1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-23 04:23:08 +00:00

- Update to 1.3.2rc2

- Patch long command processing vulnerability (http://bugs.proftpd.org/show_bug.cgi?id=3115)
- Remove third party modules mod_codeconv, mod_comb, mod_sql_tds (won't build)
- Update mod_clamav
This commit is contained in:
Beech Rintoul 2008-09-23 20:15:56 +00:00
parent ad9fb2545e
commit e079454967
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=220589
14 changed files with 251 additions and 806 deletions

View File

@ -6,8 +6,7 @@
#
PORTNAME= proftpd
DISTVERSION= 1.3.1
PORTREVISION= 14
DISTVERSION= 1.3.2rc2
CATEGORIES= ftp
MASTER_SITES= ftp://ftp.proftpd.org/distrib/source/ \
ftp://ftp.fastorama.com/mirrors/ftp.proftpd.org/distrib/source/ \
@ -16,13 +15,10 @@ MASTER_SITES= ftp://ftp.proftpd.org/distrib/source/ \
ftp://proftpd.networkedsystems.co.uk/distrib/source/ \
http://mirrors.ibiblio.org/pub/mirrors/proftpd/distrib/source/ \
http://www.mirrorservice.org/sites/ftp.proftpd.org/distrib/source/ \
CENKES:clam \
http://www.alaskaparadise.com/freebsd/:clam \
http://www.smartftp.com/oss/proftpd/:digest \
http://lev.serebryakov.spb.ru/mod_comb/:comb\
http://labratsoftware.com/mod_sql_tds/:sql_tds \
LOCAL/beech:digest \
LOCAL/beech:comb \
LOCAL/beech:sql_tds
LOCAL/beech:clam \
LOCAL/beech:digest
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX}
@ -64,31 +60,27 @@ CONFIGURE_ARGS= --localstatedir=/var/run \
--sysconfdir=${PREFIX}/etc \
--disable-sendfile
OPTIONS= IPV6 "Use IPv6" off \
OPTIONS= BAN "Include mod_ban (Requires CTRLS)" off \
CLAMAV "Include mod_clamav" off \
CTRLS "Include controls" off \
DIGEST "Include mod_digest" off \
IFSESSION "Include mod_ifsession" on \
IPV6 "Use IPv6" off \
LDAP "Use LDAP" off \
LDAP_TLS "Use LDAP TLS (Requires LDAP, OPENSSL)" off\
MYSQL "MySQL auth (Can be combined with PGSQL)" off \
PGSQL "Postgres auth (Can be combined with MYSQL)" off \
TDS "FreeTDS - Sybase & MS-SQL auth (Exclusive)" off \
NLS "Use nls (builds mod_lang)" off \
OPENSSL "Include mod_tls" on \
PGSQL "Postgres auth (Can be combined with MYSQL)" off \
QUOTA "Include mod_quota" off \
IFSESSION "Include mod_ifsession" on \
README "Include mod_readme" on \
QUOTATAB_RADIUS "include mod_quotatab_radius" off \
RADIUS "Include mod_radius" on \
RATIO "Include mod_ratio" on \
CTRLS "Include controls" off \
README "Include mod_readme" on \
REWRITE "Include mod_rewrite" on \
WRAP "Include mod_wrap2" on \
WRAP_FILE "Include mod_wrap2_file" off \
WRAP_SQL "Include mod_wrap2_sql" off \
RADIUS "Include mod_radius" on \
QUOTATAB_RADIUS "include mod_quotatab_radius" off \
BAN "Include mod_ban (Requires CTRLS)" off \
NLS "Use nls (builds mod_lang)" off \
CLAMAV "Include mod_clamav" off \
DIGEST "Include mod_digest" off \
COMB "Include mod_comb (multistream upload)" off \
CODECONV "Use charset conversion (possibly broken)" off \
RUSSIANCHAR "Disable telnet filterning (Fix Russian)" off
WRAP_SQL "Include mod_wrap2_sql" off
MODULES?=
LIBDIRS?=
INCLUDEDIRS?=
@ -221,14 +213,18 @@ MODULES:=${MODULES}:mod_quotatab_sql
.endif
.if defined(WITH_CLAMAV)
#http://www.uglyboxindustries.com/mod_clamav_new.c
DISTFILES+= mod_clamav-0.5.1.tar.bz2:clam
EXTRACT_ONLY+= mod_clamav-0.5.1.tar.bz2
#http://www.thrallingpenguin.com/resources/mod_clamav-0.10.tar.bz2
DISTFILES+= mod_clamav-0.10.tar.bz2:clam
EXTRACT_ONLY+= mod_clamav-0.10.tar.bz2
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-modules_mod_xfer.c
USE_CLAMAV= yes
MODULES:=${MODULES}:mod_clamav
LIB_DEPENDS+= clamav.5:${PORTSDIR}/security/clamav
INCLUDEDIRS:=${INCLUDEDIRS}:${LOCALBASE}/include
LIBDIRS:=${LIBDIRS}:${LOCALBASE}/lib
PLIST_SUB= CLAMAV=""
.else
PLIST_SUB= CLAMAV="@comment "
.endif
.if defined(WITH_DIGEST)
@ -236,40 +232,6 @@ DISTFILES+= mod_digest.c:digest
MODULES:=${MODULES}:mod_digest
.endif
.if defined(WITH_COMB)
COMB_VERSION= 0.1
DISTFILES+= mod_comb-${COMB_VERSION}.tar.bz2:comb
EXTRACT_ONLY+= mod_comb-${COMB_VERSION}.tar.bz2
MODULES:=${MODULES}:mod_comb
PORTDOCScontrib+=mod_comb.html
PORTDOCSreadme+=README.mod_comb
.endif
.if defined(WITH_TDS)
DISTFILES+= mod_sql_tds-4.5.tar.bz2:sql_tds
EXTRACT_ONLY+= mod_sql_tds-4.5.tar.bz2
MODULES:=${MODULES}:mod_sql_tds
MODULES:=mod_sql${MODULES}
PLIST_FILES+= include/proftpd/mod_sql.h
INCLUDEDIRS:=${INCLUDEDIRS}:${LOCALBASE}/include
LIBDIRS:=${LIBDIRS}:${LOCALBASE}/lib
LIB_DEPENDS+= sybdb.5:${PORTSDIR}/databases/freetds
.endif
.if defined(WITH_CODECONV)
USE_ICONV= YES
MODULES:=${MODULES}:mod_codeconv
INCLUDEDIRS:=${INCLUDEDIRS}:${LOCALBASE}/include
CONFIGURE_ARGS+= --disable-sendfile
PROFTPD_LIBS+= -liconv -L${LOCALBASE}/lib
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-mod-codeconv
.endif
.if defined(WITH_RUSSIANCHAR)
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-src-netio.c
.endif
# mod_ifsession should be the last item in the modules list
.if !defined(WITHOUT_IFSESSION)
MODULES:=${MODULES}:mod_ifsession
@ -294,20 +256,11 @@ MODULES!=${ECHO} ${MODULES} | ${SED} -e 's,^:,,' -e 's,:$$,,'
post-extract:
.if defined(WITH_CLAMAV)
@${MV} ${WRKDIR}/mod_clamav_new.c ${WRKSRC}/modules/mod_clamav.c
@${CP} ${WRKDIR}/mod_clamav-0.10/mod_clamav.* ${WRKSRC}/contrib
.endif
.if defined(WITH_DIGEST)
@${CP} ${DISTDIR}/${DIST_SUBDIR}/mod_digest.c ${WRKSRC}/modules/
.endif
.if defined(WITH_COMB)
@${MV} ${WRKDIR}/mod_comb-${COMB_VERSION}/mod_comb.c ${WRKSRC}/contrib/
@${MV} ${WRKDIR}/mod_comb-${COMB_VERSION}/README ${WRKSRC}/README.mod_comb
@${MV} ${WRKDIR}/mod_comb-${COMB_VERSION}/mod_comb.html ${WRKSRC}/doc/contrib/
.endif
.if defined(WITH_TDS)
@${MV} ${WRKDIR}/mod_sql_tds.c ${WRKSRC}/contrib/
.endif
post-patch:
.if defined(WITH_NLS)

