[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[myserver-commit] [3033] segfault caused by improper/malicious sequence
From: |
Alexandru IANCU |
Subject: |
[myserver-commit] [3033] segfault caused by improper/malicious sequence of commands(e.g.PASS/ LIST); affected commands: LIST, NLST, PASV |
Date: |
Sat, 28 Mar 2009 12:40:35 +0000 |
Revision: 3033
http://svn.sv.gnu.org/viewvc/?view=rev&root=myserver&revision=3033
Author: andu
Date: 2009-03-28 12:40:28 +0000 (Sat, 28 Mar 2009)
Log Message:
-----------
segfault caused by improper/malicious sequence of commands(e.g.PASS/LIST);
affected commands: LIST, NLST, PASV
Modified Paths:
--------------
trunk/myserver/include/protocol/ftp/ftp_common.h
trunk/myserver/src/base/file/files_utility.cpp
trunk/myserver/src/conf/mime/mime_manager.cpp
trunk/myserver/src/conf/vhost/vhost_manager.cpp
trunk/myserver/src/protocol/ftp/ftp.cpp
trunk/myserver/src/protocol/http/http.cpp
Modified: trunk/myserver/include/protocol/ftp/ftp_common.h
===================================================================
--- trunk/myserver/include/protocol/ftp/ftp_common.h 2009-03-27 22:49:17 UTC
(rev 3032)
+++ trunk/myserver/include/protocol/ftp/ftp_common.h 2009-03-28 12:40:28 UTC
(rev 3033)
@@ -32,7 +32,7 @@
void SetFtpHost(FtpHost &out, const FtpHost &in);
void SetFtpHost(FtpHost &out, const char *szIn);
-void GetIpAddr(const FtpHost &host, char *pOut);
+void GetIpAddr(const FtpHost &host, char *pOut, const int &nBuffSize);
int GetPortNo(const FtpHost &host);
std::string GetPortNo(unsigned int nPort);
std::string GetHost(const FtpHost &host);
Modified: trunk/myserver/src/base/file/files_utility.cpp
===================================================================
--- trunk/myserver/src/base/file/files_utility.cpp 2009-03-27 22:49:17 UTC
(rev 3032)
+++ trunk/myserver/src/base/file/files_utility.cpp 2009-03-28 12:40:28 UTC
(rev 3033)
@@ -269,6 +269,7 @@
#ifdef NOT_WIN
struct stat F_Stats;
int ret = stat(filename, &F_Stats);
+ int nErr = errno;
if(ret < 0)
return 0;
Modified: trunk/myserver/src/conf/mime/mime_manager.cpp
===================================================================
--- trunk/myserver/src/conf/mime/mime_manager.cpp 2009-03-27 22:49:17 UTC
(rev 3032)
+++ trunk/myserver/src/conf/mime/mime_manager.cpp 2009-03-28 12:40:28 UTC
(rev 3033)
@@ -170,6 +170,12 @@
if (!xmlStrcmp (attrs->name, (const xmlChar *)"param") &&
attrs->children && attrs->children->content)
rc->cgiManager.assign ((const char*)attrs->children->content);
+ /*
+ if (!xmlStrcmp (attrs->name, (const xmlChar *)"host") &&
+ attrs->children && attrs->children->content)
+ rc-> = xmlStrcmp (attrs->children->content,
+ (const xmlChar *)"YES");
+*/
}
Modified: trunk/myserver/src/conf/vhost/vhost_manager.cpp
===================================================================
--- trunk/myserver/src/conf/vhost/vhost_manager.cpp 2009-03-27 22:49:17 UTC
(rev 3032)
+++ trunk/myserver/src/conf/vhost/vhost_manager.cpp 2009-03-28 12:40:28 UTC
(rev 3033)
@@ -377,8 +377,8 @@
}
else if(!xmlStrcmp(lcur->name, (const xmlChar *)"LOCATION"))
{
- string loc (vh->getDocumentRoot ());
- loc.append ("/");
+ string loc (vh->getDocumentRoot());
+ //loc.append ("/");
