upstream/oracle/userland-gate: comparison components/proftpd/patches/15825705.patch

equal deleted inserted replaced

-:d8137835c0b4
+:589e0e82672d
-http://bugs.proftpd.org/show_bug.cgi?id=4014
-I addition, this patch backports the pr_str_get_nbytes() function.
-diff --git a/include/options.h b/include/options.h
-index 96fa35d..0b29bf7 100644
---- a/include/options.h
-+++ b/include/options.h
-@@ -110,6 +110,13 @@
-# define PR_TUNABLE_XFER_BUFFER_SIZE	PR_TUNABLE_BUFFER_SIZE
-#endif
-+/* Maximum FTP command size.  For details on this size of 512KB, see
-+ * the Bug#4014 discussion.
-+ */
-+#ifndef PR_TUNABLE_CMD_BUFFER_SIZE
-+# define PR_TUNABLE_CMD_BUFFER_SIZE    (512 * 1024)
-+#endif
-+
-/* Maximum path length.  GNU HURD (and some others) do not define
-* MAXPATHLEN.  POSIX' PATH_MAX is mandated to be at least 256
-* (according to some), so 1K, in the absense of MAXPATHLEN, should be
-diff --git a/include/str.h b/include/str.h
-index b4fed7c..1cf8724 100644
---- a/include/str.h
-+++ b/include/str.h
-@@ -39,6 +39,7 @@ char *pstrndup(pool *, const char *, size_t);
-char *pr_str_strip(pool *, char *);
-char *pr_str_strip_end(char *, char *);
-+int pr_str_get_nbytes(const char *, const char *, off_t *);
-char *pr_str_get_word(char **, int);
-#define PR_STR_FL_PRESERVE_COMMENTS		0x0001
-diff --git a/modules/mod_core.c b/modules/mod_core.c
-index 18a47c2..922f4d1 100644
---- a/modules/mod_core.c
-+++ b/modules/mod_core.c
-@@ -2240,18 +2240,44 @@ MODRET set_allowforeignaddress(cmd_rec *cmd) {
-}
-MODRET set_commandbuffersize(cmd_rec *cmd) {
--  int size = 0;
-+  int res;
-+  size_t size = 0;
-+  off_t nbytes = 0;
-config_rec *c = NULL;
-+  const char *units = NULL;
-+
-+  if (cmd->argc < 2 || cmd->argc > 3) {
-+    CONF_ERROR(cmd, "wrong number of parameters")
-+  }
--  CHECK_ARGS(cmd, 1);
-CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL);
--  /* NOTE: need to add checks for maximum possible sizes, negative sizes. */
--  size = atoi(cmd->argv[1]);
-+  if (cmd->argc == 3) {
-+    units = cmd->argv[2];
-+  }
-+
-+  if (pr_str_get_nbytes(cmd->argv[1], units, &nbytes) < 0) {
-+    CONF_ERROR(cmd, pstrcat(cmd->tmp_pool, "unable to parse: ",
-+      cmd->argv[1], " ", units, ": ", strerror(errno), NULL));
-+  }
-+
-+  if (nbytes > PR_TUNABLE_CMD_BUFFER_SIZE) {
-+    char max[1024];
-+
-+    snprintf(max, sizeof(max)-1, "%lu", (unsigned long)
-+      PR_TUNABLE_CMD_BUFFER_SIZE);
-+    max[sizeof(max)-1] = '\0';
-+
-+    CONF_ERROR(cmd, pstrcat(cmd->tmp_pool, "size ", cmd->argv[1], units,
-+      "exceeds max size ", max, NULL));
-+  }
-+
-+  /* Possible truncation here, but only for an absurdly large size. */
-+  size = (size_t) nbytes;
-c = add_config_param(cmd->argv[0], 1, NULL);
--  c->argv[0] = pcalloc(c->pool, sizeof(int));
--  *((int *) c->argv[0]) = size;
-+  c->argv[0] = pcalloc(c->pool, sizeof(size_t));
-+  *((size_t *) c->argv[0]) = size;
-return PR_HANDLED(cmd);
-}
-diff --git a/src/main.c b/src/main.c
-index 3e6d637..660e14b 100644
---- a/src/main.c
-+++ b/src/main.c
-@@ -466,42 +466,21 @@ static int _dispatch(cmd_rec *cmd, int cmd_type, int validate, char *match) {
-return success;
-}
--/* Returns the appropriate maximum buffer length to use for FTP commands
-- * from the client, taking the CommandBufferSize directive into account.
