Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 7 Jan 2009 20:17:59 +0000 (UTC)
From:      "Simon L. Nielsen" <simon@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-6@freebsd.org
Subject:   svn commit: r186872 - head/contrib/lukemftpd/src head/crypto/openssl/apps head/crypto/openssl/ssl releng/6.3 releng/6.3/contrib/lukemftpd/src releng/6.3/crypto/openssl/apps releng/6.3/crypto/openss...
Message-ID:  <200901072017.n07KHxHj098531@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: simon
Date: Wed Jan  7 20:17:55 2009
New Revision: 186872
URL: http://svn.freebsd.org/changeset/base/186872

Log:
  Prevent cross-site forgery attacks on lukemftpd(8) due to splitting
  long commands into multiple requests. [09:01]
  
  Fix incorrect OpenSSL checks for malformed signatures due to invalid
  check of return value from EVP_VerifyFinal(), DSA_verify, and
  DSA_do_verify. [09:02]
  
  Security:	FreeBSD-SA-09:01.lukemftpd
  Security:	FreeBSD-SA-09:02.openssl
  Obtained from:	NetBSD [SA-09:01]
  Obtained from:	OpenSSL Project [SA-09:02]
  Approved by:	so (simon)

Modified:
  stable/6/contrib/lukemftpd/src/extern.h
  stable/6/contrib/lukemftpd/src/ftpcmd.y
  stable/6/contrib/lukemftpd/src/ftpd.c

Changes in other areas also in this revision:
Modified:
  head/contrib/lukemftpd/src/extern.h
  head/contrib/lukemftpd/src/ftpcmd.y
  head/contrib/lukemftpd/src/ftpd.c
  head/crypto/openssl/apps/speed.c
  head/crypto/openssl/apps/spkac.c
  head/crypto/openssl/apps/verify.c
  head/crypto/openssl/apps/x509.c
  head/crypto/openssl/ssl/s2_clnt.c
  head/crypto/openssl/ssl/s2_srvr.c
  head/crypto/openssl/ssl/s3_clnt.c
  head/crypto/openssl/ssl/s3_srvr.c
  head/crypto/openssl/ssl/ssltest.c
  releng/6.3/UPDATING
  releng/6.3/contrib/lukemftpd/src/extern.h
  releng/6.3/contrib/lukemftpd/src/ftpcmd.y
  releng/6.3/contrib/lukemftpd/src/ftpd.c
  releng/6.3/crypto/openssl/apps/speed.c
  releng/6.3/crypto/openssl/apps/spkac.c
  releng/6.3/crypto/openssl/apps/verify.c
  releng/6.3/crypto/openssl/apps/x509.c
  releng/6.3/crypto/openssl/ssl/s2_clnt.c
  releng/6.3/crypto/openssl/ssl/s2_srvr.c
  releng/6.3/crypto/openssl/ssl/s3_clnt.c
  releng/6.3/crypto/openssl/ssl/s3_srvr.c
