1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
https://bugs.gentoo.org/690528
CVE-2019-12815
From a73dbfe3b61459e7c2806d5162b12f0957990cb3 Mon Sep 17 00:00:00 2001
From: TJ Saunders <tj@castaglia.org>
Date: Wed, 17 Jul 2019 09:48:39 -0700
Subject: [PATCH] Backport of fix for Bug#4372 to the 1.3.6 branch.
---
NEWS | 1 +
contrib/mod_copy.c | 36 +++++++++++++++++++++++++++++++++---
2 files changed, 34 insertions(+), 3 deletions(-)
--- a/contrib/mod_copy.c
+++ b/contrib/mod_copy.c
@@ -1,7 +1,7 @@
/*
* ProFTPD: mod_copy -- a module supporting copying of files on the server
* without transferring the data to the client and back
- * Copyright (c) 2009-2016 TJ Saunders
+ * Copyright (c) 2009-2019 TJ Saunders
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -657,7 +657,7 @@ MODRET copy_copy(cmd_rec *cmd) {
MODRET copy_cpfr(cmd_rec *cmd) {
register unsigned int i;
int res;
- char *path = "";
+ char *cmd_name, *path = "";
unsigned char *authenticated = NULL;
if (copy_engine == FALSE) {
@@ -705,6 +705,21 @@ MODRET copy_cpfr(cmd_rec *cmd) {
path = pstrcat(cmd->tmp_pool, path, *path ? " " : "", decoded_path, NULL);
}
+ cmd_name = cmd->argv[0];
+ pr_cmd_set_name(cmd, "SITE_CPFR");
+ if (!dir_check(cmd->tmp_pool, cmd, G_READ, path, NULL)) {
+ int xerrno = EPERM;
+
+ pr_cmd_set_name(cmd, cmd_name);
+ pr_response_add_err(R_550, "%s: %s", (char *) cmd->argv[3],
+ strerror(xerrno));
+
+ pr_cmd_set_errno(cmd, xerrno);
+ errno = xerrno;
+ return PR_ERROR(cmd);
+ }
+ pr_cmd_set_name(cmd, cmd_name);
+
res = pr_filter_allow_path(CURRENT_CONF, path);
switch (res) {
case 0:
@@ -758,6 +773,7 @@ MODRET copy_cpfr(cmd_rec *cmd) {
MODRET copy_cpto(cmd_rec *cmd) {
register unsigned int i;
const char *from, *to = "";
+ char *cmd_name;
unsigned char *authenticated = NULL;
if (copy_engine == FALSE) {
@@ -816,6 +832,20 @@ MODRET copy_cpto(cmd_rec *cmd) {
to = dir_canonical_vpath(cmd->tmp_pool, to);
+ cmd_name = cmd->argv[0];
+ pr_cmd_set_name(cmd, "SITE_CPTO");
+ if (!dir_check(cmd->tmp_pool, cmd, G_WRITE, to, NULL)) {
+ int xerrno = EPERM;
+
+ pr_cmd_set_name(cmd, cmd_name);
+ pr_response_add_err(R_550, "%s: %s", to, strerror(xerrno));
+
+ pr_cmd_set_errno(cmd, xerrno);
+ errno = xerrno;
+ return PR_ERROR(cmd);
+ }
+ pr_cmd_set_name(cmd, cmd_name);
+
if (copy_paths(cmd->tmp_pool, from, to) < 0) {
int xerrno = errno;
const char *err_code = R_550;
@@ -940,7 +970,7 @@ static conftable copy_conftab[] = {
static cmdtable copy_cmdtab[] = {
{ CMD, C_SITE, G_WRITE, copy_copy, FALSE, FALSE, CL_MISC },
- { CMD, C_SITE, G_DIRS, copy_cpfr, FALSE, FALSE, CL_MISC },
+ { CMD, C_SITE, G_READ, copy_cpfr, FALSE, FALSE, CL_MISC },
{ CMD, C_SITE, G_WRITE, copy_cpto, FALSE, FALSE, CL_MISC },
{ POST_CMD, C_PASS, G_NONE, copy_post_pass, FALSE, FALSE },
{ LOG_CMD, C_SITE, G_NONE, copy_log_site, FALSE, FALSE },
--
2.22.0
|
GitWeb