--- src/ftpd.c.orig Sun Jul 2 01:17:39 2000 +++ src/ftpd.c Tue Sep 4 10:36:51 2001 @@ -1662,9 +1662,9 @@ /* Display s/key challenge where appropriate. */ if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf)) - sprintf(buf, "Password required for %s.", name); + snprintf(buf, 128, "Password required for %s.", name); else - sprintf(buf, "%s %s for %s.", sbuf, + snprintf(buf, 128, "%s %s for %s.", sbuf, pwok ? "allowed" : "required", name); return (buf); } @@ -2572,7 +2572,7 @@ #ifdef BSD_AUTH if (ext_auth) { if ((salt = check_auth(the_user, passwd))) { - reply(530, salt); + reply(530, "%s", salt); #ifdef LOG_FAILED /* 27-Apr-93 EHK/BM */ syslog(LOG_INFO, "failed login from %s", remoteident); @@ -6274,7 +6274,7 @@ if (s) { int i = ntohs(pasv_addr.sin_port); sprintf(s, "PASV port %i assigned to %s", i, remoteident); - syslog(LOG_DEBUG, s); + syslog(LOG_DEBUG, "%s", s); free(s); } } @@ -6289,7 +6289,7 @@ char *s = calloc(128 + strlen(remoteident), sizeof(char)); if (s) { sprintf(s, "PASV port assignment assigned for %s", remoteident); - syslog(LOG_DEBUG, s); + syslog(LOG_DEBUG, "%s", s); free(s); } } @@ -6435,7 +6435,7 @@ dirlist = ftpglob(whichfiles); sdirlist = dirlist; /* save to free later */ if (globerr != NULL) { - reply(550, globerr); + reply(550, "%s", globerr); goto globfree; } else if (dirlist == NULL) { @@ -6486,7 +6486,6 @@ } goto globfree; } - if ((st.st_mode & S_IFMT) != S_IFDIR) { if (dout == NULL) { dout = dataconn("file list", (off_t) - 1, "w"); if (dout == NULL) @@ -6509,7 +6508,6 @@ byte_count_out++; } #endif - } } if (dout != NULL) { @@ -7274,7 +7272,7 @@ int which; struct aclmember *entry = NULL; (void) acl_getclass(class); - while (getaclentry("port-allow", &entry)) { + while (getaclentry("pasv-allow", &entry)) { if ((ARG0 != NULL) && (strcasecmp(class, ARG0) == 0)) for (which = 1; (which < MAXARGS) && (ARG[which] != NULL); which++) { if (hostmatch(ARG[which], remoteaddr, NULL))