Date: Wed, 7 Jan 2009 20:17:59 +0000 (UTC) From: "Simon L. Nielsen" <simon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-6@freebsd.org Subject: svn commit: r186872 - head/contrib/lukemftpd/src head/crypto/openssl/apps head/crypto/openssl/ssl releng/6.3 releng/6.3/contrib/lukemftpd/src releng/6.3/crypto/openssl/apps releng/6.3/crypto/openss... Message-ID: <200901072017.n07KHxHj098531@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: simon Date: Wed Jan 7 20:17:55 2009 New Revision: 186872 URL: http://svn.freebsd.org/changeset/base/186872 Log: Prevent cross-site forgery attacks on lukemftpd(8) due to splitting long commands into multiple requests. [09:01] Fix incorrect OpenSSL checks for malformed signatures due to invalid check of return value from EVP_VerifyFinal(), DSA_verify, and DSA_do_verify. [09:02] Security: FreeBSD-SA-09:01.lukemftpd Security: FreeBSD-SA-09:02.openssl Obtained from: NetBSD [SA-09:01] Obtained from: OpenSSL Project [SA-09:02] Approved by: so (simon) Modified: stable/6/contrib/lukemftpd/src/extern.h stable/6/contrib/lukemftpd/src/ftpcmd.y stable/6/contrib/lukemftpd/src/ftpd.c Changes in other areas also in this revision: Modified: head/contrib/lukemftpd/src/extern.h head/contrib/lukemftpd/src/ftpcmd.y head/contrib/lukemftpd/src/ftpd.c head/crypto/openssl/apps/speed.c head/crypto/openssl/apps/spkac.c head/crypto/openssl/apps/verify.c head/crypto/openssl/apps/x509.c head/crypto/openssl/ssl/s2_clnt.c head/crypto/openssl/ssl/s2_srvr.c head/crypto/openssl/ssl/s3_clnt.c head/crypto/openssl/ssl/s3_srvr.c head/crypto/openssl/ssl/ssltest.c releng/6.3/UPDATING releng/6.3/contrib/lukemftpd/src/extern.h releng/6.3/contrib/lukemftpd/src/ftpcmd.y releng/6.3/contrib/lukemftpd/src/ftpd.c releng/6.3/crypto/openssl/apps/speed.c releng/6.3/crypto/openssl/apps/spkac.c releng/6.3/crypto/openssl/apps/verify.c releng/6.3/crypto/openssl/apps/x509.c releng/6.3/crypto/openssl/ssl/s2_clnt.c releng/6.3/crypto/openssl/ssl/s2_srvr.c releng/6.3/crypto/openssl/ssl/s3_clnt.c releng/6.3/crypto/openssl/ssl/s3_srvr.c releng/6.3/sys/conf/newvers.sh releng/6.4/UPDATING releng/6.4/contrib/lukemftpd/src/extern.h releng/6.4/contrib/lukemftpd/src/ftpcmd.y releng/6.4/contrib/lukemftpd/src/ftpd.c releng/6.4/crypto/openssl/apps/speed.c releng/6.4/crypto/openssl/apps/spkac.c releng/6.4/crypto/openssl/apps/verify.c releng/6.4/crypto/openssl/apps/x509.c releng/6.4/crypto/openssl/ssl/s2_clnt.c releng/6.4/crypto/openssl/ssl/s2_srvr.c releng/6.4/crypto/openssl/ssl/s3_clnt.c releng/6.4/crypto/openssl/ssl/s3_srvr.c releng/6.4/sys/conf/newvers.sh releng/7.0/UPDATING releng/7.0/contrib/lukemftpd/src/extern.h releng/7.0/contrib/lukemftpd/src/ftpcmd.y releng/7.0/contrib/lukemftpd/src/ftpd.c releng/7.0/crypto/openssl/apps/speed.c releng/7.0/crypto/openssl/apps/spkac.c releng/7.0/crypto/openssl/apps/verify.c releng/7.0/crypto/openssl/apps/x509.c releng/7.0/crypto/openssl/ssl/s2_clnt.c releng/7.0/crypto/openssl/ssl/s2_srvr.c releng/7.0/crypto/openssl/ssl/s3_clnt.c releng/7.0/crypto/openssl/ssl/s3_srvr.c releng/7.0/crypto/openssl/ssl/ssltest.c releng/7.0/sys/conf/newvers.sh releng/7.1/UPDATING releng/7.1/contrib/lukemftpd/src/extern.h releng/7.1/contrib/lukemftpd/src/ftpcmd.y releng/7.1/contrib/lukemftpd/src/ftpd.c releng/7.1/crypto/openssl/apps/speed.c releng/7.1/crypto/openssl/apps/spkac.c releng/7.1/crypto/openssl/apps/verify.c releng/7.1/crypto/openssl/apps/x509.c releng/7.1/crypto/openssl/ssl/s2_clnt.c releng/7.1/crypto/openssl/ssl/s2_srvr.c releng/7.1/crypto/openssl/ssl/s3_clnt.c releng/7.1/crypto/openssl/ssl/s3_srvr.c releng/7.1/crypto/openssl/ssl/ssltest.c releng/7.1/sys/conf/newvers.sh stable/7/contrib/lukemftpd/src/extern.h stable/7/contrib/lukemftpd/src/ftpcmd.y stable/7/contrib/lukemftpd/src/ftpd.c stable/7/crypto/openssl/apps/speed.c stable/7/crypto/openssl/apps/spkac.c stable/7/crypto/openssl/apps/verify.c stable/7/crypto/openssl/apps/x509.c stable/7/crypto/openssl/ssl/s2_clnt.c stable/7/crypto/openssl/ssl/s2_srvr.c