Overview

File fix-crash-in-sftp-module.patch of Package proftpd.39845

From 18defffde50abeceeead40135404658b74f67ee2 Mon Sep 17 00:00:00 2001
From: TJ Saunders <tj@castaglia.org>
Date: Wed, 11 Dec 2024 15:55:16 -0800
Subject: [PATCH] While investigating Issue #1855, I discovered a long-hidden
 bug in mod_sftp, where the list of GIDs for the logged-in user was not being
 appropriately copied out of the session pool.

This was manifesting as a segfault in my local tests, when the `HideNoAccess` directive is in effect for an SFTP session.
---
 contrib/mod_sftp/auth.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git contrib/mod_sftp/auth.c contrib/mod_sftp/auth.c
index 8db46c4e9..333606a43 100644
--- contrib/mod_sftp/auth.c
+++ contrib/mod_sftp/auth.c
@@ -690,6 +690,10 @@ static int setup_env(pool *p, const char *user) {
     session.group = pstrdup(session.pool, session.group);
   }
 
+  if (session.gids != NULL) {
+    session.gids = copy_array(session.pool, session.gids);
+  }
+
   session.groups = copy_array_str(session.pool, session.groups);
 
   pr_resolve_fs_map();
-- 
2.35.3
openSUSE Build Service is sponsored by
Places