upstream/oracle/userland-gate: components/proftpd/patches/013-21514375-4143-tls-xss.patch@b6f4cd2a91cf (annotated)

4930 b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	1	http://bugs.proftpd.org/show_bug.cgi?id=4143#c0
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	2	https://github.com/proftpd/proftpd/pull/81.patch
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	3
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	4	diff --git a/include/cmd.h b/include/cmd.h
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	5	index a95cac3..814dc62 100644
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	6	--- a/include/cmd.h
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	7	+++ b/include/cmd.h
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	8	@@ -106,6 +106,16 @@ int pr_cmd_get_id(const char *name_name);
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	9	#define PR_CMD_MIN_NAMELEN 3
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	10	#define PR_CMD_MAX_NAMELEN 4
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	11
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	12	+/* Returns TRUE if the given command is a known HTTP method, FALSE if not
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	13	+ * a known HTTP method, and -1 if there is an error.
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	14	+ */
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	15	+int pr_cmd_is_http(cmd_rec *c);
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	16	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	17	+/* Returns TRUE if the given command is a known SMTP method, FALSE if not
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	18	+ * a known SMTP method, and -1 if there is an error.
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	19	+ */
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	20	+int pr_cmd_is_smtp(cmd_rec *c);
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	21	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	22	int pr_cmd_set_name(cmd_rec , const char );
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	23
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	24	/* Implemented in main.c */
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	25	diff --git a/include/dirtree.h b/include/dirtree.h
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	26	index fe7b14b..ddb31a8 100644
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	27	--- a/include/dirtree.h
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	28	+++ b/include/dirtree.h
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	29	@@ -130,6 +130,13 @@ typedef struct cmd_struc {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	30	int error_code; /* Stores errno of failed file transfer
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	31	* commands. Required for Solaris auditing.
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	32	*/
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	33	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	34	+ /* If we detect that the client sent commands for a protocol OTHER than
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	35	+ * FTP, then this field will be FALSE; the protocol field will identify
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	36	+ * the detected protocol.
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	37	+ */
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	38	+ int is_ftp;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	39	+ const char *protocol;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	40	} cmd_rec;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	41
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	42	struct config_struc {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	43	diff --git a/include/session.h b/include/session.h
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	44	index a0ccd1a..d47ea83 100644
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	45	--- a/include/session.h
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	46	+++ b/include/session.h
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	47	@@ -72,6 +72,9 @@
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	48	/* Disconnected due to snprintf(3) buffer truncation. */
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	49	#define PR_SESS_DISCONNECT_SNPRINTF_TRUNCATED 13
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	50
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	51	+/* Disconnected due to wrong protocol used (e.g. HTTP/SMTP). */
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	52	+#define PR_SESS_DISCONNECT_BAD_PROTOCOL 14
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	53	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	54	/* Returns a string describing the reason the client was disconnected or
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	55	* the session ended. If a pointer to a char * was provided, any extra
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	56	* disconnect details will be provided.
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	57	diff --git a/src/cmd.c b/src/cmd.c
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	58	index b441c54..4688ff3 100644
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	59	--- a/src/cmd.c
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	60	+++ b/src/cmd.c
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	61	@@ -112,6 +112,38 @@ static struct cmd_entry cmd_ids[] = {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	62	{ NULL, 0 }
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	63	};
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	64
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	65	+/* Due to potential XSS issues (see Bug#4143), we want to explicitly
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	66	+ * check for commands from other text-based protocols (e.g. HTTP and SMTP);
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	67	+ * if we see these, we want to close the connection with extreme prejudice.
