NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/pure-ftpd: fix CVE-2020-9274

Browse Source 
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer
vulnerability has been detected in the diraliases linked list. When the
*lookup_alias(const char alias) or print_aliases(void) function is
called, they fail to correctly detect the end of the linked list and try
to access a non-existent list member. This is related to init_aliases in
diraliases.c.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Fabrice Fontaine 2020-03-28 10:00:42 +01:00 committed by Thomas Petazzoni
parent 40bc86afe9
commit 1d8426b32c
2 changed files with 38 additions and 0 deletions

35
package/pure-ftpd/0003-diraliases-always-set-the-tail-of-the-list-to-NULL.patch Normal file
View File

@ -0,0 +1,35 @@
From 8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Tue, 18 Feb 2020 18:36:58 +0100
Subject: [PATCH] diraliases: always set the tail of the list to NULL
Spotted and reported by Antonio Norales from GitHub Security Labs.
Thanks!
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Retrieved from:
https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa]
---
src/diraliases.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/diraliases.c b/src/diraliases.c
index 4002a36..fb70273 100644
--- a/src/diraliases.c
+++ b/src/diraliases.c
@@ -93,7 +93,6 @@ int init_aliases(void)
(tail->dir = strdup(dir)) == NULL) {
die_mem();
}
- tail->next = NULL;
} else {
DirAlias *curr;
@@ -105,6 +104,7 @@ int init_aliases(void)
tail->next = curr;
tail = curr;
}
+ tail->next = NULL;
}
fclose(fp);
aliases_up++;

3
package/pure-ftpd/pure-ftpd.mk
View File

@ -17,6 +17,9 @@ PURE_FTPD_IGNORE_CVES += CVE-2019-20176
# 0002-pure_strcmp-len-s2-can-be-len-s1.patch
PURE_FTPD_IGNORE_CVES += CVE-2020-9365
# 0003-diraliases-always-set-the-tail-of-the-list-to-NULL.patch
PURE_FTPD_IGNORE_CVES += CVE-2020-9274
PURE_FTPD_CONF_OPTS = \
--with-altlog \
--with-puredb