View File

@ -1,9 +1,9 @@
MD5 (proftpd-1.3.1.tar.bz2) = 175958df8de92d5209b7b1e2e23a5a28
SHA256 (proftpd-1.3.1.tar.bz2) = 03bc023e5b7b1c04d8eb2d5dca53b931b3e02cc7aba7dd8f629b0878535dc91b
SIZE (proftpd-1.3.1.tar.bz2) = 2243888
MD5 (mod_clamav-0.5.1.tar.bz2) = ce9e3f58f05d55d7ec98f97a69889bb8
SHA256 (mod_clamav-0.5.1.tar.bz2) = de6779ed7a6fe8f5ab809366d7b7793c7658b513d2147c2b7ea0d530549dc92b
SIZE (mod_clamav-0.5.1.tar.bz2) = 3054
MD5 (proftpd-1.3.2rc2.tar.bz2) = c8b32ffb8febc33c5897165f0d61a475
SHA256 (proftpd-1.3.2rc2.tar.bz2) = 1fb46b8b0d1ac11ed80a3106e261e15fd4c0b3bc83c198ab9620a852d31f96b7
SIZE (proftpd-1.3.2rc2.tar.bz2) = 2356053
MD5 (mod_clamav-0.10.tar.bz2) = 7150cde88f6c692711c007f6312bd495
SHA256 (mod_clamav-0.10.tar.bz2) = 4f6d09979514a8b3f120890753dcf7c6247dfce0aa09d340edf8a359b031a1f4
SIZE (mod_clamav-0.10.tar.bz2) = 5435
MD5 (mod_digest.c) = e706e66fa4d82cf7875a1a5d6767fe00
SHA256 (mod_digest.c) = 18174e3d3c1d61367d78c228e6510b0a21c11458f389630df281bb84d467d399
SIZE (mod_digest.c) = 39073

