1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
Fix the CVE-2015-1419
Upstream-Status: Pending
Try to fix deny_file parsing to do more what is expected. Taken
from fedora. CVE-2015-1419
ftp://195.220.108.108/linux/fedora/linux/development/rawhide/source/SRPMS/v/vsftpd-3.0.2-13.fc22.src.rpm
Signed-off-by: Roy Li <rongqing.li@windriver.com>
diff -up vsftpd-2.1.0/ls.c.filter vsftpd-2.1.0/ls.c
--- vsftpd-2.1.0/ls.c.filter 2008-02-02 02:30:41.000000000 +0100
+++ vsftpd-2.1.0/ls.c 2009-01-08 19:31:15.000000000 +0100
@@ -239,9 +239,31 @@ vsf_filename_passes_filter(const struct
int ret = 0;
char last_token = 0;
int must_match_at_current_pos = 1;
+
+
str_copy(&filter_remain_str, p_filter_str);
- str_copy(&name_remain_str, p_filename_str);
-
+
+ if (!str_isempty (&filter_remain_str) && !str_isempty(p_filename_str)) {
+ if (str_get_char_at(p_filter_str, 0) == '/') {
+ if (str_get_char_at(p_filename_str, 0) != '/') {
+ str_getcwd (&name_remain_str);
+
+ if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
+ str_append_char (&name_remain_str, '/');
+
+ str_append_str (&name_remain_str, p_filename_str);
+ }
+ else
+ str_copy (&name_remain_str, p_filename_str);
+ } else {
+ if (str_get_char_at(p_filter_str, 0) != '{')
+ str_basename (&name_remain_str, p_filename_str);
+ else
+ str_copy (&name_remain_str, p_filename_str);
+ }
+ } else
+ str_copy(&name_remain_str, p_filename_str);
+
while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
{
static struct mystr s_match_needed_str;
diff -up vsftpd-2.1.0/str.c.filter vsftpd-2.1.0/str.c
--- vsftpd-2.1.0/str.c.filter 2008-12-17 06:54:16.000000000 +0100
+++ vsftpd-2.1.0/str.c 2009-01-08 19:31:15.000000000 +0100
@@ -680,3 +680,14 @@ str_replace_unprintable(struct mystr* p_
}
}
+void
+str_basename (struct mystr* d_str, const struct mystr* path)
+{
+ static struct mystr tmp;
+
+ str_copy (&tmp, path);
+ str_split_char_reverse(&tmp, d_str, '/');
+
+ if (str_isempty(d_str))
+ str_copy (d_str, path);
+}
diff -up vsftpd-2.1.0/str.h.filter vsftpd-2.1.0/str.h
--- vsftpd-2.1.0/str.h.filter 2008-12-17 06:53:23.000000000 +0100
+++ vsftpd-2.1.0/str.h 2009-01-08 19:32:14.000000000 +0100
@@ -100,6 +100,7 @@ void str_replace_unprintable(struct myst
int str_atoi(const struct mystr* p_str);
filesize_t str_a_to_filesize_t(const struct mystr* p_str);
unsigned int str_octal_to_uint(const struct mystr* p_str);
+void str_basename (struct mystr* d_str, const struct mystr* path);
/* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string
* buffer, starting at character position 'p_pos'. The extracted line will
|
