vsftpd/vsftpd-die-with-session.patch

Index: vsftpd-3.0.2/main.c
===================================================================
--- vsftpd-3.0.2.orig/main.c
+++ vsftpd-3.0.2/main.c
@@ -155,6 +155,9 @@ main(int argc, const char* argv[])
     the_session.num_clients = ret.num_children;
     the_session.num_this_ip = ret.num_this_ip;
   }
+
+  die_init(&the_session);
+
   if (tunable_tcp_wrappers)
   {
     the_session.tcp_wrapper_ok = vsf_tcp_wrapper_ok(VSFTP_COMMAND_FD);
Index: vsftpd-3.0.2/utility.c
===================================================================
--- vsftpd-3.0.2.orig/utility.c
+++ vsftpd-3.0.2/utility.c
@@ -9,9 +9,22 @@
 #include "sysutil.h"
 #include "str.h"
 #include "defs.h"
+#include "session.h"
+#include "tunables.h"
+#include "privsock.h"
+#include "ssl.h"
+#include <stdio.h>
 
 #define DIE_DEBUG
 
+static struct vsf_session *s_p_sess = NULL;
+
+void
+die_init(struct vsf_session *p_sess)
+{
+  s_p_sess = p_sess;
+}
+
 void
 die(const char* p_text)
 {
@@ -40,12 +53,70 @@ die2(const char* p_text1, const char* p_
 void
 bug(const char* p_text)
 {
+  /* Detect calls caused by failed logging from bug() itself
+   * to prevent infinite loops */
+  static int s_in_bug = 0;
+  const unsigned int buffer_size = 256;
+  char text_buffer[buffer_size];
+  unsigned int text_len;
+
+  if (s_in_bug)
+	return;
+
+  s_in_bug = 1;
+
+  if (s_p_sess)
+  {
+    /* Try to write the message to logs */
+    if (s_p_sess->vsftpd_log_fd != -1)
+    {
+      snprintf(text_buffer, buffer_size,
+               "%s vsftpd [pid %d]: \"%s\" from \"%s\": %s",
+               vsf_sysutil_get_current_date(), vsf_sysutil_getpid(),
+               str_getbuf(&s_p_sess->user_str),
+               str_getbuf(&s_p_sess->remote_ip_str), p_text);
+      text_len = vsf_sysutil_strlen(text_buffer);
+      vsf_sysutil_write_loop(s_p_sess->vsftpd_log_fd, text_buffer, text_len);
+    }
+
+    if (tunable_syslog_enable)
+    {
+      snprintf(text_buffer, buffer_size, "\"%s\" from \"%s\": %s",
+               str_getbuf(&s_p_sess->user_str),
+               str_getbuf(&s_p_sess->remote_ip_str), p_text);
+      vsf_sysutil_syslog(text_buffer, 1);
+    }
+  }
+  else
+  {
+    /* dummy logging before the system is fully set up */
+    if (tunable_syslog_enable)
+    {
+      vsf_sysutil_syslog(p_text, 1);
+    }
+  }
+
+  snprintf(text_buffer, buffer_size, "500 OOPS: %s\r\n", p_text);
+  text_len = vsf_sysutil_strlen(text_buffer);
+
   /* Rats. Try and write the reason to the network for diagnostics */
-  vsf_sysutil_activate_noblock(VSFTP_COMMAND_FD);
-  (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "500 OOPS: ", 10);
-  (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, p_text,
-                                vsf_sysutil_strlen(p_text));
-  (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "\r\n", 2);
+  if (s_p_sess && s_p_sess->control_use_ssl)
+  {
+    if (s_p_sess->ssl_slave_active)
+    {
+      priv_sock_send_cmd(s_p_sess->ssl_consumer_fd, PRIV_SOCK_WRITE_USER_RESP);
+      priv_sock_send_buf(s_p_sess->ssl_consumer_fd, text_buffer, text_len);
+    }
+    else
+    {
+      (void)ssl_write(s_p_sess->p_control_ssl, text_buffer, text_len);
+    }
+  }
+  else
+  {
+    vsf_sysutil_activate_noblock(VSFTP_COMMAND_FD);
+    (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, text_buffer, text_len);
+  }
   vsf_sysutil_exit(2);
 }
 
