[PATCH 6/6] ftpd: Fix insecure chroot() handling
Sebastian Huber
sebastian.huber at embedded-brains.de
Fri Oct 5 13:43:47 UTC 2018
Ensure that the rtems_libio_set_private_env() was successful before the
chroot().
Update #3530.
---
cpukit/ftpd/ftpd.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/cpukit/ftpd/ftpd.c b/cpukit/ftpd/ftpd.c
index b319dae9ed..08c39da31f 100644
--- a/cpukit/ftpd/ftpd.c
+++ b/cpukit/ftpd/ftpd.c
@@ -1879,14 +1879,9 @@ static void
session(rtems_task_argument arg)
{
FTPD_SessionInfo_t *const info = (FTPD_SessionInfo_t *)arg;
- int chroot_made = 0;
+ bool chroot_made = false;
- rtems_libio_set_private_env();
-
- /* chroot() can fail here because the directory may not exist yet. */
- chroot_made = chroot(ftpd_root) == 0;
-
- while(1)
+ while (1)
{
rtems_event_set set;
int rv;
@@ -1894,8 +1889,14 @@ session(rtems_task_argument arg)
rtems_event_receive(FTPD_RTEMS_EVENT, RTEMS_EVENT_ANY, RTEMS_NO_TIMEOUT,
&set);
- chroot_made = chroot_made || chroot(ftpd_root) == 0;
+ chroot_made = chroot_made
+ || (rtems_libio_set_private_env() == RTEMS_SUCCESSFUL
+ && chroot(ftpd_root) == 0);
+ /*
+ * The chdir() must immediatly follow the chroot(), otherwise static
+ * analysis tools may complain about a security issue.
+ */
rv = chroot_made ? chdir("/") : -1;
errno = 0;
--
2.16.4
More information about the devel
mailing list