Bug#759936: proftpd-mod-vroot: Module is broken because of erroneous function vroot_lookup_path
votdev
votdev at gmx.de
Sat Aug 30 21:35:09 UTC 2014
Package: proftpd-mod-vroot
Version: 0.9.2-2+b2
Severity: grave
The proftpd module mod_vroot is broken, because the alias string
processing is erroneous. The result of the function vroot_lookup_path
may look like this without the attached patch:
static int vroot_lstat(pr_fs_t *fs, const char *orig_path, struct stat
*st) {
...
if (vroot_lookup_path(NULL, vpath, sizeof(vpath)-1, path, 0, NULL) < 0) {
destroy_pool(tmp_pool);
return -1;
}
(void) pr_log_writefile(vroot_logfd, MOD_VROOT_VERSION, "(lstat) ==>
path '%s'", path);
(void) pr_log_writefile(vroot_logfd, MOD_VROOT_VERSION, "(lstat) ==>
vpath '%s'", vpath);
if ((vroot_opts & VROOT_OPT_ALLOW_SYMLINKS) ||
vroot_is_alias(path) == 0) {
...
)
Aug 22 21:06:18 mod_vroot/0.9.2[8919]: (lstat) ==> path '/folder1/test.sh'
Aug 22 21:06:18 mod_vroot/0.9.2[8919]: (lstat) ==> vpath
'/media/b464f0f6-0ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/ebc-426f-b5cf-4f4324ccf906/folder1/eb
Using the following patch makes the module working. The code changes has
been taken from the original GIT
repositoryhttps://github.com/Castaglia/proftpd-mod_vroot
<https://3c.gmx.net/mail/client/dereferrer?redirectUrl=https%3A%2F%2Fgithub.com%2FCastaglia%2Fproftpd-mod_vroot>.
--- proftpd-mod-vroot-0.9.2.orig/mod_vroot.c
+++ proftpd-mod-vroot-0.9.2/mod_vroot.c
@@ -225,7 +225,7 @@ loop:
} else if (*bufp != '\0') {
size_t buflen, tmplen;
- char *ptr;
+ char *ptr = NULL;
ptr = strstr(bufp, "..");
if (ptr != NULL) {
@@ -280,9 +280,14 @@ loop:
if (vroot_aliastab != NULL) {
char *start_ptr = NULL, *end_ptr = NULL, *src_path = NULL;
+ /* buf is used here for storing the "suffix", to be appended
later when
+ * aliases are found.
+ */
+ bufp = buf;
+
start_ptr = path;
while (start_ptr != NULL) {
- char *ptr;
+ char *ptr = NULL;
pr_signals_handle();
@@ -312,8 +317,8 @@ loop:
sstrncpy(path, src_path, pathlen);
if (end_ptr != NULL) {
- sstrcat(path, "/", pathlen);
- sstrcat(path, end_ptr + 1, pathlen);
+ /* Now tack on our suffix from the scratchpad. */
+ sstrcat(path, bufp, pathlen);
}
break;
@@ -334,6 +339,8 @@ loop:
break;
}
+ /* Store the suffix in the buf scratchpad. */
+ sstrncpy(buf, ptr, sizeof(buf));
end_ptr = ptr;
*end_ptr = '\0';
}
Regards
Volker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-proftpd-maintainers/attachments/20140830/e6232036/attachment-0001.html>
More information about the Pkg-proftpd-maintainers
mailing list