mirror of
https://github.com/InfrastructureServices/vsftpd.git
synced 2025-04-19 01:24:02 +03:00
Updated to v3.0.3
This commit is contained in:
Martin Sehnoutka
parent
ce2fa4288b
commit
f38b8f02fd
32
Changelog
32
Changelog
@ -1343,3 +1343,35 @@ At this point: v3.0.1 released!
|
||||
|
||||
At this point: v3.0.2 released!
|
||||
===============================
|
||||
|
||||
- Increase VSFTP_AS_LIMIT to 200MB; various reports.
|
||||
- Make the PWD response more RFC compliant; report from Barry Kelly
|
||||
<barry@modeltwozero.com>.
|
||||
- Remove the trailing period from EPSV response to work around BT Internet
|
||||
issues; report from Tim Bishop <tdb@mirrorservice.org>.
|
||||
- Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
|
||||
<mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
|
||||
- Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
|
||||
probably have a different distro / libc / etc. and there are multiple reports.
|
||||
- Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
|
||||
this case gracefully. Report from Vasily Averin <vvs@odin.com>.
|
||||
- List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
|
||||
- Make some compile-time SSL defaults (such as correct client shutdown
|
||||
handling) stricter.
|
||||
- Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
|
||||
delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
|
||||
- Kill the FTP session if we see HTTP protocol commands, to avoid
|
||||
cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
|
||||
- Kill the FTP session if we see session re-use failure. A report from
|
||||
Tim Kosse <tim.kosse@filezilla-project.org>.
|
||||
(vsftpd-3.0.3pre1)
|
||||
- Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
|
||||
- Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
|
||||
- Minor SSL logging improvements.
|
||||
- Un-default tunable_strict_ssl_write_shutdown again. We still have
|
||||
tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
|
||||
upload integrity.
|
||||
(vsftpd-3.0.3pre2)
|
||||
|
||||
At this point: v3.0.3 released!
|
||||
===============================
|
||||
|
||||
2
README
2
README
@ -1,4 +1,4 @@
|
||||
This is vsftpd, version 3.0.2
|
||||
This is vsftpd, version 3.0.3
|
||||
Author: Chris Evans
|
||||
Contact: scarybeasts@gmail.com
|
||||
Website: http://vsftpd.beasts.org/
|
||||
|
||||
2
defs.h
2
defs.h
@ -19,7 +19,7 @@
|
||||
/* Must be at least the size of VSFTP_MAX_COMMAND_LINE, VSFTP_DIR_BUFSIZE and
|
||||
VSFTP_DATA_BUFSIZE*2 */
|
||||
#define VSFTP_PRIVSOCK_MAXSTR VSFTP_DATA_BUFSIZE * 2
|
||||
#define VSFTP_AS_LIMIT 100UL * 1024 * 1024
|
||||
#define VSFTP_AS_LIMIT 200UL * 1024 * 1024
|
||||
|
||||
#endif /* VSF_DEFS_H */
|
||||
|
||||
|
||||
10
ftpdataio.c
10
ftpdataio.c
@ -181,15 +181,13 @@ vsf_ftpdataio_post_mark_connect(struct vsf_session* p_sess)
|
||||
}
|
||||
if (ret != 1)
|
||||
{
|
||||
static struct mystr s_err_msg;
|
||||
str_alloc_text(&s_err_msg, "SSL connection failed");
|
||||
if (tunable_require_ssl_reuse)
|
||||
{
|
||||
str_append_text(&s_err_msg, "; session reuse required");
|
||||
str_append_text(
|
||||
&s_err_msg, ": see require_ssl_reuse option in vsftpd.conf man page");
|
