Merge branch '1902_mcserv_possible_security_risk'

* 1902_mcserv_possible_security_risk: Ticket #1902: Possible security risk in mcserv.c
2025-02-23 10:44:46 +03:00 · 2010-02-04 11:24:36 +02:00 · 2010-02-04 11:24:36 +02:00 · f1e9e9df7d
commit f1e9e9df7d
parent f5da410a87 b3ea5f8ceb
1 changed files with 9 additions and 2 deletions
--- a/lib/vfs/mc-vfs/mcserv.c
+++ b/lib/vfs/mc-vfs/mcserv.c
@ -56,6 +56,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
+#include <error.h>
 #include <errno.h>
 #include <signal.h>
 #ifdef HAVE_GETOPT_H
@ -1015,8 +1016,14 @@ do_auth (const char *username, const char *password)
    if (getuid () != this->pw_uid)
 	return 0;

-    if (strcmp (username, "ftp") == 0)
-	chroot (this->pw_dir);
+    if (strncmp(username, "ftp", 3) == 0) {
+	errno = 0;
+	if (chroot(this->pw_dir) != 0 || errno != 0) {
+	auth = errno;
+	    error(0, errno, strerror(errno));
+	    return (-auth);
+	}
+    }

    endpwent ();
    return auth;