[myserver-commit] [3033] segfault caused by improper/malicious sequence

myserver-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[myserver-commit] [3033] segfault caused by improper/malicious sequence

From:	Alexandru IANCU
Subject:	[myserver-commit] [3033] segfault caused by improper/malicious sequence of commands(e.g.PASS/ LIST); affected commands: LIST, NLST, PASV
Date:	Sat, 28 Mar 2009 12:40:35 +0000

Revision: 3033
          http://svn.sv.gnu.org/viewvc/?view=rev&root=myserver&revision=3033
Author:   andu
Date:     2009-03-28 12:40:28 +0000 (Sat, 28 Mar 2009)
Log Message:
-----------
segfault caused by improper/malicious sequence of commands(e.g.PASS/LIST); 
affected commands: LIST, NLST, PASV

Modified Paths:
--------------
    trunk/myserver/include/protocol/ftp/ftp_common.h
    trunk/myserver/src/base/file/files_utility.cpp
    trunk/myserver/src/conf/mime/mime_manager.cpp
    trunk/myserver/src/conf/vhost/vhost_manager.cpp
    trunk/myserver/src/protocol/ftp/ftp.cpp
    trunk/myserver/src/protocol/http/http.cpp

Modified: trunk/myserver/include/protocol/ftp/ftp_common.h
===================================================================
--- trunk/myserver/include/protocol/ftp/ftp_common.h    2009-03-27 22:49:17 UTC 
(rev 3032)
+++ trunk/myserver/include/protocol/ftp/ftp_common.h    2009-03-28 12:40:28 UTC 
(rev 3033)
@@ -32,7 +32,7 @@
 
 void SetFtpHost(FtpHost &out, const FtpHost &in);
 void SetFtpHost(FtpHost &out, const char *szIn);
-void GetIpAddr(const FtpHost &host, char *pOut);
+void GetIpAddr(const FtpHost &host, char *pOut, const int &nBuffSize);
 int GetPortNo(const FtpHost &host);
 std::string GetPortNo(unsigned int nPort);
 std::string GetHost(const FtpHost &host);

Modified: trunk/myserver/src/base/file/files_utility.cpp
===================================================================
--- trunk/myserver/src/base/file/files_utility.cpp      2009-03-27 22:49:17 UTC 
(rev 3032)
+++ trunk/myserver/src/base/file/files_utility.cpp      2009-03-28 12:40:28 UTC 
(rev 3033)
@@ -269,6 +269,7 @@
 #ifdef NOT_WIN
   struct stat F_Stats;
   int ret = stat(filename, &F_Stats);
+  int nErr = errno;
   if(ret < 0)
     return 0;
 

Modified: trunk/myserver/src/conf/mime/mime_manager.cpp
===================================================================
--- trunk/myserver/src/conf/mime/mime_manager.cpp       2009-03-27 22:49:17 UTC 
(rev 3032)
+++ trunk/myserver/src/conf/mime/mime_manager.cpp       2009-03-28 12:40:28 UTC 
(rev 3033)
@@ -170,6 +170,12 @@
     if (!xmlStrcmp (attrs->name, (const xmlChar *)"param") && 
         attrs->children && attrs->children->content)
       rc->cgiManager.assign ((const char*)attrs->children->content);
+    /*
+    if (!xmlStrcmp (attrs->name, (const xmlChar *)"host") && 
+        attrs->children && attrs->children->content)
+      rc-> = xmlStrcmp (attrs->children->content, 
+                                    (const xmlChar *)"YES");
+*/
   }
 
 

Modified: trunk/myserver/src/conf/vhost/vhost_manager.cpp
===================================================================
--- trunk/myserver/src/conf/vhost/vhost_manager.cpp     2009-03-27 22:49:17 UTC 
(rev 3032)
+++ trunk/myserver/src/conf/vhost/vhost_manager.cpp     2009-03-28 12:40:28 UTC 
(rev 3033)
@@ -377,8 +377,8 @@
             }
           else if(!xmlStrcmp(lcur->name, (const xmlChar *)"LOCATION"))
             {
-              string loc (vh->getDocumentRoot ());
-              loc.append ("/");
+              string loc (vh->getDocumentRoot());
+              //loc.append ("/");
               for (xmlAttr *attrs = lcur->properties; attrs; attrs = 
attrs->next)
                 {
                   if(!xmlStrcmp (attrs->name, (const xmlChar *)"path"))

Modified: trunk/myserver/src/protocol/ftp/ftp.cpp
===================================================================
--- trunk/myserver/src/protocol/ftp/ftp.cpp     2009-03-27 22:49:17 UTC (rev 
3032)
+++ trunk/myserver/src/protocol/ftp/ftp.cpp     2009-03-28 12:40:28 UTC (rev 
3033)
@@ -66,13 +66,14 @@
   free(szLocalIn);
 }
 