||||
vsf_cmdio_write_exit(p_sess, FTP_DATATLSBAD,
|
||||
"SSL connection failed: session reuse required", 1);
|
||||
} else {
|
||||
vsf_cmdio_write(p_sess, FTP_DATATLSBAD, "SSL connection failed");
|
||||
}
|
||||
vsf_cmdio_write_str(p_sess, FTP_DATATLSBAD, &s_err_msg);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
13
postlogin.c
13
postlogin.c
@ -439,6 +439,15 @@ process_post_login(struct vsf_session* p_sess)
|
||||
{
|
||||
/* Deliberately ignore to avoid NAT device bugs. ProFTPd does the same. */
|
||||
}
|
||||
else if (str_equal_text(&p_sess->ftp_cmd_str, "GET") ||
|
||||
str_equal_text(&p_sess->ftp_cmd_str, "POST") ||
|
||||
str_equal_text(&p_sess->ftp_cmd_str, "HEAD") ||
|
||||
str_equal_text(&p_sess->ftp_cmd_str, "OPTIONS") ||
|
||||
str_equal_text(&p_sess->ftp_cmd_str, "CONNECT"))
|
||||
{
|
||||
vsf_cmdio_write_exit(p_sess, FTP_BADCMD,
|
||||
"HTTP protocol commands not allowed.", 1);
|
||||
}
|
||||
else
|
||||
{
|
||||
vsf_cmdio_write(p_sess, FTP_BADCMD, "Unknown command.");
|
||||
@ -466,7 +475,7 @@ handle_pwd(struct vsf_session* p_sess)
|
||||
/* Enclose pathname in quotes */
|
||||
str_alloc_text(&s_pwd_res_str, "\"");
|
||||
str_append_str(&s_pwd_res_str, &s_cwd_buf_mangle_str);
|
||||
str_append_text(&s_pwd_res_str, "\"");
|
||||
str_append_text(&s_pwd_res_str, "\" is the current directory");
|
||||
vsf_cmdio_write_str(p_sess, FTP_PWDOK, &s_pwd_res_str);
|
||||
}
|
||||
|
||||
@ -594,7 +603,7 @@ handle_pasv(struct vsf_session* p_sess, int is_epsv)
|
||||
{
|
||||
str_alloc_text(&s_pasv_res_str, "Entering Extended Passive Mode (|||");
|
||||
str_append_ulong(&s_pasv_res_str, (unsigned long) the_port);
|
||||
str_append_text(&s_pasv_res_str, "|).");
|
||||
str_append_text(&s_pasv_res_str, "|)");
|
||||
vsf_cmdio_write_str(p_sess, FTP_EPSVOK, &s_pasv_res_str);
|
||||
return;
|
||||
}
|
||||
|
||||
@ -20,6 +20,7 @@
|
||||
#include <errno.h>
|
||||
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/tcp.h>
|
||||
|
||||
#include <sys/fcntl.h>
|
||||
#include <sys/mman.h>
|
||||
@ -300,6 +301,7 @@ seccomp_sandbox_setup_base()
|
||||
reject_nr(__NR_mremap, ENOSYS);
|
||||
|
||||
/* Misc simple low-risk calls. */
|
||||
allow_nr(__NR_gettimeofday); /* Used by logging. */
|
||||
allow_nr(__NR_rt_sigreturn); /* Used to handle SIGPIPE. */
|
||||
allow_nr(__NR_restart_syscall);
|
||||
allow_nr(__NR_close);
|
||||
@ -352,6 +354,11 @@ seccomp_sandbox_setup_prelogin(const struct vsf_session* p_sess)
|
||||
if (tunable_ssl_enable)
|
||||
{
|
||||
allow_nr_1_arg_match(__NR_recvmsg, 3, 0);
|
||||
allow_nr_2_arg_match(__NR_setsockopt, 2, IPPROTO_TCP, 3, TCP_NODELAY);
|
||||
}
|
||||
if (tunable_syslog_enable)
|
||||
{
|
||||
reject_nr(__NR_socket, EACCES);
|
||||
}
|
||||
}
|
||||
|
||||
@ -441,6 +448,16 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess)
|
||||
}
|
||||
}
|
||||
|
||||
if (tunable_syslog_enable)
|
||||
{
|
||||
/* The ability to pass an address spec isn't needed so disable it. We ensure
|
||||
* the 6th arg (socklen) is 0. We could have checked the 5th arg (sockptr)
|
||||
* but I don't know if 64-bit compares work in the kernel filter, so we're
|
||||
* happy to check the socklen arg, which is 32 bits.
