1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
$NetBSD: patch-an,v 1.1 2006/08/09 17:58:09 salo Exp $
Security fix for SA21436.
--- appl/ftp/ftpd/ftpd.c.orig 2005-06-02 12:41:28.000000000 +0200
+++ appl/ftp/ftpd/ftpd.c 2006-08-09 19:42:15.000000000 +0200
@@ -138,9 +138,9 @@ static int handleoobcmd(void);
static int checkuser (char *, char *);
static int checkaccess (char *);
static FILE *dataconn (const char *, off_t, const char *);
-static void dolog (struct sockaddr *sa, int len);
+static void dolog (struct sockaddr *, int);
static void end_login (void);
-static FILE *getdatasock (const char *);
+static FILE *getdatasock (const char *, int);
static char *gunique (char *);
static RETSIGTYPE lostconn (int);
static int receive_data (FILE *, FILE *);
@@ -835,7 +835,8 @@ static void
end_login(void)
{
- seteuid((uid_t)0);
+ if (seteuid((uid_t)0) < 0)
+ fatal("Failed to seteuid");
if (logged_in)
ftpd_logwtmp(ttyline, "", "");
pw = NULL;
@@ -1208,14 +1209,15 @@ done:
}
static FILE *
-getdatasock(const char *mode)
+getdatasock(const char *mode, int domain)
{
int s, t, tries;
if (data >= 0)
return (fdopen(data, mode));
- seteuid(0);
- s = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
+ if (seteuid(0) < 0)
+ fatal("Failed to seteuid");
+ s = socket(domain, SOCK_STREAM, 0);
if (s < 0)
goto bad;
socket_set_reuseaddr (s, 1);
@@ -1232,7 +1234,8 @@ getdatasock(const char *mode)
goto bad;
sleep(tries);
}
- seteuid(pw->pw_uid);
+ if (seteuid(pw->pw_uid) < 0)
+ fatal("Failed to seteuid");
#ifdef IPTOS_THROUGHPUT
socket_set_tos (s, IPTOS_THROUGHPUT);
#endif
@@ -1240,7 +1243,8 @@ getdatasock(const char *mode)
bad:
/* Return the real value of errno (close may change it) */
t = errno;
- seteuid((uid_t)pw->pw_uid);
+ if (seteuid((uid_t)pw->pw_uid) < 0)
+ fatal("Failed to seteuid");
close(s);
errno = t;
return (NULL);
@@ -1271,7 +1275,7 @@ dataconn(const char *name, off_t size, c
{
char sizebuf[32];
FILE *file;
- int retry = 0;
+ int domain, retry = 0;
file_size = size;
byte_count = 0;
@@ -1318,7 +1322,15 @@ dataconn(const char *name, off_t size, c
if (usedefault)
data_dest = his_addr;
usedefault = 1;
- file = getdatasock(mode);
+ /*
+ * Default to using the same socket type as the ctrl address,
+ * unless we know the type of the data address.
+ */
+ domain = data_dest->sa_family;
+ if (domain == PF_UNSPEC)
+ domain = ctrl_addr->sa_family;
+
+ file = getdatasock(mode, domain);
if (file == NULL) {
char data_addr[256];
@@ -1889,11 +1901,11 @@ dologout(int status)
transflag = 0;
urgflag = 0;
if (logged_in) {
- seteuid((uid_t)0);
- ftpd_logwtmp(ttyline, "", "");
#ifdef KRB4
cond_kdestroy();
#endif
+ seteuid((uid_t)0); /* No need to check, we call exit() below */
+ ftpd_logwtmp(ttyline, "", "");
}
/* beware of flushing buffers after a SIGPIPE */
#ifdef XXX
@@ -2006,12 +2018,15 @@ pasv(void)
0);
socket_set_portrange(pdata, restricted_data_ports,
pasv_addr->sa_family);
- seteuid(0);
+ if (seteuid(0) < 0)
+ fatal("Failed to seteuid");
if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
- seteuid(pw->pw_uid);
+ if (seteuid(pw->pw_uid) < 0)
+ fatal("Failed to seteuid");
goto pasv_error;
}
- seteuid(pw->pw_uid);
+ if (seteuid(pw->pw_uid) < 0)
+ fatal("Failed to seteuid");
len = sizeof(pasv_addr_ss);
if (getsockname(pdata, pasv_addr, &len) < 0)
goto pasv_error;
@@ -2050,12 +2065,15 @@ epsv(char *proto)
0);
socket_set_portrange(pdata, restricted_data_ports,
pasv_addr->sa_family);
- seteuid(0);
+ if (seteuid(0) < 0)
+ fatal("Failed to seteuid");
if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
- seteuid(pw->pw_uid);
+ if (seteuid(pw->pw_uid))
+ fatal("Failed to seteuid");
goto pasv_error;
}
- seteuid(pw->pw_uid);
+ if (seteuid(pw->pw_uid) < 0)
+ fatal("Failed to seteuid");
len = sizeof(pasv_addr_ss);
if (getsockname(pdata, pasv_addr, &len) < 0)
goto pasv_error;
|
