Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix the maxfile_size checking bug #158

Closed
wants to merge 1 commit into from

Conversation

DroidTest
Copy link

Fix the predicate that never evaluates true.

Hi,

I occasionally found the PureFTPd continues to receive a file when user quota is exceeded. My debugging shows that the following predicates never evaluate true, since max_filesize =-1 initially:

(max_filesize >= (off_t) 0 &&
(max_filesize = user_quota_size - quota.size) < (off_t) 0)

When max_filesize >=(off_t) 0 evaluates false, the followed predicate will not be evaluated. Hence max_filesize =-1 for ever. This bug leads to that there is no overflow even if quota is exceeded.

For a simple patch, I changed the order of these two predicates such that max_filesize = user_quota_size - quota.size) < (off_t) 0 is evaluated first, then max_filesize will be assigned with the actual quota. Then quota will be checked correctly.

Bests
Joy

Fix the predicate that never evaluates true
@ffontaine
Copy link
Contributor

FYI, issue has been assigned CVE-2021-40524.

@jedisct1
Copy link
Owner

Should be fixed in 37ad222 , thanks!

@jedisct1 jedisct1 closed this Nov 23, 2021
@ffontaine
Copy link
Contributor

Thanks for your prompt answer, I'll backport it on buildroot.
Do you plan a new release any time soon (latest one was made more than 2 years ago)?

@ffontaine
Copy link
Contributor

Thanks for this new release, I'll also bump our version of pure-ftpd in buildroot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
3 participants