tjh.dev
nixpkgs mirror (for testing)
github.com/NixOS/nixpkgs
nix
1Description: CVE-2015-1419: config option deny_file is not handled correctly
2Author: Marcus Meissner <meissner@suse.com>
3Origin: https://bugzilla.novell.com/show_bug.cgi?id=CVE-2015-1419
4Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776922
5Last-Update: 2015-02-24
6---
7This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
8Index: trunk/ls.c
9===================================================================
10--- trunk.orig/ls.c
11+++ trunk/ls.c
12@@ -7,6 +7,7 @@
13 * Would you believe, code to handle directory listing.
14 */
15
16+#include <stdlib.h>
17 #include "ls.h"
18 #include "access.h"
19 #include "defs.h"
20@@ -243,11 +244,42 @@ vsf_filename_passes_filter(const struct
21 struct mystr temp_str = INIT_MYSTR;
22 struct mystr brace_list_str = INIT_MYSTR;
23 struct mystr new_filter_str = INIT_MYSTR;
24+ struct mystr normalize_filename_str = INIT_MYSTR;
25+ const char *normname;
26+ const char *path;
27 int ret = 0;
28 char last_token = 0;
29 int must_match_at_current_pos = 1;
30+
31 str_copy(&filter_remain_str, p_filter_str);
32- str_copy(&name_remain_str, p_filename_str);
33+
34+ /* normalize filepath */
35+ path = str_strdup(p_filename_str);
36+ normname = realpath(path, NULL);
37+ if (normname == NULL)
38+ goto out;
39+ str_alloc_text(&normalize_filename_str, normname);
40+
41+ if (!str_isempty (&filter_remain_str) && !str_isempty(&normalize_filename_str)) {
42+ if (str_get_char_at(p_filter_str, 0) == '/') {
43+ if (str_get_char_at(&normalize_filename_str, 0) != '/') {
44+ str_getcwd (&name_remain_str);
45+
46+ if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
47+ str_append_char (&name_remain_str, '/');
48+
49+ str_append_str (&name_remain_str, &normalize_filename_str);
50+ }
51+ else
52+ str_copy (&name_remain_str, &normalize_filename_str);
53+ } else {
54+ if (str_get_char_at(p_filter_str, 0) != '{')
55+ str_basename (&name_remain_str, &normalize_filename_str);
56+ else
57+ str_copy (&name_remain_str, &normalize_filename_str);
58+ }
59+ } else
60+ str_copy(&name_remain_str, &normalize_filename_str);
61
62 while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
63 {
64@@ -379,6 +411,9 @@ vsf_filename_passes_filter(const struct
65 ret = 0;
66 }
67 out:
68+ free((char*) normname);
69+ free((char*) path);
70+ str_free(&normalize_filename_str);
71 str_free(&filter_remain_str);
72 str_free(&name_remain_str);
73 str_free(&temp_str);
74Index: trunk/str.c
75===================================================================
76--- trunk.orig/str.c
77+++ trunk/str.c
78@@ -723,3 +723,14 @@ str_replace_unprintable(struct mystr* p_
79 }
80 }
81
82+void
83+str_basename (struct mystr* d_str, const struct mystr* path)
84+{
85+ static struct mystr tmp;
86+
87+ str_copy (&tmp, path);
88+ str_split_char_reverse(&tmp, d_str, '/');
89+
90+ if (str_isempty(d_str))
91+ str_copy (d_str, path);
92+}
93Index: trunk/str.h
94===================================================================
95--- trunk.orig/str.h
96+++ trunk/str.h
97@@ -101,6 +101,7 @@ void str_replace_unprintable(struct myst
98 int str_atoi(const struct mystr* p_str);
99 filesize_t str_a_to_filesize_t(const struct mystr* p_str);
100 unsigned int str_octal_to_uint(const struct mystr* p_str);
101+void str_basename (struct mystr* d_str, const struct mystr* path);
102
103 /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string
104 * buffer, starting at character position 'p_pos'. The extracted line will