packages/proftpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-46854

Browse Source 
modified:   proftpd.spec

	modified:   proftpd.spec

(cherry picked from commit 2e8dee883102d0c7f0691fdd4dfba6a66cead3f5)
This commit is contained in:
peng2285 2022-12-01 09:36:30 +08:00 committed by openeuler-sync-bot
parent 146985b051
commit 6923d474f8
2 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CVE-2021-46854.patch Normal file
View File

@ -0,0 +1,43 @@
From 10a227b4d50e0a2cd2faf87926f58d865da44e43 Mon Sep 17 00:00:00 2001
From: Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
Date: Tue, 3 Aug 2021 21:53:28 +0200
Subject: [PATCH] mod_radius: copy _only_ the password
---
contrib/mod_radius.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/contrib/mod_radius.c b/contrib/mod_radius.c
index 5092ca5e05..028c364ffd 100644
--- a/contrib/mod_radius.c
+++ b/contrib/mod_radius.c
@@ -2324,21 +2324,26 @@ static void radius_add_passwd(radius_packet_t *packet, unsigned char type,
pwlen = strlen((const char *) passwd);
+ /* Clear the buffers. */
+ memset(pwhash, '\0', sizeof(pwhash));
+
if (pwlen == 0) {
pwlen = RADIUS_PASSWD_LEN;
} if ((pwlen & (RADIUS_PASSWD_LEN - 1)) != 0) {
+ /* pwlen is not a multiple of RADIUS_PASSWD_LEN, need to prepare a proper buffer */
+ memcpy(pwhash, passwd, pwlen);
/* Round up the length. */
pwlen += (RADIUS_PASSWD_LEN - 1);
/* Truncate the length, as necessary. */
pwlen &= ~(RADIUS_PASSWD_LEN - 1);
+ } else {
+ /* pwlen is a multiple of RADIUS_PASSWD_LEN, we can just use it. */
+ memcpy(pwhash, passwd, pwlen);
}
- /* Clear the buffers. */
- memset(pwhash, '\0', sizeof(pwhash));
- memcpy(pwhash, passwd, pwlen);
/* Find the password attribute. */
attrib = radius_get_attrib(packet, RADIUS_PASSWORD);

7
proftpd.spec
View File

@ -20,7 +20,7 @@
Name: proftpd Name: proftpd
Version: 1.3.7a Version: 1.3.7a
Release: 1 Release: 2
Summary: Flexible, stable and highly-configurable FTP server Summary: Flexible, stable and highly-configurable FTP server
License: GPLv2+ License: GPLv2+
URL: http://www.proftpd.org/ URL: http://www.proftpd.org/
@ -45,6 +45,7 @@ Patch6: proftpd-1.3.7rc3-logging-not-systemd.patch
Patch7: proftpd-1.3.7a-check-api.patch Patch7: proftpd-1.3.7a-check-api.patch
Patch8: proftpd-1.3.7a-netaddr-test.patch Patch8: proftpd-1.3.7a-netaddr-test.patch
Patch9: proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch Patch9: proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch
Patch10: CVE-2021-46854.patch
BuildRequires: coreutils BuildRequires: coreutils
BuildRequires: gcc BuildRequires: gcc
@ -238,6 +239,7 @@ sed -i -e '/killall/s/test.*/systemctl reload proftpd.service/' \
# https://github.com/proftpd/proftpd/pull/1075 # https://github.com/proftpd/proftpd/pull/1075
%patch8 %patch8
%patch9 -p1 %patch9 -p1
%patch10 -p1
# Avoid docfile dependencies # Avoid docfile dependencies
chmod -c -x contrib/xferstats.holger-preiss chmod -c -x contrib/xferstats.holger-preiss
@ -505,6 +507,9 @@ fi
%{_mandir}/man1/ftpwho.1* %{_mandir}/man1/ftpwho.1*
%changelog %changelog
* Thu Dec 01 2022 jiangpeng <jiangpeng01@ncti-gba.cn> - 1.3.7a-2
- Fix CVE-2021-46854
* Fri Jan 15 2021 gaihuiying <gaihuiying1@huawei.com> - 1.3.7a-1 * Fri Jan 15 2021 gaihuiying <gaihuiying1@huawei.com> - 1.3.7a-1
- Update to 1.3.7a - Update to 1.3.7a