File vsftpd-3.0.3-address_space_limit.patch of Package vsftpd

Index: vsftpd-3.0.2/main.c
===================================================================
--- vsftpd-3.0.2.orig/main.c	2018-06-28 15:45:11.373254606 +0000
+++ vsftpd-3.0.2/main.c	2018-06-28 15:45:16.700973780 +0000
@@ -320,7 +320,7 @@ env_init(void)
 static void
 limits_init(void)
 {
-  unsigned long limit = VSFTP_AS_LIMIT;
+  unsigned long limit = tunable_address_space_limit ?: VSFTP_AS_LIMIT;
   if (tunable_text_userdb_names)
   {
     /* Turns out, LDAP lookups for lots of userid -> name mappings can really
Index: vsftpd-3.0.2/parseconf.c
===================================================================
--- vsftpd-3.0.2.orig/parseconf.c	2018-06-28 15:45:11.373254606 +0000
+++ vsftpd-3.0.2/parseconf.c	2018-06-28 15:45:16.700973780 +0000
@@ -138,6 +138,7 @@ parseconf_uint_array[] =
   { "delay_successful_login", &tunable_delay_successful_login },
   { "max_login_fails", &tunable_max_login_fails },
   { "chown_upload_mode", &tunable_chown_upload_mode },
+  { "address_space_limit", &tunable_address_space_limit },
   { 0, 0 }
 };
 
Index: vsftpd-3.0.2/tunables.c
===================================================================
--- vsftpd-3.0.2.orig/tunables.c	2018-06-28 15:45:11.373254606 +0000
+++ vsftpd-3.0.2/tunables.c	2018-06-28 15:45:16.700973780 +0000
@@ -110,6 +110,7 @@ unsigned int tunable_delay_failed_login;
 unsigned int tunable_delay_successful_login;
 unsigned int tunable_max_login_fails;
 unsigned int tunable_chown_upload_mode;
+unsigned int tunable_address_space_limit;
 
 const char* tunable_secure_chroot_dir;
 const char* tunable_ftp_username;
@@ -255,6 +256,7 @@ tunables_load_defaults()
   tunable_max_login_fails = 3;
   /* -rw------- */
   tunable_chown_upload_mode = 0600;
+  tunable_address_space_limit = 0;	/* See main.c:limits_init */
 
   install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
   install_str_setting("ftp", &tunable_ftp_username);
Index: vsftpd-3.0.2/tunables.h
===================================================================
--- vsftpd-3.0.2.orig/tunables.h	2018-06-28 15:45:11.373254606 +0000
+++ vsftpd-3.0.2/tunables.h	2018-06-28 15:45:16.700973780 +0000
@@ -112,6 +112,7 @@ extern unsigned int tunable_delay_failed
 extern unsigned int tunable_delay_successful_login;
 extern unsigned int tunable_max_login_fails;
 extern unsigned int tunable_chown_upload_mode;
+extern unsigned int tunable_address_space_limit;
 
 /* String defines */
 extern const char* tunable_secure_chroot_dir;
Index: vsftpd-3.0.2/vsftpd.conf.5
===================================================================
--- vsftpd-3.0.2.orig/vsftpd.conf.5	2018-06-28 15:45:06.882648441 +0000
+++ vsftpd-3.0.2/vsftpd.conf.5	2018-06-28 15:55:42.806639732 +0000
@@ -639,6 +639,19 @@ The timeout, in seconds, for a remote cl
 a PASV style data connection.
 
 Default: 60
+
+.TP
+.B address_space_limit
+Set the amount of memory vsftpd can use (in bytes). This limit exists so that
+attackers cannot exploit any potential bugs in the server that might result in
+vsftpd allocating huge amounts of memory that would affect the host system
+negatively, e.g. causing thrashing or killing random processes due to Linux's
+OOM system. If the value is configured too low, vsftpd will fail with "out of
+memory" errors during normal operations. Oftentimes, this occurs inside of the
+PAM stack on systems that have many memory-intensive PAM modules enabled.
+
+Default: 104857600 (100MB)
+
 .TP
 .B anon_max_rate
 The maximum data transfer rate permitted, in bytes per second, for anonymous
openSUSE Build Service is sponsored by