NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/pure-ftpd: fix CVE-2021-40524

Browse Source 
In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the
server allows attackers to upload files of unbounded size, which may
lead to denial of service or a server hang. This occurs because a
certain greater-than-zero test does not anticipate an initial -1 value.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine 2021-11-23 23:36:21 +01:00 committed by Peter Korsgaard
parent d317b76458
commit 4fd5d8df2a
2 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
package/pure-ftpd/0004-Initialize-the-max-upload-file-size-when-quotas-are-enabled.patch Normal file
View File

@ -0,0 +1,33 @@
From 37ad222868e52271905b94afea4fc780d83294b4 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Tue, 23 Nov 2021 18:53:34 +0100
Subject: [PATCH] Initialize the max upload file size when quotas are enabled
Due to an unwanted check, files causing the quota to be exceeded
were deleted after the upload, but not during the upload.
The bug was introduced in 2009 in version 1.0.23
Spotted by @DroidTest, thanks!
[Retrieved from:
https://github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
src/ftpd.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/ftpd.c b/src/ftpd.c
index d856839..be2fd78 100644
--- a/src/ftpd.c
+++ b/src/ftpd.c
@@ -4247,8 +4247,7 @@ void dostor(char *name, const int append, const int autorename)
if (quota_update(&quota, 0LL, 0LL, &overflow) == 0 &&
(overflow > 0 || quota.files >= user_quota_files ||
quota.size > user_quota_size ||
- (max_filesize >= (off_t) 0 &&
- (max_filesize = user_quota_size - quota.size) < (off_t) 0))) {
+ (max_filesize = user_quota_size - quota.size) < (off_t) 0)) {
overflow = 1;
(void) close(f);
goto afterquota;

3
package/pure-ftpd/pure-ftpd.mk
View File

@ -21,6 +21,9 @@ PURE_FTPD_IGNORE_CVES += CVE-2020-9365
# 0003-diraliases-always-set-the-tail-of-the-list-to-NULL.patch
PURE_FTPD_IGNORE_CVES += CVE-2020-9274
# 0004-Initialize-the-max-upload-file-size-when-quotas-are-enabled.patch
PURE_FTPD_IGNORE_CVES += CVE-2021-40524
PURE_FTPD_CONF_OPTS = \
--with-altlog \
--with-puredb