[PATCH 6/6] ftpd: Fix insecure chroot() handling

Sebastian Huber sebastian.huber at embedded-brains.de
Fri Oct 5 13:43:47 UTC 2018


Ensure that the rtems_libio_set_private_env() was successful before the
chroot().

Update #3530.
---
 cpukit/ftpd/ftpd.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/cpukit/ftpd/ftpd.c b/cpukit/ftpd/ftpd.c
index b319dae9ed..08c39da31f 100644
--- a/cpukit/ftpd/ftpd.c
+++ b/cpukit/ftpd/ftpd.c
@@ -1879,14 +1879,9 @@ static void
 session(rtems_task_argument arg)
 {
   FTPD_SessionInfo_t  *const info = (FTPD_SessionInfo_t  *)arg;
-  int chroot_made = 0;
+  bool chroot_made = false;
 
-  rtems_libio_set_private_env();
-
-  /* chroot() can fail here because the directory may not exist yet. */
-  chroot_made = chroot(ftpd_root) == 0;
-
-  while(1)
+  while (1)
   {
     rtems_event_set set;
     int rv;
@@ -1894,8 +1889,14 @@ session(rtems_task_argument arg)
     rtems_event_receive(FTPD_RTEMS_EVENT, RTEMS_EVENT_ANY, RTEMS_NO_TIMEOUT,
       &set);
 
-    chroot_made = chroot_made || chroot(ftpd_root) == 0;
+    chroot_made = chroot_made
+      || (rtems_libio_set_private_env() == RTEMS_SUCCESSFUL
+        && chroot(ftpd_root) == 0);
 
+    /*
+     * The chdir() must immediatly follow the chroot(), otherwise static
+     * analysis tools may complain about a security issue.
+    */
     rv = chroot_made ? chdir("/") : -1;
 
     errno = 0;
-- 
2.16.4




More information about the devel mailing list