View File

@ -1,346 +0,0 @@
diff -r -u -P modules/mod_codeconv.c modules/mod_codeconv.c
--- modules/mod_codeconv.c 1970-01-01 03:00:00.000000000 +0300
+++ modules/mod_codeconv.c 2008-03-24 02:55:39.000000000 +0300
@@ -0,0 +1,231 @@
+/*
+ * ProFTPD: mod_codeconv -- local <-> remote charset conversion
+ *
+ * Copyright (c) 2004 by TSUJIKAWA Tohru <tsujikawa@tsg.ne.jp> / All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
+ *
+ */
+
+
+#include "conf.h"
+#include <iconv.h>
+
+
+//
+// directive
+//
+#define DIRECTIVE_CHARSETLOCAL "CharsetLocal"
+#define DIRECTIVE_CHARSETREMOTE "CharsetRemote"
+
+
+//
+// initialization
+//
+static int codeconv_init(void)
+{
+ return 0;
+}
+
+static int codeconv_sess_init(void)
+{
+ return 0;
+}
+
+
+char* remote2local(struct pool* pool, char* remote)
+{
+ iconv_t ic;
+ char* local;
+ char* in_ptr;
+ char* out_ptr;
+ size_t inbytesleft, outbytesleft;
+
+ config_rec* conf_l = NULL;
+ config_rec* conf_r = NULL;
+
+ conf_l = find_config(main_server->conf, CONF_PARAM, DIRECTIVE_CHARSETLOCAL, FALSE);
+ conf_r = find_config(main_server->conf, CONF_PARAM, DIRECTIVE_CHARSETREMOTE, FALSE);
+ if (!conf_l || !conf_r) return NULL;
+
+ ic = iconv_open(conf_l->argv[0], conf_r->argv[0]);
+ if (ic == (iconv_t)(-1)) return NULL;
+
+ iconv(ic, NULL, NULL, NULL, NULL);
+
+ inbytesleft = remote != NULL ? strlen(remote) : 0;
+ outbytesleft = inbytesleft*3;
+ local = palloc(pool, outbytesleft+1);
+
+ in_ptr = remote;
+ out_ptr = local;
+ while (inbytesleft) {
+ if (iconv(ic, &in_ptr, &inbytesleft, &out_ptr, &outbytesleft) == -1) {
+ *out_ptr = '?'; out_ptr++; outbytesleft--;
+ in_ptr++; inbytesleft--;
+ break;
+ }
+ }
+ *out_ptr = 0;
+
+ iconv_close(ic);
+
+ return local;
+}
+
+
+char* local2remote(char* local)
+{
+ iconv_t ic;
+ char* remote;
+ char* in_ptr;
+ char* out_ptr;
+ size_t inbytesleft, outbytesleft;
+
+ config_rec* conf_l = NULL;
+ config_rec* conf_r = NULL;
+
+ conf_l = find_config(main_server->conf, CONF_PARAM, DIRECTIVE_CHARSETLOCAL, FALSE);
+ conf_r = find_config(main_server->conf, CONF_PARAM, DIRECTIVE_CHARSETREMOTE, FALSE);
+ if (!conf_l || !conf_r) return NULL;
+
+ ic = iconv_open(conf_r->argv[0], conf_l->argv[0]);
+ if (ic == (iconv_t)(-1)) return NULL;
+
+ iconv(ic, NULL, NULL, NULL, NULL);
+
+ inbytesleft = local != NULL ? strlen(local) : 0;
+ outbytesleft = inbytesleft*3;
+ remote = malloc(outbytesleft+1);
+
+ in_ptr = local;
+ out_ptr = remote;
+ while (inbytesleft) {
+ if (iconv(ic, &in_ptr, &inbytesleft, &out_ptr, &outbytesleft) == -1) {
+ *out_ptr = '?'; out_ptr++; outbytesleft--;
+ in_ptr++; inbytesleft--;
+ break;
+ }
+ }
+ *out_ptr = 0;
+
+ iconv_close(ic);
+
+ return remote;
+}
+
+
+//
+// module handler
+//
+MODRET codeconv_pre_any(cmd_rec* cmd)
+{
+ char* p;
+ int i;
+
+ p = remote2local(cmd->pool, cmd->arg);
+ if (p) cmd->arg = p;
+
+ for (i = 0; i < cmd->argc; i++) {
+ p = remote2local(cmd->pool, cmd->argv[i]);
+ if (p) cmd->argv[i] = p;
+ }
+
+ return DECLINED(cmd);
+}
+
+
+//
+// local charset directive "CharsetLocal"
+//
+MODRET set_charsetlocal(cmd_rec *cmd) {
+ config_rec *c = NULL;
+
+ /* Syntax: CharsetLocal iconv-charset-name */
+
+ CHECK_ARGS(cmd, 1);
+ CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL);
+
+ c = add_config_param_str(DIRECTIVE_CHARSETLOCAL, 1, cmd->argv[1]);
+
+ return HANDLED(cmd);
+}
+
+//
+// remote charset directive "CharsetRemote"
+//
+MODRET set_charsetremote(cmd_rec *cmd) {
+ config_rec *c = NULL;
+
+ /* Syntax: CharsetRemote iconv-charset-name */
+
+ CHECK_ARGS(cmd, 1);
+ CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL);
+
+ c = add_config_param_str(DIRECTIVE_CHARSETREMOTE, 1, cmd->argv[1]);
+
+ return HANDLED(cmd);
+}
+
+
+//
+// module ÍÑ directive
+//
+static conftable codeconv_conftab[] = {
+ { DIRECTIVE_CHARSETLOCAL, set_charsetlocal, NULL },
+ { DIRECTIVE_CHARSETREMOTE, set_charsetremote, NULL },
+ { NULL, NULL, NULL }
+};
+
+
+//
+// trap ¤¹¤ë¥³¥Þ¥ó¥É°ìÍ÷
+//
+static cmdtable codeconv_cmdtab[] = {
+ { PRE_CMD, C_ANY, G_NONE, codeconv_pre_any, FALSE, FALSE },
+ { 0, NULL }
+};
+
+
+//
+// module ¾ðÊó
+//
+module codeconv_module = {
+
+ /* Always NULL */
+ NULL, NULL,
+
+ /* Module API version (2.0) */
+ 0x20,
+
+ /* Module name */
+ "codeconv",
+
+ /* Module configuration directive handlers */
+ codeconv_conftab,
+
+ /* Module command handlers */
+ codeconv_cmdtab,
+
+ /* Module authentication handlers (none in this case) */
+ NULL,
+
+ /* Module initialization */
+ codeconv_init,
+
+ /* Session initialization */
+ codeconv_sess_init
+
+};
diff -r -u -P modules/mod_ls.c modules/mod_ls.c
--- modules/mod_ls.c 2007-09-28 04:53:59.000000000 +0400
+++ modules/mod_ls.c 2008-03-24 02:55:39.000000000 +0300
@@ -244,12 +244,15 @@
return res;
}
+extern char* local2remote(char*);
+
/* sendline() now has an internal buffer, to help speed up LIST output. */
static int sendline(int flags, char *fmt, ...) {
static char listbuf[PR_TUNABLE_BUFFER_SIZE] = {'\0'};
va_list msg;
char buf[PR_TUNABLE_BUFFER_SIZE+1] = {'\0'};
int res = 0;
+ char* buf2;
if (flags & LS_SENDLINE_FL_FLUSH) {
size_t listbuflen = strlen(listbuf);
@@ -274,6 +277,13 @@
buf[sizeof(buf)-1] = '\0';
+ if (buf[0]) {
+ buf2 = local2remote(buf);
+ if (buf2) {
+ strcpy(buf, buf2); free(buf2);
+ }
+ }
+
/* If buf won't fit completely into listbuf, flush listbuf */
if (strlen(buf) >= (sizeof(listbuf) - strlen(listbuf))) {
res = pr_data_xfer(listbuf, strlen(listbuf));
diff -r -u -P src/netio.c src/netio.c
--- src/netio.c 2007-08-22 18:50:23.000000000 +0400
+++ src/netio.c 2008-03-24 02:55:39.000000000 +0300
@@ -547,9 +547,12 @@
return -1;
}
+extern char* local2remote(char* local);
+
int pr_netio_printf(pr_netio_stream_t *nstrm, const char *fmt, ...) {
va_list msg;
char buf[PR_RESPONSE_BUFFER_SIZE] = {'\0'};
+ char* p;
if (!nstrm) {
errno = EINVAL;
@@ -561,6 +564,13 @@
va_end(msg);
buf[sizeof(buf)-1] = '\0';
+ if (buf[0]) {
+ p = local2remote(buf);
+ if (p) {
+ strcpy(buf, p); free(p);
+ }
+ }
+
return pr_netio_write(nstrm, buf, strlen(buf));
}
@@ -954,46 +964,6 @@
cp = *pbuf->current++;
pbuf->remaining++;
- switch (mode) {
- case IAC:
- switch (cp) {
- case WILL:
- case WONT:
- case DO:
- case DONT:
- mode = cp;
- continue;
-
- case IAC:
- mode = 0;
- break;
-
- default:
- /* Ignore */
- mode = 0;
- continue;
- }
- break;
-
- case WILL:
- case WONT:
- pr_netio_printf(out_nstrm, "%c%c%c", IAC, DONT, cp);
- mode = 0;
- continue;
-
- case DO:
- case DONT:
- pr_netio_printf(out_nstrm, "%c%c%c", IAC, WONT, cp);
- mode = 0;
- continue;
-
- default:
- if (cp == IAC) {
- mode = cp;
- continue;
- }
- break;
- }
*bp++ = cp;
buflen--;

