From yutaka@fandc.co.jp  Wed Jun 18 01:03:27 2003
Return-Path: <yutaka@fandc.co.jp>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3576037B401
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 18 Jun 2003 01:03:27 -0700 (PDT)
Received: from mgate.fandc.co.jp (mgate.fandc.co.jp [219.123.158.244])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 405FB43F75
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 18 Jun 2003 01:03:26 -0700 (PDT)
	(envelope-from yutaka@fandc.co.jp)
Received: from localhost (localhost [127.0.0.1])
	by mgate.fandc.co.jp (Postfix) with ESMTP id 756F645E67
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 18 Jun 2003 17:03:24 +0900 (JST)
Received: from mspool.fandc.co.jp (mspool.fandc.co.jp [192.168.11.4])
	by mgate.fandc.co.jp (Postfix) with ESMTP id 3B2A045E62
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 18 Jun 2003 17:03:22 +0900 (JST)
Received: from localhost (localhost [127.0.0.1])
	by mspool.fandc.co.jp (Postfix) with ESMTP
	id 0D3661010E7; Wed, 18 Jun 2003 17:03:22 +0900 (JST)
Received: from fcsn01.fandc.co.jp (fcsn01.fandc.co.jp [172.20.1.221])
	by mspool.fandc.co.jp (Postfix) with ESMTP
	id 721E81010E6; Wed, 18 Jun 2003 17:03:20 +0900 (JST)
Received: by fcsn01.fandc.co.jp (Postfix, from userid 1001)
	id 5A6B25087E; Wed, 18 Jun 2003 17:03:20 +0900 (JST)
Message-Id: <20030618080320.5A6B25087E@fcsn01.fandc.co.jp>
Date: Wed, 18 Jun 2003 17:03:20 +0900 (JST)
From: Yutaka Ishihara <yutaka@fandc.co.jp>
Reply-To: Yutaka Ishihara <yutaka@fandc.co.jp>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Yutaka Ishihara <yutaka@fandc.co.jp>
Subject: ftpd crashes when using absolute path in /etc/ftpchroot
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         53435
>Category:       bin
>Synopsis:       ftpd crashes when using absolute path in /etc/ftpchroot
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    yar
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 18 01:10:08 PDT 2003
>Closed-Date:    Mon Jul 21 08:37:49 PDT 2003
>Last-Modified:  Mon Jul 21 08:37:49 PDT 2003
>Originator:     Yutaka Ishihara
>Release:        FreeBSD 5.1-RELEASE i386
>Organization:
F&C Co.,Ltd.
>Environment:
System: FreeBSD fcsn01.fandc.co.jp 5.1-RELEASE FreeBSD 5.1-RELEASE #13: Wed Jun 4 21:09:39 JST 2003 root@fcsn01.fandc.co.jp:/usr/obj/usr/src/sys/MYKERNEL i386
>Description:
When using absolute path in /etc/ftpchroot's optional second field, ftpd exit on signal 6.
>How-To-Repeat:
Add line to /etc/ftpchroot like this:

foo	/home

Then do telnet to the port 21, log in as user foo:

yutaka@fcsn01~% telnet 0 21
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
220 fcsn01.fandc.co.jp FTP server (Version 6.00LS) ready.
user foo
331 Password required for foo.
pass password
230 User foo logged in, access restrictions apply.
Connection closed by foreign host.

Error log in /var/log/message:

Jun 18 16:54:18 fcsn01 kernel: pid 7443 (ftpd), uid 2000: exited on signal 6

>Fix:
Here is the patch for ftpd.c Revision 1.62.2.48:

--- ftpd.c.orig	Wed Jun 18 15:33:22 2003
+++ ftpd.c	Wed Jun 18 15:38:43 2003
@@ -1494,11 +1494,14 @@
 	 * c) expand it to the absolute pathname if necessary.
 	 */
 	if (dochroot && residue &&
-	    (chrootdir = strtok(residue, " \t")) != NULL &&
-	    chrootdir[0] != '/') {
-		asprintf(&chrootdir, "%s/%s", pw->pw_dir, chrootdir);
-		if (chrootdir == NULL)
-			fatalerror("Ran out of memory.");
+	    (chrootdir = strtok(residue, " \t")) != NULL) {
+	    if (chrootdir[0] != '/') {
+	      asprintf(&chrootdir, "%s/%s", pw->pw_dir, chrootdir);
+	    } else {
+	      chrootdir = strdup(chrootdir);
+	    }
+	    if (chrootdir == NULL)
+	      fatalerror("Ran out of memory.");
 	}
 	if (guest || dochroot) {
 		/*

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: yar 
State-Changed-When: Wed Jul 9 05:46:50 PDT 2003 
State-Changed-Why:  
Your patch has been committed to -CURRENT with minor style(9) corrections. 
Thanks! 
MFC is due in a week. 


Responsible-Changed-From-To: freebsd-bugs->yar 
Responsible-Changed-By: yar 
Responsible-Changed-When: Wed Jul 9 05:46:50 PDT 2003 
Responsible-Changed-Why:  
MFC reminder 

http://www.freebsd.org/cgi/query-pr.cgi?pr=53435 
State-Changed-From-To: patched->closed 
State-Changed-By: yar 
State-Changed-When: Mon Jul 21 08:36:55 PDT 2003 
State-Changed-Why:  
This bug has been corrected in both STABLE and CURRENT.  Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=53435 
>Unformatted:
