| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Declare line[] in the outermost scope of retrieve() instead of
declaring it in an inner scope and then using it via a pointer
in the outer scope.
Reported by: Coverity
CID: 605895
|
|
|
|
|
|
|
| |
Remove the 3rd clause ("advertising clause") of the BSD license as
permitted by the University of Berkeley on July 22, 1999.
Reviewed by: imp
|
|
|
|
|
|
|
|
|
| |
In sgetpwnam(), save and free pw_class like all other char members
of struct passwd. This fixes spurious "login_getclass: unknown class"
errors.
PR: 186439
Submitted by: UEMURA Tetsuya <t_uemura at macome.co.jp>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]
Fix a buffer overflow in telnetd. [11:08]
Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]
Add sanity checking of service names in pam_start. [11:10]
Approved by: so (cperciva)
Approved by: re (bz)
Security: FreeBSD-SA-11:06.bind
Security: FreeBSD-SA-11:07.chroot
Security: FreeBSD-SA-11:08.telnetd
Security: FreeBSD-SA-11:09.pam_ssh
Security: FreeBSD-SA-11:10.pam
|
|
|
|
| |
calls in ftpd(8).
|
|
|
|
| |
MFC After: 1 week
|
|
|
|
|
| |
Reviewed by: attilio
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
|
| |
the caller. Currently, checkuser() does not differentiate between the
failure to open the file and the absence of a user in the file. Check
to see if there was an error opening the file. If there are any errors,
terminate the connection. Currently, the only exception to this rule
is ENOENT, since there is nothing that says the /etc/ftpuser
and /etc/ftpchroot has to exist.
MFC after: 3 weeks
|
|
|
|
|
|
|
|
| |
Also perform a small cleanup to ftpd_logwtmp(). Just use a NULL
parameter for the username to indicate a logout, instead of an empty
string.
Reported by: Alexey Shuvaev <shuvaev physik uni-wuerzburg de>
|
|
|
|
|
|
|
|
| |
Unfortunately I have to partially wreck its functionality, though. ftpd
used to keep a file descriptor to the wtmp, which allowed it to work
from within a chroot. The current utmpx implementation doesn't offer a
way to do this. Maybe we can address this in the future, if it turns out
to be a real issue.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
long commands into multiple requests. [08:12]
Avoid calling uninitialized function pointers in protocol switch
code. [08:13]
Merry Christmas everybody...
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-08:12.ftpd, FreeBSD-SA-08:13.protosw
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The support for RFC 2640 (UTF8) is optional and rudimentary.
The server just advertises its capability to handle UTF-8 file
names and relies on its own 8-bit cleanness, as well as on
the backward compatibility of UTF-8 with ASCII. So uploaded
files will have UTF-8 names, but the initial server contents
should be prepared in UTF-8 by hand, no on-the-fly conversion
of file names will be done.
PR: bin/111714
Submitted by: Zhang Weiwu <see email in the PR>
MFC after: 1 week
|
|
|
|
|
| |
setting the SO_SNDBUF socket option. Using a hard-coded value for
it was a poor idea anyway in the face of diverse network conditions.
|
|
|
|
|
|
|
|
|
|
| |
family. [1]
- Specify appropriate hints to getaddrinfo(3). [1]
- Obtain address family from peername in inet mode.
Submitted by: Rostislav Krasny <rosti.bsd__at__gmail.com> [1]
Tested by: yar, Rostislav Krasny <rosti.bsd__at__gmail.com>
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
| |
from accept(2) and fork(2). Also close all unneeded fds
in the child process, namely listening sockets for all
address families and the fd initially obtained from accept(2).
(The main ftpd code operates on stdin/stdout anyway as it
has been designed for running from inetd.)
MFC after: 5 days
|
|
|
|
|
|
|
| |
over ctl_sock's -- it is solely the parent daemon's
job. So just break out of the loop in the child.