|
||||
*/
|
||||
allow_nr_1_arg_match(__NR_sendto, 6, 0);
|
||||
}
|
||||
|
||||
if (tunable_text_userdb_names)
|
||||
{
|
||||
reject_nr(__NR_socket, EACCES);
|
||||
@ -667,6 +684,11 @@ seccomp_sandbox_lockdown()
|
||||
ret = prctl(PR_SET_SECCOMP, 2, &prog, 0, 0);
|
||||
if (ret != 0)
|
||||
{
|
||||
if (errno == EINVAL)
|
||||
{
|
||||
/* Kernel isn't good enough. */
|
||||
return;
|
||||
}
|
||||
die("prctl PR_SET_SECCOMP failed");
|
||||
}
|
||||
}
|
||||
|
||||
31
ssl.c
31
ssl.c
@ -120,6 +120,15 @@ ssl_init(struct vsf_session* p_sess)
|
||||
{
|
||||
die("SSL: RNG is not seeded");
|
||||
}
|
||||
{
|
||||
EC_KEY* key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
||||
if (key == NULL)
|
||||
{
|
||||
die("SSL: failed to get curve p256");
|
||||
}
|
||||
SSL_CTX_set_tmp_ecdh(p_ctx, key);
|
||||
EC_KEY_free(key);
|
||||
}
|
||||
if (tunable_ssl_request_cert)
|
||||
{
|
||||
verify_option |= SSL_VERIFY_PEER;
|
||||
@ -275,8 +284,20 @@ ssl_read_common(struct vsf_session* p_sess,
|
||||
*/
|
||||
if (retval == 0 && SSL_get_shutdown(p_ssl) != SSL_RECEIVED_SHUTDOWN)
|
||||
{
|
||||
str_alloc_text(&debug_str, "Connection terminated without SSL shutdown "
|
||||
"- buggy client?");
|
||||
if (p_ssl == p_sess->p_control_ssl)
|
||||
{
|
||||
str_alloc_text(&debug_str, "Control");
|
||||
}
|
||||
else
|
||||
{
|
||||
str_alloc_text(&debug_str, "DATA");
|
||||
}
|
||||
str_append_text(&debug_str, " connection terminated without SSL shutdown.");
|
||||
if (p_ssl != p_sess->p_control_ssl)
|
||||
{
|
||||
str_append_text(&debug_str,
|
||||
" Buggy client! Integrity of upload cannot be asserted.");
|
||||
}
|
||||
vsf_log_line(p_sess, kVSFLogEntryDebug, &debug_str);
|
||||
if (tunable_strict_ssl_read_eof)
|
||||
{
|
||||
@ -380,6 +401,12 @@ ssl_data_close(struct vsf_session* p_sess)
|
||||
{
|
||||
int ret;
|
||||
maybe_log_shutdown_state(p_sess);
|
||||
|
||||
/* Disable Nagle algorithm. We want the shutdown packet to be sent
|
||||
* immediately, there's nothing coming after.
|
||||
*/
|
||||
vsf_sysutil_set_nodelay(SSL_get_fd(p_ssl));
|
||||
|
||||
/* This is a mess. Ideally, when we're the sender, we'd like to get to the
|
||||
* SSL_RECEIVED_SHUTDOWN state to get a cryptographic guarantee that the
|
||||
* peer received all the data and shut the connection down cleanly. It
|
||||
|
||||
@ -215,7 +215,7 @@ tunables_load_defaults()
|
||||
tunable_debug_ssl = 0;
|
||||
tunable_require_cert = 0;
|
||||
tunable_validate_cert = 0;
|
||||
tunable_strict_ssl_read_eof = 0;
|
||||
tunable_strict_ssl_read_eof = 1;
|
||||
tunable_strict_ssl_write_shutdown = 0;
|
||||
tunable_ssl_request_cert = 1;
|
||||
tunable_delete_failed_uploads = 0;
|
||||
@ -284,7 +284,7 @@ tunables_load_defaults()
|
||||
install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
|
||||
&tunable_rsa_cert_file);
|
||||
install_str_setting(0, &tunable_dsa_cert_file);
|
||||
install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers);
|
||||
install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers);
|
||||
install_str_setting(0, &tunable_rsa_private_key_file);
|
||||
install_str_setting(0, &tunable_dsa_private_key_file);
|
||||
install_str_setting(0, &tunable_ca_certs_file);
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#ifndef VSF_VERSION_H
|
||||
#define VSF_VERSION_H
|
||||
|
||||
#define VSF_VERSION "3.0.2"
|
||||
#define VSF_VERSION "3.0.3"
|
||||
|
||||
#endif /* VSF_VERSION_H */
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user