[git commit] ftpd: change_identity() must be after chroot()

Denys Vlasenko vda.linux at googlemail.com
Tue Mar 31 19:46:26 UTC 2015


commit: http://git.busybox.net/busybox/commit/?id=9472e8a86fa1837bccec9e25dd18fd3c88c5e209
branch: http://git.busybox.net/busybox/commit/?id=refs/heads/master

Otherwise chroot() doesn't work for non-root

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 networking/ftpd.c |   41 +++++++++++++++++++++--------------------
 1 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/networking/ftpd.c b/networking/ftpd.c
index 0c10e1f..2351d6d 100644
--- a/networking/ftpd.c
+++ b/networking/ftpd.c
@@ -1116,6 +1116,9 @@ int ftpd_main(int argc, char **argv)
 int ftpd_main(int argc UNUSED_PARAM, char **argv)
 #endif
 {
+#if ENABLE_FEATURE_FTP_AUTHENTICATION
+	struct passwd *pw = NULL;
+#endif
 	unsigned abs_timeout;
 	unsigned verbose_S;
 	smallint opts;
@@ -1193,29 +1196,23 @@ int ftpd_main(int argc UNUSED_PARAM, char **argv)
 	signal(SIGALRM, timeout_handler);
 
 #if ENABLE_FEATURE_FTP_AUTHENTICATION
-	{
-		struct passwd *pw = NULL;
-
-		while (1) {
-			uint32_t cmdval = cmdio_get_cmd_and_arg();
-
+	while (1) {
+		uint32_t cmdval = cmdio_get_cmd_and_arg();
 			if (cmdval == const_USER) {
-				pw = getpwnam(G.ftp_arg);
-				cmdio_write_raw(STR(FTP_GIVEPWORD)" Please specify password\r\n");
-			} else if (cmdval == const_PASS) {
-				if (check_password(pw, G.ftp_arg) > 0) {
-					break;	/* login success */
-				}
-				cmdio_write_raw(STR(FTP_LOGINERR)" Login failed\r\n");
-				pw = NULL;
-			} else if (cmdval == const_QUIT) {
-				WRITE_OK(FTP_GOODBYE);
-				return 0;
-			} else {
-				cmdio_write_raw(STR(FTP_LOGINERR)" Login with USER and PASS\r\n");
+			pw = getpwnam(G.ftp_arg);
+			cmdio_write_raw(STR(FTP_GIVEPWORD)" Please specify password\r\n");
+		} else if (cmdval == const_PASS) {
+			if (check_password(pw, G.ftp_arg) > 0) {
+				break;	/* login success */
 			}
+			cmdio_write_raw(STR(FTP_LOGINERR)" Login failed\r\n");
+			pw = NULL;
+		} else if (cmdval == const_QUIT) {
+			WRITE_OK(FTP_GOODBYE);
+			return 0;
+		} else {
+			cmdio_write_raw(STR(FTP_LOGINERR)" Login with USER and PASS\r\n");
 		}
-		change_identity(pw);
 	}
 	WRITE_OK(FTP_LOGINOK);
 #endif
@@ -1233,6 +1230,10 @@ int ftpd_main(int argc UNUSED_PARAM, char **argv)
 		xchroot(argv[0]);
 	}
 
+#if ENABLE_FEATURE_FTP_AUTHENTICATION
+	change_identity(pw);
+#endif
+
 	/* RFC-959 Section 5.1
 	 * The following commands and options MUST be supported by every
 	 * server-FTP and user-FTP, except in cases where the underlying


More information about the busybox-cvs mailing list