From krb5-bugs-incoming-bounces@PCH.mit.edu Thu Mar 31 13:19:38 2011
Return-Path: <krb5-bugs-incoming-bounces@PCH.mit.edu>
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
by krbdev.mit.edu (Postfix) with ESMTP id A9C983E640;
Thu, 31 Mar 2011 13:19:37 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id p2VHJbaA029940;
Thu, 31 Mar 2011 13:19:37 -0400
Received: from mailhub-dmz-2.mit.edu (MAILHUB-DMZ-2.MIT.EDU [18.7.62.37])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id p2UL1uED029674
for <krb5-bugs-incoming@PCH.mit.edu>; Wed, 30 Mar 2011 17:01:56 -0400
Received: from dmz-mailsec-scanner-7.mit.edu (DMZ-MAILSEC-SCANNER-7.MIT.EDU
[18.7.68.36])
by mailhub-dmz-2.mit.edu (8.13.8/8.9.2) with ESMTP id p2UL0vHR008658
for <krb5-bugs@mit.edu>; Wed, 30 Mar 2011 17:01:56 -0400
X-AuditID: 12074424-b7cacae000003d70-d7-4d939a1fc0e6
Authentication-Results: symauth.service.identifier; spf=pass; senderid=pass
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP
id 9A.2F.15728.F1A939D4; Wed, 30 Mar 2011 17:01:19 -0400 (EDT)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
(int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p2UL1skN000368
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
for <krb5-bugs@mit.edu>; Wed, 30 Mar 2011 17:01:54 -0400
Received: from blade.bos.redhat.com (blade.bos.redhat.com [10.16.19.220])
by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
id p2UL1qxq010349
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <krb5-bugs@mit.edu>; Wed, 30 Mar 2011 17:01:54 -0400
Received: from blade.bos.redhat.com (localhost.localdomain [127.0.0.1])
by blade.bos.redhat.com (8.14.4/8.14.3) with ESMTP id p2UL2EZk004172
for <krb5-bugs@mit.edu>; Wed, 30 Mar 2011 17:02:14 -0400
Received: (from nalin@localhost)
by blade.bos.redhat.com (8.14.4/8.14.4/Submit) id p2UL2EEB004171;
Wed, 30 Mar 2011 17:02:14 -0400
Date: Wed, 30 Mar 2011 17:02:14 -0400
Message-Id: <201103302102.p2UL2EEB004171@blade.bos.redhat.com>
To: krb5-bugs@mit.edu
Subject: ftpd parses ftpusers entries that use "restrict" incorrectly
From: nalin@redhat.com
X-send-pr-version: 3.99
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpmleJIrShJLcpLzFFi42K52LJdRld+1mRfg13TLCwaHh5nd2D0aDpz
lDmAMYrLJiU1J7MstUjfLoErY+n/VsaCS1wVi2YcZW9g3MnRxcjJISFgInHw7l5mEJtRwFvi
zdXj7BBxMYkL99azdTFycQgJnGCUOHJ7KzOEs4lJomXCHShnKZPEr5nHWSCck4wSVxdeZIdw
2hglvrcfBhvGIqAqsenISVYQm1fATqK9/TULiC0iICrx8u8xMFtYwFXiUcc9MJsNaPmNeafA
6oUEpCTaL01nA7GZBVgk/rzZwAJxoLjEju2noY7VlmiYNZllAqPgAkaGVYyyKblVurmJmTnF
qcm6xcmJeXmpRbrmermZJXqpKaWbGIGhJsTuorKDsfmQ0iFGAQ5GJR7exuDJvkKsiWXFlbmH
GCU5mJREeVfOAArxJeWnVGYkFmfEF5XmpBYfYpTgYFYS4a3UAcrxpiRWVqUW5cOkpDlYlMR5
50mq+woJpCeWpGanphakFsFkmTjYDzHKcHAoSfDOmQnULViUmp5akZaZU4KshhNEcIGs4QFa
cwykkLe4IDG3ODMdougUoy7H/IuP9jIKseTl56VKiUNMEwApyijNgxsGShv1////v8QoKyXM
y8jAwCDEA3QNMBAQ8qC084pRHBgAwrxTQabwZOaVwG16BXQEE9ARgUoTQI4oSURISTUwTlUv
PDXN1eTr6k6+7yEfX5eJR+qn+H8887c3eNvXIj21Tc/38q8MLpVwzkrNso2+caVoXmPFmZfR
Dv1q4fKXHKbNOMuSahMrp/GvUaRx2ZPYljfaV9dI/nJeePSUxJoohhup//Tf7368aYn02tfz
ZLexWJbk8uSH/+6zOD7Rv+P28/Y5Ji9jlFiKMxINtZiLihMBuZhxPxYDAAA=
X-Mailman-Approved-At: Thu, 31 Mar 2011 13:19:35 -0400
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: nalin@redhat.com
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu
System: Linux blade.bos.redhat.com 2.6.38-1.fc15.x86_64 #1 SMP Tue Mar 15 05:29:00 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
Architecture: x86_64
correctly handle lines which use "restrict".
