summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlkundrak <lkundrak@pkgsrc.org>2007-06-26 23:25:56 +0000
committerlkundrak <lkundrak@pkgsrc.org>2007-06-26 23:25:56 +0000
commit37d2bfffbe83f7352a5f807c65f3df15498a57cf (patch)
tree46c06cd2a1e789385044760a99d25c2761b67ea3
parent3916af4b3db048110c34ef3dc7625b6a83472784 (diff)
downloadpkgsrc-37d2bfffbe83f7352a5f807c65f3df15498a57cf.tar.gz
Fix for a CVE-2007-2165 security issue grabbed from upstream #2922.
-rw-r--r--net/proftpd/Makefile4
-rw-r--r--net/proftpd/distinfo5
-rw-r--r--net/proftpd/patches/patch-ad22
-rw-r--r--net/proftpd/patches/patch-ae15
-rw-r--r--net/proftpd/patches/patch-af398
5 files changed, 441 insertions, 3 deletions
diff --git a/net/proftpd/Makefile b/net/proftpd/Makefile
index 305e1a509d0..1ea9949c24d 100644
--- a/net/proftpd/Makefile
+++ b/net/proftpd/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.40 2007/01/24 05:22:01 martti Exp $
+# $NetBSD: Makefile,v 1.41 2007/06/26 23:25:56 lkundrak Exp $
DISTNAME= proftpd-1.3.1rc2
-#PKGREVISION= 1
+PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= ftp://ftp.proftpd.org/distrib/source/ \
ftp://ftp.servus.at/ProFTPD/distrib/source/ \
diff --git a/net/proftpd/distinfo b/net/proftpd/distinfo
index 44a3bc69914..9d47478287d 100644
--- a/net/proftpd/distinfo
+++ b/net/proftpd/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.22 2007/01/13 09:47:38 martti Exp $
+$NetBSD: distinfo,v 1.23 2007/06/26 23:25:56 lkundrak Exp $
SHA1 (proftpd-1.3.1rc2.tar.bz2) = 7db6435707983fe8e865064661cedb159ebc1cf6
RMD160 (proftpd-1.3.1rc2.tar.bz2) = aa928315880cf1e9d1980850ce2bb07193d2ac46
@@ -6,3 +6,6 @@ Size (proftpd-1.3.1rc2.tar.bz2) = 1516464 bytes
SHA1 (patch-aa) = d7ad034e763a2bf729c9af669c3094402bdd03b7
SHA1 (patch-ab) = 2b6921efa11884286c022a1da7691fc971d65cca
SHA1 (patch-ac) = a73ceb99485ea16a4b008971cba58204b8d3f90d
+SHA1 (patch-ad) = 17390cac03e1a3fb8d2ce5f854ad9d239eae40fd
+SHA1 (patch-ae) = b7a8ba05a4399438f04d976aa36535e1f02f0c41
+SHA1 (patch-af) = 5f6642a36efe9fdacefed698aba2a86b737dd953
diff --git a/net/proftpd/patches/patch-ad b/net/proftpd/patches/patch-ad
new file mode 100644
index 00000000000..3037a0dd23d
--- /dev/null
+++ b/net/proftpd/patches/patch-ad
@@ -0,0 +1,22 @@
+$NetBSD: patch-ad,v 1.3 2007/06/26 23:25:56 lkundrak Exp $
+
+Part of fix for CVE-2007-2165 grabbed from upstream #2922.
+
+--- include/auth.h.orig 2007-06-27 01:13:43.000000000 +0200
++++ include/auth.h
+@@ -1,6 +1,6 @@
+ /*
+ * ProFTPD - FTP server daemon
+- * Copyright (c) 2004-2005 The ProFTPD Project team
++ * Copyright (c) 2004-2007 The ProFTPD Project team
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -86,6 +86,7 @@ int pr_auth_requires_pass(pool *, const
+ config_rec *pr_auth_get_anon_config(pool *p, char **, char **, char **);
+
+ /* For internal use only. */
++int init_auth(void);
+ int set_groups(pool *, gid_t, array_header *);
+
+ #endif /* PR_MODULES_H */
diff --git a/net/proftpd/patches/patch-ae b/net/proftpd/patches/patch-ae
new file mode 100644
index 00000000000..8cc112c326f
--- /dev/null
+++ b/net/proftpd/patches/patch-ae
@@ -0,0 +1,15 @@
+$NetBSD: patch-ae,v 1.3 2007/06/26 23:25:56 lkundrak Exp $
+
+Part of fix for CVE-2007-2165 grabbed from upstream #2922.
