[proftpd-dfsg] 01/03: New upstream version 1.3.5e
Francesco Lovergine
frankie at moszumanska.debian.org
Fri Jul 7 11:18:08 UTC 2017
This is an automated email from the git hooks/post-receive script.
frankie pushed a commit to branch master
in repository proftpd-dfsg.
commit 625802bc21fa2510d93b9a8708435a810760678c
Author: Francesco Paolo Lovergine <frankie at debian.org>
Date: Fri Jul 7 12:06:25 2017 +0200
New upstream version 1.3.5e
---
NEWS | 8 +++++
RELEASE_NOTES | 8 +++++
contrib/dist/rpm/proftpd.spec | 2 +-
contrib/mod_sftp/mac.c | 35 ++++++++++--------
include/version.h | 4 +--
modules/mod_auth.c | 83 +++++++++++++++++++++++++++++++++----------
6 files changed, 104 insertions(+), 36 deletions(-)
diff --git a/NEWS b/NEWS
index de2c98b..2734c74 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,14 @@
where `N' is the bug number.
-----------------------------------------------------------------------------
+1.3.5e - Released 09-Apr-2017
+--------------------------------
+- Bug 4287 - SFTP clients using umac-64 at openssh.com digest fail to connect.
+- Bug 4288 - SFTP rekeying failure with ProFTPD 1.3.5d, caused by null
+ pointer dereference.
+- Bug 4295 - AllowChrootSymlinks off does not check entire DefaultRoot path
+ for symlinks (CVE-2017-7418).
+
1.3.5d - Released 15-Jan-2017
--------------------------------
- Bug 4283 - All FTP logins treated as anonymous logins again. This is a
diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index b67256b..21a22ad 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -6,6 +6,14 @@ This file contains a description of the major changes to ProFTPD for the
releases. More information on these changes can be found in the NEWS and
ChangeLog files.
+1.3.5e
+---------
+ + Fixed SFTP issue with umac-64 at openssh.com digest/MAC.
+ + Fixed regression with mod_sftp rekeying.
+ + Backported fix for "AllowChrootSymlinks off" checking each component
+ for symlinks (CVE-2017-7418).
+
+
1.3.5d
---------
diff --git a/contrib/dist/rpm/proftpd.spec b/contrib/dist/rpm/proftpd.spec
index c79b07d..bc8251f 100644
--- a/contrib/dist/rpm/proftpd.spec
+++ b/contrib/dist/rpm/proftpd.spec
@@ -48,7 +48,7 @@
#
# NOTE: rpmbuild is really bloody stupid, and CANNOT handle a leading '#'
# character followed by a '%' character.
-%global release_cand_version d
+%global release_cand_version e
%global usecvsversion 0%{?_with_cvs:1}
diff --git a/contrib/mod_sftp/mac.c b/contrib/mod_sftp/mac.c
index e5713b3..2b12e04 100644
--- a/contrib/mod_sftp/mac.c
+++ b/contrib/mod_sftp/mac.c
@@ -1,6 +1,6 @@
/*
* ProFTPD - mod_sftp MACs
- * Copyright (c) 2008-2016 TJ Saunders
+ * Copyright (c) 2008-2017 TJ Saunders
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -103,6 +103,7 @@ static unsigned int get_next_write_index(void) {
static void switch_read_mac(void) {
/* First we can clear the read MAC, kept from rekeying. */
if (read_macs[read_mac_idx].key) {
+ clear_mac(&(read_macs[read_mac_idx]));
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
HMAC_CTX_reset(hmac_read_ctxs[read_mac_idx]);
#elif OPENSSL_VERSION_NUMBER > 0x000907000L
@@ -111,7 +112,9 @@ static void switch_read_mac(void) {
HMAC_cleanup(hmac_read_ctxs[read_mac_idx]);
#endif
- umac_reset(umac_read_ctxs[read_mac_idx]);
+ if (umac_read_ctxs[read_mac_idx] != NULL) {
+ umac_reset(umac_read_ctxs[read_mac_idx]);
+ }
mac_blockszs[read_mac_idx] = 0;
@@ -137,7 +140,9 @@ static void switch_write_mac(void) {
HMAC_cleanup(hmac_write_ctxs[write_mac_idx]);
#endif
- umac_reset(umac_write_ctxs[write_mac_idx]);
+ if (umac_write_ctxs[write_mac_idx] != NULL) {
+ umac_reset(umac_write_ctxs[write_mac_idx]);
+ }
/* Now we can switch the index. */
if (write_mac_idx == 1) {
@@ -626,6 +631,11 @@ int sftp_mac_set_read_algo(const char *algo) {
idx = get_next_read_index();
}
+ if (umac_read_ctxs[idx] != NULL) {
+ umac_delete(umac_read_ctxs[idx]);
+ umac_read_ctxs[idx] = NULL;
+ }
+
read_macs[idx].digest = sftp_crypto_get_digest(algo, &mac_len);
if (read_macs[idx].digest == NULL) {
return -1;
@@ -634,6 +644,7 @@ int sftp_mac_set_read_algo(const char *algo) {
read_macs[idx].algo = algo;
if (strncmp(read_macs[idx].algo, "umac-64 at openssh.com", 12) == 0) {
read_macs[idx].algo_type = SFTP_MAC_ALGO_TYPE_UMAC64;
+ umac_read_ctxs[idx] = umac_alloc();
} else {
read_macs[idx].algo_type = SFTP_MAC_ALGO_TYPE_HMAC;
@@ -730,6 +741,11 @@ int sftp_mac_set_write_algo(const char *algo) {
idx = get_next_write_index();
}
+ if (umac_write_ctxs[idx] != NULL) {
+ umac_delete(umac_write_ctxs[idx]);
+ umac_write_ctxs[idx] = NULL;
+ }
+
write_macs[idx].digest = sftp_crypto_get_digest(algo, &mac_len);
if (write_macs[idx].digest == NULL) {
return -1;
@@ -738,6 +754,7 @@ int sftp_mac_set_write_algo(const char *algo) {
write_macs[idx].algo = algo;
if (strncmp(write_macs[idx].algo, "umac-64 at openssh.com", 12) == 0) {
write_macs[idx].algo_type = SFTP_MAC_ALGO_TYPE_UMAC64;
+ umac_write_ctxs[idx] = umac_alloc();
} else {
write_macs[idx].algo_type = SFTP_MAC_ALGO_TYPE_HMAC;
@@ -846,17 +863,5 @@ int sftp_mac_free(void) {
HMAC_CTX_free(hmac_write_ctxs[1]);
#endif /* OpenSSL-1.1.0 and later */
- umac_delete(umac_read_ctxs[0]);
- umac_read_ctxs[0] = NULL;
-
- umac_delete(umac_read_ctxs[1]);
- umac_read_ctxs[1] = NULL;
-
- umac_delete(umac_write_ctxs[0]);
- umac_write_ctxs[0] = NULL;
-
- umac_delete(umac_write_ctxs[1]);
- umac_write_ctxs[1] = NULL;
-
return 0;
}
diff --git a/include/version.h b/include/version.h
index 8fe3652..f06055a 100644
--- a/include/version.h
+++ b/include/version.h
@@ -1,8 +1,8 @@
#include "buildstamp.h"
/* Application version (in various forms) */
-#define PROFTPD_VERSION_NUMBER 0x0001030510
-#define PROFTPD_VERSION_TEXT "1.3.5d"
+#define PROFTPD_VERSION_NUMBER 0x0001030511
+#define PROFTPD_VERSION_TEXT "1.3.5e"
/* Module API version */
#define PR_MODULE_API_VERSION 0x20
diff --git a/modules/mod_auth.c b/modules/mod_auth.c
index 3865761..4102159 100644
--- a/modules/mod_auth.c
+++ b/modules/mod_auth.c
@@ -2,7 +2,7 @@
* ProFTPD - FTP server daemon
* Copyright (c) 1997, 1998 Public Flood Software
* Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver at tos.net>
- * Copyright (c) 2001-2016 The ProFTPD Project team
+ * Copyright (c) 2001-2017 The ProFTPD Project team
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -688,9 +688,66 @@ static char *get_default_chdir(pool *p, xaset_t *conf) {
return dir;
}
-/* Determine if the user (non-anon) needs a default root dir other than /.
- */
+static int is_symlink_path(pool *p, const char *path, size_t pathlen) {
+ int res, xerrno = 0;
+ struct stat st;
+ char *ptr;
+
+ if (pathlen == 0) {
+ return 0;
+ }
+
+ pr_fs_clear_cache();
+ res = pr_fsio_lstat(path, &st);
+ if (res < 0) {
+ xerrno = errno;
+
+ pr_log_pri(PR_LOG_WARNING, "error: unable to check %s: %s", path,
+ strerror(xerrno));
+
+ errno = xerrno;
+ return -1;
+ }
+ if (S_ISLNK(st.st_mode)) {
+ errno = EPERM;
+ return -1;
+ }
+
+ /* To handle the case where a component further up the path might be a
+ * symlink (which lstat(2) will NOT handle), we walk the path backwards,
+ * calling ourselves recursively.
+ */
+
+ ptr = strrchr(path, '/');
+ if (ptr != NULL) {
+ char *new_path;
+ size_t new_pathlen;
+
+ pr_signals_handle();
+
+ new_pathlen = ptr - path;
+
+ /* Make sure our pointer actually changed position. */
+ if (new_pathlen == pathlen) {
+ return 0;
+ }
+
+ new_path = pstrndup(p, path, new_pathlen);
+
+ pr_log_debug(DEBUG10,
+ "AllowChrootSymlink: path '%s' not a symlink, checking '%s'", path,
+ new_path);
+ res = is_symlink_path(p, new_path, new_pathlen);
+ if (res < 0) {
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+/* Determine if the user (non-anon) needs a default root dir other than /. */
static int get_default_root(pool *p, int allow_symlinks, char **root) {
config_rec *c = NULL;
char *dir = NULL;
@@ -733,7 +790,6 @@ static int get_default_root(pool *p, int allow_symlinks, char **root) {
if (allow_symlinks == FALSE) {
char *path, target_path[PR_TUNABLE_PATH_MAX + 1];
- struct stat st;
size_t pathlen;
/* First, deal with any possible interpolation. dir_realpath() will
@@ -764,22 +820,13 @@ static int get_default_root(pool *p, int allow_symlinks, char **root) {
path[pathlen-1] = '\0';
}
- pr_fs_clear_cache();
- res = pr_fsio_lstat(path, &st);
+ res = is_symlink_path(p, path, pathlen);
if (res < 0) {
- xerrno = errno;
-
- pr_log_pri(PR_LOG_WARNING, "error: unable to check %s: %s", path,
- strerror(xerrno));
-
- errno = xerrno;
- return -1;
- }
+ if (errno == EPERM) {
+ pr_log_pri(PR_LOG_WARNING, "error: DefaultRoot %s is a symlink "
+ "(denied by AllowChrootSymlinks config)", path);
+ }
- if (S_ISLNK(st.st_mode)) {
- pr_log_pri(PR_LOG_WARNING,
- "error: DefaultRoot %s is a symlink (denied by AllowChrootSymlinks "
- "config)", path);
errno = EPERM;
return -1;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-proftpd/proftpd-dfsg.git
More information about the Pkg-proftpd-maintainers
mailing list