name to /etc/ftpusers with the "restrict" keyword. If you
connect, you won't be chrooted, and the "pwd" command will
indicate that you're in your home directory rather than the
root directory.
Index: gssftp/ftpd/ftpd.c
===================================================================
--- gssftp/ftpd/ftpd.c (revision 3308)
+++ gssftp/ftpd/ftpd.c (working copy)
@@ -805,7 +805,7 @@
if (strcmp(line, name) == 0)
return (1);
if (strncmp(line, name, strlen(name)) == 0) {
- int i = strlen(name) + 1;
+ int i = strlen(name);
/* Make sure foo doesn't match foobar */
if (line[i] == '\0' || !isspace((int) line[i]))
Return-Path: <krb5-bugs-incoming-bounces@PCH.mit.edu>
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
by krbdev.mit.edu (Postfix) with ESMTP id A9C983E640;
Thu, 31 Mar 2011 13:19:37 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id p2VHJbaA029940;
Thu, 31 Mar 2011 13:19:37 -0400
Received: from mailhub-dmz-2.mit.edu (MAILHUB-DMZ-2.MIT.EDU [18.7.62.37])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id p2UL1uED029674
for <krb5-bugs-incoming@PCH.mit.edu>; Wed, 30 Mar 2011 17:01:56 -0400
Received: from dmz-mailsec-scanner-7.mit.edu (DMZ-MAILSEC-SCANNER-7.MIT.EDU
[18.7.68.36])
by mailhub-dmz-2.mit.edu (8.13.8/8.9.2) with ESMTP id p2UL0vHR008658
for <krb5-bugs@mit.edu>; Wed, 30 Mar 2011 17:01:56 -0400
X-AuditID: 12074424-b7cacae000003d70-d7-4d939a1fc0e6
Authentication-Results: symauth.service.identifier; spf=pass; senderid=pass
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP
id 9A.2F.15728.F1A939D4; Wed, 30 Mar 2011 17:01:19 -0400 (EDT)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
(int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p2UL1skN000368
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
for <krb5-bugs@mit.edu>; Wed, 30 Mar 2011 17:01:54 -0400
Received: from blade.bos.redhat.com (blade.bos.redhat.com [10.16.19.220])
by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
id p2UL1qxq010349
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <krb5-bugs@mit.edu>; Wed, 30 Mar 2011 17:01:54 -0400
Received: from blade.bos.redhat.com (localhost.localdomain [127.0.0.1])
by blade.bos.redhat.com (8.14.4/8.14.3) with ESMTP id p2UL2EZk004172
for <krb5-bugs@mit.edu>; Wed, 30 Mar 2011 17:02:14 -0400
Received: (from nalin@localhost)
by blade.bos.redhat.com (8.14.4/8.14.4/Submit) id p2UL2EEB004171;
Wed, 30 Mar 2011 17:02:14 -0400
Date: Wed, 30 Mar 2011 17:02:14 -0400
Message-Id: <201103302102.p2UL2EEB004171@blade.bos.redhat.com>
To: krb5-bugs@mit.edu
Subject: ftpd parses ftpusers entries that use "restrict" incorrectly
From: nalin@redhat.com
X-send-pr-version: 3.99
