forked from pool/atftp
Pedro Monreal Gonzalez
222c2ec04b
- Removed old initscript conditionals and atftpd.init file - Update to version 0.7.2 [bsc#1133114, CVE-2019-11365][bsc#1133145, CVE-2019-11366] * atftpd.c: Fixed a potential DoS bug (introduced by the IPv6 patch) * Fix Debian Bug deb#613582 and deb#258998 atftpd: does not reply properly when there's more than 1 interface * Fix Debian Bug deb#622840 atftpd: Forgets port if both --port and --bind-address are used * Fix Debian Bug deb#606969 atftp exits with no error after a get when disk is full * Fix Debian Bug deb#575831 atftp: error return value when tftp put file * Fix missing default port from Ubuntu bug lp#972834 * Merged patches to improve debugging and warning messages * Merged patch from Gentoo distribution: add support for proprietary password extension necessary for transferring files to linksys routers (atftp client) * Added patch from Gentoo bug #322601: client fails for filenames containing spaces * Listening Address configuration fixed * Added Patch "Blksize option can be smaller than SEGSIZE" * Fix Debian Bug deb#609813 Apply patch listen on requested port when in daemon mode. * Fix Debian Bug deb#598474 Fixed use of sendto() over a connected datagram socket on FreeBSD * Fix Debian Bug deb#580473 Apply IPv6 support patch by Ben Hutchings. Add AC_GNU_SOURCE to configure.ac to address FTBFS. * Fix Debian Bug deb#536295 Updated config.sub .guess. * Fix Debian Bug deb#535604 Make sure we have the --daemon option before starting atftpd * Fix Debian Bug deb#514521 Crash fix * Fix Debian Bug deb#484739 Added support for logging to stdout. * Fix Debian Bug deb#484932 inetd.conf: change udp to udp4 * Fix Debian Bug deb#436310 Fixed the FTBFS. * Fix Debian Bug deb#420900 Use CLOCKS_PER_SEC instead of CLK_TCK. Fixed a FTBFS. * Fix Debian Bug deb#271816 Random segfaults fixed * Fix Debian Bug deb#291829 Segfault fixed on AMD64. * Fix Debian Bug deb#290062 Copyright fixed. OBS-URL: https://build.opensuse.org/request/show/698118 OBS-URL: https://build.opensuse.org/package/show/network/atftp?expand=0&rev=38
107 lines
3.5 KiB
Diff
107 lines
3.5 KiB
Diff
Index: atftp-0.7.2/tftpd.c
|
|
===================================================================
|
|
--- atftp-0.7.2.orig/tftpd.c
|
|
+++ atftp-0.7.2/tftpd.c
|
|
@@ -98,8 +98,8 @@ int deny_severity = LOG_NOTICE;
|
|
#endif
|
|
|
|
/* user ID and group ID when running as a daemon */
|
|
-char user_name[MAXLEN] = "nobody";
|
|
-char group_name[MAXLEN] = "nogroup";
|
|
+char user_name[MAXLEN] = "tftp";
|
|
+char group_name[MAXLEN] = "tftp";
|
|
|
|
/* For special uses, disable source port checking */
|
|
int source_port_checking = 1;
|
|
@@ -296,54 +296,46 @@ int main(int argc, char **argv)
|
|
*/
|
|
dup2(sockfd, 0);
|
|
close(sockfd);
|
|
+ }
|
|
|
|
- /* release priviliedge */
|
|
- user = getpwnam(user_name);
|
|
- group = getgrnam(group_name);
|
|
- if (!user || !group)
|
|
- {
|
|
- logger(LOG_ERR,
|
|
- "atftpd: can't change identity to %s.%s, exiting.",
|
|
- user_name, group_name);
|
|
- exit(1);
|
|
- }
|
|
+ /* release privilege */
|
|
+ user = getpwnam(user_name);
|
|
+ group = getgrnam(group_name);
|
|
+ if (!user || !group)
|
|
+ {
|
|
+ logger(LOG_ERR,
|
|
+ "atftpd: can't change identity to %s.%s, exiting.",
|
|
+ user_name, group_name);
|
|
+ exit(1);
|
|
+ }
|
|
|
|
- /* write our pid in the specified file before changing user*/
|
|
- if (pidfile)
|
|
- {
|
|
- if (tftpd_pid_file(pidfile, 1) != OK)
|
|
- {
|
|
- logger(LOG_ERR,
|
|
- "atftpd: can't write our pid file: %s.",
|
|
- pidfile);
|
|
- exit(1);
|
|
- }
|
|
- /* to be able to remove it later */
|
|
- if (chown(pidfile, user->pw_uid, group->gr_gid) != OK) {
|
|
- logger(LOG_ERR,
|
|
- "atftpd: failed to chown our pid file %s to owner %s.%s.",
|
|
- pidfile, user_name, group_name);
|
|
- exit(1);
|
|
- }
|
|
- }
|
|
+ /* write our pid in the specified file before changing user */
|
|
+ if (pidfile)
|
|
+ {
|
|
+ if (tftpd_pid_file(pidfile, 1) != OK)
|
|
+ exit(1);
|
|
+ /* to be able to remove it later */
|
|
+ chown(pidfile, user->pw_uid, group->gr_gid);
|
|
+ }
|
|
|
|
- if (setgid(group->gr_gid) != OK) {
|
|
- logger(LOG_ERR,
|
|
- "atftpd: failed to setgid to group %d (%s).",
|
|
- group->gr_gid, group_name);
|
|
- exit(1);
|
|
- }
|
|
- if (setuid(user->pw_uid) != OK) {
|
|
- logger(LOG_ERR,
|
|
- "atftpd: failed to setuid to user %d (%s).",
|
|
- user->pw_uid, user_name);
|
|
- exit(1);
|
|
- }
|
|
-
|
|
- /* Reopen log file now that we changed user, and that we've
|
|
- * open and dup2 the socket. */
|
|
- open_logger("atftpd", log_file, logging_level);
|
|
+ if (setgid(group->gr_gid) != OK) {
|
|
+ logger(LOG_ERR,
|
|
+ "atftpd: failed to setgid to group %d (%s).",
|
|
+ group->gr_gid, group_name);
|
|
+ exit(1);
|
|
}
|
|
+ if (setgroups(0, NULL)) {
|
|
+ logger(LOG_ERR, "atftpd: can't clear supplementary group list");
|
|
+ exit(1);
|
|
+ }
|
|
+ if(setuid(user->pw_uid)) {
|
|
+ logger(LOG_ERR, "atftpd: can't switch user to %s, exiting.", user_name);
|
|
+ exit(1);
|
|
+ }
|
|
+
|
|
+ /* Reopen log file now that we changed user, and that we've
|
|
+ * open and dup2 the socket. */
|
|
+ open_logger("atftpd", log_file, logging_level);
|
|
|
|
#if defined(SOL_IP) && defined(IP_PKTINFO)
|
|
/* We need to retieve some information from incomming packets */
|