+
+--- modules/mod_core.c.orig 2007-06-27 01:13:50.000000000 +0200
++++ modules/mod_core.c
+@@ -4444,6 +4444,8 @@ static int core_sess_init(void) {
+ config_rec *c = NULL;
+ unsigned int *debug_level = NULL;
+
++ init_auth();
++
+ /* Check for a server-specific TimeoutIdle. */
+ c = find_config(main_server->conf, CONF_PARAM, "TimeoutIdle", FALSE);
+ if (c != NULL)
diff --git a/net/proftpd/patches/patch-af b/net/proftpd/patches/patch-af
new file mode 100644
index 00000000000..c4e35306d45
--- /dev/null
+++ b/net/proftpd/patches/patch-af
@@ -0,0 +1,398 @@
+$NetBSD: patch-af,v 1.1 2007/06/26 23:25:56 lkundrak Exp $
+
+Part of fix for CVE-2007-2165 grabbed from upstream #2922.
+
+--- src/auth.c.orig 2007-06-27 01:13:58.000000000 +0200
++++ src/auth.c
+@@ -2,7 +2,7 @@
+ * ProFTPD - FTP server daemon
+ * Copyright (c) 1997, 1998 Public Flood Software
+ * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver@tos.net>
+- * Copyright (c) 2001-2006 The ProFTPD Project team
++ * Copyright (c) 2001-2007 The ProFTPD Project team
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -30,6 +30,10 @@
+
+ #include "conf.h"
+
++static pool *auth_pool = NULL;
++static pr_table_t *auth_tab = NULL;
++static const char *trace_channel = "auth";
++
+ /* The difference between this function, and pr_cmd_alloc(), is that this
+ * allocates the cmd_rec directly from the given pool, whereas pr_cmd_alloc()
+ * will allocate a subpool from the given pool, and allocate its cmd_rec
+@@ -63,7 +67,7 @@ static cmd_rec *make_cmd(pool *cp, int a
+ return c;
+ }
+
+-static modret_t *dispatch_auth(cmd_rec *cmd, char *match) {
++static modret_t *dispatch_auth(cmd_rec *cmd, char *match, module **m) {
+ authtable *start_tab = NULL, *iter_tab = NULL;
+ modret_t *mr = NULL;
+
+@@ -74,7 +78,12 @@ static modret_t *dispatch_auth(cmd_rec *
+ while (iter_tab) {
+ pr_signals_handle();
+
+- pr_trace_msg("auth", 6, "dispatching auth request \"%s\" to module mod_%s",
++ if (m && *m && *m != iter_tab->m) {
++ goto next;
++ }
++
++ pr_trace_msg(trace_channel, 6,
++ "dispatching auth request \"%s\" to module mod_%s",
+ match, iter_tab->m->name);
+
+ mr = call_module(iter_tab->m, iter_tab->handler, cmd);
+@@ -83,9 +92,19 @@ static modret_t *dispatch_auth(cmd_rec *
+ break;
+
+ if (MODRET_ISHANDLED(mr) ||
+- MODRET_ISERROR(mr))
++ MODRET_ISERROR(mr)) {
++
++ /* Return a pointer, if requested, to the module which answered the
++ * auth request. This is used, for example, by auth_getpwnam() for
++ * associating the answering auth module with the data looked up.