  releng/6.3/sys/conf/newvers.sh
  releng/6.4/UPDATING
  releng/6.4/contrib/lukemftpd/src/extern.h
  releng/6.4/contrib/lukemftpd/src/ftpcmd.y
  releng/6.4/contrib/lukemftpd/src/ftpd.c
  releng/6.4/crypto/openssl/apps/speed.c
  releng/6.4/crypto/openssl/apps/spkac.c
  releng/6.4/crypto/openssl/apps/verify.c
  releng/6.4/crypto/openssl/apps/x509.c
  releng/6.4/crypto/openssl/ssl/s2_clnt.c
  releng/6.4/crypto/openssl/ssl/s2_srvr.c
  releng/6.4/crypto/openssl/ssl/s3_clnt.c
  releng/6.4/crypto/openssl/ssl/s3_srvr.c
  releng/6.4/sys/conf/newvers.sh
  releng/7.0/UPDATING
  releng/7.0/contrib/lukemftpd/src/extern.h
  releng/7.0/contrib/lukemftpd/src/ftpcmd.y
  releng/7.0/contrib/lukemftpd/src/ftpd.c
  releng/7.0/crypto/openssl/apps/speed.c
  releng/7.0/crypto/openssl/apps/spkac.c
  releng/7.0/crypto/openssl/apps/verify.c
  releng/7.0/crypto/openssl/apps/x509.c
  releng/7.0/crypto/openssl/ssl/s2_clnt.c
  releng/7.0/crypto/openssl/ssl/s2_srvr.c
  releng/7.0/crypto/openssl/ssl/s3_clnt.c
  releng/7.0/crypto/openssl/ssl/s3_srvr.c
  releng/7.0/crypto/openssl/ssl/ssltest.c
  releng/7.0/sys/conf/newvers.sh
  releng/7.1/UPDATING
  releng/7.1/contrib/lukemftpd/src/extern.h
  releng/7.1/contrib/lukemftpd/src/ftpcmd.y
  releng/7.1/contrib/lukemftpd/src/ftpd.c
  releng/7.1/crypto/openssl/apps/speed.c
  releng/7.1/crypto/openssl/apps/spkac.c
  releng/7.1/crypto/openssl/apps/verify.c
  releng/7.1/crypto/openssl/apps/x509.c
  releng/7.1/crypto/openssl/ssl/s2_clnt.c
  releng/7.1/crypto/openssl/ssl/s2_srvr.c
  releng/7.1/crypto/openssl/ssl/s3_clnt.c
  releng/7.1/crypto/openssl/ssl/s3_srvr.c
  releng/7.1/crypto/openssl/ssl/ssltest.c
  releng/7.1/sys/conf/newvers.sh
  stable/7/contrib/lukemftpd/src/extern.h
  stable/7/contrib/lukemftpd/src/ftpcmd.y
  stable/7/contrib/lukemftpd/src/ftpd.c
  stable/7/crypto/openssl/apps/speed.c
  stable/7/crypto/openssl/apps/spkac.c
  stable/7/crypto/openssl/apps/verify.c
  stable/7/crypto/openssl/apps/x509.c
  stable/7/crypto/openssl/ssl/s2_clnt.c
  stable/7/crypto/openssl/ssl/s2_srvr.c
  stable/7/crypto/openssl/ssl/s3_clnt.c
  stable/7/crypto/openssl/ssl/s3_srvr.c
  stable/7/crypto/openssl/ssl/ssltest.c