Index: vsftpd-3.0.2/utility.h
===================================================================
--- vsftpd-3.0.2.orig/utility.h
+++ vsftpd-3.0.2/utility.h
@@ -2,6 +2,18 @@
 #define VSF_UTILITY_H
 
 struct mystr;
+struct vsf_session;
+
+/* die_init
+ * PURPOSE
+ * Initialize static pointer to vsf_session used for
+ * logging and SSL support used by die() and bug().
+ * If not set (or set to NULL) only dummy write
+ * to VSFTP_COMMAND_FD will be done.
+ * PARAMETERS
+ * p_sess       - pointer to vsf_session or NULL
+ */
+void die_init(struct vsf_session *p_sess);
 
 /* die()
  * PURPOSE
Index: vsftpd-3.0.2/seccompsandbox.c
===================================================================
--- vsftpd-3.0.2.orig/seccompsandbox.c
+++ vsftpd-3.0.2/seccompsandbox.c
@@ -556,6 +556,10 @@ seccomp_sandbox_setup_postlogin_broker()
     allow_nr(__NR_fchown);
     allow_nr_1_arg_match(__NR_recvmsg, 3, 0);
   }
+  if (tunable_syslog_enable)
+  {
+    allow_nr_1_arg_match(__NR_sendto, 6, 0);
+  }
 }
 
 void
Sync from SUSE:SLFO:Main vsftpd revision 2da05debc592f7936f2ab5233a1d8112 2024-05-04 01:48:08 +02:00			`Index: vsftpd-3.0.2/main.c`
			`===================================================================`
			`--- vsftpd-3.0.2.orig/main.c`
			`+++ vsftpd-3.0.2/main.c`
			`@@ -155,6 +155,9 @@ main(int argc, const char* argv[])`
			`the_session.num_clients = ret.num_children;`
			`the_session.num_this_ip = ret.num_this_ip;`
			`}`
			`+`
			`+ die_init(&the_session);`
			`+`
			`if (tunable_tcp_wrappers)`
			`{`
			`the_session.tcp_wrapper_ok = vsf_tcp_wrapper_ok(VSFTP_COMMAND_FD);`
			`Index: vsftpd-3.0.2/utility.c`
			`===================================================================`
			`--- vsftpd-3.0.2.orig/utility.c`
			`+++ vsftpd-3.0.2/utility.c`
			`@@ -9,9 +9,22 @@`
			`#include "sysutil.h"`
			`#include "str.h"`
			`#include "defs.h"`
			`+#include "session.h"`
			`+#include "tunables.h"`
			`+#include "privsock.h"`
			`+#include "ssl.h"`
			`+#include <stdio.h>`

