disallow null passwords yet again.
SCCS-vsn: libexec/ftpd/ftpd.c 4.31
-static char sccsid[] = "@(#)ftpd.c 4.30 (Berkeley) %G%";
+static char sccsid[] = "@(#)ftpd.c 4.31 (Berkeley) %G%";
}
signal(SIGPIPE, lostconn);
signal(SIGCHLD, SIG_IGN);
}
signal(SIGPIPE, lostconn);
signal(SIGCHLD, SIG_IGN);
/* do telnet option negotiation here */
/*
* Set up default state
/* do telnet option negotiation here */
/*
* Set up default state
}
if (!guest) { /* "ftp" is only account allowed no password */
xpasswd = crypt(passwd, pw->pw_passwd);
}
if (!guest) { /* "ftp" is only account allowed no password */
xpasswd = crypt(passwd, pw->pw_passwd);
- if (strcmp(xpasswd, pw->pw_passwd) != 0) {
+ /* The strcmp does not catch null passwords! */
+ if (*pw->pw_passwd == '\0' || strcmp(xpasswd, pw->pw_passwd)) {
reply(530, "Login incorrect.");
pw = NULL;
return;
reply(530, "Login incorrect.");
pw = NULL;
return;
- if (guest) /* grab wtmp before chroot */
- wtmp = open("/usr/adm/wtmp", O_WRONLY|O_APPEND);
+ /* grab wtmp before chroot */
+ wtmp = open("/usr/adm/wtmp", O_WRONLY|O_APPEND);
if (guest && chroot(pw->pw_dir) < 0) {
reply(550, "Can't set guest privileges.");
if (guest && chroot(pw->pw_dir) < 0) {
reply(550, "Can't set guest privileges.");
+ if (wtmp >= 0) {
+ (void) close(wtmp);
+ wtmp = -1;
+ }
- if (guest && (wtmp >= 0))
- lseek(wtmp, 0, L_XTND);
- else
- wtmp = open("/usr/adm/wtmp", O_WRONLY|O_APPEND);
if (wtmp >= 0) {
/* hack, but must be unique and no tty line */
sprintf(line, "ftp%d", getpid());
if (wtmp >= 0) {
/* hack, but must be unique and no tty line */
sprintf(line, "ftp%d", getpid());
SCPYN(utmp.ut_host, remotehost);
utmp.ut_time = time(0);
(void) write(wtmp, (char *)&utmp, sizeof (utmp));
SCPYN(utmp.ut_host, remotehost);
utmp.ut_time = time(0);
(void) write(wtmp, (char *)&utmp, sizeof (utmp));
+ if (!guest) { /* anon must hang on */
+ (void) close(wtmp);
+ wtmp = -1;
+ }
if (!logged_in)
return;
seteuid(0);
if (!logged_in)
return;
seteuid(0);
- if (guest && (wtmp >= 0))
- lseek(wtmp, 0, L_XTND);
- else
wtmp = open("/usr/adm/wtmp", O_WRONLY|O_APPEND);
if (wtmp >= 0) {
SCPYN(utmp.ut_name, "");
wtmp = open("/usr/adm/wtmp", O_WRONLY|O_APPEND);
if (wtmp >= 0) {
SCPYN(utmp.ut_name, "");