View File

@ -0,0 +1,23 @@
--- modules/mod_xfer.c.org Tue Jan 1 12:31:32 2008
+++ modules/mod_xfer.c Tue Jan 1 16:45:20 2008
@@ -42,6 +42,8 @@
#include <regex.h>
#endif
+#include "mod_clamav.h"
+
extern module auth_module;
extern pid_t mpid;
@@ -1582,6 +1584,11 @@
return PR_ERROR(cmd);
}
+ if (clamav_scan(cmd)) {
+ pr_data_close(FALSE);
+ return PR_ERROR(cmd);
+ }
+
if (session.xfer.path &&
session.xfer.path_hidden) {
if (pr_fsio_rename(session.xfer.path_hidden, session.xfer.path) != 0) {

View File

@ -1,51 +0,0 @@
diff -r -u -P src/netio.c src/netio.c
--- src/netio.c.orig 2007-08-22 18:50:23.000000000 +0400
+++ src/netio.c 2008-09-04 18:27:21.000000000 +0400
@@ -954,47 +954,6 @@
cp = *pbuf->current++;
pbuf->remaining++;
- switch (mode) {
- case IAC:
- switch (cp) {
- case WILL:
- case WONT:
- case DO:
- case DONT:
- mode = cp;
- continue;
-
- case IAC:
- mode = 0;
- break;
-
- default:
- /* Ignore */
- mode = 0;
- continue;
- }
- break;
-
- case WILL:
- case WONT:
- pr_netio_printf(out_nstrm, "%c%c%c", IAC, DONT, cp);
- mode = 0;
- continue;
-
- case DO:
- case DONT:
- pr_netio_printf(out_nstrm, "%c%c%c", IAC, WONT, cp);
- mode = 0;
- continue;
-
- default:
- if (cp == IAC) {
- mode = cp;
- continue;
- }
- break;
- }
-
*bp++ = cp;
buflen--;
}

