Attachment 181876 Details for Bug 258838 – proftpd 1.3.1 upstream security bug 3173 patch

[patch] proftpd 1.3.1 upstream security bug 3173 patch

proftpd-1.3.1-upstream-security-bug-3173.patch (text/plain), 7.91 KB, created by Bernd Lommerzheim on 2009-02-13 14:36:55 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Bernd Lommerzheim

Created: 2009-02-13 14:36:55 UTC

Size: 7.91 KB

patch

obsolete

>diff -ur ../proftpd-1.3.1-orig/contrib/mod_sql_mysql.c ./contrib/mod_sql_mysql.c
>--- ../proftpd-1.3.1-orig/contrib/mod_sql_mysql.c	Fri Jul  6 15:40:58 2007
>+++ ./contrib/mod_sql_mysql.c	Wed Feb  4 09:57:53 2009
>@@ -128,7 +128,7 @@
>  * Internal define used for debug and logging.  All backends are encouraged
>  * to use the same format.
>  */
>-#define MOD_SQL_MYSQL_VERSION		"mod_sql_mysql/4.0.7"
>+#define MOD_SQL_MYSQL_VERSION		"mod_sql_mysql/4.0.8"
> 
> #define _MYSQL_PORT "3306"
> 
>@@ -441,6 +441,49 @@
>     return _build_error(cmd, conn);
>   }
> 
>+#ifdef PR_USE_NLS
>+  if (pr_utf8_get_encoding() != NULL) {
>+
>+# if MYSQL_VERSION_ID >= 50007
>+    /* Configure the connection for the current local character set.
>+     *
>+     * Note: the mysql_set_character_set() function appeared in MySQL 5.0.7,
>+     * as per:
>+     *
>+     *  http://dev.mysql.com/doc/refman/5.0/en/mysql-set-character-set.html
>+     */
>+    if (!mysql_set_character_set(conn->mysql, pr_utf8_get_charset())) {
>+      sql_log(DEBUG_FUNC, "%s", "exiting \tmysql cmd_open");
>+      return _build_error(cmd, conn);
>+    }
>+
>+    sql_log(DEBUG_FUNC, "MySQL connection character set now '%s' (from '%s')",
>+      mysql_character_set_name(conn->mysql), pr_utf8_get_charset());
>+
>+# else
>+    /* No mysql_set_character_set() API available.  But
>+     * mysql_character_set_name() has been around for a while; we can use it
>+     * to at least see whether there might be a character set discrepancy.
>+     */
>+
>+    const char *local_charset = pr_utf8_get_charset();
>+    const char *mysql_charset = mysql_character_set_name(conn->mysql);
>+
>+    if (local_charset &&
>+        mysql_charset &&
>+        strcasecmp(local_charset, mysql_charset) != 0) {
>+      pr_log_pri(PR_LOG_ERR, MOD_SQL_MYSQL_VERSION
>+        ": local character set '%s' does not match MySQL character set '%s', "
>+        "SQL injection possible, shutting down", local_charset, mysql_charset);
>+      sql_log(DEBUG_WARN, "local character set '%s' does not match MySQL "
>+        "character set '%s', SQL injection possible, shutting down",
>+        local_charset, mysql_charset);
>+      end_login(1);
>+    }
>+# endif /* older MySQL */
>+  }
>+#endif /* !PR_USE_NLS */
>+
>   /* bump connections */
>   entry->connections++;
> 
>diff -ur ../proftpd-1.3.1-orig/contrib/mod_sql_postgres.c ./contrib/mod_sql_postgres.c
>--- ../proftpd-1.3.1-orig/contrib/mod_sql_postgres.c	Fri Jul  6 15:40:58 2007
>+++ ./contrib/mod_sql_postgres.c	Wed Feb  4 10:22:32 2009
>@@ -34,7 +34,7 @@
