[proftpd-dfsg] 01/01: Fixating #859592 and CVE-2017-7418

Francesco Lovergine frankie at moszumanska.debian.org
Wed Apr 5 14:11:45 UTC 2017 

This is an automated email from the git hooks/post-receive script.

frankie pushed a commit to branch 1.3.5b
in repository proftpd-dfsg.

commit 244d5c375a5f185c21c339e1c6f01b501221d099
Author: Francesco Paolo Lovergine <frankie at debian.org>
Date:   Wed Apr 5 16:00:17 2017 +0200

    Fixating #859592 and CVE-2017-7418
---
 debian/changelog             |   7 +++
 debian/patches/CVE-2017-7418 | 109 +++++++++++++++++++++++++++++++++++++++++++
 debian/patches/series        |   1 +
 3 files changed, 117 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index a61f290..3893ca9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+proftpd-dfsg (1.3.5b-4) unstable; urgency=medium
+
+  * Added patch CVE-2017-7418 to add recursive handling of DefalutRoot path.
+    (closes: #859592)
+
+ -- Francesco Paolo Lovergine <frankie at debian.org>  Wed, 05 Apr 2017 15:57:53 +0200
+
 proftpd-dfsg (1.3.5b-3) unstable; urgency=medium
 
   * Updated debian/proftpd-basic.NEWS to include information already present
diff --git a/debian/patches/CVE-2017-7418 b/debian/patches/CVE-2017-7418
new file mode 100644
index 0000000..ac42c33
--- /dev/null
+++ b/debian/patches/CVE-2017-7418
@@ -0,0 +1,109 @@
+Index: proftpd-dfsg/modules/mod_auth.c
+===================================================================
+--- proftpd-dfsg.orig/modules/mod_auth.c
++++ proftpd-dfsg/modules/mod_auth.c
+@@ -688,9 +688,66 @@ static char *get_default_chdir(pool *p,
+   return dir;
+ }
+ 
+-/* Determine if the user (non-anon) needs a default root dir other than /.
+- */
++static int is_symlink_path(pool *p, const char *path, size_t pathlen) {
++  int res, xerrno = 0;
++  struct stat st;
++  char *ptr;
+ 
++  if (pathlen == 0) {
++    return 0;
++  }
++
++  pr_fs_clear_cache();
++  res = pr_fsio_lstat(path, &st);
++  if (res < 0) {
++    xerrno = errno;
++
++    pr_log_pri(PR_LOG_WARNING, "error: unable to check %s: %s", path,
++      strerror(xerrno));
++
++    errno = xerrno;
++    return -1;
++  }
++
++  if (S_ISLNK(st.st_mode)) {
++    errno = EPERM;
++    return -1;
++  }
++
++  /* To handle the case where a component further up the path might be a
++   * symlink (which lstat(2) will NOT handle), we walk the path backwards,
++   * calling ourselves recursively.
++   */
++
++  ptr = strrchr(path, '/');
++  if (ptr != NULL) {
++    char *new_path;
++    size_t new_pathlen;
++
++    pr_signals_handle();
++
++    new_pathlen = ptr - path;
++
++    /* Make sure our pointer actually changed position. */
++    if (new_pathlen == pathlen) {
++      return 0;
++    }
++
++    new_path = pstrndup(p, path, new_pathlen);
++
++    pr_log_debug(DEBUG10,
++      "AllowChrootSymlink: path '%s' not a symlink, checking '%s'", path,
++      new_path);
++    res = is_symlink_path(p, new_path, new_pathlen);
++    if (res < 0) {
++      return -1;
++    }
++  }
++
++  return 0;
++}
++
++/* Determine if the user (non-anon) needs a default root dir other than /. */
+ static int get_default_root(pool *p, int allow_symlinks, char **root) {
+   config_rec *c = NULL;
+   char *dir = NULL;
+@@ -733,7 +790,6 @@ static int get_default_root(pool *p, int
+ 
+       if (allow_symlinks == FALSE) {
+         char *path, target_path[PR_TUNABLE_PATH_MAX + 1];
+-        struct stat st;
+         size_t pathlen;
+ 
+         /* First, deal with any possible interpolation.  dir_realpath() will
+@@ -764,22 +820,13 @@ static int get_default_root(pool *p, int
+           path[pathlen-1] = '\0';
+         }
+ 
+-        pr_fs_clear_cache();
+-        res = pr_fsio_lstat(path, &st);
++        res = is_symlink_path(p, path, pathlen);
+         if (res < 0) {
+-          xerrno = errno;
+-
+-          pr_log_pri(PR_LOG_WARNING, "error: unable to check %s: %s", path,
+-            strerror(xerrno));
+-
+-          errno = xerrno;
+-          return -1;
+-        }
++          if (errno == EPERM) {
++            pr_log_pri(PR_LOG_WARNING, "error: DefaultRoot %s is a symlink "
++              "(denied by AllowChrootSymlinks config)", path);
++          }
+ 
+-        if (S_ISLNK(st.st_mode)) {
+-          pr_log_pri(PR_LOG_WARNING,
+-            "error: DefaultRoot %s is a symlink (denied by AllowChrootSymlinks "
+-            "config)", path);
+           errno = EPERM;
+           return -1;
+         }
diff --git a/debian/patches/series b/debian/patches/series
index b1b7fae..71ea360 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,3 +14,4 @@ contrib_hardening_flags
 FTBS_on_Hurd
 reproducible_build
 not_read_whole_passwd_db
+CVE-2017-7418

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-proftpd/proftpd-dfsg.git

More information about the Pkg-proftpd-maintainers mailing list