projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 40bc86a)
package/pure-ftpd: fix CVE-2020-9274
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sat, 28 Mar 2020 09:00:42 +0000 (10:00 +0100)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Sat, 28 Mar 2020 13:40:47 +0000 (14:40 +0100)
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer
vulnerability has been detected in the diraliases linked list. When the
*lookup_alias(const char alias) or print_aliases(void) function is
called, they fail to correctly detect the end of the linked list and try
to access a non-existent list member. This is related to init_aliases in
diraliases.c.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/pure-ftpd/0003-diraliases-always-set-the-tail-of-the-list-to-NULL.patch [new file with mode: 0644] patch | blob
package/pure-ftpd/pure-ftpd.mk patch | blob | history

diff --git a/package/pure-ftpd/0003-diraliases-always-set-the-tail-of-the-list-to-NULL.patch b/package/pure-ftpd/0003-diraliases-always-set-the-tail-of-the-list-to-NULL.patch
new file mode 100644 (file)
index 0000000..6c58eb7
--- /dev/null
+++ b/package/pure-ftpd/0003-diraliases-always-set-the-tail-of-the-list-to-NULL.patch
@@ -0,0 +1,35 @@
+From 8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa Mon Sep 17 00:00:00 2001
+From: Frank Denis <github@pureftpd.org>
+Date: Tue, 18 Feb 2020 18:36:58 +0100
+Subject: [PATCH] diraliases: always set the tail of the list to NULL
+
+Spotted and reported by Antonio Norales from GitHub Security Labs.
+Thanks!
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa]
+---
+ src/diraliases.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/diraliases.c b/src/diraliases.c
+index 4002a36..fb70273 100644
+--- a/src/diraliases.c
++++ b/src/diraliases.c
+@@ -93,7 +93,6 @@ int init_aliases(void)
+                 (tail->dir = strdup(dir)) == NULL) {
+                 die_mem();
+             }
+-            tail->next = NULL;
+         } else {
+             DirAlias *curr;
+@@ -105,6 +104,7 @@ int init_aliases(void)
+             tail->next = curr;
+             tail = curr;
+         }
++        tail->next = NULL;
+     }
+     fclose(fp);
+     aliases_up++;
diff --git a/package/pure-ftpd/pure-ftpd.mk b/package/pure-ftpd/pure-ftpd.mk
index 0ef9a35250783d677b80116ff7cd090aff255c0f..7b7c7d96374c914341705432fced6d69e56c3e2f 100644 (file)
--- a/package/pure-ftpd/pure-ftpd.mk
+++ b/package/pure-ftpd/pure-ftpd.mk
@@ -17,6 +17,9 @@ PURE_FTPD_IGNORE_CVES += CVE-2019-20176
 # 0002-pure_strcmp-len-s2-can-be-len-s1.patch
 PURE_FTPD_IGNORE_CVES += CVE-2020-9365
 
+# 0003-diraliases-always-set-the-tail-of-the-list-to-NULL.patch
+PURE_FTPD_IGNORE_CVES += CVE-2020-9274
+
 PURE_FTPD_CONF_OPTS = \
        --with-altlog \
        --with-puredb