Date: Wed, 18 Jun 2003 17:03:20 +0900 (JST) From: Yutaka Ishihara <yutaka@fandc.co.jp> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Yutaka Ishihara <yutaka@fandc.co.jp> Subject: bin/53435: ftpd crashes when using absolute path in /etc/ftpchroot Message-ID: <20030618080320.5A6B25087E@fcsn01.fandc.co.jp> Resent-Message-ID: <200306180810.h5I8A9qE099165@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 53435
>Category: bin
>Synopsis: ftpd crashes when using absolute path in /etc/ftpchroot
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jun 18 01:10:08 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Yutaka Ishihara
>Release: FreeBSD 5.1-RELEASE i386
>Organization:
F&C Co.,Ltd.
>Environment:
System: FreeBSD fcsn01.fandc.co.jp 5.1-RELEASE FreeBSD 5.1-RELEASE #13: Wed Jun 4 21:09:39 JST 2003 root@fcsn01.fandc.co.jp:/usr/obj/usr/src/sys/MYKERNEL i386
>Description:
When using absolute path in /etc/ftpchroot's optional second field, ftpd exit on signal 6.
>How-To-Repeat:
Add line to /etc/ftpchroot like this:
foo /home
Then do telnet to the port 21, log in as user foo:
yutaka@fcsn01~% telnet 0 21
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
220 fcsn01.fandc.co.jp FTP server (Version 6.00LS) ready.
user foo
331 Password required for foo.
pass password
230 User foo logged in, access restrictions apply.
Connection closed by foreign host.
Error log in /var/log/message:
Jun 18 16:54:18 fcsn01 kernel: pid 7443 (ftpd), uid 2000: exited on signal 6
>Fix:
Here is the patch for ftpd.c Revision 1.62.2.48:
--- ftpd.c.orig Wed Jun 18 15:33:22 2003
+++ ftpd.c Wed Jun 18 15:38:43 2003
@@ -1494,11 +1494,14 @@
* c) expand it to the absolute pathname if necessary.
*/
if (dochroot && residue &&
- (chrootdir = strtok(residue, " \t")) != NULL &&
- chrootdir[0] != '/') {
- asprintf(&chrootdir, "%s/%s", pw->pw_dir, chrootdir);
- if (chrootdir == NULL)
- fatalerror("Ran out of memory.");
+ (chrootdir = strtok(residue, " \t")) != NULL) {
+ if (chrootdir[0] != '/') {
+ asprintf(&chrootdir, "%s/%s", pw->pw_dir, chrootdir);
+ } else {
+ chrootdir = strdup(chrootdir);
+ }
+ if (chrootdir == NULL)
+ fatalerror("Ran out of memory.");
}
if (guest || dochroot) {
/*
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030618080320.5A6B25087E>