++ */
++ if (m)
++ *m = iter_tab->m;
++
+ break;
++ }
+
++ next:
+ iter_tab = pr_stash_get_symbol(PR_SYM_AUTH, match, iter_tab,
+ &cmd->stash_index);
+
+@@ -106,7 +125,7 @@ void pr_auth_setpwent(pool *p) {
+ modret_t *mr = NULL;
+
+ cmd = make_cmd(p, 0);
+- mr = dispatch_auth(cmd, "setpwent");
++ mr = dispatch_auth(cmd, "setpwent", NULL);
+
+ if (cmd->tmp_pool) {
+ destroy_pool(cmd->tmp_pool);
+@@ -121,13 +140,20 @@ void pr_auth_endpwent(pool *p) {
+ modret_t *mr = NULL;
+
+ cmd = make_cmd(p, 0);
+- mr = dispatch_auth(cmd, "endpwent");
++ mr = dispatch_auth(cmd, "endpwent", NULL);
+
+ if (cmd->tmp_pool) {
+ destroy_pool(cmd->tmp_pool);
+ cmd->tmp_pool = NULL;
+ }
+
++ if (auth_tab) {
++ pr_trace_msg(trace_channel, 5, "emptying authcache");
++ (void) pr_table_empty(auth_tab);
++ (void) pr_table_free(auth_tab);
++ auth_tab = NULL;
++ }
++
+ return;
+ }
+
+@@ -136,7 +162,7 @@ void pr_auth_setgrent(pool *p) {
+ modret_t *mr = NULL;
+
+ cmd = make_cmd(p, 0);
+- mr = dispatch_auth(cmd, "setgrent");
++ mr = dispatch_auth(cmd, "setgrent", NULL);
+
+ if (cmd->tmp_pool) {
+ destroy_pool(cmd->tmp_pool);
+@@ -151,7 +177,7 @@ void pr_auth_endgrent(pool *p) {
+ modret_t *mr = NULL;
+
+ cmd = make_cmd(p, 0);
+- mr = dispatch_auth(cmd, "endgrent");
++ mr = dispatch_auth(cmd, "endgrent", NULL);
+
+ if (cmd->tmp_pool) {
+ destroy_pool(cmd->tmp_pool);
+@@ -167,7 +193,7 @@ struct passwd *pr_auth_getpwent(pool *p)
+ struct passwd *res = NULL;
+
+ cmd = make_cmd(p, 0);
+- mr = dispatch_auth(cmd, "getpwent");
++ mr = dispatch_auth(cmd, "getpwent", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
+ res = mr->data;
+@@ -201,7 +227,7 @@ struct group *pr_auth_getgrent(pool *p)
+ struct group *res = NULL;
+
+ cmd = make_cmd(p, 0);
+- mr = dispatch_auth(cmd, "getgrent");
++ mr = dispatch_auth(cmd, "getgrent", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
+ res = mr->data;
+@@ -228,11 +254,13 @@ struct passwd *pr_auth_getpwnam(pool *p,
+ cmd_rec *cmd = NULL;
+ modret_t *mr = NULL;
+ struct passwd *res = NULL;
++ module *m = NULL;
+
+ cmd = make_cmd(p, 1, name);
+- mr = dispatch_auth(cmd, "getpwnam");
++ mr = dispatch_auth(cmd, "getpwnam", &m);
+
+- if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
++ if (MODRET_ISHANDLED(mr) &&
++ MODRET_HASDATA(mr))
+ res = mr->data;
+
+ if (cmd->tmp_pool) {
+@@ -257,6 +285,46 @@ struct passwd *pr_auth_getpwnam(pool *p,
+ return NULL;
+ }
+
++ if (!auth_tab && auth_pool) {
++ auth_tab = pr_table_alloc(auth_pool, 0);
++ }
++
++ if (m && auth_tab) {
++ int count = 0;
++ void *value = NULL;
++
++ value = palloc(auth_pool, sizeof(module *));
++ *((module **) value) = m;
++
++ count = pr_table_exists(auth_tab, name);
++ if (count <= 0) {
++ if (pr_table_add(auth_tab, pstrdup(auth_pool, name), value,
++ sizeof(module *)) < 0) {
++ pr_trace_msg(trace_channel, 3,
++ "error adding module 'mod_%s.c' for user '%s' to the authcache: %s",
++ m->name, name, strerror(errno));
++
++ } else {
++ pr_trace_msg(trace_channel, 5,
++ "stashed module 'mod_%s.c' for user '%s' in the authcache",
++ m->name, name);
++ }
++
++ } else {