Modified: stable/6/contrib/lukemftpd/src/extern.h
==============================================================================
--- stable/6/contrib/lukemftpd/src/extern.h	Wed Jan  7 18:37:07 2009	(r186871)
+++ stable/6/contrib/lukemftpd/src/extern.h	Wed Jan  7 20:17:55 2009	(r186872)
@@ -139,7 +139,7 @@ void	feat(void);
 void	format_path(char *, const char *);
 int	ftpd_pclose(FILE *);
 FILE   *ftpd_popen(char *[], const char *, int);
-char   *getline(char *, int, FILE *);
+int	getline(char *, int, FILE *);
 void	init_curclass(void);
 void	logxfer(const char *, off_t, const char *, const char *,
 	    const struct timeval *, const char *);

Modified: stable/6/contrib/lukemftpd/src/ftpcmd.y
==============================================================================
--- stable/6/contrib/lukemftpd/src/ftpcmd.y	Wed Jan  7 18:37:07 2009	(r186871)
+++ stable/6/contrib/lukemftpd/src/ftpcmd.y	Wed Jan  7 20:17:55 2009	(r186872)
@@ -1363,8 +1363,12 @@ lookup(struct tab *p, const char *cmd)
 
 /*
  * getline - a hacked up version of fgets to ignore TELNET escape codes.
+ *	`s' is the buffer to read into.
+ *	`n' is the 1 less than the size of the buffer, to allow trailing NUL
+ *	`iop' is the FILE to read from.
+ *	Returns 0 on success, -1 on EOF, -2 if the command was too long.
  */
-char *
+int
 getline(char *s, int n, FILE *iop)
 {
 	int c;
@@ -1379,7 +1383,7 @@ getline(char *s, int n, FILE *iop)
 			if (ftpd_debug)
 				syslog(LOG_DEBUG, "command: %s", s);
 			tmpline[0] = '\0';
-			return(s);
+			return(0);
 		}
 		if (c == 0)
 			tmpline[0] = '\0';
@@ -1418,11 +1422,25 @@ getline(char *s, int n, FILE *iop)
 		    }
 		}
 		*cs++ = c;
-		if (--n <= 0 || c == '\n')
+		if (--n <= 0) {
+			/*
+			 * If command doesn't fit into buffer, discard the
+			 * rest of the command and indicate truncation.
+			 * This prevents the command to be split up into
+			 * multiple commands.
+			 */
+			if (ftpd_debug)
+				syslog(LOG_DEBUG,
+				    "command too long, last char: %d", c);
+			while (c != '\n' && (c = getc(iop)) != EOF)
+				continue;
+			return (-2);
+		}
+		if (c == '\n')
 			break;
 	}
 	if (c == EOF && cs == s)
-		return (NULL);
+		return (-1);
 	*cs++ = '\0';
 	if (ftpd_debug) {
 		if ((curclass.type != CLASS_GUEST &&
@@ -1444,7 +1462,7 @@ getline(char *s, int n, FILE *iop)
 			syslog(LOG_DEBUG, "command: %.*s", len, s);
 		}
 	}
-	return (s);
+	return (0);
 }
 
 void
@@ -1458,15 +1476,20 @@ ftp_handle_line(char *cp)
 void
 ftp_loop(void)
 {
+	int ret;
 
 	while (1) {
 		(void) alarm(curclass.timeout);
-		if (getline(cbuf, sizeof(cbuf)-1, stdin) == NULL) {
+		ret = getline(cbuf, sizeof(cbuf)-1, stdin);
+		(void) alarm(0);
+		if (ret == -1) {
 			reply(221, "You could at least say goodbye.");
 			dologout(0);
+		} else if (ret == -2) {
+			reply(500, "Command too long.");
+		} else {
+			ftp_handle_line(cbuf);
 		}
-		(void) alarm(0);
-		ftp_handle_line(cbuf);
 	}
 	/*NOTREACHED*/
 }

Modified: stable/6/contrib/lukemftpd/src/ftpd.c
==============================================================================
--- stable/6/contrib/lukemftpd/src/ftpd.c	Wed Jan  7 18:37:07 2009	(r186871)
+++ stable/6/contrib/lukemftpd/src/ftpd.c	Wed Jan  7 20:17:55 2009	(r186872)
@@ -1,4 +1,4 @@
-/*	$NetBSD: ftpd.c,v 1.176 2006/05/09 20:18:06 mrg Exp $	*/
+/*	$NetBSD: ftpd.c,v 1.187 2008/09/13 03:30:35 lukem Exp $	*/
 
 /*
  * Copyright (c) 1997-2004 The NetBSD Foundation, Inc.
@@ -2896,6 +2896,7 @@ static int
 handleoobcmd()
 {
 	char *cp;
+	int ret;
 
 	if (!urgflag)
 		return (0);
@@ -2904,9 +2905,14 @@ handleoobcmd()
 	if (!transflag)
 		return (0);
 	cp = tmpline;
-	if (getline(cp, sizeof(tmpline), stdin) == NULL) {
+	ret = getline(cp, sizeof(tmpline)-1, stdin);
+	if (ret == -1) {
 		reply(221, "You could at least say goodbye.");
 		dologout(0);
+	} else if (ret == -2) {
+		/* Ignore truncated command */
+		/* XXX: abort xfer with "500 command too long", & return 1 ? */
+		return 0;
 	}
 		/*
 		 * Manually parse OOB commands, because we can't



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901072017.n07KHxHj098531>