View File

@ -1,10 +0,0 @@
--- modules/mod_auth_unix.c.orig 2006-06-29 09:16:23.000000000 -0800
+++ modules/mod_auth_unix.c 2007-10-05 16:23:46.000000000 -0800
@@ -57,6 +57,7 @@
#endif /* HAVE_HPSECURITY_H or HPUX10 or HPUX11 */
#if defined(HAVE_PROT_H) || defined(COMSEC)
+# include <krb.h>
# include <prot.h>
#endif

View File

@ -0,0 +1,189 @@
Index: src/main.c
===================================================================
RCS file: /cvsroot/proftp/proftpd/src/main.c,v
retrieving revision 1.344
diff -u -r1.344 main.c
--- src/main.c 8 Sep 2008 00:47:11 -0000 1.344
+++ src/main.c 20 Sep 2008 20:10:49 -0000
@@ -516,20 +516,32 @@
static long get_max_cmd_len(size_t buflen) {
long res;
int *bufsz = NULL;
+ size_t default_cmd_bufsz;
+ /* It's possible for the admin to select a PR_TUNABLE_BUFFER_SIZE which
+ * is smaller than PR_DEFAULT_CMD_BUFSZ. We need to handle such cases
+ * properly.
+ */
+ default_cmd_bufsz = PR_DEFAULT_CMD_BUFSZ;
+ if (default_cmd_bufsz > buflen) {
+ default_cmd_bufsz = buflen;
+ }
+
bufsz = get_param_ptr(main_server->conf, "CommandBufferSize", FALSE);
if (bufsz == NULL) {
- res = PR_DEFAULT_CMD_BUFSZ;
+ res = default_cmd_bufsz;
} else if (*bufsz <= 0) {
pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) given, "
- "using default buffer size (%u) instead", *bufsz, PR_DEFAULT_CMD_BUFSZ);
- res = PR_DEFAULT_CMD_BUFSZ;
+ "using default buffer size (%lu) instead", *bufsz,
+ (unsigned long) default_cmd_bufsz);
+ res = default_cmd_bufsz;
} else if (*bufsz + 1 > buflen) {
pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) given, "
- "using default buffer size (%u) instead", *bufsz, PR_DEFAULT_CMD_BUFSZ);
- res = PR_DEFAULT_CMD_BUFSZ;
+ "using default buffer size (%lu) instead", *bufsz,
+ (unsigned long) default_cmd_bufsz);
+ res = default_cmd_bufsz;
} else {
pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz);
@@ -577,11 +589,26 @@
return -1;
}
- memset(buf, '\0', sizeof(buf));
+ while (TRUE) {
+ pr_signals_handle();
- if (pr_netio_telnet_gets(buf, sizeof(buf)-1, session.c->instrm,
- session.c->outstrm) == NULL)
- return -1;
+ memset(buf, '\0', sizeof(buf));
+
+ if (pr_netio_telnet_gets(buf, sizeof(buf)-1, session.c->instrm,
+ session.c->outstrm) == NULL) {
+
+ if (errno == E2BIG) {
+ /* The client sent a too-long command which was ignored; give
+ * them another chance?
+ */
+ continue;
+ }
+
+ return -1;
+ }
+
+ break;
+ }
if (cmd_bufsz == -1)
cmd_bufsz = get_max_cmd_len(sizeof(buf));
Index: src/netio.c
===================================================================
RCS file: /cvsroot/proftp/proftpd/src/netio.c,v
retrieving revision 1.33
diff -u -r1.33 netio.c
--- src/netio.c 3 Apr 2008 03:14:31 -0000 1.33
+++ src/netio.c 20 Sep 2008 20:10:49 -0000
@@ -1,6 +1,6 @@
/*
* ProFTPD - FTP server daemon
- * Copyright (c) 2001-2007 The ProFTPD Project team
+ * Copyright (c) 2001-2008 The ProFTPD Project team
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -30,19 +30,19 @@
#include <signal.h>
#ifndef IAC
-#define IAC 255
+# define IAC 255
#endif
#ifndef DONT
-#define DONT 254
+# define DONT 254
#endif
#ifndef DO
-#define DO 253
+# define DO 253
#endif
#ifndef WONT
-#define WONT 252
+# define WONT 252
#endif
#ifndef WILL
-#define WILL 251
+# define WILL 251
#endif
static const char *trace_channel = "netio";
@@ -51,6 +51,17 @@
static pr_netio_t *core_data_netio = NULL, *data_netio = NULL;
static pr_netio_t *core_othr_netio = NULL, *othr_netio = NULL;
+/* Used to track whether the previous text read from the client's control
+ * connection was a properly-terminated command. If so, then read in the
+ * next/current text as per normal. If NOT (e.g. the client sent a too-long
+ * command), then read in the next/current text, but ignore it. Only clear
+ * this flag if the next/current command can be read as per normal.
+ *
+ * The pr_netio_telnet_gets() uses this variable, in conjunction with its
+ * saw_newline flag, for handling too-long commands from clients.
+ */
+static int properly_terminated_prev_command = TRUE;
+
static pr_netio_stream_t *netio_stream_alloc(pool *parent_pool) {
pool *netio_pool = NULL;
pr_netio_stream_t *nstrm = NULL;
@@ -950,7 +961,7 @@
char *bp = buf;
unsigned char cp;
static unsigned char mode = 0;
- int toread, handle_iac = TRUE;
+ int toread, handle_iac = TRUE, saw_newline = FALSE;
pr_buffer_t *pbuf = NULL;
if (buflen == 0) {
@@ -983,8 +994,9 @@
*bp = '\0';
return buf;
- } else
+ } else {
return NULL;
+ }
}
pbuf->remaining = pbuf->buflen - toread;
@@ -1049,6 +1061,8 @@
toread--;
*bp++ = *pbuf->current++;
pbuf->remaining++;
+
+ saw_newline = TRUE;
break;
}
@@ -1056,6 +1070,25 @@
pbuf->current = NULL;
}
+ if (!saw_newline) {
+ /* If we haven't seen a newline, then assume the client is deliberately
+ * sending a too-long command, trying to exploit buffer sizes and make
+ * the server make some possibly bad assumptions.
+ */
+
+ properly_terminated_prev_command = FALSE;
+ errno = E2BIG;
+ return NULL;
+ }
+
+ if (!properly_terminated_prev_command) {
+ properly_terminated_prev_command = TRUE;
+ pr_log_pri(PR_LOG_NOTICE, "client sent too-long command, ignoring");
+ errno = E2BIG;
+ return NULL;
+ }
+
+ properly_terminated_prev_command = TRUE;
*bp = '\0';
return buf;
}

