RTOS/rtems
1
0
Fork 0
forked from Imagelibrary/rtems
Code Pull Requests Activity

ftpd: Fix insecure chroot() handling

Browse Source 
Ensure that the rtems_libio_set_private_env() was successful before the
chroot().

Update #3530.
This commit is contained in:
Sebastian Huber
2018-10-05 15:16:46 +02:00
parent df97c4d25f
commit be8de0ff46
1 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
cpukit/ftpd/ftpd.c
View File

@@ -1879,14 +1879,9 @@ static void
session(rtems_task_argument arg) session(rtems_task_argument arg)
{ {
FTPD_SessionInfo_t *const info = (FTPD_SessionInfo_t *)arg; FTPD_SessionInfo_t *const info = (FTPD_SessionInfo_t *)arg;
int chroot_made = 0; bool chroot_made = false;
rtems_libio_set_private_env(); while (1)
/* chroot() can fail here because the directory may not exist yet. */
chroot_made = chroot(ftpd_root) == 0;
while(1)
{ {
rtems_event_set set; rtems_event_set set;
int rv; int rv;
@@ -1894,8 +1889,14 @@ session(rtems_task_argument arg)
rtems_event_receive(FTPD_RTEMS_EVENT, RTEMS_EVENT_ANY, RTEMS_NO_TIMEOUT, rtems_event_receive(FTPD_RTEMS_EVENT, RTEMS_EVENT_ANY, RTEMS_NO_TIMEOUT,
&set); &set);
chroot_made = chroot_made || chroot(ftpd_root) == 0; chroot_made = chroot_made
|| (rtems_libio_set_private_env() == RTEMS_SUCCESSFUL
&& chroot(ftpd_root) == 0);
/*
* The chdir() must immediatly follow the chroot(), otherwise static
* analysis tools may complain about a security issue.
*/
rv = chroot_made ? chdir("/") : -1; rv = chroot_made ? chdir("/") : -1;
errno = 0; errno = 0;