[krbdev.mit.edu #6889] ftpd parses ftpusers entries that use "restrict" incorrectly

[The RT System itself via RT]

>From krb5-bugs-incoming-bounces at PCH.mit.edu  Thu Mar 31 13:19:38 2011
Return-Path: <krb5-bugs-incoming-bounces at PCH.mit.edu>
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
	by krbdev.mit.edu (Postfix) with ESMTP id A9C983E640;
	Thu, 31 Mar 2011 13:19:37 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id p2VHJbaA029940;
	Thu, 31 Mar 2011 13:19:37 -0400
Received: from mailhub-dmz-2.mit.edu (MAILHUB-DMZ-2.MIT.EDU [18.7.62.37])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id p2UL1uED029674
	for <krb5-bugs-incoming at PCH.mit.edu>; Wed, 30 Mar 2011 17:01:56 -0400
Received: from dmz-mailsec-scanner-7.mit.edu (DMZ-MAILSEC-SCANNER-7.MIT.EDU
	[18.7.68.36])
	by mailhub-dmz-2.mit.edu (8.13.8/8.9.2) with ESMTP id p2UL0vHR008658
	for <krb5-bugs at mit.edu>; Wed, 30 Mar 2011 17:01:56 -0400
X-AuditID: 12074424-b7cacae000003d70-d7-4d939a1fc0e6
Authentication-Results: symauth.service.identifier; spf=pass; senderid=pass
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
	by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP
	id 9A.2F.15728.F1A939D4; Wed, 30 Mar 2011 17:01:19 -0400 (EDT)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
	(int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p2UL1skN000368
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <krb5-bugs at mit.edu>; Wed, 30 Mar 2011 17:01:54 -0400
Received: from blade.bos.redhat.com (blade.bos.redhat.com [10.16.19.220])
	by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id p2UL1qxq010349
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <krb5-bugs at mit.edu>; Wed, 30 Mar 2011 17:01:54 -0400
Received: from blade.bos.redhat.com (localhost.localdomain [127.0.0.1])
	by blade.bos.redhat.com (8.14.4/8.14.3) with ESMTP id p2UL2EZk004172
	for <krb5-bugs at mit.edu>; Wed, 30 Mar 2011 17:02:14 -0400
Received: (from nalin at localhost)
	by blade.bos.redhat.com (8.14.4/8.14.4/Submit) id p2UL2EEB004171;
	Wed, 30 Mar 2011 17:02:14 -0400
Date: Wed, 30 Mar 2011 17:02:14 -0400
Message-Id: <201103302102.p2UL2EEB004171 at blade.bos.redhat.com>
To: krb5-bugs at mit.edu
Subject: ftpd parses ftpusers entries that use "restrict" incorrectly
From: nalin at redhat.com
X-send-pr-version: 3.99
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpmleJIrShJLcpLzFFi42K52LJdRld+1mRfg13TLCwaHh5nd2D0aDpz
	lDmAMYrLJiU1J7MstUjfLoErY+n/VsaCS1wVi2YcZW9g3MnRxcjJISFgInHw7l5mEJtRwFvi
	zdXj7BBxMYkL99azdTFycQgJnGCUOHJ7KzOEs4lJomXCHShnKZPEr5nHWSCck4wSVxdeZIdw
	2hglvrcfBhvGIqAqsenISVYQm1fATqK9/TULiC0iICrx8u8xMFtYwFXiUcc9MJsNaPmNeafA
	6oUEpCTaL01nA7GZBVgk/rzZwAJxoLjEju2noY7VlmiYNZllAqPgAkaGVYyyKblVurmJmTnF
	qcm6xcmJeXmpRbrmermZJXqpKaWbGIGhJsTuorKDsfmQ0iFGAQ5GJR7exuDJvkKsiWXFlbmH
	GCU5mJREeVfOAArxJeWnVGYkFmfEF5XmpBYfYpTgYFYS4a3UAcrxpiRWVqUW5cOkpDlYlMR5
	50mq+woJpCeWpGanphakFsFkmTjYDzHKcHAoSfDOmQnULViUmp5akZaZU4KshhNEcIGs4QFa
	cwykkLe4IDG3ODMdougUoy7H/IuP9jIKseTl56VKiUNMEwApyijNgxsGShv1////v8QoKyXM
	y8jAwCDEA3QNMBAQ8qC084pRHBgAwrxTQabwZOaVwG16BXQEE9ARgUoTQI4oSURISTUwTlUv
	PDXN1eTr6k6+7yEfX5eJR+qn+H8887c3eNvXIj21Tc/38q8MLpVwzkrNso2+caVoXmPFmZfR
	Dv1q4fKXHKbNOMuSahMrp/GvUaRx2ZPYljfaV9dI/nJeePSUxJoohhup//Tf7368aYn02tfz
	ZLexWJbk8uSH/+6zOD7Rv+P28/Y5Ji9jlFiKMxINtZiLihMBuZhxPxYDAAA=
X-Mailman-Approved-At: Thu, 31 Mar 2011 13:19:35 -0400
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: nalin at redhat.com
Sender: krb5-bugs-incoming-bounces at PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces at PCH.mit.edu


>Submitter-Id:	net
>Originator:	Nalin Dahyabhai
>Organization:
>Confidential:	no
>Synopsis:	ftpd parses ftpusers entries that use "restrict" incorrectly
>Severity:	non-critical
>Priority:	low
>Category:	krb5-appl
>Class:		sw-bug
>Release:	1.9
>Environment:
	
System: Linux blade.bos.redhat.com 2.6.38-1.fc15.x86_64 #1 SMP Tue Mar 15 05:29:00 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
Architecture: x86_64

>Description:
	Jatin Nansi notes that when parsing /etc/ftpusers, ftpd doesn't
	correctly handle lines which use "restrict".
>How-To-Repeat:
	Set up ftpd with a keytab, as usual, and add your local user's
	name to /etc/ftpusers with the "restrict" keyword.  If you
	connect, you won't be chrooted, and the "pwd" command will
	indicate that you're in your home directory rather than the
	root directory.
>Fix:
	Here's Jatin's one-line fix:

Index: gssftp/ftpd/ftpd.c
===================================================================
--- gssftp/ftpd/ftpd.c	(revision 3308)
+++ gssftp/ftpd/ftpd.c	(working copy)
@@ -805,7 +805,7 @@
 			if (strcmp(line, name) == 0)
 			     return (1);
 			if (strncmp(line, name, strlen(name)) == 0) {
-			     int i = strlen(name) + 1;
+			     int i = strlen(name);
 			     
 			     /* Make sure foo doesn't match foobar */
 			     if (line[i] == '\0' || !isspace((int) line[i]))