From 84eecdd0e8f1b49f1bd825c1f1cf18a42827b125 Mon Sep 17 00:00:00 2001
From: Paul Howarth <paul@city-fan.org>
Date: Feb 12 2017 12:08:29 +0000
Subject: Fix segfault in mod_sftp (#1420365, upstream bug 4287)


Properly allocate (and clear) the UMAC contexts, to fix segfault in mod_sftp
(#1420365, upstream bug 4287)

---

diff --git a/e6450a1f.patch b/e6450a1f.patch
new file mode 100644
index 0000000..fc25dac
--- /dev/null
+++ b/e6450a1f.patch
@@ -0,0 +1,80 @@
+From 8c2868e08a384a1f9dff8f396c23d70f20dcafbd Mon Sep 17 00:00:00 2001
+From: TJ Saunders <tj@castaglia.org>
+Date: Sun, 5 Feb 2017 13:33:41 -0800
+Subject: [PATCH] Bug#4287: Properly allocate (and clear) the UMAC contexts. 
+ Failure to do so leads to segfaults.
+
+---
+ contrib/mod_sftp/mac.c | 25 +++++++++++++------------
+ 1 file changed, 13 insertions(+), 12 deletions(-)
+
+diff --git a/contrib/mod_sftp/mac.c b/contrib/mod_sftp/mac.c
+index e5713b3..e0823b3 100644
+--- a/contrib/mod_sftp/mac.c
++++ b/contrib/mod_sftp/mac.c
+@@ -103,6 +103,7 @@ static unsigned int get_next_write_index(void) {
+ static void switch_read_mac(void) {
+   /* First we can clear the read MAC, kept from rekeying. */
+   if (read_macs[read_mac_idx].key) {
++    clear_mac(&(read_macs[read_mac_idx]));
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+     HMAC_CTX_reset(hmac_read_ctxs[read_mac_idx]);
+ #elif OPENSSL_VERSION_NUMBER > 0x000907000L
+@@ -626,6 +627,11 @@ int sftp_mac_set_read_algo(const char *algo) {
+     idx = get_next_read_index();
+   }
+ 
++  if (umac_read_ctxs[idx] != NULL) {
++    umac_delete(umac_read_ctxs[idx]);
++    umac_read_ctxs[idx] = NULL;
++  }
++
+   read_macs[idx].digest = sftp_crypto_get_digest(algo, &mac_len);
+   if (read_macs[idx].digest == NULL) {
+     return -1;
+@@ -634,6 +640,7 @@ int sftp_mac_set_read_algo(const char *algo) {
+   read_macs[idx].algo = algo;
+   if (strncmp(read_macs[idx].algo, "umac-64@openssh.com", 12) == 0) {
+     read_macs[idx].algo_type = SFTP_MAC_ALGO_TYPE_UMAC64;
++    umac_read_ctxs[idx] = umac_alloc();
+ 
+   } else {
+     read_macs[idx].algo_type = SFTP_MAC_ALGO_TYPE_HMAC;
+@@ -730,6 +737,11 @@ int sftp_mac_set_write_algo(const char *algo) {
+     idx = get_next_write_index();
+   }
+ 
++  if (umac_write_ctxs[idx] != NULL) {
++    umac_delete(umac_write_ctxs[idx]);
++    umac_write_ctxs[idx] = NULL;
++  }
++
+   write_macs[idx].digest = sftp_crypto_get_digest(algo, &mac_len);
+   if (write_macs[idx].digest == NULL) {
+     return -1;
+@@ -738,6 +750,7 @@ int sftp_mac_set_write_algo(const char *algo) {
+   write_macs[idx].algo = algo;
+   if (strncmp(write_macs[idx].algo, "umac-64@openssh.com", 12) == 0) {
+     write_macs[idx].algo_type = SFTP_MAC_ALGO_TYPE_UMAC64;
++    umac_write_ctxs[idx] = umac_alloc();
+ 
+   } else {
+     write_macs[idx].algo_type = SFTP_MAC_ALGO_TYPE_HMAC;
+@@ -846,17 +859,5 @@ int sftp_mac_free(void) {
+   HMAC_CTX_free(hmac_write_ctxs[1]);
+ #endif /* OpenSSL-1.1.0 and later */
+ 
+-  umac_delete(umac_read_ctxs[0]);
+-  umac_read_ctxs[0] = NULL;
+-
+-  umac_delete(umac_read_ctxs[1]);
+-  umac_read_ctxs[1] = NULL;
+-
+-  umac_delete(umac_write_ctxs[0]);
+-  umac_write_ctxs[0] = NULL;
+-
+-  umac_delete(umac_write_ctxs[1]);
+-  umac_write_ctxs[1] = NULL;
+-
+   return 0;
+ }
diff --git a/proftpd.spec b/proftpd.spec
index 99c11e6..7e3a833 100644
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -46,13 +46,13 @@
 %global _hardened_build 1
 
 #global prever rc3
-%global rpmrel 1
+%global rpmrel 3
 %global mod_vroot_version 0.9.4
 
 Summary:		Flexible, stable and highly-configurable FTP server
 Name:			proftpd
 Version:		1.3.5d
-Release:		%{?prever:0.}%{rpmrel}%{?prever:.%{prever}}%{?dist}.1
+Release:		%{?prever:0.}%{rpmrel}%{?prever:.%{prever}}%{?dist}
 License:		GPLv2+
 Group:			System Environment/Daemons
 URL:			http://www.proftpd.org/
@@ -70,6 +70,7 @@ Source10:		http://github.com/Castaglia/proftpd-mod_vroot/archive/v%{mod_vroot_ve
 # not fall foul of the rules against library bundling
 Source13:		http://search.cpan.org/CPAN/authors/id/C/CL/CLEMBURG/Test-Unit-0.14.tar.gz
 Patch0:			https://github.com/proftpd/proftpd/commit/d800ece1.patch
+Patch1:			https://github.com/proftpd/proftpd/commit/e6450a1f.patch
 Patch2:			proftpd.conf-no-memcached.patch
 Patch4:			proftpd-1.3.4rc1-mod_vroot-test.patch
 BuildRoot:		%{_tmppath}/%{name}-%{version}-%{release}-root
@@ -224,6 +225,11 @@ cp -p %{SOURCE1} proftpd.conf
 # https://retrace.fedoraproject.org/faf/reports/10744/
 %patch0 -p1
 
+# Properly allocate (and clear) the UMAC contexts
+# http://bugs.proftpd.org/show_bug.cgi?id=4287
+# https://bugzilla.redhat.com/show_bug.cgi?id=1420365
+%patch1 -p1
+
 # If we're running the full test suite, include the mod_vroot test
 %patch4 -p1 -b .test_vroot
 
@@ -509,7 +515,11 @@ fi
 %{_mandir}/man1/ftpwho.1*
 
 %changelog
-* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5d-1.1
+* Wed Feb  8 2017 Paul Howarth <paul@city-fan.org> - 1.3.5d-3
+- Properly allocate (and clear) the UMAC contexts, to fix segfault in mod_sftp
+  (#1420365, upstream bug 4287)
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5d-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
 
 * Mon Jan 16 2017 Paul Howarth <paul@city-fan.org> - 1.3.5d-1