Bug 644215
| Summary: | krb5ftpd off by one error when reading /etc/ftpusers for restricted users | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Jatin Nansi <jnansi> | |
| Component: | krb5 | Assignee: | Nalin Dahyabhai <nalin> | |
| Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 5.5 | CC: | dpal, jplans | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | krb5-1.6.1-58.el5 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 713521 (view as bug list) | Environment: | ||
| Last Closed: | 2011-07-21 08:19:42 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 713521 | |||
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-1031.html |
Description of problem: Consider the following line: foo restrict When logging in with user "foo", the variables in checkuser() will be initialized like this: name = "foo" line = "foo restrict" i = 4 ----^ Hence, the !isspace(line[i]) test will succeed and the "restrict" check will be skipped. This patche initializes "i" at the length of the "name" variable (3 in this example). diff -urp krb5-1.6.1.orig/src/appl/gssftp/ftpd/ftpd.c krb5-1.6.1/src/appl/gssftp/ftpd/ftpd.c --- krb5-1.6.1.orig/src/appl/gssftp/ftpd/ftpd.c 2010-10-18 14:45:32.000000000 +0100 +++ krb5-1.6.1/src/appl/gssftp/ftpd/ftpd.c 2010-10-18 14:47:55.000000000 +0100 @@ -873,7 +873,7 @@ checkuser(name) if (strcmp(line, name) == 0) return (1); if (strncmp(line, name, strlen(name)) == 0) { - int i = strlen(name) + 1; + int i = strlen(name); /* Make sure foo doesn't match foobar */ if (line[i] == '\0' || !isspace((int) line[i])) Version-Release number of selected component (if applicable): krb5-1.6.1-36.el5_5.4 How reproducible: Always Steps to Reproduce: 1. Configure a restricted user in ftpusers 2. Enable gssftp in xinetd.conf. 3. Reload xinetd. Actual results: User cannot login. Expected results: User can login and is chrooted. Additional info: