security/mit-krb5/patches/patch-am


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

$NetBSD: patch-am,v 1.1 2006/08/09 17:31:10 salo Exp $

Security fix for SA21402.

--- appl/gssftp/ftpd/ftpd.c.orig	2005-01-21 23:46:46.000000000 +0100
+++ appl/gssftp/ftpd/ftpd.c	2006-08-09 18:52:53.000000000 +0200
@@ -1368,7 +1368,9 @@ getdatasock(fmode)
 			goto bad;
 		sleep(tries);
 	}
-	(void) krb5_seteuid((uid_t)pw->pw_uid);
+	if (krb5_seteuid((uid_t)pw->pw_uid)) {
+		fatal("seteuid user");
+	}
 #ifdef IP_TOS
 #ifdef IPTOS_THROUGHPUT
 	on = IPTOS_THROUGHPUT;
@@ -1378,7 +1380,9 @@ getdatasock(fmode)
 #endif
 	return (fdopen(s, fmode));
 bad:
-	(void) krb5_seteuid((uid_t)pw->pw_uid);
+	if (krb5_seteuid((uid_t)pw->pw_uid)) {
+		fatal("seteuid user");
+	}
 	(void) close(s);
 	return (NULL);
 }
@@ -2187,7 +2191,9 @@ passive()
 		(void) krb5_seteuid((uid_t)pw->pw_uid);
 		goto pasv_error;
 	}
-	(void) krb5_seteuid((uid_t)pw->pw_uid);
+	if (krb5_seteuid((uid_t)pw->pw_uid)) {
+		fatal("seteuid user");
+	}
 	len = sizeof(pasv_addr);
 	if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
 		goto pasv_error;