++ if (pr_table_set(auth_tab, pstrdup(auth_pool, name), value,
++ sizeof(module *)) < 0) {
++ pr_trace_msg(trace_channel, 3,
++ "error setting module 'mod_%s.c' for user '%s' in the authcache: %s",
++ m->name, name, strerror(errno));
++
++ } else {
++ pr_trace_msg(trace_channel, 5,
++ "stashed module 'mod_%s.c' for user '%s' in the authcache",
++ m->name, name);
++ }
++ }
++ }
++
+ pr_log_debug(DEBUG10, "retrieved UID %lu for user '%s'",
+ (unsigned long) res->pw_uid, name);
+ return res;
+@@ -268,7 +336,7 @@ struct passwd *pr_auth_getpwuid(pool *p,
+ struct passwd *res = NULL;
+
+ cmd = make_cmd(p, 1, (void *) &uid);
+- mr = dispatch_auth(cmd, "getpwuid");
++ mr = dispatch_auth(cmd, "getpwuid", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
+ res = mr->data;
+@@ -306,7 +374,7 @@ struct group *pr_auth_getgrnam(pool *p,
+ struct group *res = NULL;
+
+ cmd = make_cmd(p, 1, name);
+- mr = dispatch_auth(cmd, "getgrnam");
++ mr = dispatch_auth(cmd, "getgrnam", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
+ res = mr->data;
+@@ -339,7 +407,7 @@ struct group *pr_auth_getgrgid(pool *p,
+ struct group *res = NULL;
+
+ cmd = make_cmd(p, 1, (void *) &gid);
+- mr = dispatch_auth(cmd, "getgrgid");
++ mr = dispatch_auth(cmd, "getgrgid", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
+ res = mr->data;
+@@ -369,10 +437,51 @@ struct group *pr_auth_getgrgid(pool *p,
+ int pr_auth_authenticate(pool *p, const char *name, const char *pw) {
+ cmd_rec *cmd = NULL;
+ modret_t *mr = NULL;
++ module *m = NULL;
+ int res = PR_AUTH_NOPWD;
+
+ cmd = make_cmd(p, 2, name, pw);
+- mr = dispatch_auth(cmd, "auth");
++
++ /* First, check for the mod_auth_pam.c module.
++ *
++ * PAM is a bit of hack in this Auth API, because PAM only provides
++ * yes/no checks, and is not a source of user information.
++ */
++ m = pr_module_get("mod_auth_pam.c");
++ if (m) {
++ mr = dispatch_auth(cmd, "auth", &m);
++
++ if (MODRET_ISHANDLED(mr)) {
++ pr_trace_msg(trace_channel, 4,
++ "module 'mod_auth_pam.c' used for authenticating user '%s'", name);
++
++ res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK;
++
++ if (cmd->tmp_pool) {
++ destroy_pool(cmd->tmp_pool);
++ cmd->tmp_pool = NULL;
++ }
++
++ return res;
++ }
++
++ m = NULL;
++ }
++
++ if (auth_tab) {
++
++ /* Fetch the specific module to be used for authenticating this user. */
++ void *v = pr_table_get(auth_tab, name, NULL);
++ if (v) {
++ m = *((module **) v);
++
++ pr_trace_msg(trace_channel, 4,
++ "using module 'mod_%s.c' from authcache to authenticate user '%s'",
++ m->name, name);
++ }
++ }
++
++ mr = dispatch_auth(cmd, "auth", m ? &m : NULL);
+
+ if (MODRET_ISHANDLED(mr))
+ res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK;
+@@ -391,10 +500,51 @@ int pr_auth_authenticate(pool *p, const
+ int pr_auth_check(pool *p, const char *cpw, const char *name, const char *pw) {
+ cmd_rec *cmd = NULL;
+ modret_t *mr = NULL;
++ module *m = NULL;
+ int res = PR_AUTH_BADPWD;
+
+ cmd = make_cmd(p, 3, cpw, name, pw);
+- mr = dispatch_auth(cmd, "check");
++
++ /* First, check for the mod_auth_pam.c module.