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpmleJIrShJLcpLzFFi42K52LJdRld+1mRfg13TLCwaHh5nd2D0aDpz
lDmAMYrLJiU1J7MstUjfLoErY+n/VsaCS1wVi2YcZW9g3MnRxcjJISFgInHw7l5mEJtRwFvi
zdXj7BBxMYkL99azdTFycQgJnGCUOHJ7KzOEs4lJomXCHShnKZPEr5nHWSCck4wSVxdeZIdw
2hglvrcfBhvGIqAqsenISVYQm1fATqK9/TULiC0iICrx8u8xMFtYwFXiUcc9MJsNaPmNeafA
6oUEpCTaL01nA7GZBVgk/rzZwAJxoLjEju2noY7VlmiYNZllAqPgAkaGVYyyKblVurmJmTnF
qcm6xcmJeXmpRbrmermZJXqpKaWbGIGhJsTuorKDsfmQ0iFGAQ5GJR7exuDJvkKsiWXFlbmH
GCU5mJREeVfOAArxJeWnVGYkFmfEF5XmpBYfYpTgYFYS4a3UAcrxpiRWVqUW5cOkpDlYlMR5
50mq+woJpCeWpGanphakFsFkmTjYDzHKcHAoSfDOmQnULViUmp5akZaZU4KshhNEcIGs4QFa
cwykkLe4IDG3ODMdougUoy7H/IuP9jIKseTl56VKiUNMEwApyijNgxsGShv1////v8QoKyXM
y8jAwCDEA3QNMBAQ8qC084pRHBgAwrxTQabwZOaVwG16BXQEE9ARgUoTQI4oSURISTUwTlUv
PDXN1eTr6k6+7yEfX5eJR+qn+H8887c3eNvXIj21Tc/38q8MLpVwzkrNso2+caVoXmPFmZfR
Dv1q4fKXHKbNOMuSahMrp/GvUaRx2ZPYljfaV9dI/nJeePSUxJoohhup//Tf7368aYn02tfz
ZLexWJbk8uSH/+6zOD7Rv+P28/Y5Ji9jlFiKMxINtZiLihMBuZhxPxYDAAA=
X-Mailman-Approved-At: Thu, 31 Mar 2011 13:19:35 -0400
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: nalin@redhat.com
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu
Show quoted text
>Submitter-Id: net
>Originator: Nalin Dahyabhai
>Organization:
>Confidential: no
>Synopsis: ftpd parses ftpusers entries that use "restrict" incorrectly
>Severity: non-critical
>Priority: low
>Category: krb5-appl
>Class: sw-bug
>Release: 1.9
>Environment:
>Originator: Nalin Dahyabhai
>Organization:
>Confidential: no
>Synopsis: ftpd parses ftpusers entries that use "restrict" incorrectly
>Severity: non-critical
>Priority: low
>Category: krb5-appl
>Class: sw-bug
>Release: 1.9
>Environment:
System: Linux blade.bos.redhat.com 2.6.38-1.fc15.x86_64 #1 SMP Tue Mar 15 05:29:00 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
Architecture: x86_64
Show quoted text
>Description:
Jatin Nansi notes that when parsing /etc/ftpusers, ftpd doesn'tcorrectly handle lines which use "restrict".
Show quoted text
>How-To-Repeat:
Set up ftpd with a keytab, as usual, and add your local user'sname to /etc/ftpusers with the "restrict" keyword. If you
connect, you won't be chrooted, and the "pwd" command will
indicate that you're in your home directory rather than the
root directory.
Show quoted text
>Fix:
Here's Jatin's one-line fix:Index: gssftp/ftpd/ftpd.c
===================================================================
--- gssftp/ftpd/ftpd.c (revision 3308)
+++ gssftp/ftpd/ftpd.c (working copy)
@@ -805,7 +805,7 @@
if (strcmp(line, name) == 0)
return (1);
if (strncmp(line, name, strlen(name)) == 0) {
- int i = strlen(name) + 1;
+ int i = strlen(name);
/* Make sure foo doesn't match foobar */
if (line[i] == '\0' || !isspace((int) line[i]))