[SCM] proftpd-dfsg branch, squeeze, updated. debian/1.3.3a-6-4-g7983468

Mon Mar 21 22:12:04 UTC 2011

The following commit has been merged in the squeeze branch:
commit 79834685f140cf7827e06703725b52aa2c06061b
Author: Francesco Paolo Lovergine <frankie at debian.org>
Date:   Mon Mar 21 22:47:30 2011 +0100

    Fixed security issue as in #3624 about mod_tls

diff --git a/debian/changelog b/debian/changelog
index 80167b3..9baab95 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+proftpd-dfsg (1.3.3a-6squeeze2) stable-security; urgency=high
+
+  * [SECURITY] 3624.dpatch This patch fixes the issue by causing mod_tls to
+    clear the buffers of any data received from the client, once the SSL/TLS 
+    handshake has succeded. This is similar to CVE-2011-0411.
+
+ -- Francesco Paolo Lovergine <frankie at debian.org>  Mon, 21 Mar 2011 22:38:35 +0100
+
 proftpd-dfsg (1.3.3a-6squeeze1) stable-security; urgency=high
 
   * [SECURITY] CVE-2011-1137: mod_sftp behaves badly when receiving badly
diff --git a/debian/patches/00list b/debian/patches/00list
index 4a7bc87..ebeaa63 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -19,3 +19,4 @@ mod_vroot
 3521
 3536
 CVE-2011-1137
+3624
diff --git a/debian/patches/3624.dpatch b/debian/patches/3624.dpatch
new file mode 100755
index 0000000..9e4c492
--- /dev/null
+++ b/debian/patches/3624.dpatch
@@ -0,0 +1,49 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 3624.dpatch by Francesco Paolo Lovergine <frankie at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' proftpd-dfsg~/contrib/mod_tls.c proftpd-dfsg/contrib/mod_tls.c
+--- proftpd-dfsg~/contrib/mod_tls.c	2011-03-21 22:21:16.000000000 +0100
++++ proftpd-dfsg/contrib/mod_tls.c	2011-03-21 22:25:15.000000000 +0100
+@@ -61,7 +61,7 @@
+ # include <sys/mman.h>
+ #endif
+ 
+-#define MOD_TLS_VERSION		"mod_tls/2.4.1"
++#define MOD_TLS_VERSION		"mod_tls/2.4.2"
+ 
+ /* Make sure the version of proftpd is as necessary. */
+ #if PROFTPD_VERSION_NUMBER < 0x0001021001 
+@@ -2758,11 +2758,29 @@
+ 
+   /* Stash the SSL object in the pointers of the correct NetIO streams. */
+   if (conn == session.c) {
++    pr_buffer_t *strm_buf;
++
+     ctrl_ssl = ssl;
+     tls_ctrl_rd_nstrm->strm_data = tls_ctrl_wr_nstrm->strm_data = (void *) ssl;
+ 
++    /* Clear any data from the NetIO stream buffers which may have been read
++     * in before the SSL/TLS handshake occurred (Bug#3624).
++     */
++    strm_buf = tls_ctrl_rd_nstrm->strm_buf;
++    strm_buf->current = NULL;
++    strm_buf->remaining = strm_buf->buflen;
++
+   } else if (conn == session.d) {
++    pr_buffer_t *strm_buf;
++
+     tls_data_rd_nstrm->strm_data = tls_data_wr_nstrm->strm_data = (void *) ssl;
++
++    /* Clear any data from the NetIO stream buffers which may have been read
++     * in before the SSL/TLS handshake occurred (Bug#3624).
++     */
++    strm_buf = tls_data_rd_nstrm->strm_buf;
++    strm_buf->current = NULL;
++    strm_buf->remaining = strm_buf->buflen;
+   }
+ 
+ #if OPENSSL_VERSION_NUMBER == 0x009080cfL

-- 
ProFTPD core package

