diff options
| author | Martin Wilke <miwi@FreeBSD.org> | 2007-11-05 21:54:46 +0000 |
|---|---|---|
| committer | Martin Wilke <miwi@FreeBSD.org> | 2007-11-05 21:54:46 +0000 |
| commit | dff5dcf9576f244154d7946374b777c580e3cbbe (patch) | |
| tree | 0e1abd56e7b1a1d5e85bd8919a52d81efc510f73 /ftp/gftp/files/patch-lib-fsplib_fsplib.c | |
| parent | - gftp -- multiple vulnerabilities (diff) | |
- Kalle Olavi Niemitalo discovered two boundary errors in fsplib code
included in gFTP when processing overly long directory or file names.
- Bump PORTREVISION
Reviewed by: simon
Approved by: portmgr (erwin)
Obtained from: gentoo cvs
Security: http://www.vuxml.org/freebsd/f8b0f83c-8bb3-11dc-bffa-0016179b2dd5.html
Diffstat (limited to 'ftp/gftp/files/patch-lib-fsplib_fsplib.c')
| -rw-r--r-- | ftp/gftp/files/patch-lib-fsplib_fsplib.c | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/ftp/gftp/files/patch-lib-fsplib_fsplib.c b/ftp/gftp/files/patch-lib-fsplib_fsplib.c new file mode 100644 index 000000000000..151b3bfb8c2d --- /dev/null +++ b/ftp/gftp/files/patch-lib-fsplib_fsplib.c @@ -0,0 +1,47 @@ +--- lib/fsplib/fsplib.c.orig 2005-01-19 03:03:45.000000000 +0100 ++++ lib/fsplib/fsplib.c 2007-11-05 16:37:32.000000000 +0100 +@@ -612,7 +612,7 @@ + entry->d_reclen = fentry.reclen; + strncpy(entry->d_name,fentry.name,MAXNAMLEN); + +- if (fentry.namlen > MAXNAMLEN) ++ if (fentry.namlen >= MAXNAMLEN) + { + entry->d_name[MAXNAMLEN + 1 ] = '\0'; + #ifdef HAVE_NAMLEN +@@ -680,9 +680,19 @@ + /* skip file date and file size */ + dir->dirpos += 9; + /* read file name */ +- entry->name[255 + 1] = '\0'; ++ entry->name[255] = '\0'; + strncpy(entry->name,(char *)( dir->data + dir->dirpos ),MAXNAMLEN); ++ /* check for ASCIIZ encoded filename */ ++ if (memchr(dir->data + dir->dirpos,0,dir->datasize - dir->dirpos) != NULL) ++ { + namelen = strlen( (char *) dir->data+dir->dirpos); ++ } ++ else ++ { ++ /* \0 terminator not found at end of filename */ ++ *result = NULL; ++ return 0; ++ } + /* skip over file name */ + dir->dirpos += namelen +1; + +@@ -709,12 +719,12 @@ + + struct dirent * fsp_readdir(FSP_DIR *dirp) + { +- static struct dirent entry; ++ static dirent_workaround entry; + struct dirent *result; + + + if (dirp == NULL) return NULL; +- if ( fsp_readdir_r(dirp,&entry,&result) ) ++ if ( fsp_readdir_r(dirp,&entry.dirent,&result) ) + return NULL; + else + return result; |