Ticket #1902: (reopened defect) Possible security risk in mcserv.c

Comment by Oswald Buddenhagen: first, you decided to ignore my advice about not obfuscating the code with nonsense-checks, and on top of that you broke the string comparison (just see what happens when you try a user named "ftpmaster"). This commit contain changes for respect this critic. Signed-off-by: Slava Zanko <slavazanko@gmail.com>
2010-02-04 16:30:59 +02:00 · 2010-02-04 16:30:59 +02:00 · 7ea4dfb4ca
--- a/lib/vfs/mc-vfs/mcserv.c
+++ b/lib/vfs/mc-vfs/mcserv.c
@ -1016,13 +1016,9 @@ do_auth (const char *username, const char *password)
    if (getuid () != this->pw_uid)
 	return 0;

-    if (strncmp(username, "ftp", 3) == 0) {
-	errno = 0;
-	if (chroot(this->pw_dir) != 0 || errno != 0) {
-	auth = errno;
-	    error(0, errno, strerror(errno));
-	    return (-auth);
-	}
+    if ( (strcmp(username, "ftp") == 0) && (chroot(this->pw_dir) != 0) ) {
+	error(0, errno, strerror(errno));
+	return 0;
    }

    endpwent ();