- Udate filter patch to work as expected:

from fedora. bnc#900326 bnc#915522 CVE-2015-1419 OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=72
2015-02-24 14:52:29 +00:00 · 2015-02-24 14:52:29 +00:00 · de2ebfe3ec
commit de2ebfe3ec
parent e1041567b4
2 changed files with 41 additions and 45 deletions
--- a/vsftpd-2.1.0-filter.patch
+++ b/vsftpd-2.1.0-filter.patch
@ -2,72 +2,68 @@ Index: vsftpd-3.0.2/ls.c
 ===================================================================
 --- vsftpd-3.0.2.orig/ls.c
 +++ vsftpd-3.0.2/ls.c
-@@ -117,16 +117,6 @@ vsf_ls_populate_dir_list(struct mystr_li
-     {
-       continue;
-     }
-    /* If we have an ls option which is a filter, apply it */
-    if (!str_isempty(p_filter_str))
-    {
-      unsigned int iters = 0;
-      if (!vsf_filename_passes_filter(&s_next_filename_str, p_filter_str,
-                                      &iters))
-      {
-        continue;
-      }
-    }
-     /* Calculate the full path (relative to CWD) for lstat() and
-      * output purposes
-      */
-@@ -144,6 +134,16 @@ vsf_ls_populate_dir_list(struct mystr_li
-         continue;
-       }
-     }
-+    /* If we have an ls option which is a filter, apply it */
-+    if (!str_isempty(p_filter_str))
-+    {
-+      unsigned int iters = 0;
-+      if (!vsf_filename_passes_filter(&s_next_path_and_filename_str, p_filter_str,
-+                                      &iters))
-+      {
-+        continue;
-+      }
-+    }
-     if (is_verbose)
-     {
-       static struct mystr s_final_file_str;
-@@ -246,8 +246,30 @@ vsf_filename_passes_filter(const struct
+@@ -7,6 +7,7 @@
+  * Would you believe, code to handle directory listing.
+  */
+ 
+#include <stdlib.h>
+ #include "ls.h"
+ #include "access.h"
+ #include "defs.h"
+@@ -243,11 +244,42 @@ vsf_filename_passes_filter(const struct
+   struct mystr temp_str = INIT_MYSTR;
+   struct mystr brace_list_str = INIT_MYSTR;
+   struct mystr new_filter_str = INIT_MYSTR;
+  struct mystr normalize_filename_str = INIT_MYSTR;
+  const char *normname;
+  const char *path;
   int ret = 0;
   char last_token = 0;
   int must_match_at_current_pos = 1;
-+
 +
   str_copy(&filter_remain_str, p_filter_str);
 -  str_copy(&name_remain_str, p_filename_str);
 +
-+  if (!str_isempty (&filter_remain_str) && !str_isempty(p_filename_str)) {
+  /* normalize filepath */
+  path = str_strdup(p_filename_str);
+  normname = realpath(path, NULL);
+  if (normname == NULL)
+     goto out;
+  str_alloc_text(&normalize_filename_str, normname);
+
+  if (!str_isempty (&filter_remain_str) && !str_isempty(&normalize_filename_str)) {
 +    if (str_get_char_at(p_filter_str, 0) == '/') {
-+      if (str_get_char_at(p_filename_str, 0) != '/') {
+      if (str_get_char_at(&normalize_filename_str, 0) != '/') {
 +        str_getcwd (&name_remain_str);
 +
 +        if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
 +          str_append_char (&name_remain_str, '/');
 +
-+        str_append_str (&name_remain_str, p_filename_str);
+        str_append_str (&name_remain_str, &normalize_filename_str);
 +      }
 +      else
-+       str_copy (&name_remain_str, p_filename_str);
+       str_copy (&name_remain_str, &normalize_filename_str);
 +    } else {
 +      if (str_get_char_at(p_filter_str, 0) != '{')
-+        str_basename (&name_remain_str, p_filename_str);
+        str_basename (&name_remain_str, &normalize_filename_str);
 +      else
-+        str_copy (&name_remain_str, p_filename_str);
+        str_copy (&name_remain_str, &normalize_filename_str);
 +    }
 +  } else
-+    str_copy(&name_remain_str, p_filename_str);
+    str_copy(&name_remain_str, &normalize_filename_str);
 
   while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
   {
+@@ -360,6 +392,9 @@ vsf_filename_passes_filter(const struct
+     ret = 0;
+   }
+ out:
+  free(normname);
+  free(path);
+  str_free(&normalize_filename_str);
+   str_free(&filter_remain_str);
+   str_free(&name_remain_str);
+   str_free(&temp_str);
 Index: vsftpd-3.0.2/str.c
 ===================================================================
 --- vsftpd-3.0.2.orig/str.c
--- a/vsftpd.changes
+++ b/vsftpd.changes
@ -2,14 +2,14 @@
 Fri Feb 20 12:13:42 UTC 2015 - tchvatal@suse.com

 - Add service calls for other unit files too
- WIP udate filter patch to work as expected:
+- Udate filter patch to work as expected:
  * vsftpd-2.1.0-filter.patch

 -------------------------------------------------------------------
 Fri Jan  2 10:32:53 UTC 2015 - tchvatal@suse.com

 - Try to fix deny_file parsing to do more what is expected. Taken
-  from fedora. bnc#900326
+  from fedora. bnc#900326 bnc#915522 CVE-2015-1419
  * vsftpd-2.1.0-filter.patch

 -------------------------------------------------------------------