SHA256
1
0
forked from pool/atftp
atftp/atftp-drop_privileges_non-daemon.patch
Marcus Meissner 003aa9ceb8 Accepting request 919255 from home:pmonrealgonzalez:branches:network
- Update to version 0.7.5 [bsc#1190522, CVE-2021-41054]
  * text files: mark/convert all textfiles to UTF-8
  * fix some compiler warnings
  * fix buffer overflow in atftpd (CVE-2021-41054)
  * test.sh: check for root no longer necessary
  * tftpd.c: Only drop privs if requested or running as root + check for failure
  * fix invalid read of 1 byte in tftp_send_request.
  * Check return value of fseek(), abort if != 0
  * options.c: Proper fix for the read-past-end-of-array
  * configure.ac: Add -std=gnu89 if gcc/clang is detected
  * tftpd.c: Fix memleak if thread spawning fails
  * atftp: Check return value of fgets, buffer might be uninitialized on NULL
  * Fix check for argz support (HAVE_ARGZ -> HAVE_ARGZ_H)
  * replace LICENSE with current version
  * Remove patches fixed upstream:
    - atftp-0.7-sorcerers_apprentice.patch
    - atftp-0.7-server_receive_race.patch
    - atftp-0.7-ack_heuristic.patch
  * Rebase patches:
    - atftp-drop_privileges_non-daemon.patch
    - atftp-0.7-default_dir_man.patch
    - atftp-0.7-default_user_man.patch

OBS-URL: https://build.opensuse.org/request/show/919255
OBS-URL: https://build.opensuse.org/package/show/network/atftp?expand=0&rev=51
2021-09-21 08:13:46 +00:00

25 lines
814 B
Diff

Index: atftp-0.7.5/tftpd.c
===================================================================
--- atftp-0.7.5.orig/tftpd.c
+++ atftp-0.7.5/tftpd.c
@@ -99,8 +99,8 @@ int deny_severity = LOG_NOTICE;
#endif
/* user ID and group ID when running as a daemon */
-char user_name[MAXLEN] = "nobody";
-char group_name[MAXLEN] = "nogroup";
+char user_name[MAXLEN] = "tftp";
+char group_name[MAXLEN] = "tftp";
/* For special uses, disable source port checking */
int source_port_checking = 1;
@@ -298,7 +298,7 @@ int main(int argc, char **argv)
dup2(sockfd, 0);
close(sockfd);
- /* release priviliedge */
+ /* release priviledge */
/* first see if we are or can somehow become root, if so prepare
* for drop even if not requested on command line */