>  * Internal define used for debug and logging.  All backends are encouraged
>  * to use the same format.
>  */
>-#define MOD_SQL_POSTGRES_VERSION	"mod_sql_postgres/4.03"
>+#define MOD_SQL_POSTGRES_VERSION	"mod_sql_postgres/4.0.4"
> 
> #define _POSTGRES_PORT "5432"
> 
>@@ -43,6 +43,21 @@
> 
> #include <libpq-fe.h>
> 
>+/* For the pg_encoding_to_char() function, used for NLS support, we need
>+ * to include the <mb/pg_wchar.h> file.  It's OK; the function has been
>+ * declared in that file for a while, according to:
>+ *
>+ *  http://archives.postgresql.org/pgsql-bugs/2006-07/msg00125.php
>+ *
>+ * But it's a pain to quell all of the compiler warnings about redefined
>+ * this, undefined that.  The linker finds the symbol without issue, so
>+ * punt on including <mb/pg_wchar.h> file.  Instead, we'll copy the
>+ * function declaration here.
>+ */
>+#ifdef PR_USE_NLS
>+extern const char *pg_encoding_to_char(int encoding);
>+#endif
>+
> /* 
>  * timer-handling code adds the need for a couple of forward declarations
>  */
>@@ -307,6 +322,39 @@
>     return _build_error( cmd, conn );
>   }
> 
>+#ifdef PR_USE_NLS
>+  if (pr_utf8_get_encoding() != NULL) {
>+    const char *encoding = pr_utf8_get_encoding();
>+
>+    /* XXX Hack to deal with Postgres' incredibly broken behavior when
>+     * handling the 'ASCII' encoding.  Specifically, Postgres chokes on
>+     * 'ASCII', and instead insists on calling it 'SQL_ASCII' (which, of
>+     * course, is not even close to being a valid encoding name according
>+     * to libiconv.)
>+     *
>+     * Treat 'ANSI_X3.4-1968' (another common name/alias for ASCII) the
>+     * same; rename it to 'SQL_ASCII' for Postgres' benefit.  And same for
>+     * 'US-ASCII'.
>+     */
>+    if (strcmp(encoding, "ANSI_X3.4-1968") == 0 ||
>+        strcmp(encoding, "ASCII") == 0 ||
>+        strcmp(encoding, "US-ASCII") == 0) {
>+      encoding = "SQL_ASCII";
>+    }
>+
>+    /* Configure the connection for the current local character set. */
>+    if (PQsetClientEncoding(conn->postgres, encoding) < 0) {
>+      /* if it didn't work, return an error */
>+      sql_log(DEBUG_FUNC, "%s", "exiting \tpostgres cmd_open");
>+      return _build_error(cmd, conn);
>+    }
>+
>+    sql_log(DEBUG_FUNC, "Postgres connection character set now '%s' "
>+      "(from '%s')", pg_encoding_to_char(PQclientEncoding(conn->postgres)),
>+      pr_utf8_get_charset());
>+  }
>+#endif /* !PR_USE_NLS */
>+
>   /* bump connections */
>   entry->connections++;
> 
>diff -ur ../proftpd-1.3.1-orig/include/utf8.h ./include/utf8.h
>--- ../proftpd-1.3.1-orig/include/utf8.h	Thu May 25 09:55:34 2006
>+++ ./include/utf8.h	Wed Feb  4 10:19:13 2009
>@@ -37,6 +37,9 @@
>  */
> char *pr_utf8_encode(pool *p, const char *in, size_t inlen, size_t *outlen);
> 
>+const char *pr_utf8_get_charset(void);
>+const char *pr_utf8_get_encoding(void);
>+
> /* Internal use only. */
> int utf8_init(void);
> int utf8_free(void);
