[rtems commit] ftpd: Fix insecure chroot() handling

Sebastian Huber sebh at rtems.org
Mon Oct 8 05:17:08 UTC 2018


Module:    rtems
Branch:    master
Commit:    be8de0ff46d3ad9e5facda7eb215fa1d545b1010
Changeset: http://git.rtems.org/rtems/commit/?id=be8de0ff46d3ad9e5facda7eb215fa1d545b1010

Author:    Sebastian Huber <sebastian.huber at embedded-brains.de>
Date:      Fri Oct  5 15:16:46 2018 +0200

ftpd: Fix insecure chroot() handling

Ensure that the rtems_libio_set_private_env() was successful before the
chroot().

Update #3530.

---

 cpukit/ftpd/ftpd.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/cpukit/ftpd/ftpd.c b/cpukit/ftpd/ftpd.c
index b319dae..08c39da 100644
--- a/cpukit/ftpd/ftpd.c
+++ b/cpukit/ftpd/ftpd.c
@@ -1879,14 +1879,9 @@ static void
 session(rtems_task_argument arg)
 {
   FTPD_SessionInfo_t  *const info = (FTPD_SessionInfo_t  *)arg;
-  int chroot_made = 0;
+  bool chroot_made = false;
 
-  rtems_libio_set_private_env();
-
-  /* chroot() can fail here because the directory may not exist yet. */
-  chroot_made = chroot(ftpd_root) == 0;
-
-  while(1)
+  while (1)
   {
     rtems_event_set set;
     int rv;
@@ -1894,8 +1889,14 @@ session(rtems_task_argument arg)
     rtems_event_receive(FTPD_RTEMS_EVENT, RTEMS_EVENT_ANY, RTEMS_NO_TIMEOUT,
       &set);
 
-    chroot_made = chroot_made || chroot(ftpd_root) == 0;
+    chroot_made = chroot_made
+      || (rtems_libio_set_private_env() == RTEMS_SUCCESSFUL
+        && chroot(ftpd_root) == 0);
 
+    /*
+     * The chdir() must immediatly follow the chroot(), otherwise static
+     * analysis tools may complain about a security issue.
+    */
     rv = chroot_made ? chdir("/") : -1;
 
     errno = 0;




More information about the vc mailing list