-void GetIpAddr(const FtpHost &host, char *pOut)
+void GetIpAddr(const FtpHost &host, char *pOut, const int &nBuffSize)
 {
   if ( pOut == NULL )
     return;
   std::ostringstream sRet;
   sRet << host.h1 << '.' << host.h2 << '.' << host.h3 << '.' << host.h4;
-  strcpy(pOut, sRet.str().c_str());
+  memset(pOut, 0, nBuffSize);
+  strncpy(pOut, sRet.str().c_str(), nBuffSize-1);
 }
 
 int GetPortNo(const FtpHost &host)
@@ -145,6 +146,12 @@
   m_sCurrentFileName = "";
   m_nFileSize = 0;
   m_nBytesSent = 0;
+  m_cdh.h1 = 0;
+  m_cdh.h2 = 0;
+  m_cdh.h3 = 0;
+  m_cdh.h4 = 0;
+  m_cdh.p1 = 0;
+  m_cdh.p2 = 0;
 }
 
 int FtpUserData::CloseDataConnection()
@@ -544,7 +551,10 @@
 
   pFtpUserData->m_bPassiveSrv = true;
     if ( OpenDataConnection() == 0 )
-    ftp_reply(425);//RFC959 command replay exception
+      {
+       ftp_reply(425);//RFC959 command replay exception
+       return;
+      }
 
   std::string sTempText;
   get_ftp_reply(227, sTempText);
@@ -1573,7 +1583,7 @@
   ((sockaddr_in*)(&storage))->sin_family = AF_INET;
   char szIpAddr[16];
   memset(szIpAddr, 0, 16);
-  GetIpAddr(pFtpUserData->m_cdh, szIpAddr);
+  GetIpAddr(pFtpUserData->m_cdh, szIpAddr, 16);
 #ifdef WIN32
   ((sockaddr_in*)(&storage))->sin_addr.s_addr = inet_addr(szIpAddr);
 #else
@@ -1604,7 +1614,7 @@
   dataSocket.socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
   char szIpAddr[16];
   memset(szIpAddr, 0, 16);
-  GetIpAddr(pFtpUserData->m_cdh, szIpAddr);
+  GetIpAddr(pFtpUserData->m_cdh, szIpAddr, 16);
   if ( dataSocket.connect(szIpAddr, GetPortNo(pFtpUserData->m_cdh)) < 0 )
     return 0;
 
@@ -1691,7 +1701,10 @@
     {
       ftp_reply(150);
         if ( OpenDataConnection() == 0 )
-        ftp_reply(425);
+         {
+           ftp_reply(425);
+           return;
+         }
     }
 
   std::string sPath(sLocalPath);
@@ -1924,7 +1937,10 @@
     {
       ftp_reply(150);
         if ( OpenDataConnection() == 0 )
-        ftp_reply(425);
+         {
+           ftp_reply(425);
+           return;
+         }
     }
 
   std::string sPath(sLocalPath);

Modified: trunk/myserver/src/protocol/http/http.cpp
===================================================================
--- trunk/myserver/src/protocol/http/http.cpp   2009-03-27 22:49:17 UTC (rev 
3032)
+++ trunk/myserver/src/protocol/http/http.cpp   2009-03-28 12:40:28 UTC (rev 
3033)
@@ -820,7 +820,7 @@
     if(ret != 200)
       return raiseHTTPError(ret);
 
-    if(!td->mime && FilesUtility::isDirectory(td->filenamePath.c_str()))
+    if(!td->mime && FilesUtility::isDirectory(td->filenamePath.c_str()) /*&& 
filename.empty()*/)
     {
       return processDefaultFile (uri, td->permissions, onlyHeader);
     }
@@ -844,7 +844,7 @@
       {
         return manager->send (td,
                               td->connection,
-                              td->filenamePath.c_str(),
+                              filename.c_str(), //td->filenamePath.c_str(),
                               cgiManager,
                               td->mime->selfExecuted,
                               onlyHeader);

[Prev in Thread]

Current Thread

[Next in Thread]

[myserver-commit] [3033] segfault caused by improper/malicious sequence of commands(e.g.PASS/ LIST); affected commands: LIST, NLST, PASV, Alexandru IANCU <=

Prev by Date: [myserver-commit] [3032] Use the found YACC and LEX programs to generate the FTP parser.
Next by Date: [myserver-commit] [3034] wrong merge with old sources(e.g.
Previous by thread: [myserver-commit] [3032] Use the found YACC and LEX programs to generate the FTP parser.
Next by thread: [myserver-commit] [3034] wrong merge with old sources(e.g.
Index(es):
- Date
- Thread