View File

@ -1,11 +0,0 @@
--- contrib/mod_wrap2/Makefile.in.orig 2007-01-08 19:16:11.000000000 -0900
+++ contrib/mod_wrap2/Makefile.in 2007-10-05 14:02:38.000000000 -0800
@@ -13,7 +13,7 @@
MODULE_NAME=mod_wrap2
# Necessary redefinitions
-INCLUDES=-I. -I../.. -I../../include
+INCLUDES=-I. -I../.. -I../../include -I/usr/local/include
CPPFLAGS= -DHAVE_CONFIG_H $(DEFAULT_PATHS) $(PLATFORM) $(INCLUDES)
LDFLAGS=-L../../lib

View File

@ -1,92 +0,0 @@
diff -u -r1.7 mod_quotatab_sql.c
--- contrib/mod_quotatab_sql.c 23 Jun 2005 23:23:30 -0000 1.7
+++ contrib/mod_quotatab_sql.c 27 Mar 2008 01:42:58 -0000
@@ -2,7 +2,7 @@
* ProFTPD: mod_quotatab_sql -- a mod_quotatab sub-module for managing quota
* data via SQL-based tables
*
- * Copyright (c) 2002-2003 TJ Saunders
+ * Copyright (c) 2002-2008 TJ Saunders
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -289,17 +289,36 @@
/* Match names if need be */
if (quota_type != ALL_QUOTA &&
- values[0] && strlen(values[0]) && strcmp(name, quotatab_tally.name)) {
+ values[0] &&
+ strlen(values[0]) > 0 &&
+ strcmp(name, quotatab_tally.name) != 0) {
destroy_pool(tmp_pool);
return FALSE;
}
- quotatab_tally.bytes_in_used = atof(values[2]);
- quotatab_tally.bytes_out_used = atof(values[3]);
- quotatab_tally.bytes_xfer_used = atof(values[4]);
- quotatab_tally.files_in_used = atoi(values[5]);
- quotatab_tally.files_out_used = atoi(values[6]);
- quotatab_tally.files_xfer_used = atoi(values[7]);
+ quotatab_tally.bytes_in_used = -1.0;
+ if (values[2])
+ quotatab_tally.bytes_in_used = atof(values[2]);
+
+ quotatab_tally.bytes_out_used = -1.0;
+ if (values[3])
+ quotatab_tally.bytes_out_used = atof(values[3]);
+
+ quotatab_tally.bytes_xfer_used = -1.0;
+ if (values[4])
+ quotatab_tally.bytes_xfer_used = atof(values[4]);
+
+ quotatab_tally.files_in_used = 0;
+ if (values[5])
+ quotatab_tally.files_in_used = atol(values[5]);
+
+ quotatab_tally.files_out_used = 0;
+ if (values[6])
+ quotatab_tally.files_out_used = atol(values[6]);
+
+ quotatab_tally.files_xfer_used = 0;
+ if (values[7])
+ quotatab_tally.files_xfer_used = atol(values[7]);
destroy_pool(tmp_pool);
return TRUE;
@@ -368,12 +387,29 @@
else if (strcasecmp(values[3], "hard") == 0)
quotatab_limit.quota_limit_type = HARD_LIMIT;
- quotatab_limit.bytes_in_avail = atof(values[4]);
- quotatab_limit.bytes_out_avail = atof(values[5]);
- quotatab_limit.bytes_xfer_avail = atof(values[6]);
- quotatab_limit.files_in_avail = atol(values[7]);
- quotatab_limit.files_out_avail = atol(values[8]);
- quotatab_limit.files_xfer_avail = atol(values[9]);
+ quotatab_limit.bytes_in_avail = -1.0;
+ if (values[4])
+ quotatab_limit.bytes_in_avail = atof(values[4]);
+
+ quotatab_limit.bytes_out_avail = -1.0;
+ if (values[5])
+ quotatab_limit.bytes_out_avail = atof(values[5]);
+
+ quotatab_limit.bytes_xfer_avail = -1.0;
+ if (values[6])
+ quotatab_limit.bytes_xfer_avail = atof(values[6]);
+
+ quotatab_limit.files_in_avail = 0;
+ if (values[7])
+ quotatab_limit.files_in_avail = atol(values[7]);
+
+ quotatab_limit.files_out_avail = 0;
+ if (values[8])
+ quotatab_limit.files_out_avail = atol(values[8]);
+
+ quotatab_limit.files_xfer_avail = 0;
+ if (values[9])
+ quotatab_limit.files_xfer_avail = atol(values[9]);
destroy_pool(tmp_pool);
return TRUE;