stable/7/crypto/openssl/ssl/s3_clnt.c stable/7/crypto/openssl/ssl/s3_srvr.c stable/7/crypto/openssl/ssl/ssltest.c Modified: stable/6/contrib/lukemftpd/src/extern.h ============================================================================== --- stable/6/contrib/lukemftpd/src/extern.h Wed Jan 7 18:37:07 2009 (r186871) +++ stable/6/contrib/lukemftpd/src/extern.h Wed Jan 7 20:17:55 2009 (r186872) @@ -139,7 +139,7 @@ void feat(void); void format_path(char *, const char *); int ftpd_pclose(FILE *); FILE *ftpd_popen(char *[], const char *, int); -char *getline(char *, int, FILE *); +int getline(char *, int, FILE *); void init_curclass(void); void logxfer(const char *, off_t, const char *, const char *, const struct timeval *, const char *); Modified: stable/6/contrib/lukemftpd/src/ftpcmd.y ============================================================================== --- stable/6/contrib/lukemftpd/src/ftpcmd.y Wed Jan 7 18:37:07 2009 (r186871) +++ stable/6/contrib/lukemftpd/src/ftpcmd.y Wed Jan 7 20:17:55 2009 (r186872) @@ -1363,8 +1363,12 @@ lookup(struct tab *p, const char *cmd) /* * getline - a hacked up version of fgets to ignore TELNET escape codes. + * `s' is the buffer to read into. + * `n' is the 1 less than the size of the buffer, to allow trailing NUL + * `iop' is the FILE to read from. + * Returns 0 on success, -1 on EOF, -2 if the command was too long. */ -char * +int getline(char *s, int n, FILE *iop) { int c; @@ -1379,7 +1383,7 @@ getline(char *s, int n, FILE *iop) if (ftpd_debug) syslog(LOG_DEBUG, "command: %s", s); tmpline[0] = '\0'; - return(s); + return(0); } if (c == 0) tmpline[0] = '\0'; @@ -1418,11 +1422,25 @@ getline(char *s, int n, FILE *iop) } } *cs++ = c; - if (--n <= 0 || c == '\n') + if (--n <= 0) { + /* + * If command doesn't fit into buffer, discard the + * rest of the command and indicate truncation. + * This prevents the command to be split up into + * multiple commands. + */ + if (ftpd_debug) + syslog(LOG_DEBUG, + "command too long, last char: %d", c); + while (c != '\n' && (c = getc(iop)) != EOF) + continue; + return (-2); + } + if (c == '\n') break; } if (c == EOF && cs == s) - return (NULL); + return (-1); *cs++ = '\0'; if (ftpd_debug) { if ((curclass.type != CLASS_GUEST && @@ -1444,7 +1462,7 @@ getline(char *s, int n, FILE *iop) syslog(LOG_DEBUG, "command: %.*s", len, s); } } - return (s); + return (0); } void @@ -1458,15 +1476,20 @@ ftp_handle_line(char *cp) void ftp_loop(void) { + int ret; while (1) { (void) alarm(curclass.timeout); - if (getline(cbuf, sizeof(cbuf)-1, stdin) == NULL) { + ret = getline(cbuf, sizeof(cbuf)-1, stdin); + (void) alarm(0); + if (ret == -1) { reply(221, "You could at least say goodbye."); dologout(0); + } else if (ret == -2) { + reply(500, "Command too long."); + } else { + ftp_handle_line(cbuf); } - (void) alarm(0); - ftp_handle_line(cbuf); } /*NOTREACHED*/ } Modified: stable/6/contrib/lukemftpd/src/ftpd.c ============================================================================== --- stable/6/contrib/lukemftpd/src/ftpd.c Wed Jan 7 18:37:07 2009 (r186871) +++ stable/6/contrib/lukemftpd/src/ftpd.c Wed Jan 7 20:17:55 2009 (r186872) @@ -1,4 +1,4 @@ -/* $NetBSD: ftpd.c,v 1.176 2006/05/09 20:18:06 mrg Exp $ */ +/* $NetBSD: ftpd.c,v 1.187 2008/09/13 03:30:35 lukem Exp $ */ /* * Copyright (c) 1997-2004 The NetBSD Foundation, Inc. @@ -2896,6 +2896,7 @@ static int handleoobcmd() { char *cp; + int ret; if (!urgflag) return (0); @@ -2904,9 +2905,14 @@ handleoobcmd() if (!transflag) return (0); cp = tmpline; - if (getline(cp, sizeof(tmpline), stdin) == NULL) { + ret = getline(cp, sizeof(tmpline)-1, stdin); + if (ret == -1) { reply(221, "You could at least say goodbye."); dologout(0); + } else if (ret == -2) { + /* Ignore truncated command */ + /* XXX: abort xfer with "500 command too long", & return 1 ? */ + return 0; } /* * Manually parse OOB commands, because we can't
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901072017.n07KHxHj098531>