-+/* Returns the appropriate maximum buffer size to use for FTP commands
-+ * from the client.
-*/
--static long get_max_cmd_len(size_t buflen) {
--  long res;
--  int *bufsz = NULL;
--  size_t default_cmd_bufsz;
--
--  /* It's possible for the admin to select a PR_TUNABLE_BUFFER_SIZE which
--   * is smaller than PR_DEFAULT_CMD_BUFSZ.  We need to handle such cases
--   * properly.
--   */
--  default_cmd_bufsz = PR_DEFAULT_CMD_BUFSZ;
--  if (default_cmd_bufsz > buflen) {
--    default_cmd_bufsz = buflen;
--  }
--
-+static size_t get_max_cmd_sz(void) {
-+  size_t res;
-+  size_t *bufsz = NULL;
-+
-bufsz = get_param_ptr(main_server->conf, "CommandBufferSize", FALSE);
-if (bufsz == NULL) {
--    res = default_cmd_bufsz;
--
--  } else if (*bufsz <= 0) {
--    pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) given, "
--      "using default buffer size (%lu) instead", *bufsz,
--      (unsigned long) default_cmd_bufsz);
--    res = default_cmd_bufsz;
--
--  } else if (*bufsz + 1 > buflen) {
--    pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) given, "
--      "using default buffer size (%lu) instead", *bufsz,
--      (unsigned long) default_cmd_bufsz);
--    res = default_cmd_bufsz;
-+    res = PR_DEFAULT_CMD_BUFSZ;
-} else {
--    pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz);
--    res = (long) *bufsz;
-+    pr_log_debug(DEBUG1, "setting CommandBufferSize to %lu",
-+      (unsigned long) *bufsz);
-+    res = *bufsz;
-}
-return res;
-@@ -509,21 +488,29 @@ static long get_max_cmd_len(size_t buflen) {
-int pr_cmd_read(cmd_rec **res) {
-static long cmd_bufsz = -1;
--  char buf[PR_DEFAULT_CMD_BUFSZ+1] = {'\0'};
-+  static char *cmd_buf = NULL;
-char *cp;
--  size_t buflen;
-+  size_t cmd_buflen;
-if (res == NULL) {
-errno = EINVAL;
-return -1;
-}
-+  if (cmd_bufsz == -1) {
-+    cmd_bufsz = get_max_cmd_sz();
-+  }
-+
-+  if (cmd_buf == NULL) {
-+    cmd_buf = pcalloc(session.pool, cmd_bufsz + 1);
-+  }
-+
-while (TRUE) {
-pr_signals_handle();
--    memset(buf, '\0', sizeof(buf));
-+    memset(cmd_buf, '\0', cmd_bufsz);
--    if (pr_netio_telnet_gets(buf, sizeof(buf)-1, session.c->instrm,
-+    if (pr_netio_telnet_gets(cmd_buf, cmd_bufsz, session.c->instrm,
-session.c->outstrm) == NULL) {
-if (errno == E2BIG) {
-@@ -544,9 +531,6 @@ int pr_cmd_read(cmd_rec **res) {
-break;
-}
--  if (cmd_bufsz == -1)
--    cmd_bufsz = get_max_cmd_len(sizeof(buf));
--
-/* This strlen(3) is guaranteed to terminate; the last byte of buf is
-* always NUL, since pr_netio_telnet_gets() is told that the buf size is
-* one byte less than it really is.
-@@ -554,26 +538,28 @@ int pr_cmd_read(cmd_rec **res) {
-* If the strlen(3) says that the length is less than the cmd_bufsz, then
-* there is no need to truncate the buffer by inserting a NUL.
