[SCM] proftpd-dfsg branch, master, updated. debian/1.3.3a-6-36-g547e5a5

Francesco Paolo Lovergine frankie at debian.org
Wed Mar 23 09:48:42 UTC 2011


The following commit has been merged in the master branch:
commit 547e5a59719267ca31439b5f03b9a737d90cf774
Author: Francesco Paolo Lovergine <frankie at debian.org>
Date:   Wed Mar 23 10:48:13 2011 +0100

    Added patch for security issue #3624

diff --git a/debian/changelog b/debian/changelog
index 9b9662f..2aac975 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -50,8 +50,11 @@ proftpd-dfsg (1.3.4~rc1+20110317-1) unstable; urgency=low
   * Moved ftp user home to /srv/ftp as used by other ftp servers.
   * Now ftp home and user are removed on purge (old or new one).
   * Removing the whole log directory on purge.
+  * [SECURITY,PATCH] 3624 This patch fixes the issue by causing mod_tls 
+    to clear the buffers of any data received from the client, once the SSL/TLS 
+    handshake has succeeded.
 
- -- Francesco Paolo Lovergine <frankie at debian.org>  Thu, 17 Mar 2011 13:09:12 +0100
+ -- Francesco Paolo Lovergine <frankie at debian.org>  Wed, 23 Mar 2011 09:56:33 +0100
 
 proftpd-dfsg (1.3.3d-4) unstable; urgency=high
 
diff --git a/debian/patches/3624 b/debian/patches/3624
new file mode 100644
index 0000000..56e0960
--- /dev/null
+++ b/debian/patches/3624
@@ -0,0 +1,44 @@
+Index: proftpd-dfsg/contrib/mod_tls.c
+===================================================================
+--- proftpd-dfsg.orig/contrib/mod_tls.c	2011-03-23 09:56:16.000000000 +0100
++++ proftpd-dfsg/contrib/mod_tls.c	2011-03-23 10:46:50.000000000 +0100
+@@ -3004,9 +3004,20 @@
+ 
+   /* Stash the SSL object in the pointers of the correct NetIO streams. */
+   if (conn == session.c) {
++    pr_buffer_t *strm_buf;
++
+     ctrl_ssl = ssl;
+     tls_ctrl_rd_nstrm->strm_data = tls_ctrl_wr_nstrm->strm_data = (void *) ssl;
+ 
++    /* Clear any data from the NetIO stream buffers which may have been read
++     * in before the SSL/TLS handshake occurred (Bug#3624).
++     */
++    strm_buf = tls_ctrl_rd_nstrm->strm_buf;
++    if (strm_buf != NULL) {
++      strm_buf->current = NULL;
++      strm_buf->remaining = strm_buf->buflen;
++    }
++
+ #if OPENSSL_VERSION_NUMBER >= 0x009080dfL
+     if (SSL_get_secure_renegotiation_support(ssl) == 1) {
+       /* If the peer indicates that it can support secure renegotiations,
+@@ -3018,7 +3029,18 @@
+ #endif /* OpenSSL 0.9.8m and later */
+ 
+   } else if (conn == session.d) {
++    pr_buffer_t *strm_buf;
++
+     tls_data_rd_nstrm->strm_data = tls_data_wr_nstrm->strm_data = (void *) ssl;
++
++    /* Clear any data from the NetIO stream buffers which may have been read
++     * in before the SSL/TLS handshake occurred (Bug#3624).
++     */
++    strm_buf = tls_data_rd_nstrm->strm_buf;
++    if (strm_buf != NULL) {
++      strm_buf->current = NULL;
++      strm_buf->remaining = strm_buf->buflen;
++    }
+   }
+ 
+ #if OPENSSL_VERSION_NUMBER == 0x009080cfL
diff --git a/debian/patches/series b/debian/patches/series
index 8c40ce7..ee929f3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ odbc
 mod_vroot
 silent
 use_hypen_in_manpage
+3624

-- 
ProFTPD core package



More information about the Pkg-proftpd-maintainers mailing list