From dff5dcf9576f244154d7946374b777c580e3cbbe Mon Sep 17 00:00:00 2001
From: Martin Wilke <miwi@FreeBSD.org>
Date: Mon, 5 Nov 2007 21:54:46 +0000
Subject: - Kalle Olavi Niemitalo discovered two boundary errors in fsplib code
   included in gFTP when processing overly long directory or file names. -
 Bump PORTREVISION

Reviewed by:	simon
Approved by:	portmgr (erwin)
Obtained from:	gentoo cvs
Security:	http://www.vuxml.org/freebsd/f8b0f83c-8bb3-11dc-bffa-0016179b2dd5.html
---
 ftp/gftp/files/patch-lib-fsplib_fsplib.c | 47 ++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 ftp/gftp/files/patch-lib-fsplib_fsplib.c

(limited to 'ftp/gftp/files/patch-lib-fsplib_fsplib.c')

diff --git a/ftp/gftp/files/patch-lib-fsplib_fsplib.c b/ftp/gftp/files/patch-lib-fsplib_fsplib.c
new file mode 100644
index 000000000000..151b3bfb8c2d
--- /dev/null
+++ b/ftp/gftp/files/patch-lib-fsplib_fsplib.c
@@ -0,0 +1,47 @@
+--- lib/fsplib/fsplib.c.orig	2005-01-19 03:03:45.000000000 +0100
++++ lib/fsplib/fsplib.c	2007-11-05 16:37:32.000000000 +0100
+@@ -612,7 +612,7 @@
+     entry->d_reclen = fentry.reclen;
+     strncpy(entry->d_name,fentry.name,MAXNAMLEN);
+ 
+-    if (fentry.namlen > MAXNAMLEN)
++    if (fentry.namlen >= MAXNAMLEN)
+     {
+ 	entry->d_name[MAXNAMLEN + 1 ] = '\0';
+ #ifdef HAVE_NAMLEN
+@@ -680,9 +680,19 @@
+        /* skip file date and file size */
+        dir->dirpos += 9;
+        /* read file name */
+-       entry->name[255 + 1] = '\0';
++       entry->name[255] = '\0';
+        strncpy(entry->name,(char *)( dir->data + dir->dirpos ),MAXNAMLEN);
++       /* check for ASCIIZ encoded filename */
++       if (memchr(dir->data + dir->dirpos,0,dir->datasize - dir->dirpos) != NULL)
++       {
+        namelen = strlen( (char *) dir->data+dir->dirpos);
++       }
++       else
++       {
++            /* \0 terminator not found at end of filename */
++            *result = NULL;
++            return 0;
++       }
+        /* skip over file name */
+        dir->dirpos += namelen +1;
+ 
+@@ -709,12 +719,12 @@
+ 
+ struct dirent * fsp_readdir(FSP_DIR *dirp)
+ {
+-    static struct dirent entry;
++    static dirent_workaround entry;
+     struct dirent *result;
+     
+     
+     if (dirp == NULL) return NULL;
+-    if ( fsp_readdir_r(dirp,&entry,&result) )
++    if ( fsp_readdir_r(dirp,&entry.dirent,&result) )
+         return NULL;
+     else
+         return result;
-- 
cgit v1.2.3