From owner-svn-src-stable-6@FreeBSD.ORG Tue Dec 23 01:23:11 2008 Return-Path: Delivered-To: svn-src-stable-6@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CB4B01065677; Tue, 23 Dec 2008 01:23:11 +0000 (UTC) (envelope-from cperciva@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id B44308FC12; Tue, 23 Dec 2008 01:23:11 +0000 (UTC) (envelope-from cperciva@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBN1NBfC076651; Tue, 23 Dec 2008 01:23:11 GMT (envelope-from cperciva@svn.freebsd.org) Received: (from cperciva@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBN1NBci076647; Tue, 23 Dec 2008 01:23:11 GMT (envelope-from cperciva@svn.freebsd.org) Message-Id: <200812230123.mBN1NBci076647@svn.freebsd.org> From: Colin Percival Date: Tue, 23 Dec 2008 01:23:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-6@freebsd.org X-SVN-Group: stable-6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r186405 - head/libexec/ftpd head/sys/kern releng/6.3 releng/6.3/libexec/ftpd releng/6.3/sys/conf releng/6.3/sys/kern releng/6.4 releng/6.4/libexec/ftpd releng/6.4/sys/conf releng/6.4/sy... X-BeenThere: svn-src-stable-6@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 6-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2008 01:23:11 -0000 Author: cperciva Date: Tue Dec 23 01:23:09 2008 New Revision: 186405 URL: http://svn.freebsd.org/changeset/base/186405 Log: Prevent cross-site forgery attacks on ftpd(8) due to splitting long commands into multiple requests. [08:12] Avoid calling uninitialized function pointers in protocol switch code. [08:13] Merry Christmas everybody... Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-08:12.ftpd, FreeBSD-SA-08:13.protosw Modified: stable/6/libexec/ftpd/extern.h stable/6/libexec/ftpd/ftpcmd.y stable/6/libexec/ftpd/ftpd.c stable/6/sys/kern/uipc_domain.c Changes in other areas also in this revision: Modified: head/libexec/ftpd/extern.h head/libexec/ftpd/ftpcmd.y head/libexec/ftpd/ftpd.c head/sys/kern/uipc_domain.c releng/6.3/UPDATING releng/6.3/libexec/ftpd/extern.h releng/6.3/libexec/ftpd/ftpcmd.y releng/6.3/libexec/ftpd/ftpd.c releng/6.3/sys/conf/newvers.sh releng/6.3/sys/kern/uipc_domain.c releng/6.4/UPDATING releng/6.4/libexec/ftpd/extern.h releng/6.4/libexec/ftpd/ftpcmd.y releng/6.4/libexec/ftpd/ftpd.c releng/6.4/sys/conf/newvers.sh releng/6.4/sys/kern/uipc_domain.c releng/7.0/UPDATING releng/7.0/libexec/ftpd/extern.h releng/7.0/libexec/ftpd/ftpcmd.y releng/7.0/libexec/ftpd/ftpd.c releng/7.0/sys/conf/newvers.sh releng/7.0/sys/kern/uipc_domain.c releng/7.1/UPDATING releng/7.1/libexec/ftpd/extern.h releng/7.1/libexec/ftpd/ftpcmd.y releng/7.1/libexec/ftpd/ftpd.c releng/7.1/sys/kern/uipc_domain.c stable/7/libexec/ftpd/extern.h stable/7/libexec/ftpd/ftpcmd.y stable/7/libexec/ftpd/ftpd.c stable/7/sys/kern/uipc_domain.c Modified: stable/6/libexec/ftpd/extern.h ============================================================================== --- stable/6/libexec/ftpd/extern.h Tue Dec 23 01:22:57 2008 (r186404) +++ stable/6/libexec/ftpd/extern.h Tue Dec 23 01:23:09 2008 (r186405) @@ -46,7 +46,7 @@ void fatalerror(char *); void ftpd_logwtmp(char *, char *, struct sockaddr *addr); int ftpd_pclose(FILE *); FILE *ftpd_popen(char *, char *); -char *getline(char *, int, FILE *); +int getline(char *, int, FILE *); void lreply(int, const char *, ...) __printflike(2, 3); void makedir(char *); void nack(char *); Modified: stable/6/libexec/ftpd/ftpcmd.y ============================================================================== --- stable/6/libexec/ftpd/ftpcmd.y Tue Dec 23 01:22:57 2008 (r186404) +++ stable/6/libexec/ftpd/ftpcmd.y Tue Dec 23 01:23:09 2008 (r186405) @@ -1191,7 +1191,7 @@ lookup(struct tab *p, char *cmd) /* * getline - a hacked up version of fgets to ignore TELNET escape codes. */ -char * +int getline(char *s, int n, FILE *iop) { int c; @@ -1207,7 +1207,7 @@ getline(char *s, int n, FILE *iop) if (ftpdebug) syslog(LOG_DEBUG, "command: %s", s); tmpline[0] = '\0'; - return(s); + return(0); } if (c == 0) tmpline[0] = '\0'; @@ -1244,13 +1244,24 @@ getline(char *s, int n, FILE *iop) } } *cs++ = c; - if (--n <= 0 || c == '\n') + if (--n <= 0) { + /* + * If command doesn't fit into buffer, discard the + * rest of the command and indicate truncation. + * This prevents the command to be split up into + * multiple commands. + */ + while (c != '\n' && (c = getc(iop)) != EOF) + ; + return (-2); + } + if (c == '\n') break; } got_eof: sigprocmask(SIG_SETMASK, &osset, NULL); if (c == EOF && cs == s) - return (NULL); + return (-1); *cs++ = '\0'; if (ftpdebug) { if (!guest && strncasecmp("pass ", s, 5) == 0) { @@ -1270,7 +1281,7 @@ got_eof: syslog(LOG_DEBUG, "command: %.*s", len, s); } } - return (s); + return (0); } static void @@ -1300,9 +1311,14 @@ yylex(void) case CMD: (void) signal(SIGALRM, toolong); (void) alarm(timeout); - if (getline(cbuf, sizeof(cbuf)-1, stdin) == NULL) { + n = getline(cbuf, sizeof(cbuf)-1, stdin); + if (n == -1) { reply(221, "You could at least say goodbye."); dologout(0); + } else if (n == -2) { + reply(500, "Command too long."); + (void) alarm(0); + continue; } (void) alarm(0); #ifdef SETPROCTITLE Modified: stable/6/libexec/ftpd/ftpd.c ============================================================================== --- stable/6/libexec/ftpd/ftpd.c Tue Dec 23 01:22:57 2008 (r186404) +++ stable/6/libexec/ftpd/ftpd.c Tue Dec 23 01:23:09 2008 (r186405) @@ -2802,15 +2802,20 @@ static int myoob(void) { char *cp; + int ret; if (!transflag) { syslog(LOG_ERR, "Internal: myoob() while no transfer"); return (0); } cp = tmpline; - if (getline(cp, 7, stdin) == NULL) { + ret = getline(cp, 7, stdin); + if (ret == -1) { reply(221, "You could at least say goodbye."); dologout(0); + } else if (ret == -2) { + /* Ignore truncated command. */ + return (0); } upper(cp); if (strcmp(cp, "ABOR\r\n") == 0) { Modified: stable/6/sys/kern/uipc_domain.c ============================================================================== --- stable/6/sys/kern/uipc_domain.c Tue Dec 23 01:22:57 2008 (r186404) +++ stable/6/sys/kern/uipc_domain.c Tue Dec 23 01:23:09 2008 (r186405) @@ -115,13 +115,18 @@ protosw_init(struct protosw *pr) #define DEFAULT(foo, bar) if ((foo) == NULL) (foo) = (bar) DEFAULT(pu->pru_accept, pru_accept_notsupp); + DEFAULT(pu->pru_bind, pru_bind_notsupp); DEFAULT(pu->pru_connect, pru_connect_notsupp); DEFAULT(pu->pru_connect2, pru_connect2_notsupp); DEFAULT(pu->pru_control, pru_control_notsupp); + DEFAULT(pu->pru_disconnect, pru_disconnect_notsupp); DEFAULT(pu->pru_listen, pru_listen_notsupp); + DEFAULT(pu->pru_peeraddr, pru_peeraddr_notsupp); DEFAULT(pu->pru_rcvd, pru_rcvd_notsupp); DEFAULT(pu->pru_rcvoob, pru_rcvoob_notsupp); DEFAULT(pu->pru_sense, pru_sense_null); + DEFAULT(pu->pru_shutdown, pru_shutdown_notsupp); + DEFAULT(pu->pru_sockaddr, pru_sockaddr_notsupp); DEFAULT(pu->pru_sosend, sosend); DEFAULT(pu->pru_soreceive, soreceive); DEFAULT(pu->pru_sopoll, sopoll); From