View File

@ -1,72 +0,0 @@
--- contrib/mod_wrap2_file.c.orig 2007-08-03 06:52:06.000000000 -0800
+++ contrib/mod_wrap2_file.c 2008-03-03 12:33:19.000000000 -0900
@@ -2,7 +2,7 @@
* ProFTPD: mod_wrap2_file -- a mod_wrap2 sub-module for supplying IP-based
* access control data via file-based tables
*
- * Copyright (c) 2002-2007 TJ Saunders
+ * Copyright (c) 2002-2008 TJ Saunders
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -22,12 +22,12 @@
* with OpenSSL, and distribute the resulting executable, without including
* the source code for OpenSSL in the source distribution.
*
- * $Id: mod_wrap2_file.c,v 1.4 2007/08/03 14:52:06 castaglia Exp $
+ * $Id: mod_wrap2_file.c,v 1.6 2008/03/03 16:26:28 castaglia Exp $
*/
#include "mod_wrap2.h"
-#define MOD_WRAP2_FILE_VERSION "mod_wrap2_file/1.1"
+#define MOD_WRAP2_FILE_VERSION "mod_wrap2_file/1.2"
static const char *filetab_service_name = NULL;
@@ -74,7 +74,9 @@
service = pstrndup(filetab->tab_pool, buf, (res - buf));
if (filetab_service_name &&
- strcasecmp(filetab_service_name, service) == 0) {
+ (strcasecmp(filetab_service_name, service) == 0 ||
+ strcasecmp("ALL", service) == 0)) {
+ char *tmp = NULL;
if (filetab_daemons_list == NULL)
filetab_daemons_list = make_array(filetab->tab_pool, 0, sizeof(char *));
@@ -91,9 +93,31 @@
if (filetab_clients_list == NULL)
filetab_clients_list = make_array(filetab->tab_pool, 0, sizeof(char *));
- *((char **) push_array(filetab_clients_list)) =
- pstrdup(filetab->tab_pool, res);
-
+ /* If there are commas in the line, parse them as separate client
+ * names. Otherwise, a comma-delimited list of names will be treated
+ * as a single name, and violate the principal of least surprise
+ * for the site admin.
+ */
+ tmp = strchr(res, ',');
+ if (tmp != NULL) {
+ char *dup = pstrdup(filetab->tab_pool, res);
+ char *word;
+
+ while ((word = pr_str_get_word(&dup, 0)) != NULL) {
+ size_t wordlen = strlen(word);
+
+ /* Remove any trailing comma */
+ if (word[wordlen-1] == ',')
+ word[wordlen-1] = '\0';
+
+ *((char **) push_array(filetab_clients_list)) = word;
+ }
+
+ } else {
+ *((char **) push_array(filetab_clients_list)) =
+ pstrdup(filetab->tab_pool, res);
+ }
+
res = wrap2_strsplit(res, ':');
if (res) {
if (filetab_options_list == NULL)

View File

@ -1,11 +0,0 @@
--- ./modules/mod_auth_pam.c.orig Thu Jan 2 13:25:20 2003
+++ ./modules/mod_auth_pam.c Sat Mar 15 11:35:00 2003
@@ -57,7 +57,7 @@
#endif /* HAVE_PAM_PAM_APPL_H */
static pam_handle_t * pamh = NULL;
-static char * pamconfig = "ftp";
+static char * pamconfig = "ftpd";
static char * pam_user = NULL;
static char * pam_pass = NULL;
static size_t pam_user_len = 0;

View File

@ -1,43 +0,0 @@
ndex: src/auth.c
===================================================================
RCS file: /cvsroot/proftp/proftpd/src/auth.c,v
retrieving revision 1.52
diff -u -r1.52 auth.c
--- src/auth.c 5 Oct 2007 17:04:13 -0000 1.52
+++ src/auth.c 8 Oct 2007 18:44:21 -0000
@@ -503,6 +503,17 @@
return res;
}
+ if (MODRET_ISERROR(mr)) {
+ res = MODRET_ERROR(mr);
+
+ if (cmd->tmp_pool) {
+ destroy_pool(cmd->tmp_pool);
+ cmd->tmp_pool = NULL;
+ }
+
+ return res;
+ }
+
m = NULL;
}
@@ -566,6 +577,17 @@
return res;
}
+ if (MODRET_ISERROR(mr)) {
+ res = MODRET_ERROR(mr);
+
+ if (cmd->tmp_pool) {
+ destroy_pool(cmd->tmp_pool);
+ cmd->tmp_pool = NULL;
+ }
+
+ return res;
+ }
+
m = NULL;
}