MFC after: 5 days
|
|
|
|
|
|
|
| |
By default, create a pid file at the standard location, /var/run/ftpd.pid,
in accord with the expected behavior of a stock system daemon.
MFC after: 5 days
|
|
|
|
| |
MFC: along with rev. 1.202
|
|
|
|
|
|
|
| |
the function will emit an annoying log message otherwise.
Reported by: kris
MFC: along with rev. 1.202
|
|
|
|
| |
socklen_t * argument.
|
|
|
|
|
| |
Pointed out by: Nick Leuta
MFC after: 3 days
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The major change is to process STAT sent as an OOB command w/o
breaking the current data transfer. As a side effect, this gives
better error checking in the code performing data transfers.
A lesser, but in no way cosmetic, change is using the flag `recvurg'
in the only signal-safe way that has been blessed by SUSv3. The
other flag, `transflag,' becomes private to the SIGURG machinery,
serves debugging purposes only, and may be dropped in the future.
The `byte_count' global variable is now accounting bytes actually
transferred over the network. This can give status messages looking
strange, like "X of Y bytes transferred," where X > Y, but that has
more sense than trying to compensate for combinations of data formats
on the server and client when transferring ASCII type data. BTW,
getting the size of a file in advance is unreliable for a number of
reasons in the first place. See question 18.8 of the Infrequently
Asked Questions in comp.lang.c for details.
PR: bin/52072
Tested by: Nick Leuta (earlier versions), a stress-testing tool (final)
MFC after: 1 month
|
|
|
|
|
|
|
| |
A daemon has no stderr to send its complains to.
Pointed out by: Nick Leuta
MFC after: 1 week
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When in inetd mode, this prevents bogus messages from
appearing on the control channel. When running as a
daemon, we shouldn't write to the terminal we used to
have at all.
PR: bin/74823
MFC after: 1 week
|
|
|
|
|
|
| |
stop the search on the first match for efficiency.
Submitted by: Nick Leuta
|
|
|
|
|
|
| |
an FTP user has no chance to change password anyway.
Submitted by: Nick Leuta
|
|
|
|
|
|
|
| |
Log it once at the beginning of the session instead. OTOH, log wd each
time for the sake of better auditing and consistent log format.
Proposed by: Nick Leuta <skynick -at- mail.sc.ru>
|
|
|
|
| |
PR: bin/59773
|
| |
|
|
|
|
|
|
| |
regarding restricted users.
MFC after: 2 weeks
|
|
|
|
| |
Tested with: md5(1)
|
| |
|
|
|
|
| |
is disabled entirely.
|
|
|
|
|
| |
in server messages wherever this doesn't contradict to a particular
message format.
|
|
|
|
| |
can detect format errors.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
add the working directory pathname to the log message if any of
such arguments isn't absolute. This has advantage over the old
way of logging that an admin can see what users are actually trying
to do, and where. The old code was also not too robust when it
came to a chrooted session and an absolute pathname.
Pointed out by: Nick Leuta
MFC after: 2 weeks
|
| |
|
| |
|
|
|
|
|
| |
getwd() -> getcwd()
wait3() -> waitpid()
|
|
|
|
| |
Noticed by: Nick Leuta <skynick -at- mail.sc.ru> (some of them)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
for status replies on file system objects:
212 Directory status.
213 File status.
Reported by: Oleg Koreshkov <okor -at- zone.salut.ru>
MFC after: 1 week
|
|
|
|
|
|
|
| |
The size_t type is better suited for that, particularly because
the "blksize" argument is to be passed to malloc() and read().
On 64-bit archs it's more to a style issue, but the good style
of coding in C is also important.
|
|
|
|
| |
They're unneeded and sometimes erroneous now.
|
|
|
|
|
|
|
|
| |
Previously logxfer() used to record bogus pathnames to the log
in some cases, namely, when cwd was / or "name" was absolute.
Noticed by: Nick Leuta
MFC after: 2 weeks
|