-*/
--  buflen = strlen(buf);
--  if (buflen > (cmd_bufsz - 1)) {
-+  cmd_buflen = strlen(cmd_buf);
-+  if (cmd_buflen > cmd_bufsz) {
-pr_log_debug(DEBUG0, "truncating incoming command length (%lu bytes) to "
-"CommandBufferSize %lu; use the CommandBufferSize directive to increase "
--      "the allowed command length", (unsigned long) buflen,
-+      "the allowed command length", (unsigned long) cmd_buflen,
-(unsigned long) cmd_bufsz);
--    buf[cmd_bufsz - 1] = '\0';
-+    cmd_buf[cmd_bufsz-1] = '\0';
-}
--  if (buflen &&
--      (buf[buflen-1] == '\n' || buf[buflen-1] == '\r')) {
--    buf[buflen-1] = '\0';
--    buflen--;
-+  if (cmd_buflen &&
-+      (cmd_buf[cmd_buflen-1] == '\n' || cmd_buf[cmd_buflen-1] == '\r')) {
-+    cmd_buf[cmd_buflen-1] = '\0';
-+    cmd_buflen--;
--    if (buflen &&
--        (buf[buflen-1] == '\n' || buf[buflen-1] =='\r'))
--      buf[buflen-1] = '\0';
-+    if (cmd_buflen &&
-+        (cmd_buf[cmd_buflen-1] == '\n' || cmd_buf[cmd_buflen-1] =='\r')) {
-+      cmd_buf[cmd_buflen-1] = '\0';
-+      cmd_buflen--;
-+    }
-}
--  cp = buf;
-+  cp = cmd_buf;
-if (*cp == '\r')
-cp++;
-@@ -587,11 +573,11 @@ int pr_cmd_read(cmd_rec **res) {
-* command handlers themselves, via cmd->arg.  This small hack
-* reduces the burden on SITE module developers, however.
-*/
--    if (strncasecmp(cp, C_SITE, 4) == 0)
-+    if (strncasecmp(cp, C_SITE, 4) == 0) {
-flags |= PR_STR_FL_PRESERVE_WHITESPACE;
-+    }
-cmd = make_ftp_cmd(session.pool, cp, flags);
--
-if (cmd) {
-*res = cmd;
-}
-diff --git a/src/str.c b/src/str.c
-index d243a17..4f327bf 100644
---- a/src/str.c
-+++ b/src/str.c
-@@ -367,6 +367,81 @@ char *pr_str_strip_end(char *s, char *ch) {
-return s;
-}
-+int pr_str_get_nbytes(const char *str, const char *units, off_t *nbytes) {
-+  off_t sz;
-+  char *ptr = NULL;
-+  float factor = 0.0;
-+
-+  if (str == NULL) {
-+    errno = EINVAL;
-+    return -1;
-+  }
-+
-+  /* No negative numbers. */
-+  if (*str == '-') {
-+    errno = EINVAL;
-+    return -1;
-+  }
-+
-+  if (units == NULL ||
-+      *units == '\0') {
-+    factor = 1.0;
-+
-+  } else if (strncasecmp(units, "KB", 3) == 0) {
-+    factor = 1024.0;
-+
-+  } else if (strncasecmp(units, "MB", 3) == 0) {
-+    factor = 1024.0 * 1024.0;
-+
-+  } else if (strncasecmp(units, "GB", 3) == 0) {
-+    factor = 1024.0 * 1024.0 * 1024.0;
-+
-+  } else if (strncasecmp(units, "TB", 3) == 0) {
-+    factor = 1024.0 * 1024.0 * 1024.0 * 1024.0;
-+
-+  } else if (strncasecmp(units, "B", 2) == 0) {
-+    factor = 1.0;
-+
-+  } else {
-+    errno = EINVAL;
-+    return -1;
-+  }
-+
-+  errno = 0;
-+
-+#ifdef HAVE_STRTOULL
-+  sz = strtoull(str, &ptr, 10);
-+#else
-+  sz = strtoul(str, &ptr, 10);
-+#endif /* !HAVE_STRTOULL */
-+
-+  if (errno == ERANGE) {
-+    return -1;
-+  }
-+
-+  if (ptr != NULL && *ptr) {
-+    /* Error parsing the given string */
-+    errno = EINVAL;
-+    return -1;
-+  }
-+
-+  /* Don't bother applying the factor if the result will overflow the result. */
-+#ifdef ULLONG_MAX
-+  if (sz > (ULLONG_MAX / factor)) {
-+#else
-+  if (sz > (ULONG_MAX / factor)) {
