1 Author: Ben Hutchings <ben@decadent.org.uk>
2 Description: Remote DoS on Linux 2.6.32 (Closes: #629373).
4 diff -Naurp vsftpd.orig/sysdeputil.c vsftpd/sysdeputil.c
5 --- vsftpd.orig/sysdeputil.c 2010-03-26 04:25:33.000000000 +0100
6 +++ vsftpd/sysdeputil.c 2011-09-05 15:16:05.347070790 +0200
8 #define _LARGEFILE64_SOURCE 1
13 + #include <sys/utsname.h>
19 @@ -1259,11 +1264,36 @@ vsf_set_term_if_parent_dies()
23 +#ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
24 +/* On Linux versions <2.6.35, netns cleanup may be so slow that
25 + * creating a netns per connection allows a remote denial-of-service.
26 + * We therefore do not use CLONE_NEWNET on these versions.
29 +vsf_sysutil_netns_cleanup_is_fast(void)
32 + struct utsname utsname;
34 + return (uname(&utsname) == 0 &&
35 + sscanf(utsname.release, "%d.%d.%d", &r1, &r2, &r3) >= 2 &&
36 + ((r1 << 16) | (r2 << 8) | r3) >= ((2 << 16) | (6 << 8) | 35));
38 + /* Assume any other kernel that has the feature don't have this problem */
45 vsf_sysutil_fork_isolate_all_failok()
47 #ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
48 - static int cloneflags_work = 1;
49 + static int cloneflags_work = -1;
50 + if (cloneflags_work < 0)
52 + cloneflags_work = vsf_sysutil_netns_cleanup_is_fast();
56 int ret = syscall(__NR_clone,
57 @@ -1309,7 +1339,11 @@ int
58 vsf_sysutil_fork_newnet()
60 #ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
61 - static int cloneflags_work = 1;
62 + static int cloneflags_work = -1;
63 + if (cloneflags_work < 0)
65 + cloneflags_work = vsf_sysutil_netns_cleanup_is_fast();
69 int ret = syscall(__NR_clone, CLONE_NEWNET | SIGCHLD, NULL);