owner-svn-src-stable-6@FreeBSD.ORG Tue Dec 23 17:55:38 2008 Return-Path: Delivered-To: svn-src-stable-6@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 224C91065675; Tue, 23 Dec 2008 17:55:38 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 0F9338FC16; Tue, 23 Dec 2008 17:55:38 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBNHtbeA009172; Tue, 23 Dec 2008 17:55:37 GMT (envelope-from hrs@svn.freebsd.org) Received: (from hrs@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBNHtb2I009171; Tue, 23 Dec 2008 17:55:37 GMT (envelope-from hrs@svn.freebsd.org) Message-Id: <200812231755.mBNHtb2I009171@svn.freebsd.org> From: Hiroki Sato Date: Tue, 23 Dec 2008 17:55:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-6@freebsd.org X-SVN-Group: stable-6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r186443 - stable/6/release/doc/en_US.ISO8859-1/errata X-BeenThere: svn-src-stable-6@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 6-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2008 17:55:38 -0000 Author: hrs Date: Tue Dec 23 17:55:37 2008 New Revision: 186443 URL: http://svn.freebsd.org/changeset/base/186443 Log: Document SA-08:12 and 13. Modified: stable/6/release/doc/en_US.ISO8859-1/errata/article.sgml Modified: stable/6/release/doc/en_US.ISO8859-1/errata/article.sgml ============================================================================== --- stable/6/release/doc/en_US.ISO8859-1/errata/article.sgml Tue Dec 23 17:55:07 2008 (r186442) +++ stable/6/release/doc/en_US.ISO8859-1/errata/article.sgml Tue Dec 23 17:55:37 2008 (r186443) @@ -107,9 +107,6 @@ For more information, consult the individual advisories available from . - No advisories. - - From owner-svn-src-stable-6@FreeBSD.ORG Thu Dec 25 16:44:01 2008 Return-Path: Delivered-To: svn-src-stable-6@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 94C331065673; Thu, 25 Dec 2008 16:44:01 +0000 (UTC) (envelope-from flz@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 82B498FC13; Thu, 25 Dec 2008 16:44:01 +0000 (UTC) (envelope-from flz@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBPGi1aX018280; Thu, 25 Dec 2008 16:44:01 GMT (envelope-from flz@svn.freebsd.org) Received: (from flz@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBPGi1rg018276; Thu, 25 Dec 2008 16:44:01 GMT (envelope-from flz@svn.freebsd.org) Message-Id: <200812251644.mBPGi1rg018276@svn.freebsd.org> From: Florent Thoumie Date: Thu, 25 Dec 2008 16:44:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-6@freebsd.org X-SVN-Group: stable-6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r186495 - in stable/6/usr.sbin/pkg_install: . create lib X-BeenThere: svn-src-stable-6@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 6-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Dec 2008 16:44:01 -0000 Author: flz Date: Thu Dec 25 16:44:01 2008 New Revision: 186495 URL: http://svn.freebsd.org/changeset/base/186495 Log: Synchronize pkg_install with HEAD (20080708): r180361: actually enable '-n' for pkg_create(1) r181376: use humanize_number to report pen-sizes r186494: add package directory for 7.1-RELEASE Modified: stable/6/usr.sbin/pkg_install/ (props changed) stable/6/usr.sbin/pkg_install/Makefile.inc stable/6/usr.sbin/pkg_install/create/main.c