From be8de0ff46d3ad9e5facda7eb215fa1d545b1010 Mon Sep 17 00:00:00 2001
From: Sebastian Huber <sebastian.huber@embedded-brains.de>
Date: Fri, 5 Oct 2018 15:16:46 +0200
Subject: ftpd: Fix insecure chroot() handling

Ensure that the rtems_libio_set_private_env() was successful before the
chroot().

Update #3530.
---
 cpukit/ftpd/ftpd.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

(limited to 'cpukit/ftpd')

diff --git a/cpukit/ftpd/ftpd.c b/cpukit/ftpd/ftpd.c
index b319dae9ed..08c39da31f 100644
--- a/cpukit/ftpd/ftpd.c
+++ b/cpukit/ftpd/ftpd.c
@@ -1879,14 +1879,9 @@ static void
 session(rtems_task_argument arg)
 {
   FTPD_SessionInfo_t  *const info = (FTPD_SessionInfo_t  *)arg;
-  int chroot_made = 0;
+  bool chroot_made = false;
 
-  rtems_libio_set_private_env();
-
-  /* chroot() can fail here because the directory may not exist yet. */
-  chroot_made = chroot(ftpd_root) == 0;
-
-  while(1)
+  while (1)
   {
     rtems_event_set set;
     int rv;
@@ -1894,8 +1889,14 @@ session(rtems_task_argument arg)
     rtems_event_receive(FTPD_RTEMS_EVENT, RTEMS_EVENT_ANY, RTEMS_NO_TIMEOUT,
       &set);
 
-    chroot_made = chroot_made || chroot(ftpd_root) == 0;
+    chroot_made = chroot_made
+      || (rtems_libio_set_private_env() == RTEMS_SUCCESSFUL
+        && chroot(ftpd_root) == 0);
 
+    /*
+     * The chdir() must immediatly follow the chroot(), otherwise static
+     * analysis tools may complain about a security issue.
+    */
     rv = chroot_made ? chdir("/") : -1;
 
     errno = 0;
-- 
cgit v1.2.3