>diff -ur ../proftpd-1.3.1-orig/src/utf8.c ./src/utf8.c
>--- ../proftpd-1.3.1-orig/src/utf8.c	Fri Dec 15 10:51:50 2006
>+++ ./src/utf8.c	Wed Feb  4 10:19:15 2009
>@@ -42,6 +42,9 @@
> static iconv_t decode_conv = (iconv_t) -1;
> static iconv_t encode_conv = (iconv_t) -1;
> 
>+static const char *local_charset = NULL;
>+static const char *encoding = "UTF-8";
>+
> static int utf8_convert(iconv_t conv, char *inbuf, size_t *inbuflen,
>     char *outbuf, size_t *outbuflen) {
> # ifdef HAVE_ICONV
>@@ -78,10 +81,14 @@
>   if (res < 0) 
>     return -1;
> 
>+  encode_conv = (iconv_t) -1;
>+
>   res = iconv_close(decode_conv);
>   if (res < 0)
>     return -1;
> 
>+  decode_conv = (iconv_t) -1;
>+
>   return 0;
> # else
>   errno = ENOSYS;
>@@ -90,36 +97,37 @@
> }
> 
> int utf8_init(void) {
>-  const char *local_charset;
> 
>+  if (local_charset == NULL) {
> #ifdef HAVE_NL_LANGINFO
>-  /* Look up the current charset.  If there's a problem, default to
>-   * UCS-2.
>-   */
>-  local_charset = nl_langinfo(CODESET);
>-  if (!local_charset) {
>+    /* Look up the current charset.  If there's a problem, default to
>+     * UCS-2.
>+     */
>+    local_charset = nl_langinfo(CODESET);
>+    if (!local_charset) {
>+      local_charset = "C";
>+      pr_trace_msg("utf8", 1,
>+        "unable to determine locale, defaulting to 'C' for UTF8 conversion");
>+
>+    } else {
>+      pr_trace_msg("utf8", 1, "converting UTF8 to local character set '%s'",
>+        local_charset);
>+    }
>+#else
>     local_charset = "C";
>     pr_trace_msg("utf8", 1,
>-      "unable to determine locale, defaulting to 'C' for UTF8 conversion");
>-
>-  } else {
>-    pr_trace_msg("utf8", 1, "converting UTF8 to local character set '%s'",
>-      local_charset);
>-  }
>-#else
>-  local_charset = "C";
>-  pr_trace_msg("utf8", 1,
>-    "nl_langinfo(3) not supported, defaulting to using 'C' for UTF8 "
>-    "conversion");
>+      "nl_langinfo(3) not supported, defaulting to using 'C' for UTF8 "
>+      "conversion");
> #endif /* HAVE_NL_LANGINFO */
>+  }
> 
> # ifdef HAVE_ICONV
>   /* Get the iconv handles. */
>-  encode_conv = iconv_open(local_charset, "UTF-8");
>+  encode_conv = iconv_open(encoding, local_charset);
>   if (encode_conv == (iconv_t) -1)
>     return -1;
>  
>-  decode_conv = iconv_open("UTF-8", local_charset);
>+  decode_conv = iconv_open(local_charset, encoding);
>   if (decode_conv == (iconv_t) -1)
>     return -1;
> 
>@@ -200,4 +208,24 @@
> #endif /* !HAVE_ICONV_H */
> }
> 
>+const char *pr_utf8_get_charset(void) {
>+#ifdef HAVE_ICONV_H
>+  return local_charset;
>+
>+#else
>+  errno = ENOSYS;
>+  return NULL;
>+#endif /* !HAVE_ICONV_H */
>+}
>+
>+const char *pr_utf8_get_encoding(void) {
>+#ifdef HAVE_ICONV_H
>+  return encoding;
>+
>+#else
>+  errno = ENOSYS;
>+  return NULL;
>+#endif /* !HAVE_ICONV_H */
>+}
>+
> #endif /* PR_USE_NLS */

Actions: View | Diff

Attachments on bug 258838: 181863 | 181865 | 181874 | 181875 | 181876 | 181980 | 181982 | 182237