diff options
| author | ache <ache@FreeBSD.org> | 2005-04-05 08:25:01 +0800 |
|---|---|---|
| committer | ache <ache@FreeBSD.org> | 2005-04-05 08:25:01 +0800 |
| commit | aaa958a000a10e85e8a56c9a1a64ef7229751532 (patch) | |
| tree | abd75e05651ad9e5d4b057e6327c67de2dfa8950 /ftp/wu-ftpd | |
| parent | cc01e81912107f4cb7fd3968cf0346aba1f6d7c5 (diff) | |
| download | freebsd-ports-gnome-aaa958a000a10e85e8a56c9a1a64ef7229751532.tar.gz freebsd-ports-gnome-aaa958a000a10e85e8a56c9a1a64ef7229751532.tar.zst freebsd-ports-gnome-aaa958a000a10e85e8a56c9a1a64ef7229751532.zip | |
Integrate official skeychallenge.patch
Fix denial of service in NLST CAN-2005-0256
Diffstat (limited to 'ftp/wu-ftpd')
| -rw-r--r-- | ftp/wu-ftpd/Makefile | 4 | ||||
| -rw-r--r-- | ftp/wu-ftpd/files/patch-aa | 27 |
2 files changed, 25 insertions, 6 deletions
diff --git a/ftp/wu-ftpd/Makefile b/ftp/wu-ftpd/Makefile index d1b9a15e485e..f38e1ee80fbf 100644 --- a/ftp/wu-ftpd/Makefile +++ b/ftp/wu-ftpd/Makefile @@ -9,11 +9,11 @@ PORTNAME= wu-ftpd PORTVERSION= 2.6.2 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= ftp MASTER_SITES= ftp://ftp.wu-ftpd.org/pub/wu-ftpd/ PATCH_SITES= ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/ -PATCHFILES= connect-dos.patch realpath.patch +PATCHFILES= connect-dos.patch realpath.patch MAINTAINER= ache@FreeBSD.org COMMENT= A replacement ftp server for Un*x systems diff --git a/ftp/wu-ftpd/files/patch-aa b/ftp/wu-ftpd/files/patch-aa index fb9496f1c4fe..6ea6479bb5d5 100644 --- a/ftp/wu-ftpd/files/patch-aa +++ b/ftp/wu-ftpd/files/patch-aa @@ -1,5 +1,5 @@ ---- src/ftpd.c.orig Mon Mar 8 07:24:50 2004 -+++ src/ftpd.c Mon Mar 8 07:24:50 2004 +--- src/ftpd.c.orig Tue Apr 5 03:22:01 2005 ++++ src/ftpd.c Tue Apr 5 04:10:13 2005 @@ -447,7 +447,6 @@ #ifdef OPIE #include <opie.h> @@ -24,10 +24,10 @@ if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf)) - sprintf(buf, "Password required for %s.", name); -+ snprintf(buf, 128, "Password required for %s.", name); ++ snprintf(buf, sizeof(buf)-1, "Password required for %s.", name); else - sprintf(buf, "%s %s for %s.", sbuf, -+ snprintf(buf, 128, "%s %s for %s.", sbuf, ++ snprintf(buf, sizeof(buf)-1, "%s %s for %s.", sbuf, pwok ? "allowed" : "required", name); return (buf); } @@ -95,3 +95,22 @@ #ifdef VERBOSE_ERROR_LOGING syslog(LOG_NOTICE, "FTP LOGIN FAILED (cannot chdir) for %s, %s", remoteident, pw->pw_name); +@@ -7469,6 +7471,8 @@ + in++; + if (*in == '/') + in++; ++ else ++ out++; + } + else if ((in[0] == '.') && (in[1] == '.') && ((in[2] == '/') || (in[2] == '\0'))) { + if (out == path) { +@@ -7497,6 +7501,9 @@ + } + else { + do ++ if ((in[0] == '*') && (in[1] == '*')) ++ in++; ++ else + *out++ = *in++; + while ((*in != '\0') && (*in != '/')); + if (*in == '/') |