View File

@ -1,88 +0,0 @@
Index: src/netaddr.c
===================================================================
RCS file: /cvsroot/proftp/proftpd/src/netaddr.c,v
retrieving revision 1.61
diff -u -r1.61 netaddr.c
--- src/netaddr.c 9 Oct 2007 21:56:23 -0000 1.61
+++ src/netaddr.c 17 Jan 2008 01:34:45 -0000
@@ -816,6 +816,9 @@
if (pr_netaddr_is_v4mappedv6(na1) == TRUE) {
tmp_pool = make_sub_pool(permanent_pool);
+ pr_trace_msg(trace_channel, 5, "addr '%s' is an IPv4-mapped IPv6 address",
+ pr_netaddr_get_ipstr((pr_netaddr_t *) na1));
+
/* This case means that na1 is an IPv4-mapped IPv6 address, and
* na2 is an IPv4 address.
*/
@@ -834,6 +837,9 @@
} else if (pr_netaddr_is_v4mappedv6(na2) == TRUE) {
tmp_pool = make_sub_pool(permanent_pool);
+ pr_trace_msg(trace_channel, 5, "addr '%s' is an IPv4-mapped IPv6 address",
+ pr_netaddr_get_ipstr((pr_netaddr_t *) na2));
+
/* This case means that na is an IPv4 address, and na2 is an
* IPv4-mapped IPv6 address.
*/
@@ -1105,6 +1111,36 @@
ipstr, pattern);
return TRUE;
}
+
+ /* If the address is an IPv4-mapped IPv6 address, get the IPv4 address
+ * and try to match that against the configured glob pattern.
+ */
+ if (pr_netaddr_is_v4mappedv6(na) == TRUE) {
+ pool *tmp_pool;
+ pr_netaddr_t *a;
+
+ pr_trace_msg(trace_channel, 5, "addr '%s' is an IPv4-mapped IPv6 address",
+ ipstr);
+
+ tmp_pool = make_sub_pool(permanent_pool);
+ a = pr_netaddr_alloc(tmp_pool);
+ pr_netaddr_set_family(a, AF_INET);
+ pr_netaddr_set_port(a, pr_netaddr_get_port(na));
+ memcpy(&a->na_addr.v4.sin_addr, get_v4inaddr(na),
+ sizeof(struct in_addr));
+
+ ipstr = pr_netaddr_get_ipstr(a);
+
+ if (pr_fnmatch(pattern, ipstr, match_flags) == 0) {
+ pr_trace_msg(trace_channel, 6, "DNS name '%s' matches pattern '%s'",
+ ipstr, pattern);
+
+ destroy_pool(tmp_pool);
+ return TRUE;
+ }
+
+ destroy_pool(tmp_pool);
+ }
}
pr_trace_msg(trace_channel, 4, "addr %s does not match pattern '%s'",
@@ -1424,18 +1460,21 @@
#ifdef PR_USE_IPV6
case AF_INET6: {
+ int res;
+
if (!use_ipv6) {
errno = EINVAL;
return -1;
}
# ifndef LINUX
- return IN6_IS_ADDR_V4MAPPED(
+ res = IN6_IS_ADDR_V4MAPPED(
(struct in6_addr *) pr_netaddr_get_inaddr(na));
# else
- return IN6_IS_ADDR_V4MAPPED(
+ res = IN6_IS_ADDR_V4MAPPED(
((struct in6_addr *) pr_netaddr_get_inaddr(na))->s6_addr32);
# endif
+ return res;
}
#endif /* PR_USE_IPV6 */
}

View File

@ -2,6 +2,10 @@ bin/ftpcount
bin/ftpdctl
bin/ftptop
bin/ftpwho
bin/prxs
@unexec if cmp -s %D/etc/proftpd.conf %D/etc/proftpd.conf.sample; then rm -f %D/etc/proftpd.conf; fi
etc/proftpd.conf.sample
@exec cp -n %D/%F %B/proftpd.conf
include/proftpd/auth.h
include/proftpd/bindings.h
include/proftpd/buildstamp.h
@ -15,18 +19,20 @@ include/proftpd/data.h
include/proftpd/default_paths.h
include/proftpd/dirtree.h
include/proftpd/display.h
include/proftpd/encode.h
include/proftpd/env.h
include/proftpd/event.h
include/proftpd/expr.h
include/proftpd/feat.h
include/proftpd/fsio.h
include/proftpd/ftp.h
include/proftpd/glibc-glob.h
include/proftpd/help.h
include/proftpd/ident.h
include/proftpd/inet.h
include/proftpd/libsupp.h
include/proftpd/log.h
include/proftpd/mkhome.h
%%CLAMAV%%include/proftpd/mod_clamav.h
include/proftpd/mod_ctrls.h
include/proftpd/modules.h
include/proftpd/netacl.h
@ -44,18 +50,16 @@ include/proftpd/regexp.h
include/proftpd/response.h
include/proftpd/scoreboard.h
include/proftpd/sets.h
include/proftpd/str.h
include/proftpd/support.h
include/proftpd/table.h
include/proftpd/throttle.h
include/proftpd/timers.h
include/proftpd/trace.h
include/proftpd/utf8.h
include/proftpd/var.h
include/proftpd/version.h
include/proftpd/xferlog.h
sbin/ftpshut
sbin/in.proftpd
sbin/proftpd
@unexec if cmp -s %D/etc/proftpd.conf %D/etc/proftpd.conf.sample; then rm -f %D/etc/proftpd.conf; fi
etc/proftpd.conf.sample
@exec cp -n %D/%F %B/proftpd.conf
@dirrm include/proftpd