summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2004-10-07 04:52:05 +0000
committerMike Frysinger <vapier@gentoo.org>2004-10-07 04:52:05 +0000
commit573e35c38951d1ca0115bfd53efea6a1f16b2551 (patch)
treeb0cf2455f0ae443352e81049819ab9b325af2b04 /net-ftp/glftpd
parentadd a small sandbox fix and a /dev/null check to aid in debugging bug 65876 (diff)
downloadgentoo-2-573e35c38951d1ca0115bfd53efea6a1f16b2551.tar.gz
gentoo-2-573e35c38951d1ca0115bfd53efea6a1f16b2551.tar.bz2
gentoo-2-573e35c38951d1ca0115bfd53efea6a1f16b2551.zip
bad stack overflows #66495
Diffstat (limited to 'net-ftp/glftpd')
-rw-r--r--net-ftp/glftpd/ChangeLog9
-rw-r--r--net-ftp/glftpd/files/1.32-stack-overflow.patch42
-rw-r--r--net-ftp/glftpd/files/digest-glftpd-1.32-r2 (renamed from net-ftp/glftpd/files/digest-glftpd-1.32-r1)0
-rw-r--r--net-ftp/glftpd/glftpd-1.32-r2.ebuild (renamed from net-ftp/glftpd/glftpd-1.32-r1.ebuild)2
4 files changed, 51 insertions, 2 deletions
diff --git a/net-ftp/glftpd/ChangeLog b/net-ftp/glftpd/ChangeLog
index 61c32f6983aa..f4090bad60f2 100644
--- a/net-ftp/glftpd/ChangeLog
+++ b/net-ftp/glftpd/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for net-ftp/glftpd
# Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/ChangeLog,v 1.10 2004/09/21 01:59:46 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/ChangeLog,v 1.11 2004/10/07 04:52:05 vapier Exp $
+
+*glftpd-1.32-r2 (07 Oct 2004)
+
+ 07 Oct 2004; Mike Frysinger <vapier@gentoo.org>
+ files/1.32-stack-overflow.patch, -glftpd-1.32-r1.ebuild,
+ +glftpd-1.32-r2.ebuild:
+ More stack overflow fixes #66495.
*glftpd-1.32-r1 (20 Sep 2004)
diff --git a/net-ftp/glftpd/files/1.32-stack-overflow.patch b/net-ftp/glftpd/files/1.32-stack-overflow.patch
index d10182606760..b6ffed04d991 100644
--- a/net-ftp/glftpd/files/1.32-stack-overflow.patch
+++ b/net-ftp/glftpd/files/1.32-stack-overflow.patch
@@ -10,3 +10,45 @@
if((fp = fopen(dupefile, "r")) == NULL)
return 0;
+--- bin/sources/dirlogclean.c.orig 2002-11-24 08:52:14.000000000 -0500
++++ bin/sources/dirlogclean.c 2004-10-06 20:49:02.357541216 -0400
+@@ -99,14 +99,16 @@
+ if (argv[x][0] != '-') { } else {
+ switch ( argv[x][1] ) {
+ case 'r':
+- strcpy(config_file, argv[x+1]);
++ strncpy(config_file, argv[x+1], sizeof(config_file) - 1);
++ config_file[ sizeof(config_file) - 1 ] = '\0';
+ break;
+ }
+ }
+ x++;
+ }
+
+- strcpy(cleanname, argv[argc-1]);
++ strncpy(cleanname, argv[argc-1], sizeof(cleanname) - 1);
++ cleanname[ sizeof(cleanname) - 1 ] = '\0';
+ printf("CLEANING: %s\n", cleanname);
+
+ read_conf_datapath(datapath, config_file);
+--- bin/sources/formateduser.c.orig 2002-11-24 08:52:14.000000000 -0500
++++ bin/sources/formateduser.c 2004-10-06 20:51:35.995184744 -0400
+@@ -238,7 +238,8 @@
+ if (argv[x][0] != '-') { } else {
+ switch ( argv[x][1] ) {
+ case 'r':
+- strcpy(config_file, argv[x+1]);
++ strncpy(config_file, argv[x+1], sizeof(config_file) - 1);
++ config_file[ sizeof(config_file) - 1 ] = '\0';
+ break;
+ }
+ }
+@@ -246,7 +247,7 @@
+ }
+
+ read_conf_datapath(datapath, config_file);
+- sprintf(userfile, "%s/users/%s", datapath, argv[argc-1]);
++ snprintf(userfile, sizeof(userfile), "%s/users/%s", datapath, argv[argc-1]);
+
+
+ if((fp = fopen(userfile, "r")) == NULL)
diff --git a/net-ftp/glftpd/files/digest-glftpd-1.32-r1 b/net-ftp/glftpd/files/digest-glftpd-1.32-r2
index ae51c837d55b..ae51c837d55b 100644
--- a/net-ftp/glftpd/files/digest-glftpd-1.32-r1
+++ b/net-ftp/glftpd/files/digest-glftpd-1.32-r2
diff --git a/net-ftp/glftpd/glftpd-1.32-r1.ebuild b/net-ftp/glftpd/glftpd-1.32-r2.ebuild
index 02fda6ffda6b..bbd768c14a97 100644
--- a/net-ftp/glftpd/glftpd-1.32-r1.ebuild
+++ b/net-ftp/glftpd/glftpd-1.32-r2.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/glftpd-1.32-r1.ebuild,v 1.1 2004/09/21 01:59:46 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/glftpd-1.32-r2.ebuild,v 1.1 2004/10/07 04:52:05 vapier Exp $
inherit eutils