diff options
author | Munechika SUMIKAWA <sumikawa@FreeBSD.org> | 2005-05-19 01:57:42 +0000 |
---|---|---|
committer | Munechika SUMIKAWA <sumikawa@FreeBSD.org> | 2005-05-19 01:57:42 +0000 |
commit | 27042fd0893407afe58534b1340ec825c408261a (patch) | |
tree | 5d2ccc813d9285aa470664729fef210fe9d0c58b /ftp/wu-ftpd+ipv6/files | |
parent | Update port: irc/ptlink-ircd Update from 6.18.2 to 6.19.3 (diff) |
Integrate official skeychallenge.patch
Fix denial of service in NLST CAN-2005-0256
Notes
Notes:
svn path=/head/; revision=135574
Diffstat (limited to 'ftp/wu-ftpd+ipv6/files')
-rw-r--r-- | ftp/wu-ftpd+ipv6/files/patch-aa | 27 | ||||
-rw-r--r-- | ftp/wu-ftpd+ipv6/files/patch-ap | 29 |
2 files changed, 49 insertions, 7 deletions
diff --git a/ftp/wu-ftpd+ipv6/files/patch-aa b/ftp/wu-ftpd+ipv6/files/patch-aa index fb9496f1c4fe..6ea6479bb5d5 100644 --- a/ftp/wu-ftpd+ipv6/files/patch-aa +++ b/ftp/wu-ftpd+ipv6/files/patch-aa @@ -1,5 +1,5 @@ ---- src/ftpd.c.orig Mon Mar 8 07:24:50 2004 -+++ src/ftpd.c Mon Mar 8 07:24:50 2004 +--- src/ftpd.c.orig Tue Apr 5 03:22:01 2005 ++++ src/ftpd.c Tue Apr 5 04:10:13 2005 @@ -447,7 +447,6 @@ #ifdef OPIE #include <opie.h> @@ -24,10 +24,10 @@ if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf)) - sprintf(buf, "Password required for %s.", name); -+ snprintf(buf, 128, "Password required for %s.", name); ++ snprintf(buf, sizeof(buf)-1, "Password required for %s.", name); else - sprintf(buf, "%s %s for %s.", sbuf, -+ snprintf(buf, 128, "%s %s for %s.", sbuf, ++ snprintf(buf, sizeof(buf)-1, "%s %s for %s.", sbuf, pwok ? "allowed" : "required", name); return (buf); } @@ -95,3 +95,22 @@ #ifdef VERBOSE_ERROR_LOGING syslog(LOG_NOTICE, "FTP LOGIN FAILED (cannot chdir) for %s, %s", remoteident, pw->pw_name); +@@ -7469,6 +7471,8 @@ + in++; + if (*in == '/') + in++; ++ else ++ out++; + } + else if ((in[0] == '.') && (in[1] == '.') && ((in[2] == '/') || (in[2] == '\0'))) { + if (out == path) { +@@ -7497,6 +7501,9 @@ + } + else { + do ++ if ((in[0] == '*') && (in[1] == '*')) ++ in++; ++ else + *out++ = *in++; + while ((*in != '\0') && (*in != '/')); + if (*in == '/') diff --git a/ftp/wu-ftpd+ipv6/files/patch-ap b/ftp/wu-ftpd+ipv6/files/patch-ap index 68357225ffe0..852d49fc1120 100644 --- a/ftp/wu-ftpd+ipv6/files/patch-ap +++ b/ftp/wu-ftpd+ipv6/files/patch-ap @@ -1,6 +1,20 @@ ---- src/glob.c.old Sat Jul 1 22:17:39 2000 -+++ src/glob.c Wed Nov 28 13:42:26 2001 -@@ -112,7 +118,7 @@ +--- src/glob.c.old Thu Nov 29 20:01:38 2001 ++++ src/glob.c Thu Jun 10 06:13:51 2004 +@@ -45,10 +45,12 @@ + + #include "proto.h" + ++#define ARGSIZ (524288) ++ + #define QUOTE 0200 + #define TRIM 0177 + #define eq(a,b) (strcmp(a, b)==0) +-#define GAVSIZ (NCARGS/6) ++#define GAVSIZ (ARGSIZ/6) + #define isdir(d) ((d.st_mode & S_IFMT) == S_IFDIR) + + static char **gargv; /* Pointer to the (stack) arglist */ +@@ -112,7 +114,7 @@ fixpath(v); if (v[0] == '\0') @@ -9,3 +23,12 @@ else if ((strlen(v) > 1) && (v[strlen(v) - 1] == '/')) v[strlen(v) - 1] = '\0'; +@@ -149,7 +151,7 @@ + gargv = agargv; + sortbas = agargv; + gargc = 0; +- gnleft = NCARGS - 4; ++ gnleft = ARGSIZ - 4; + } + + static void collect(register char *as) |