From owner-freebsd-bugs@FreeBSD.ORG Wed Jun 18 01:10:10 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81B5A37B401 for ; Wed, 18 Jun 2003 01:10:10 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4BEE443F85 for ; Wed, 18 Jun 2003 01:10:09 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h5I8A9Up099166 for ; Wed, 18 Jun 2003 01:10:09 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h5I8A9qE099165; Wed, 18 Jun 2003 01:10:09 -0700 (PDT) Resent-Date: Wed, 18 Jun 2003 01:10:09 -0700 (PDT) Resent-Message-Id: <200306180810.h5I8A9qE099165@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Yutaka Ishihara Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3576037B401 for ; Wed, 18 Jun 2003 01:03:27 -0700 (PDT) Received: from mgate.fandc.co.jp (mgate.fandc.co.jp [219.123.158.244]) by mx1.FreeBSD.org (Postfix) with ESMTP id 405FB43F75 for ; Wed, 18 Jun 2003 01:03:26 -0700 (PDT) (envelope-from yutaka@fandc.co.jp) Received: from localhost (localhost [127.0.0.1]) by mgate.fandc.co.jp (Postfix) with ESMTP id 756F645E67 for ; Wed, 18 Jun 2003 17:03:24 +0900 (JST) Received: from mspool.fandc.co.jp (mspool.fandc.co.jp [192.168.11.4]) by mgate.fandc.co.jp (Postfix) with ESMTP id 3B2A045E62 for ; Wed, 18 Jun 2003 17:03:22 +0900 (JST) Received: from localhost (localhost [127.0.0.1]) by mspool.fandc.co.jp (Postfix) with ESMTP id 0D3661010E7; Wed, 18 Jun 2003 17:03:22 +0900 (JST) Received: from fcsn01.fandc.co.jp (fcsn01.fandc.co.jp [172.20.1.221]) by mspool.fandc.co.jp (Postfix) with ESMTP id 721E81010E6; Wed, 18 Jun 2003 17:03:20 +0900 (JST) Received: by fcsn01.fandc.co.jp (Postfix, from userid 1001) id 5A6B25087E; Wed, 18 Jun 2003 17:03:20 +0900 (JST) Message-Id: <20030618080320.5A6B25087E@fcsn01.fandc.co.jp> Date: Wed, 18 Jun 2003 17:03:20 +0900 (JST) From: Yutaka Ishihara To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: Yutaka Ishihara Subject: bin/53435: ftpd crashes when using absolute path in /etc/ftpchroot X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Yutaka Ishihara List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jun 2003 08:10:10 -0000 >Number: 53435 >Category: bin >Synopsis: ftpd crashes when using absolute path in /etc/ftpchroot >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jun 18 01:10:08 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Yutaka Ishihara >Release: FreeBSD 5.1-RELEASE i386 >Organization: F&C Co.,Ltd. >Environment: System: FreeBSD fcsn01.fandc.co.jp 5.1-RELEASE FreeBSD 5.1-RELEASE #13: Wed Jun 4 21:09:39 JST 2003 root@fcsn01.fandc.co.jp:/usr/obj/usr/src/sys/MYKERNEL i386 >Description: When using absolute path in /etc/ftpchroot's optional second field, ftpd exit on signal 6. >How-To-Repeat: Add line to /etc/ftpchroot like this: foo /home Then do telnet to the port 21, log in as user foo: yutaka@fcsn01~% telnet 0 21 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. 220 fcsn01.fandc.co.jp FTP server (Version 6.00LS) ready. user foo 331 Password required for foo. pass password 230 User foo logged in, access restrictions apply. Connection closed by foreign host. Error log in /var/log/message: Jun 18 16:54:18 fcsn01 kernel: pid 7443 (ftpd), uid 2000: exited on signal 6 >Fix: Here is the patch for ftpd.c Revision 1.62.2.48: --- ftpd.c.orig Wed Jun 18 15:33:22 2003 +++ ftpd.c Wed Jun 18 15:38:43 2003 @@ -1494,11 +1494,14 @@ * c) expand it to the absolute pathname if necessary. */ if (dochroot && residue && - (chrootdir = strtok(residue, " \t")) != NULL && - chrootdir[0] != '/') { - asprintf(&chrootdir, "%s/%s", pw->pw_dir, chrootdir); - if (chrootdir == NULL) - fatalerror("Ran out of memory."); + (chrootdir = strtok(residue, " \t")) != NULL) { + if (chrootdir[0] != '/') { + asprintf(&chrootdir, "%s/%s", pw->pw_dir, chrootdir); + } else { + chrootdir = strdup(chrootdir); + } + if (chrootdir == NULL) + fatalerror("Ran out of memory."); } if (guest || dochroot) { /* >Release-Note: >Audit-Trail: >Unformatted: