bin/53435: ftpd crashes when using absolute path in /etc/ftpchroot

Yutaka Ishihara yutaka at fandc.co.jp
Wed Jun 18 01:10:10 PDT 2003 

>Number:         53435
>Category:       bin
>Synopsis:       ftpd crashes when using absolute path in /etc/ftpchroot
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 18 01:10:08 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Yutaka Ishihara
>Release:        FreeBSD 5.1-RELEASE i386
>Organization:
F&C Co.,Ltd.
>Environment:
System: FreeBSD fcsn01.fandc.co.jp 5.1-RELEASE FreeBSD 5.1-RELEASE #13: Wed Jun 4 21:09:39 JST 2003 root at fcsn01.fandc.co.jp:/usr/obj/usr/src/sys/MYKERNEL i386
>Description:
When using absolute path in /etc/ftpchroot's optional second field, ftpd exit on signal 6.
>How-To-Repeat:
Add line to /etc/ftpchroot like this:

foo	/home

Then do telnet to the port 21, log in as user foo:

yutaka at fcsn01~% telnet 0 21
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
220 fcsn01.fandc.co.jp FTP server (Version 6.00LS) ready.
user foo
331 Password required for foo.
pass password
230 User foo logged in, access restrictions apply.
Connection closed by foreign host.

Error log in /var/log/message:

Jun 18 16:54:18 fcsn01 kernel: pid 7443 (ftpd), uid 2000: exited on signal 6

>Fix:
Here is the patch for ftpd.c Revision 1.62.2.48:

--- ftpd.c.orig	Wed Jun 18 15:33:22 2003
+++ ftpd.c	Wed Jun 18 15:38:43 2003
@@ -1494,11 +1494,14 @@
 	 * c) expand it to the absolute pathname if necessary.
 	 */
 	if (dochroot && residue &&
-	    (chrootdir = strtok(residue, " \t")) != NULL &&
-	    chrootdir[0] != '/') {
-		asprintf(&chrootdir, "%s/%s", pw->pw_dir, chrootdir);
-		if (chrootdir == NULL)
-			fatalerror("Ran out of memory.");
+	    (chrootdir = strtok(residue, " \t")) != NULL) {
+	    if (chrootdir[0] != '/') {
+	      asprintf(&chrootdir, "%s/%s", pw->pw_dir, chrootdir);
+	    } else {
+	      chrootdir = strdup(chrootdir);
+	    }
+	    if (chrootdir == NULL)
+	      fatalerror("Ran out of memory.");
 	}
 	if (guest || dochroot) {
 		/*

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list