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	68	+ */
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	69	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	70	+static struct cmd_entry http_ids[] = {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	71	+ { " ", 1 }, /* Index 0 is intentionally filled with a sentinel */
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	72	+ { "CONNECT", 7 },
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	73	+ { "DELETE", 6 },
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	74	+ { "GET", 3 },
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	75	+ { "HEAD", 4 },
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	76	+ { "OPTIONS", 7 },
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	77	+ { "PATCH", 5 },
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	78	+ { "POST", 4 },
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	79	+ { "PUT", 3 },
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	80	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	81	+ { NULL, 0 }
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	82	+};
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	83	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	84	+static struct cmd_entry smtp_ids[] = {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	85	+ { " ", 1 }, /* Index 0 is intentionally filled with a sentinel */
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	86	+ { "DATA", 4 },
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	87	+ { "EHLO", 4 },
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	88	+ { "HELO", 4 },
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	89	+ { "MAIL", 4 },
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	90	+ { "RCPT", 4 },
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	91	+ { "RSET", 4 },
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	92	+ { "VRFY", 4 },
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	93	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	94	+ { NULL, 0 }
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	95	+};
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	96	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	97	cmd_rec pr_cmd_alloc(pool p, int argc, ...) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	98	pool *newpool = NULL;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	99	cmd_rec *cmd = NULL;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	100	@@ -340,3 +372,59 @@ int pr_cmd_get_id(const char *cmd_name) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	101	errno = ENOENT;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	102	return -1;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	103	}
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	104	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	105	+static int is_known_cmd(struct cmd_entry known_cmds, const char cmd_name,
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	106	+ size_t cmd_namelen) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	107	+ register unsigned int i;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	108	+ int known = FALSE;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	109	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	110	+ for (i = 0; known_cmds[i].cmd_name != NULL; i++) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	111	+ if (cmd_namelen == known_cmds[i].cmd_namelen) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	112	+ if (strncmp(cmd_name, known_cmds[i].cmd_name, cmd_namelen + 1) == 0) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	113	+ known = TRUE;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	114	+ break;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	115	+ }
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	116	+ }
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	117	+ }
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	118	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	119	+ return known;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	120	+}
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	121	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	122	+int pr_cmd_is_http(cmd_rec *cmd) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	123	+ const char *cmd_name;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	124	+ size_t cmd_namelen;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	125	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	126	+ if (cmd == NULL) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	127	+ errno = EINVAL;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	128	+ return -1;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	129	+ }
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	130	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	131	+ cmd_name = cmd->argv[0];
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	132	+ if (cmd_name == NULL) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	133	+ errno = EINVAL;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	134	+ return -1;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	135	+ }
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	136	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	137	+ cmd_namelen = strlen(cmd_name);
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	138	+ return is_known_cmd(http_ids, cmd_name, cmd_namelen);
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	139	+}
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	140	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	141	+int pr_cmd_is_smtp(cmd_rec *cmd) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	142	+ const char *cmd_name;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	143	+ size_t cmd_namelen;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	144	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	145	+ if (cmd == NULL) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	146	+ errno = EINVAL;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	147	+ return -1;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	148	+ }
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	149	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	150	+ cmd_name = cmd->argv[0];
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	151	+ if (cmd_name == NULL) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	152	+ errno = EINVAL;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	153	+ return -1;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	154	+ }
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	155	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	156	+ cmd_namelen = strlen(cmd_name);
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	157	+ return is_known_cmd(smtp_ids, cmd_name, cmd_namelen);
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	158	+}
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	159	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	160	diff --git a/src/main.c b/src/main.c
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	161	index b951436..b0a8a2a 100644
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	162	--- a/src/main.c
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	163	+++ b/src/main.c
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	164	@@ -572,7 +572,21 @@ int pr_cmd_read(cmd_rec **res) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	165	cmd = make_ftp_cmd(session.pool, cp, flags);
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	166	if (cmd) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	167	*res = cmd;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	168	- }
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	169	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	170	+ if (pr_cmd_is_http(cmd) == TRUE) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	171	+ cmd->is_ftp = FALSE;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	172	+ cmd->protocol = "HTTP";
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	173	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	174	+ } else if (pr_cmd_is_smtp(cmd) == TRUE) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	175	+ cmd->is_ftp = FALSE;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	176	+ cmd->protocol = "SMTP";
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	177	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	178	+ } else {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	179	+ /* Assume that the client is sending valid FTP commands. */
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	180	+ cmd->is_ftp = TRUE;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	181	+ cmd->protocol = "FTP";
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	182	+ }
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	183	+ }
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	184	}
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	185
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	186	return 0;
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	187	@@ -827,6 +841,20 @@ static void cmd_loop(server_rec server, conn_t c) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	188	}
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	189
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	190	if (cmd) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	191	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	192	+ /* Detect known commands for other protocols; if found, drop the
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	193	+ * connection, lest we be used as part of an attack on a different
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	194	+ * protocol server (Bug#4143).
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	195	+ */
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	196	+ if (cmd->is_ftp == FALSE) {
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	197	+ pr_log_pri(PR_LOG_WARNING,
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	198	+ "client sent %s command '%s', disconnecting", cmd->protocol,
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	199	+ cmd->argv[0]);
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	200	+ pr_event_generate("core.bad-protocol", cmd);
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	201	+ pr_session_disconnect(NULL, PR_SESS_DISCONNECT_BAD_PROTOCOL,
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	202	+ cmd->protocol);
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	203	+ }
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	204	+
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	205	pr_cmd_dispatch(cmd);
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	206	destroy_pool(cmd->pool);
b6f4cd2a91cf 21514375 problem in SERVICE/FTP-SERVER Tomas Klacko <tomas.klacko@oracle.com> parents: diff changeset	207

author	Tomas Klacko <tomas.klacko@oracle.com>
	Fri, 09 Oct 2015 03:15:31 -0700
branch	s11u3-sru
changeset 4930	b6f4cd2a91cf
permissions	-rw-r--r--