82 lines
3.5 KiB
Diff
82 lines
3.5 KiB
Diff
Index: vsftpd-3.0.2/main.c
|
|
===================================================================
|
|
--- vsftpd-3.0.2.orig/main.c 2018-06-28 15:45:11.373254606 +0000
|
|
+++ vsftpd-3.0.2/main.c 2018-06-28 15:45:16.700973780 +0000
|
|
@@ -320,7 +320,7 @@ env_init(void)
|
|
static void
|
|
limits_init(void)
|
|
{
|
|
- unsigned long limit = VSFTP_AS_LIMIT;
|
|
+ unsigned long limit = tunable_address_space_limit ?: VSFTP_AS_LIMIT;
|
|
if (tunable_text_userdb_names)
|
|
{
|
|
/* Turns out, LDAP lookups for lots of userid -> name mappings can really
|
|
Index: vsftpd-3.0.2/parseconf.c
|
|
===================================================================
|
|
--- vsftpd-3.0.2.orig/parseconf.c 2018-06-28 15:45:11.373254606 +0000
|
|
+++ vsftpd-3.0.2/parseconf.c 2018-06-28 15:45:16.700973780 +0000
|
|
@@ -138,6 +138,7 @@ parseconf_uint_array[] =
|
|
{ "delay_successful_login", &tunable_delay_successful_login },
|
|
{ "max_login_fails", &tunable_max_login_fails },
|
|
{ "chown_upload_mode", &tunable_chown_upload_mode },
|
|
+ { "address_space_limit", &tunable_address_space_limit },
|
|
{ 0, 0 }
|
|
};
|
|
|
|
Index: vsftpd-3.0.2/tunables.c
|
|
===================================================================
|
|
--- vsftpd-3.0.2.orig/tunables.c 2018-06-28 15:45:11.373254606 +0000
|
|
+++ vsftpd-3.0.2/tunables.c 2018-06-28 15:45:16.700973780 +0000
|
|
@@ -110,6 +110,7 @@ unsigned int tunable_delay_failed_login;
|
|
unsigned int tunable_delay_successful_login;
|
|
unsigned int tunable_max_login_fails;
|
|
unsigned int tunable_chown_upload_mode;
|
|
+unsigned int tunable_address_space_limit;
|
|
|
|
const char* tunable_secure_chroot_dir;
|
|
const char* tunable_ftp_username;
|
|
@@ -255,6 +256,7 @@ tunables_load_defaults()
|
|
tunable_max_login_fails = 3;
|
|
/* -rw------- */
|
|
tunable_chown_upload_mode = 0600;
|
|
+ tunable_address_space_limit = 0; /* See main.c:limits_init */
|
|
|
|
install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
|
|
install_str_setting("ftp", &tunable_ftp_username);
|
|
Index: vsftpd-3.0.2/tunables.h
|
|
===================================================================
|
|
--- vsftpd-3.0.2.orig/tunables.h 2018-06-28 15:45:11.373254606 +0000
|
|
+++ vsftpd-3.0.2/tunables.h 2018-06-28 15:45:16.700973780 +0000
|
|
@@ -112,6 +112,7 @@ extern unsigned int tunable_delay_failed
|
|
extern unsigned int tunable_delay_successful_login;
|
|
extern unsigned int tunable_max_login_fails;
|
|
extern unsigned int tunable_chown_upload_mode;
|
|
+extern unsigned int tunable_address_space_limit;
|
|
|
|
/* String defines */
|
|
extern const char* tunable_secure_chroot_dir;
|
|
Index: vsftpd-3.0.2/vsftpd.conf.5
|
|
===================================================================
|
|
--- vsftpd-3.0.2.orig/vsftpd.conf.5 2018-06-28 15:45:06.882648441 +0000
|
|
+++ vsftpd-3.0.2/vsftpd.conf.5 2018-06-28 15:55:42.806639732 +0000
|
|
@@ -639,6 +639,19 @@ The timeout, in seconds, for a remote cl
|
|
a PASV style data connection.
|
|
|
|
Default: 60
|
|
+
|
|
+.TP
|
|
+.B address_space_limit
|
|
+Set the amount of memory vsftpd can use (in bytes). This limit exists so that
|
|
+attackers cannot exploit any potential bugs in the server that might result in
|
|
+vsftpd allocating huge amounts of memory that would affect the host system
|
|
+negatively, e.g. causing thrashing or killing random processes due to Linux's
|
|
+OOM system. If the value is configured too low, vsftpd will fail with "out of
|
|
+memory" errors during normal operations. Oftentimes, this occurs inside of the
|
|
+PAM stack on systems that have many memory-intensive PAM modules enabled.
|
|
+
|
|
+Default: 104857600 (100MB)
|
|
+
|
|
.TP
|
|
.B anon_max_rate
|
|
The maximum data transfer rate permitted, in bytes per second, for anonymous
|