netutils/vsftpd
1
0
Fork 0
mirror of https://github.com/InfrastructureServices/vsftpd.git synced 2025-04-19 01:24:02 +03:00
Code

Updated to v2.3.4

Browse Source
This commit is contained in:
Dag Wieers 2011-02-15 00:00:00 +01:00
parent 214bda0009
commit b2c7d5a9fa
9 changed files with 40 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Changelog
View File

@ -1245,3 +1245,17 @@ At this point: v2.3.1 released!
At this point: v2.3.2 released!
===============================
- Avoid consuming excessive CPU when matching filenames to patterns. Thanks to
Maksymilian Arciemowicz <cxib@securityreason.com>.
- Some bugfixes from Raphaël Rigo <raphael.rigo@syscall.eu> -- good bugs but
no apparent security impact.
At this point: v2.3.3 released!
===============================
- Fix compile. Extreme suckage.
At this point: v2.3.4 released!
===============================

2
README
View File

@ -1,4 +1,4 @@
This is vsftpd, version 2.3.2
This is vsftpd, version 2.3.4
Author: Chris Evans
Contact: scarybeasts@gmail.com
Website: http://vsftpd.beasts.org/

6
access.c
View File

@ -16,6 +16,7 @@ int
vsf_access_check_file(const struct mystr* p_filename_str)
{
static struct mystr s_access_str;
unsigned int iters = 0;
if (!tunable_deny_file)
{
@ -25,7 +26,7 @@ vsf_access_check_file(const struct mystr* p_filename_str)
{
str_alloc_text(&s_access_str, tunable_deny_file);
}
if (vsf_filename_passes_filter(p_filename_str, &s_access_str))
if (vsf_filename_passes_filter(p_filename_str, &s_access_str, &iters))
{
return 0;
}
@ -45,6 +46,7 @@ int
vsf_access_check_file_visible(const struct mystr* p_filename_str)
{
static struct mystr s_access_str;
unsigned int iters = 0;
if (!tunable_hide_file)
{
@ -54,7 +56,7 @@ vsf_access_check_file_visible(const struct mystr* p_filename_str)
{
str_alloc_text(&s_access_str, tunable_hide_file);
}
if (vsf_filename_passes_filter(p_filename_str, &s_access_str))
if (vsf_filename_passes_filter(p_filename_str, &s_access_str, &iters))
{
return 0;
}

1
defs.h
View File

@ -10,6 +10,7 @@
#define VSFTP_MAX_COMMAND_LINE 4096
#define VSFTP_DATA_BUFSIZE 65536
#define VSFTP_DIR_BUFSIZE 16384
#define VSFTP_MATCHITERS_MAX 1000
#define VSFTP_PATH_MAX 4096
#define VSFTP_CONF_FILE_MAX 100000
#define VSFTP_LISTEN_BACKLOG 32

2
ftpdataio.c
View File

@ -116,7 +116,6 @@ vsf_ftpdataio_get_pasv_fd(struct vsf_session* p_sess)
else if (remote_fd == -2)
{
vsf_cmdio_write(p_sess, FTP_BADSENDCONN, "Security: Bad IP connecting.");
vsf_sysutil_close(remote_fd);
return -1;
}
init_data_sock_params(p_sess, remote_fd);
@ -364,6 +363,7 @@ transfer_dir_internal(struct vsf_session* p_sess, int is_control,
if (retval != 0)
{
failed = 1;
vsf_sysutil_closedir(p_subdir);
break;
}
retval = transfer_dir_internal(p_sess, is_control, p_subdir, &sub_str,

17
ls.c
View File

@ -9,6 +9,7 @@
#include "ls.h"
#include "access.h"
#include "defs.h"
#include "str.h"
#include "strlist.h"
#include "sysstr.h"
@ -118,7 +119,9 @@ vsf_ls_populate_dir_list(struct mystr_list* p_list,
/* If we have an ls option which is a filter, apply it */
if (!str_isempty(p_filter_str))
{
if (!vsf_filename_passes_filter(&s_next_filename_str, p_filter_str))
unsigned int iters = 0;
if (!vsf_filename_passes_filter(&s_next_filename_str, p_filter_str,
&iters))
{
continue;
}
@ -217,7 +220,8 @@ vsf_ls_populate_dir_list(struct mystr_list* p_list,
int
vsf_filename_passes_filter(const struct mystr* p_filename_str,
const struct mystr* p_filter_str)
const struct mystr* p_filter_str,
unsigned int* iters)
{
/* A simple routine to match a filename against a pattern.
* This routine is used instead of e.g. fnmatch(3), because we should be
@ -244,12 +248,13 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str,
str_copy(&filter_remain_str, p_filter_str);
str_copy(&name_remain_str, p_filename_str);
while (!str_isempty(&filter_remain_str))
while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
{
static struct mystr s_match_needed_str;
/* Locate next special token */
struct str_locate_result locate_result =
str_locate_chars(&filter_remain_str, "*?{");
(*iters)++;
/* Isolate text leading up to token (if any) - needs to be matched */
if (locate_result.found)
{
@ -313,7 +318,8 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str,
{
str_copy(&new_filter_str, &brace_list_str);
str_append_str(&new_filter_str, &filter_remain_str);
if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str))
if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str,
iters))
{
ret = 1;
goto out;
@ -349,6 +355,9 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str,
}
/* OK, a match */
ret = 1;
if (*iters == VSFTP_MATCHITERS_MAX) {
ret = 0;
}
out:
str_free(&filter_remain_str);
str_free(&name_remain_str);

5
ls.h
View File

@ -35,11 +35,14 @@ void vsf_ls_populate_dir_list(struct mystr_list* p_list,
* PARAMETERS
* p_filename_str - the filename to match
* p_filter_str - the filter to match against
* iters - pointer to a zero-seeded int which prevents the match
* loop from running an excessive number of times
* RETURNS
* Returns 1 if there is a match, 0 otherwise.
*/
int vsf_filename_passes_filter(const struct mystr* p_filename_str,
const struct mystr* p_filter_str);
const struct mystr* p_filter_str,
unsigned int* iters);
#endif /* VSF_LS_H */

2
sysutil.c
View File

@ -2013,7 +2013,7 @@ vsf_sysutil_sockaddr_set_ipv4addr(struct vsf_sysutil_sockaddr* p_sockptr,
static struct vsf_sysutil_sockaddr* s_p_sockaddr;
vsf_sysutil_sockaddr_alloc_ipv4(&s_p_sockaddr);
vsf_sysutil_memcpy(&s_p_sockaddr->u.u_sockaddr_in.sin_addr, p_raw,
sizeof(&s_p_sockaddr->u.u_sockaddr_in.sin_addr));
sizeof(s_p_sockaddr->u.u_sockaddr_in.sin_addr));
vsf_sysutil_memcpy(&p_sockptr->u.u_sockaddr_in6.sin6_addr,
vsf_sysutil_sockaddr_ipv4_v6(s_p_sockaddr),
sizeof(p_sockptr->u.u_sockaddr_in6.sin6_addr));

2
vsftpver.h
View File

@ -1,7 +1,7 @@
#ifndef VSF_VERSION_H
#define VSF_VERSION_H
#define VSF_VERSION "2.3.2"
#define VSF_VERSION "2.3.4"
#endif /* VSF_VERSION_H */