++ *
++ * PAM is a bit of hack in this Auth API, because PAM only provides
++ * yes/no checks, and is not a source of user information.
++ */
++ m = pr_module_get("mod_auth_pam.c");
++ if (m) {
++ mr = dispatch_auth(cmd, "check", &m);
++
++ if (MODRET_ISHANDLED(mr)) {
++ pr_trace_msg(trace_channel, 4,
++ "module 'mod_auth_pam.c' used for authenticating user '%s'", name);
++
++ res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK;
++
++ if (cmd->tmp_pool) {
++ destroy_pool(cmd->tmp_pool);
++ cmd->tmp_pool = NULL;
++ }
++
++ return res;
++ }
++
++ m = NULL;
++ }
++
++ if (auth_tab) {
++
++ /* Fetch the specific module to be used for authenticating this user. */
++ void *v = pr_table_get(auth_tab, name, NULL);
++ if (v) {
++ m = *((module **) v);
++
++ pr_trace_msg(trace_channel, 4,
++ "using module 'mod_%s.c' from authcache to authenticate user '%s'",
++ m->name, name);
++ }
++ }
++
++ mr = dispatch_auth(cmd, "check", m ? &m : NULL);
+
+ if (MODRET_ISHANDLED(mr))
+ res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK;
+@@ -413,7 +563,7 @@ int pr_auth_requires_pass(pool *p, const
+ int res = TRUE;
+
+ cmd = make_cmd(p, 1, name);
+- mr = dispatch_auth(cmd, "requires_pass");
++ mr = dispatch_auth(cmd, "requires_pass", NULL);
+
+ if (MODRET_ISHANDLED(mr))
+ res = FALSE;
+@@ -438,7 +588,7 @@ const char *pr_auth_uid2name(pool *p, ui
+ memset(namebuf, '\0', sizeof(namebuf));
+
+ cmd = make_cmd(p, 1, (void *) &uid);
+- mr = dispatch_auth(cmd, "uid2name");
++ mr = dispatch_auth(cmd, "uid2name", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) {
+ res = mr->data;
+@@ -463,7 +613,7 @@ const char *pr_auth_gid2name(pool *p, gi
+ memset(namebuf, '\0', sizeof(namebuf));
+
+ cmd = make_cmd(p, 1, (void *) &gid);
+- mr = dispatch_auth(cmd, "gid2name");
++ mr = dispatch_auth(cmd, "gid2name", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) {
+ res = mr->data;
+@@ -485,7 +635,7 @@ uid_t pr_auth_name2uid(pool *p, const ch
+ uid_t res = (uid_t) -1;
+
+ cmd = make_cmd(p, 1, name);
+- mr = dispatch_auth(cmd, "name2uid");
++ mr = dispatch_auth(cmd, "name2uid", NULL);
+
+ if (MODRET_ISHANDLED(mr))
+ res = *((uid_t *) mr->data);
+@@ -506,7 +656,7 @@ gid_t pr_auth_name2gid(pool *p, const ch
+ gid_t res = (gid_t) -1;
+
+ cmd = make_cmd(p, 1, name);
+- mr = dispatch_auth(cmd, "name2gid");
++ mr = dispatch_auth(cmd, "name2gid", NULL);
+
+ if (MODRET_ISHANDLED(mr))
+ res = *((gid_t *) mr->data);
+@@ -538,7 +688,7 @@ int pr_auth_getgroups(pool *p, const cha
+ cmd = make_cmd(p, 3, name, group_ids ? *group_ids : NULL,
+ group_names ? *group_names : NULL);
+
+- mr = dispatch_auth(cmd, "getgroups");
++ mr = dispatch_auth(cmd, "getgroups", NULL);
+
+ if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) {
+ res = *((int *) mr->data);
+@@ -832,3 +982,10 @@ int set_groups(pool *p, gid_t primary_gi
+ return res;
+ }
+
++/* Internal use only. To be called in the session process. */
++int init_auth(void) {
++ auth_pool = make_sub_pool(permanent_pool);
++ pr_pool_tag(auth_pool, "Auth API");
++
++ return 0;
++}