← Back to branch summary

~ubuntu-branches/ubuntu/lucid/globus-gridftp-server/lucid-security

« back to all changes in this revision

Viewing changes to debian/patches/globus-gridftp-server-pw195.patch

  • Committer: Package Import Robot
  • Author(s): Mattias Ellert
  • Date: 2012-07-19 16:28:47 UTC
  • Revision ID: package-import@ubuntu.com-20120719162847-tus0fml3y9178m5g
Tags: 3.17-2ubuntu0.1
https://launchpad.net/bugs/1027324
* SECURITY UPDATE: Wrong user mapping on badly configured server
  (LP: #1027324)
  - debian/patches/globus-gridftp-server-pw195.patch: backported from
    upstream
  - CVE-2012-3292

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/globus-gridftp-server-pw195.patch
 
1
Description: Handle invalid user mappings
 
2
Bug: http://jira.globus.org/browse/GT-195
 
3
Origin: backport, http://jira.globus.org/secure/attachment/10877/GT-195.patch
 
4
Index: globus-gridftp-server-3.17/globus_i_gfs_control.c
 
5
===================================================================
 
6
--- globus-gridftp-server-3.17.orig/globus_i_gfs_control.c      2012-08-02 12:49:46.239157090 -0700
 
7
+++ globus-gridftp-server-3.17/globus_i_gfs_control.c   2012-08-02 12:49:46.311157088 -0700
 
8
@@ -345,7 +345,7 @@
 
9
                 MAXPATHLEN,
 
10
                 &res_pwd);
 
11
             free(hd_name);
 
12
-            if(sc != 0)
 
13
+            if(sc != 0 || res_pwd == NULL)
 
14
             {
 
15
                 /* XXX expand other usernames here */
 
16
                 result = GlobusGFSErrorGeneric(
 
17
Index: globus-gridftp-server-3.17/globus_i_gfs_data.c
 
18
===================================================================
 
19
--- globus-gridftp-server-3.17.orig/globus_i_gfs_data.c 2012-08-02 12:49:46.251157089 -0700
 
20
+++ globus-gridftp-server-3.17/globus_i_gfs_data.c      2012-08-02 12:49:46.323157089 -0700
 
21
@@ -781,13 +781,13 @@
 
22
 
 
23
     rc = globus_libc_getpwuid_r(getuid(), &pwent_mem, pw_buffer,
 
24
                                 pw_buflen, &pw_result);
 
25
-    if(rc != 0)
 
26
+    if(rc != 0 || pw_result == NULL)
 
27
     {
 
28
         globus_free(pw_buffer);
 
29
         return NULL;
 
30
     }
 
31
 
 
32
-    pwent = globus_l_gfs_pw_copy(&pwent_mem);
 
33
+    pwent = globus_l_gfs_pw_copy(pw_result);
 
34
     globus_free(pw_buffer);
 
35
 
 
36
     return pwent;
 
37
@@ -822,13 +822,13 @@
 
38
 
 
39
     rc = globus_libc_getpwnam_r(
 
40
         (char *)name, &pwent_mem, pw_buffer, pw_buflen, &pw_result);
 
41
-    if(rc != 0)
 
42
+    if(rc != 0 || pw_result == NULL)
 
43
     {
 
44
         globus_free(pw_buffer);
 
45
         return NULL;
 
46
     }
 
47
 
 
48
-    pwent = globus_l_gfs_pw_copy(&pwent_mem);
 
49
+    pwent = globus_l_gfs_pw_copy(pw_result);
 
50
     globus_free(pw_buffer);
 
51
 
 
52
     return pwent;