for (xmlAttr *attrs = lcur->properties; attrs; attrs =
attrs->next)
{
if(!xmlStrcmp (attrs->name, (const xmlChar *)"path"))
Modified: trunk/myserver/src/protocol/ftp/ftp.cpp
===================================================================
--- trunk/myserver/src/protocol/ftp/ftp.cpp 2009-03-27 22:49:17 UTC (rev
3032)
+++ trunk/myserver/src/protocol/ftp/ftp.cpp 2009-03-28 12:40:28 UTC (rev
3033)
@@ -66,13 +66,14 @@
free(szLocalIn);
}
-void GetIpAddr(const FtpHost &host, char *pOut)
+void GetIpAddr(const FtpHost &host, char *pOut, const int &nBuffSize)
{
if ( pOut == NULL )
return;
std::ostringstream sRet;
sRet << host.h1 << '.' << host.h2 << '.' << host.h3 << '.' << host.h4;
- strcpy(pOut, sRet.str().c_str());
+ memset(pOut, 0, nBuffSize);
+ strncpy(pOut, sRet.str().c_str(), nBuffSize-1);
}
int GetPortNo(const FtpHost &host)
@@ -145,6 +146,12 @@
m_sCurrentFileName = "";
m_nFileSize = 0;
m_nBytesSent = 0;
+ m_cdh.h1 = 0;
+ m_cdh.h2 = 0;
+ m_cdh.h3 = 0;
+ m_cdh.h4 = 0;
+ m_cdh.p1 = 0;
+ m_cdh.p2 = 0;
}
int FtpUserData::CloseDataConnection()
@@ -544,7 +551,10 @@
pFtpUserData->m_bPassiveSrv = true;
if ( OpenDataConnection() == 0 )
- ftp_reply(425);//RFC959 command replay exception
+ {
+ ftp_reply(425);//RFC959 command replay exception
+ return;
+ }
std::string sTempText;
get_ftp_reply(227, sTempText);
@@ -1573,7 +1583,7 @@
((sockaddr_in*)(&storage))->sin_family = AF_INET;
char szIpAddr[16];
memset(szIpAddr, 0, 16);
- GetIpAddr(pFtpUserData->m_cdh, szIpAddr);
+ GetIpAddr(pFtpUserData->m_cdh, szIpAddr, 16);
#ifdef WIN32
((sockaddr_in*)(&storage))->sin_addr.s_addr = inet_addr(szIpAddr);
#else
@@ -1604,7 +1614,7 @@
dataSocket.socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
char szIpAddr[16];
memset(szIpAddr, 0, 16);
- GetIpAddr(pFtpUserData->m_cdh, szIpAddr);
+ GetIpAddr(pFtpUserData->m_cdh, szIpAddr, 16);
if ( dataSocket.connect(szIpAddr, GetPortNo(pFtpUserData->m_cdh)) < 0 )
return 0;
@@ -1691,7 +1701,10 @@
{
ftp_reply(150);
if ( OpenDataConnection() == 0 )
- ftp_reply(425);
+ {
+ ftp_reply(425);
+ return;
+ }
}
std::string sPath(sLocalPath);
@@ -1924,7 +1937,10 @@
{
ftp_reply(150);
if ( OpenDataConnection() == 0 )
- ftp_reply(425);
+ {
+ ftp_reply(425);
+ return;
+ }
}
std::string sPath(sLocalPath);
Modified: trunk/myserver/src/protocol/http/http.cpp
===================================================================
--- trunk/myserver/src/protocol/http/http.cpp 2009-03-27 22:49:17 UTC (rev
3032)
+++ trunk/myserver/src/protocol/http/http.cpp 2009-03-28 12:40:28 UTC (rev
3033)
@@ -820,7 +820,7 @@
if(ret != 200)
return raiseHTTPError(ret);
- if(!td->mime && FilesUtility::isDirectory(td->filenamePath.c_str()))
+ if(!td->mime && FilesUtility::isDirectory(td->filenamePath.c_str()) /*&&
filename.empty()*/)
{
return processDefaultFile (uri, td->permissions, onlyHeader);
}
@@ -844,7 +844,7 @@
{
return manager->send (td,
td->connection,
- td->filenamePath.c_str(),
+ filename.c_str(), //td->filenamePath.c_str(),
cgiManager,
td->mime->selfExecuted,
onlyHeader);
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [myserver-commit] [3033] segfault caused by improper/malicious sequence of commands(e.g.PASS/ LIST); affected commands: LIST, NLST, PASV,
Alexandru IANCU <=