Package: vsftpd Version: 3.0.3-12 Severity: important Tags: patch The problem happens when compiling vsftpd without PAM (comment out #define VSF_BUILD_PAM in builddefs.h). If doing so, passwd and shadow is used. When using an correct local user but a wrong password a segmentation fault happens in function vsf_sysdep_check_auth() in file sysdeputil.c. If vsf_sysutil_strcmp in line 288 evaluates not to 0 (in case of a wrong password), it not will return 1 but will make the crypt with passwd field. But since there is an shadow item, the passwd item will have an "X". Therefore the crypt function will return NULL (with 'X' as salt) and therefore the vsf_sysutil_strcmp in line 301 will produce an segmenetation fault.
The fix is is that after the if in line 288 there should be an else with return 0. Additionally there could be added NULL checks for p_crypted in line 288 and 301 before using strcmp. i.A. Daniel Frey M.Sc. Informatik Software-Architekt NewTec GmbH Heinrich-von-Stephan-Straße 8 79100 Freiburg Telefon: +49 (0) 761 21117-353 Telefax: +49 (0) 761 21117-41 Email: daniel.f...@newtec.de<mailto:daniel.f...@newtec.de> Web: www.newtec.de<http://www.newtec.de/> ---------------------------------------------------------------- Geschäftsführer: Frank Haberbosch, Harald Molle, Ulrich Schwer, Michael Tröscher, Johannes Werbach, Matthias Wolbert Registergericht Memmingen - HRB 7236 USt.-IdNr. DE130850199 ----------------------------------------------------------------
vsftpd-3.0.3_segfault_wrongpassword.patch
Description: vsftpd-3.0.3_segfault_wrongpassword.patch
