Index: vsftpd-3.0.2/main.c =================================================================== --- vsftpd-3.0.2.orig/main.c +++ vsftpd-3.0.2/main.c @@ -155,6 +155,9 @@ main(int argc, const char* argv[]) the_session.num_clients = ret.num_children; the_session.num_this_ip = ret.num_this_ip; } + + die_init(&the_session); + if (tunable_tcp_wrappers) { the_session.tcp_wrapper_ok = vsf_tcp_wrapper_ok(VSFTP_COMMAND_FD); Index: vsftpd-3.0.2/utility.c =================================================================== --- vsftpd-3.0.2.orig/utility.c +++ vsftpd-3.0.2/utility.c @@ -9,9 +9,22 @@ #include "sysutil.h" #include "str.h" #include "defs.h" +#include "session.h" +#include "tunables.h" +#include "privsock.h" +#include "ssl.h" +#include #define DIE_DEBUG +static struct vsf_session *s_p_sess = NULL; + +void +die_init(struct vsf_session *p_sess) +{ + s_p_sess = p_sess; +} + void die(const char* p_text) { @@ -40,12 +53,70 @@ die2(const char* p_text1, const char* p_ void bug(const char* p_text) { + /* Detect calls caused by failed logging from bug() itself + * to prevent infinite loops */ + static int s_in_bug = 0; + const unsigned int buffer_size = 256; + char text_buffer[buffer_size]; + unsigned int text_len; + + if (s_in_bug) + return; + + s_in_bug = 1; + + if (s_p_sess) + { + /* Try to write the message to logs */ + if (s_p_sess->vsftpd_log_fd != -1) + { + snprintf(text_buffer, buffer_size, + "%s vsftpd [pid %d]: \"%s\" from \"%s\": %s", + vsf_sysutil_get_current_date(), vsf_sysutil_getpid(), + str_getbuf(&s_p_sess->user_str), + str_getbuf(&s_p_sess->remote_ip_str), p_text); + text_len = vsf_sysutil_strlen(text_buffer); + vsf_sysutil_write_loop(s_p_sess->vsftpd_log_fd, text_buffer, text_len); + } + + if (tunable_syslog_enable) + { + snprintf(text_buffer, buffer_size, "\"%s\" from \"%s\": %s", + str_getbuf(&s_p_sess->user_str), + str_getbuf(&s_p_sess->remote_ip_str), p_text); + vsf_sysutil_syslog(text_buffer, 1); + } + } + else + { + /* dummy logging before the system is fully set up */ + if (tunable_syslog_enable) + { + vsf_sysutil_syslog(p_text, 1); + } + } + + snprintf(text_buffer, buffer_size, "500 OOPS: %s\r\n", p_text); + text_len = vsf_sysutil_strlen(text_buffer); + /* Rats. Try and write the reason to the network for diagnostics */ - vsf_sysutil_activate_noblock(VSFTP_COMMAND_FD); - (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "500 OOPS: ", 10); - (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, p_text, - vsf_sysutil_strlen(p_text)); - (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, "\r\n", 2); + if (s_p_sess && s_p_sess->control_use_ssl) + { + if (s_p_sess->ssl_slave_active) + { + priv_sock_send_cmd(s_p_sess->ssl_consumer_fd, PRIV_SOCK_WRITE_USER_RESP); + priv_sock_send_buf(s_p_sess->ssl_consumer_fd, text_buffer, text_len); + } + else + { + (void)ssl_write(s_p_sess->p_control_ssl, text_buffer, text_len); + } + } + else + { + vsf_sysutil_activate_noblock(VSFTP_COMMAND_FD); + (void) vsf_sysutil_write_loop(VSFTP_COMMAND_FD, text_buffer, text_len); + } vsf_sysutil_exit(2); } Index: vsftpd-3.0.2/utility.h =================================================================== --- vsftpd-3.0.2.orig/utility.h +++ vsftpd-3.0.2/utility.h @@ -2,6 +2,18 @@ #define VSF_UTILITY_H struct mystr; +struct vsf_session; + +/* die_init + * PURPOSE + * Initialize static pointer to vsf_session used for + * logging and SSL support used by die() and bug(). + * If not set (or set to NULL) only dummy write + * to VSFTP_COMMAND_FD will be done. + * PARAMETERS + * p_sess - pointer to vsf_session or NULL + */ +void die_init(struct vsf_session *p_sess); /* die() * PURPOSE Index: vsftpd-3.0.2/seccompsandbox.c =================================================================== --- vsftpd-3.0.2.orig/seccompsandbox.c +++ vsftpd-3.0.2/seccompsandbox.c @@ -556,6 +556,10 @@ seccomp_sandbox_setup_postlogin_broker() allow_nr(__NR_fchown); allow_nr_1_arg_match(__NR_recvmsg, 3, 0); } + if (tunable_syslog_enable) + { + allow_nr_1_arg_match(__NR_sendto, 6, 0); + } } void