Updated to v2.2.0pre4

2025-04-19 01:24:02 +03:00 · 2009-07-18 00:00:00 +02:00 · 2009-07-18 00:00:00 +02:00 · bb7d227a2b
commit bb7d227a2b
parent ec9f5458fa
8 changed files with 26 additions and 14 deletions
--- a/4
+++ b/4
@ -1168,3 +1168,7 @@ to 2000 / 50 as a default. Thanks to Solar.
 - Error out if opening the per-user config file gives an error other than
 ENOENT. Thanks Solar (who is on fire today ;-)
 (vsftpd-2.2.0pre3)
+- Apply some typo fixes from Solar.
+- Error out on read() errors when reading config files.
+(vsftpd-2.2.0pre4)
+
--- a/SECURITY/DESIGN
+++ b/SECURITY/DESIGN
@ -135,12 +135,12 @@ privileges it requires. In some cases, this amounts to no privilege, and the
 privileged parent just exits, leaving no part of vsftpd running with
 privilege.

-5) vsftpd-2.0.0 introduces SSL / TLS support using OpenSSL. ALL OpenSSL
+5) vsftpd-2.0.0 introduces SSL / TLS support using OpenSSL. ALL SSL
 protocol parsing is performed in a chroot() jail, running under an unprivileged
-user. This means both pre-authenticated and post-authenticated OpenSSL protocol
+user. This means both pre-authenticated and post-authenticated SSL protocol
 parsing; it's actually quite hard to do, but vsftpd manages it in the name of
 being secure. I'm unaware of any other FTP server which supports both SSL / TLS
-and privilege separatation, and gets this right.
+and privilege separation, and gets this right.

 Comments on this document are welcomed.

--- a/filestr.c
+++ b/filestr.c
@ -14,12 +14,13 @@
 #include "str.h"
 #include "sysutil.h"
 #include "secbuf.h"
+#include "utility.h"

 int
 str_fileread(struct mystr* p_str, const char* p_filename, unsigned int maxsize)
 {
  int fd;
-  int retval;
+  int retval = 0;
  filesize_t size;
  char* p_sec_buf = 0;
  struct vsf_sysutil_statbuf* p_stat = 0;
@ -41,14 +42,20 @@ str_fileread(struct mystr* p_str, const char* p_filename, unsigned int maxsize)
    vsf_secbuf_alloc(&p_sec_buf, (unsigned int) size);

    retval = vsf_sysutil_read_loop(fd, p_sec_buf, (unsigned int) size);
-    if (!vsf_sysutil_retval_is_error(retval) && (unsigned int) retval == size)
+    if (vsf_sysutil_retval_is_error(retval))
    {
-      str_alloc_memchunk(p_str, p_sec_buf, size);
+      goto free_out;
    }
+    else if ((unsigned int) retval != size)
+    {
+      die("read size mismatch");
+    }
+    str_alloc_memchunk(p_str, p_sec_buf, size);
  }
+free_out:
  vsf_sysutil_free(p_stat);
  vsf_secbuf_free(&p_sec_buf);
  vsf_sysutil_close(fd);
-  return 0;
+  return retval;
 }

--- a/main.c
+++ b/main.c
@ -202,7 +202,7 @@ main(int argc, const char* argv[])
                              tunable_banned_email_file, VSFTP_CONF_FILE_MAX);
    if (vsf_sysutil_retval_is_error(retval))
    {
-      die2("cannot open anon e-mail list file:", tunable_banned_email_file);
+      die2("cannot read anon e-mail list file:", tunable_banned_email_file);
    }
  }
  if (tunable_banner_file)
@ -211,7 +211,7 @@ main(int argc, const char* argv[])
                              VSFTP_CONF_FILE_MAX);
    if (vsf_sysutil_retval_is_error(retval))
    {
-      die2("cannot open banner file:", tunable_banner_file);
+      die2("cannot read banner file:", tunable_banner_file);
    }
  }
  if (tunable_secure_email_list_enable)
@ -221,7 +221,7 @@ main(int argc, const char* argv[])
                              VSFTP_CONF_FILE_MAX);
    if (vsf_sysutil_retval_is_error(retval))
    {
-      die2("cannot open email passwords file:", tunable_email_password_file);
+      die2("cannot read email passwords file:", tunable_email_password_file);
    }
  }
  if (tunable_run_as_launching_user)
--- a/parseconf.c
+++ b/parseconf.c
@ -206,7 +206,7 @@ vsf_parseconf_load_file(const char* p_filename, int errs_fatal)
  {
    if (errs_fatal)
    {
-      die2("cannot open config file: ", p_filename);
+      die2("cannot read config file: ", p_filename);
    }
    else
    {
--- a/twoprocess.c
+++ b/twoprocess.c
@ -128,7 +128,7 @@ vsf_two_process_start(struct vsf_session* p_sess)
                              VSFTP_CONF_FILE_MAX);
    if (vsf_sysutil_retval_is_error(retval))
    {
-      die2("cannot open user list file:", tunable_userlist_file);
+      die2("cannot read user list file:", tunable_userlist_file);
    }
  }
  drop_all_privs();
@ -330,7 +330,7 @@ process_login_req(struct vsf_session* p_sess)
                                    VSFTP_CONF_FILE_MAX);
          if (vsf_sysutil_retval_is_error(retval))
          {
-            die2("could not open chroot() list file:",
+            die2("could not read chroot() list file:",
                 tunable_chroot_list_file);
          }
          if (str_contains_line(&chroot_list_file, &p_sess->user_str))
--- a/vsftpd.8
+++ b/vsftpd.8
@ -45,6 +45,7 @@ Set a single option, value pair as per the format in the config file. Multiple
 -o options are supported, and they are applied in strict order relative to
 their appearance on the command line, including intermingling with loading of
 config files.
+.El
 .Sh EXAMPLES
 vsftpd -olisten=NO /etc/vsftpd.conf -oftpd_banner=blah
 .Pp
--- a/vsftpd.conf.5
+++ b/vsftpd.conf.5
@ -277,7 +277,7 @@ not be run from an inetd of some kind. Instead, the vsftpd executable is
 run once directly. vsftpd itself will then take care of listening for and
 handling incoming connections.

-Default: YES
+Default: NO
 .TP
 .B listen_ipv6
 Like the listen parameter, except vsftpd will listen on an IPv6 socket instead