diff options
author | Mike Frysinger <vapier@gentoo.org> | 2004-10-07 04:52:05 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2004-10-07 04:52:05 +0000 |
commit | 573e35c38951d1ca0115bfd53efea6a1f16b2551 (patch) | |
tree | b0cf2455f0ae443352e81049819ab9b325af2b04 /net-ftp/glftpd | |
parent | add a small sandbox fix and a /dev/null check to aid in debugging bug 65876 (diff) | |
download | gentoo-2-573e35c38951d1ca0115bfd53efea6a1f16b2551.tar.gz gentoo-2-573e35c38951d1ca0115bfd53efea6a1f16b2551.tar.bz2 gentoo-2-573e35c38951d1ca0115bfd53efea6a1f16b2551.zip |
bad stack overflows #66495
Diffstat (limited to 'net-ftp/glftpd')
-rw-r--r-- | net-ftp/glftpd/ChangeLog | 9 | ||||
-rw-r--r-- | net-ftp/glftpd/files/1.32-stack-overflow.patch | 42 | ||||
-rw-r--r-- | net-ftp/glftpd/files/digest-glftpd-1.32-r2 (renamed from net-ftp/glftpd/files/digest-glftpd-1.32-r1) | 0 | ||||
-rw-r--r-- | net-ftp/glftpd/glftpd-1.32-r2.ebuild (renamed from net-ftp/glftpd/glftpd-1.32-r1.ebuild) | 2 |
4 files changed, 51 insertions, 2 deletions
diff --git a/net-ftp/glftpd/ChangeLog b/net-ftp/glftpd/ChangeLog index 61c32f6983aa..f4090bad60f2 100644 --- a/net-ftp/glftpd/ChangeLog +++ b/net-ftp/glftpd/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-ftp/glftpd # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/ChangeLog,v 1.10 2004/09/21 01:59:46 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/ChangeLog,v 1.11 2004/10/07 04:52:05 vapier Exp $ + +*glftpd-1.32-r2 (07 Oct 2004) + + 07 Oct 2004; Mike Frysinger <vapier@gentoo.org> + files/1.32-stack-overflow.patch, -glftpd-1.32-r1.ebuild, + +glftpd-1.32-r2.ebuild: + More stack overflow fixes #66495. *glftpd-1.32-r1 (20 Sep 2004) diff --git a/net-ftp/glftpd/files/1.32-stack-overflow.patch b/net-ftp/glftpd/files/1.32-stack-overflow.patch index d10182606760..b6ffed04d991 100644 --- a/net-ftp/glftpd/files/1.32-stack-overflow.patch +++ b/net-ftp/glftpd/files/1.32-stack-overflow.patch @@ -10,3 +10,45 @@ if((fp = fopen(dupefile, "r")) == NULL) return 0; +--- bin/sources/dirlogclean.c.orig 2002-11-24 08:52:14.000000000 -0500 ++++ bin/sources/dirlogclean.c 2004-10-06 20:49:02.357541216 -0400 +@@ -99,14 +99,16 @@ + if (argv[x][0] != '-') { } else { + switch ( argv[x][1] ) { + case 'r': +- strcpy(config_file, argv[x+1]); ++ strncpy(config_file, argv[x+1], sizeof(config_file) - 1); ++ config_file[ sizeof(config_file) - 1 ] = '\0'; + break; + } + } + x++; + } + +- strcpy(cleanname, argv[argc-1]); ++ strncpy(cleanname, argv[argc-1], sizeof(cleanname) - 1); ++ cleanname[ sizeof(cleanname) - 1 ] = '\0'; + printf("CLEANING: %s\n", cleanname); + + read_conf_datapath(datapath, config_file); +--- bin/sources/formateduser.c.orig 2002-11-24 08:52:14.000000000 -0500 ++++ bin/sources/formateduser.c 2004-10-06 20:51:35.995184744 -0400 +@@ -238,7 +238,8 @@ + if (argv[x][0] != '-') { } else { + switch ( argv[x][1] ) { + case 'r': +- strcpy(config_file, argv[x+1]); ++ strncpy(config_file, argv[x+1], sizeof(config_file) - 1); ++ config_file[ sizeof(config_file) - 1 ] = '\0'; + break; + } + } +@@ -246,7 +247,7 @@ + } + + read_conf_datapath(datapath, config_file); +- sprintf(userfile, "%s/users/%s", datapath, argv[argc-1]); ++ snprintf(userfile, sizeof(userfile), "%s/users/%s", datapath, argv[argc-1]); + + + if((fp = fopen(userfile, "r")) == NULL) diff --git a/net-ftp/glftpd/files/digest-glftpd-1.32-r1 b/net-ftp/glftpd/files/digest-glftpd-1.32-r2 index ae51c837d55b..ae51c837d55b 100644 --- a/net-ftp/glftpd/files/digest-glftpd-1.32-r1 +++ b/net-ftp/glftpd/files/digest-glftpd-1.32-r2 diff --git a/net-ftp/glftpd/glftpd-1.32-r1.ebuild b/net-ftp/glftpd/glftpd-1.32-r2.ebuild index 02fda6ffda6b..bbd768c14a97 100644 --- a/net-ftp/glftpd/glftpd-1.32-r1.ebuild +++ b/net-ftp/glftpd/glftpd-1.32-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/glftpd-1.32-r1.ebuild,v 1.1 2004/09/21 01:59:46 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/glftpd-1.32-r2.ebuild,v 1.1 2004/10/07 04:52:05 vapier Exp $ inherit eutils |