_str);
str_free(&name_remain_str);
Index: vsftpd-2.0.7/ls.h
===================================================================
--- vsftpd-2.0.7.orig/ls.h 2008-02-02 02:30:41.000000000 +0100
+++ vsftpd-2.0.7/ls.h 2011-03-07 15:47:30.974488386 +0100
@@ -35,11 +35,14 @@
* PARAMETERS
* p_filename_str - the filename to match
* p_filter_str - the filter to match against
+ * iters - pointer to a zero-seeded int which prevents the match
+ * loop from running an excessive number of times
* RETURNS
* Returns 1 if there is a match, 0 otherwise.
*/
int vsf_filename_passes_filter(const struct mystr* p_filename_str,
- const struct mystr* p_filter_str);
+ const struct mystr* p_filter_str,
+ unsigned int* iters);
#endif /* VSF_LS_H */
Index: vsftpd-2.0.7/sysutil.c
===================================================================
--- vsftpd-2.0.7.orig/sysutil.c 2011-03-07 15:47:09.000000000 +0100
+++ vsftpd-2.0.7/sysutil.c 2011-03-07 15:47:30.991489054 +0100
@@ -1976,7 +1976,7 @@
static struct vsf_sysutil_sockaddr* s_p_sockaddr;
vsf_sysutil_sockaddr_alloc_ipv4(&s_p_sockaddr);
vsf_sysutil_memcpy(&s_p_sockaddr->u.u_sockaddr_in.sin_addr, p_raw,
- sizeof(&s_p_sockaddr->u.u_sockaddr_in.sin_addr));
+ sizeof(s_p_sockaddr->u.u_sockaddr_in.sin_addr));
vsf_sysutil_memcpy(&p_sockptr->u.u_sockaddr_in6.sin6_addr,
vsf_sysutil_sockaddr_ipv4_v6(s_p_sockaddr),
sizeof(p_sockptr->u.u_sockaddr_in6.sin6_addr));
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
