1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
--- src/ftpd.c.orig Sat Jul 1 22:17:39 2000
+++ src/ftpd.c Fri Sep 28 06:46:35 2001
@@ -1662,9 +1662,9 @@
/* Display s/key challenge where appropriate. */
if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf))
- sprintf(buf, "Password required for %s.", name);
+ snprintf(buf, 128, "Password required for %s.", name);
else
- sprintf(buf, "%s %s for %s.", sbuf,
+ snprintf(buf, 128, "%s %s for %s.", sbuf,
pwok ? "allowed" : "required", name);
return (buf);
}
@@ -2107,7 +2107,7 @@
char prompt[OPIE_CHALLENGE_MAX + 1];
opiechallenge(&opiestate, name, prompt);
- if (askpasswd == -1) {
+ if (pw == NULL) {
syslog(LOG_WARNING, "Invalid FTP user name %s attempted from %s", name, remotehost);
pwok = 0;
}
@@ -2572,7 +2572,7 @@
#ifdef BSD_AUTH
if (ext_auth) {
if ((salt = check_auth(the_user, passwd))) {
- reply(530, salt);
+ reply(530, "%s", salt);
#ifdef LOG_FAILED /* 27-Apr-93 EHK/BM */
syslog(LOG_INFO, "failed login from %s",
remoteident);
@@ -2593,8 +2593,8 @@
if (pw == NULL)
salt = "xx";
else
-#ifndef OPIE
salt = pw->pw_passwd;
+#ifndef OPIE
#ifdef SECUREOSF
if ((pr = getprpwnam(pw->pw_name)) != NULL) {
if (pr->uflg.fg_newcrypt)
@@ -2627,9 +2627,15 @@
xpasswd = crypt(passwd, salt);
#endif /* SKEY */
#else /* OPIE */
- if (!opieverify(&opiestate, passwd))
- rval = 0;
- xpasswd = crypt(passwd, pw->pw_passwd);
+ if (pw != NULL) {
+ if (!opieverify(&opiestate, passwd))
+ xpasswd = pw->pw_passwd;
+ else if (pwok)
+ xpasswd = crypt(passwd, salt);
+ else
+ pw = NULL;
+ }
+ pwok = 0;
#endif /* OPIE */
#ifdef ULTRIX_AUTH
if ((numfails = ultrix_check_pass(passwd, xpasswd)) >= 0) {
@@ -6274,7 +6280,7 @@
if (s) {
int i = ntohs(pasv_addr.sin_port);
sprintf(s, "PASV port %i assigned to %s", i, remoteident);
- syslog(LOG_DEBUG, s);
+ syslog(LOG_DEBUG, "%s", s);
free(s);
}
}
@@ -6289,7 +6295,7 @@
char *s = calloc(128 + strlen(remoteident), sizeof(char));
if (s) {
sprintf(s, "PASV port assignment assigned for %s", remoteident);
- syslog(LOG_DEBUG, s);
+ syslog(LOG_DEBUG, "%s", s);
free(s);
}
}
@@ -6435,7 +6441,7 @@
dirlist = ftpglob(whichfiles);
sdirlist = dirlist; /* save to free later */
if (globerr != NULL) {
- reply(550, globerr);
+ reply(550, "%s", globerr);
goto globfree;
}
else if (dirlist == NULL) {
@@ -6486,7 +6492,6 @@
}
goto globfree;
}
- if ((st.st_mode & S_IFMT) != S_IFDIR) {
if (dout == NULL) {
dout = dataconn("file list", (off_t) - 1, "w");
if (dout == NULL)
@@ -6509,7 +6514,6 @@
byte_count_out++;
}
#endif
- }
}
if (dout != NULL) {
@@ -7274,7 +7278,7 @@
int which;
struct aclmember *entry = NULL;
(void) acl_getclass(class);
- while (getaclentry("port-allow", &entry)) {
+ while (getaclentry("pasv-allow", &entry)) {
if ((ARG0 != NULL) && (strcasecmp(class, ARG0) == 0))
for (which = 1; (which < MAXARGS) && (ARG[which] != NULL); which++) {
if (hostmatch(ARG[which], remoteaddr, NULL))
|
