Startsida Utforska Hjälp
Registrera dig Logga in
PUBLIC_REPOS
/
buildroot
spegling av git://git.buildroot.net/buildroot
2
1
Fork 0
Filer
Bläddra i källkod

package/pure-ftpd: fix CVE-2020-9274

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer
vulnerability has been detected in the diraliases linked list. When the
*lookup_alias(const char alias) or print_aliases(void) function is
called, they fail to correctly detect the end of the linked list and try
to access a non-existent list member. This is related to init_aliases in
diraliases.c.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine 5 år sedan
förälder
40bc86afe9
incheckning
1d8426b32c
2 ändrade filer med 38 tillägg och 0 borttagningar
Unifierad Vy Visa Diff Statistik
  1. 35 0
      package/pure-ftpd/0003-diraliases-always-set-the-tail-of-the-list-to-NULL.patch
  2. 3 0
      package/pure-ftpd/pure-ftpd.mk

+ 35 - 0
package/pure-ftpd/0003-diraliases-always-set-the-tail-of-the-list-to-NULL.patch
Visa fil 

@@ -0,0 +1,35 @@
 
+From 8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa Mon Sep 17 00:00:00 2001
 
+From: Frank Denis <github@pureftpd.org>
 
+Date: Tue, 18 Feb 2020 18:36:58 +0100
 
+Subject: [PATCH] diraliases: always set the tail of the list to NULL
 
+
 
+Spotted and reported by Antonio Norales from GitHub Security Labs.
 
+Thanks!
 
+
 
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 
+[Retrieved from:
 
+https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa]
 
+---
 
+ src/diraliases.c | 2 +-
 
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
+
 
+diff --git a/src/diraliases.c b/src/diraliases.c
 
+index 4002a36..fb70273 100644
 
+--- a/src/diraliases.c
 
++++ b/src/diraliases.c
 
+@@ -93,7 +93,6 @@ int init_aliases(void)
 
+                 (tail->dir = strdup(dir)) == NULL) {
 
+                 die_mem();
 
+             }
 
+-            tail->next = NULL;
 
+         } else {
 
+             DirAlias *curr;
 
+ 
+@@ -105,6 +104,7 @@ int init_aliases(void)
 
+             tail->next = curr;
 
+             tail = curr;
 
+         }
 
++        tail->next = NULL;
 
+     }
 
+     fclose(fp);
 
+     aliases_up++;

+ 3 - 0
package/pure-ftpd/pure-ftpd.mk
Visa fil 

@@ -17,6 +17,9 @@ PURE_FTPD_IGNORE_CVES += CVE-2019-20176
 
 # 0002-pure_strcmp-len-s2-can-be-len-s1.patch
 
 # 0002-pure_strcmp-len-s2-can-be-len-s1.patch
 
 PURE_FTPD_IGNORE_CVES += CVE-2020-9365
 
 PURE_FTPD_IGNORE_CVES += CVE-2020-9365
 
 
 
+# 0003-diraliases-always-set-the-tail-of-the-list-to-NULL.patch
 
+PURE_FTPD_IGNORE_CVES += CVE-2020-9274
 
+
 
 PURE_FTPD_CONF_OPTS = \
 
 PURE_FTPD_CONF_OPTS = \
 
 	--with-altlog \
 
 	--with-altlog \
 
 	--with-puredb
 
 	--with-puredb