harfbuzz: security bump to version 1.4.4
[buildroot-gz.git] / package / vsftpd / 0003-fix-CVE-2015-1419.patch
blob95ad017a1c4a77a04d3e2a658ae1b829fcebb02a
1 Fix CVE-2015-1419 - config option deny_file is not handled correctly.
2 From SUSE: https://bugzilla.suse.com/show_bug.cgi?id=915522
4 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
6 Index: vsftpd-3.0.2/ls.c
7 ===================================================================
8 --- vsftpd-3.0.2.orig/ls.c
9 +++ vsftpd-3.0.2/ls.c
10 @@ -7,6 +7,7 @@
11 * Would you believe, code to handle directory listing.
14 +#include <stdlib.h>
15 #include "ls.h"
16 #include "access.h"
17 #include "defs.h"
18 @@ -243,11 +244,42 @@ vsf_filename_passes_filter(const struct
19 struct mystr temp_str = INIT_MYSTR;
20 struct mystr brace_list_str = INIT_MYSTR;
21 struct mystr new_filter_str = INIT_MYSTR;
22 + struct mystr normalize_filename_str = INIT_MYSTR;
23 + const char *normname;
24 + const char *path;
25 int ret = 0;
26 char last_token = 0;
27 int must_match_at_current_pos = 1;
29 str_copy(&filter_remain_str, p_filter_str);
30 - str_copy(&name_remain_str, p_filename_str);
32 + /* normalize filepath */
33 + path = str_strdup(p_filename_str);
34 + normname = realpath(path, NULL);
35 + if (normname == NULL)
36 + goto out;
37 + str_alloc_text(&normalize_filename_str, normname);
39 + if (!str_isempty (&filter_remain_str) && !str_isempty(&normalize_filename_str)) {
40 + if (str_get_char_at(p_filter_str, 0) == '/') {
41 + if (str_get_char_at(&normalize_filename_str, 0) != '/') {
42 + str_getcwd (&name_remain_str);
44 + if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
45 + str_append_char (&name_remain_str, '/');
47 + str_append_str (&name_remain_str, &normalize_filename_str);
48 + }
49 + else
50 + str_copy (&name_remain_str, &normalize_filename_str);
51 + } else {
52 + if (str_get_char_at(p_filter_str, 0) != '{')
53 + str_basename (&name_remain_str, &normalize_filename_str);
54 + else
55 + str_copy (&name_remain_str, &normalize_filename_str);
56 + }
57 + } else
58 + str_copy(&name_remain_str, &normalize_filename_str);
60 while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
62 @@ -360,6 +392,9 @@ vsf_filename_passes_filter(const struct
63 ret = 0;
65 out:
66 + free(normname);
67 + free(path);
68 + str_free(&normalize_filename_str);
69 str_free(&filter_remain_str);
70 str_free(&name_remain_str);
71 str_free(&temp_str);
72 Index: vsftpd-3.0.2/str.c
73 ===================================================================
74 --- vsftpd-3.0.2.orig/str.c
75 +++ vsftpd-3.0.2/str.c
76 @@ -770,3 +770,14 @@ str_replace_unprintable(struct mystr* p_
80 +void
81 +str_basename (struct mystr* d_str, const struct mystr* path)
83 + static struct mystr tmp;
85 + str_copy (&tmp, path);
86 + str_split_char_reverse(&tmp, d_str, '/');
88 + if (str_isempty(d_str))
89 + str_copy (d_str, path);
91 Index: vsftpd-3.0.2/str.h
92 ===================================================================
93 --- vsftpd-3.0.2.orig/str.h
94 +++ vsftpd-3.0.2/str.h
95 @@ -101,6 +101,7 @@ void str_replace_unprintable(struct myst
96 int str_atoi(const struct mystr* p_str);
97 filesize_t str_a_to_filesize_t(const struct mystr* p_str);
98 unsigned int str_octal_to_uint(const struct mystr* p_str);
99 +void str_basename (struct mystr* d_str, const struct mystr* path);
101 /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string
102 * buffer, starting at character position 'p_pos'. The extracted line will