-+#endif /* !ULLONG_MAX */
-+    errno = ERANGE;
-+    return -1;
-+  }
-+
-+  if (nbytes != NULL) {
-+    *nbytes = (off_t) (sz * factor);
-+  }
-+
-+  return 0;
-+}
-+
-char *pr_str_get_word(char **cp, int flags) {
-char *res, *dst;
-char quote_mode = 0;
-diff --git a/tests/t/lib/ProFTPD/Tests/Config/CommandBufferSize.pm b/tests/t/lib/ProFTPD/Tests/Config/CommandBufferSize.pm
-index ed4672a..a57c898 100644
---- a/tests/t/lib/ProFTPD/Tests/Config/CommandBufferSize.pm
-+++ b/tests/t/lib/ProFTPD/Tests/Config/CommandBufferSize.pm
-@@ -94,6 +94,8 @@ sub cmdbuffersz_small {
-die("Can't open $test_path: $!");
-}
-+  my $idle_timeout = 3;
-+
-my $config = {
-PidFile => $pid_file,
-ScoreboardFile => $scoreboard_file,
-@@ -103,6 +105,7 @@ sub cmdbuffersz_small {
-AuthGroupFile => $auth_group_file,
-CommandBufferSize => $cmdbufsz,
-+    TimeoutIdle => $idle_timeout,
-IfModules => {
-'mod_delay.c' => {
-@@ -128,44 +131,16 @@ sub cmdbuffersz_small {
-defined(my $pid = fork()) or die("Can't fork: $!");
-if ($pid) {
-eval {
--      my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port);
-+      my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port, 0, 1);
-$client->login($user, $passwd);
--      my $conn = $client->list_raw($test_file);
--      unless ($conn) {
--        die("Failed to LIST $test_file: " . $client->response_code() . " " .
--          $client->response_msg());
-+      # Since our filename is longer than the CommandBufferSize, proftpd
-+      # should simply ignore this.  It will fail because of the idle timeout
-+      # first.
-+      eval { $client->stat($test_file) };
-+      unless ($@) {
-+        die("STAT command succeeded unexpectedly");
-}
--
--      my $buf;
--      $conn->read($buf, 8192, 30);
--      eval { $conn->close() };
--
--      my $resp_code = $client->response_code();
--      my $resp_msg = $client->response_msg();
--
--      # CommandBufferSize works by truncating any input longer than the
--      # configured length.  (It should arguably reject such longer input,
--      # but that is a different consideration.)
--      #
--      # Since our file name is longer than the CommandBufferSize, it means
--      # the path will be truncated, and the LIST should return 450.
--
--      my $expected;
--
--      $expected = 450;
--      $self->assert($expected == $resp_code,
--        test_msg("Expected $expected, got $resp_code"));
--
--      # This length is CommandBufferSize - "LIST"(4) - " "(1) - 1 for
--      # the NUL reserved in the code.  Thus CommandBufferSize - 6.
--      my $truncated_name = ("A" x ($cmdbufsz - 6));
--
--      $expected = "$truncated_name: No such file or directory";
--      $self->assert($expected eq $resp_msg,
--        test_msg("Expected '$expected', got '$resp_msg'"));
--
--      $client->quit();
-};
-if ($@) {
-@@ -176,7 +151,7 @@ sub cmdbuffersz_small {
-$wfh->flush();
-} else {
--    eval { server_wait($config_file, $rfh) };
-+    eval { server_wait($config_file, $rfh, 15) };
-if ($@) {
-warn($@);
-exit 1;

branch	s11-update
changeset 3224	589e0e82672d
parent 3216	d8137835c0b4
child 3225	7bbaa2f97cd1