stable/6/usr.sbin/pkg_install/lib/lib.h stable/6/usr.sbin/pkg_install/lib/pen.c Modified: stable/6/usr.sbin/pkg_install/Makefile.inc ============================================================================== --- stable/6/usr.sbin/pkg_install/Makefile.inc Thu Dec 25 15:44:10 2008 (r186494) +++ stable/6/usr.sbin/pkg_install/Makefile.inc Thu Dec 25 16:44:01 2008 (r186495) @@ -2,6 +2,9 @@ LIBINSTALL= ${.OBJDIR}/../lib/libinstall.a +DPADD+= ${LIBUTIL} +LDADD+= -lutil + .if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && \ defined(LDADD) && ${LDADD:M-lfetch} != "" DPADD+= ${LIBSSL} ${LIBCRYPTO} Modified: stable/6/usr.sbin/pkg_install/create/main.c ============================================================================== --- stable/6/usr.sbin/pkg_install/create/main.c Thu Dec 25 15:44:10 2008 (r186494) +++ stable/6/usr.sbin/pkg_install/create/main.c Thu Dec 25 16:44:01 2008 (r186495) @@ -208,6 +208,10 @@ main(int argc, char **argv) Recursive = TRUE; break; + case 'n': + Regenerate = FALSE; + break; + case 0: if (Help) usage(); Modified: stable/6/usr.sbin/pkg_install/lib/lib.h ============================================================================== --- stable/6/usr.sbin/pkg_install/lib/lib.h Thu Dec 25 15:44:10 2008 (r186494) +++ stable/6/usr.sbin/pkg_install/lib/lib.h Thu Dec 25 16:44:01 2008 (r186495) @@ -105,7 +105,7 @@ * Version of the package tools - increase only when some * functionality used by bsd.port.mk is changed, added or removed */ -#define PKG_INSTALL_VERSION 20080612 +#define PKG_INSTALL_VERSION 20080708 #define PKG_WRAPCONF_FNAME "/var/db/pkg_install.conf" #define main(argc, argv) real_main(argc, argv) Modified: stable/6/usr.sbin/pkg_install/lib/pen.c ============================================================================== --- stable/6/usr.sbin/pkg_install/lib/pen.c Thu Dec 25 15:44:10 2008 (r186494) +++ stable/6/usr.sbin/pkg_install/lib/pen.c Thu Dec 25 16:44:01 2008 (r186495) @@ -23,6 +23,7 @@ __FBSDID("$FreeBSD$"); #include "lib.h" #include +#include #include #include #include @@ -44,6 +45,7 @@ find_play_pen(char *pen, off_t sz) { char *cp; struct stat sb; + char humbuf[6]; if (pen[0] && isdir(dirname(pen)) == TRUE && (min_free(dirname(pen)) >= sz)) return pen; @@ -59,10 +61,12 @@ find_play_pen(char *pen, off_t sz) strcpy(pen, "/usr/tmp/instmp.XXXXXX"); else { cleanup(0); + humanize_number(humbuf, sizeof humbuf, sz, "", HN_AUTOSCALE, + HN_NOSPACE); errx(2, "%s: can't find enough temporary space to extract the files, please set your\n" -"PKG_TMPDIR environment variable to a location with at least %ld bytes\n" -"free", __func__, (long)sz); +"PKG_TMPDIR environment variable to a location with at least %s bytes\n" +"free", __func__, humbuf); return NULL; } return pen; @@ -98,6 +102,8 @@ popPen(char *pen) char * make_playpen(char *pen, off_t sz) { + char humbuf1[6], humbuf2[6]; + if (!find_play_pen(pen, sz)) return NULL; @@ -111,8 +117,13 @@ make_playpen(char *pen, off_t sz) } if (Verbose) { - if (sz) - fprintf(stderr, "Requested space: %d bytes, free space: %lld bytes in %s\n", (int)sz, (long long)min_free(pen), pen); + if (sz) { + humanize_number(humbuf1, sizeof humbuf1, sz, "", HN_AUTOSCALE, + HN_NOSPACE); + humanize_number(humbuf2, sizeof humbuf2, min_free(pen), + "", HN_AUTOSCALE, HN_NOSPACE); + fprintf(stderr, "Requested space: %s bytes, free space: %s bytes in %s\n", humbuf1, humbuf2, pen); + } } if (min_free(pen) < sz) {