			`#define DIE_DEBUG`

			`+static struct vsf_session *s_p_sess = NULL;`
			`+`
			`+void`
			`+die_init(struct vsf_session *p_sess)`
			`+{`
			`+ s_p_sess = p_sess;`
			`+}`
			`+`
			`void`
			`die(const char* p_text)`
			`{`
			`@@ -40,12 +53,70 @@ die2(const char* p_text1, const char* p_`
			`void`
			`bug(const char* p_text)`
			`{`
			`+ /* Detect calls caused by failed logging from bug() itself`
			`+ * to prevent infinite loops */`
			`+ static int s_in_bug = 0;`
			`+ const unsigned int buffer_size = 256;`
			`+ char text_buffer[buffer_size];`
			`+ unsigned int text_len;`
			`+`
			`+ if (s_in_bug)`
			`+ return;`
			`+`
			`+ s_in_bug = 1;`
			`+`
			`+ if (s_p_sess)`
			`+ {`
			`+ /* Try to write the message to logs */`
			`+ if (s_p_sess->vsftpd_log_fd != -1)`
			`+ {`
			`+ snprintf(text_buffer, buffer_size,`
			`+ "%s vsftpd [pid %d]: \"%s\" from \"%s\": %s",`
			`+ vsf_sysutil_get_current_date(), vsf_sysutil_getpid(),`
			`+ str_getbuf(&s_p_sess->user_str),`
			`+ str_getbuf(&s_p_sess->remote_ip_str), p_text);`
			`+ text_len = vsf_sysutil_strlen(text_buffer);`
			`+ vsf_sysutil_write_loop(s_p_sess->vsftpd_log_fd, text_buffer, text_len);`
			`+ }`
			`+`
			`+ if (tunable_syslog_enable)`
			`+ {`
			`+ snprintf(text_buffer, buffer_size, "\"%s\" from \"%s\": %s",`
			`+ str_getbuf(&s_p_sess->user_str),`
			`+ str_getbuf(&s_p_sess->remote_ip_str), p_text);`
			`+ vsf_sysutil_syslog(text_buffer, 1);`
			`+ }`
			`+ }`
			`+ else`
			`+ {`
			`+ /* dummy logging before the system is fully set up */`
			`+ if (tunable_syslog_enable)`
			`+ {`
			`+ vsf_sysutil_syslog(p_text, 1);`
			`+ }`
			`+ }`
			`+`
			`+ snprintf(text_buffer, buffer_size, "500 OOPS: %s\r\n", p_text);`
			`+ text_len = vsf_sysutil_strlen(text_buffer);`
			`+`
			`/* Rats. Try and write the reason to the network for diagnostics */`
			`- vsf_sysutil_activate_noblock(VSFTP_COMMAND_FD);`
			`- (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "500 OOPS: ", 10);`
			`- (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, p_text,`
			`- vsf_sysutil_strlen(p_text));`
			`- (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "\r\n", 2);`
			`+ if (s_p_sess && s_p_sess->control_use_ssl)`
			`+ {`
			`+ if (s_p_sess->ssl_slave_active)`
			`+ {`
			`+ priv_sock_send_cmd(s_p_sess->ssl_consumer_fd, PRIV_SOCK_WRITE_USER_RESP);`
			`+ priv_sock_send_buf(s_p_sess->ssl_consumer_fd, text_buffer, text_len);`
			`+ }`
			`+ else`
			`+ {`
			`+ (void)ssl_write(s_p_sess->p_control_ssl, text_buffer, text_len);`
			`+ }`
			`+ }`
			`+ else`
			`+ {`
			`+ vsf_sysutil_activate_noblock(VSFTP_COMMAND_FD);`
			`+ (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, text_buffer, text_len);`
			`+ }`
			`vsf_sysutil_exit(2);`
			`}`

			`Index: vsftpd-3.0.2/utility.h`
			`===================================================================`
			`--- vsftpd-3.0.2.orig/utility.h`
			`+++ vsftpd-3.0.2/utility.h`
			`@@ -2,6 +2,18 @@`
			`#define VSF_UTILITY_H`

			`struct mystr;`
			`+struct vsf_session;`
			`+`
			`+/* die_init`
			`+ * PURPOSE`
			`+ * Initialize static pointer to vsf_session used for`
			`+ * logging and SSL support used by die() and bug().`
			`+ * If not set (or set to NULL) only dummy write`
			`+ * to VSFTP_COMMAND_FD will be done.`
			`+ * PARAMETERS`
			`+ * p_sess - pointer to vsf_session or NULL`
			`+ */`
			`+void die_init(struct vsf_session *p_sess);`

			`/* die()`
			`* PURPOSE`
			`Index: vsftpd-3.0.2/seccompsandbox.c`
			`===================================================================`
			`--- vsftpd-3.0.2.orig/seccompsandbox.c`
			`+++ vsftpd-3.0.2/seccompsandbox.c`
			`@@ -556,6 +556,10 @@ seccomp_sandbox_setup_postlogin_broker()`
			`allow_nr(__NR_fchown);`
			`allow_nr_1_arg_match(__NR_recvmsg, 3, 0);`
			`}`
			`+ if (tunable_syslog_enable)`
			`+ {`
			`+ allow_nr_1_arg_match(__NR_sendto, 6, 0);`
			`+ }`
			`}`

			`void`