aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ftp/proftpd-devel/Makefile2
-rw-r--r--ftp/proftpd-devel/files/patch-mod_tls.c38
-rw-r--r--ftp/proftpd-devel/files/patch-support.c79
-rw-r--r--ftp/proftpd/Makefile2
-rw-r--r--ftp/proftpd/files/patch-mod_tls.c38
-rw-r--r--ftp/proftpd/files/patch-support.c79
6 files changed, 236 insertions, 2 deletions
diff --git a/ftp/proftpd-devel/Makefile b/ftp/proftpd-devel/Makefile
index d392044538e3..fc13ea8ed65a 100644
--- a/ftp/proftpd-devel/Makefile
+++ b/ftp/proftpd-devel/Makefile
@@ -7,7 +7,7 @@
PORTNAME= proftpd
DISTVERSION= 1.3.0
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= ftp
MASTER_SITES= ftp://ftp.proftpd.org/distrib/source/ \
ftp://ftp.fastorama.com/mirrors/ftp.proftpd.org/distrib/source/ \
diff --git a/ftp/proftpd-devel/files/patch-mod_tls.c b/ftp/proftpd-devel/files/patch-mod_tls.c
new file mode 100644
index 000000000000..61b62a827fef
--- /dev/null
+++ b/ftp/proftpd-devel/files/patch-mod_tls.c
@@ -0,0 +1,38 @@
+diff -u -r1.100 mod_tls.c
+--- contrib/mod_tls.c 29 Nov 2006 03:47:56 -0000 1.100
++++ contrib/mod_tls.c 29 Nov 2006 04:09:06 -0000
+@@ -3103,17 +3103,25 @@
+ long datalen = 0;
+ int ok;
+
+- if ((ok = X509_NAME_print_ex(mem, x509_name, 0, XN_FLAG_ONELINE)))
+- datalen = BIO_get_mem_data(mem, &data);
++ ok = X509_NAME_print_ex(mem, x509_name, 0, XN_FLAG_ONELINE);
++ if (ok) {
++ datalen = BIO_get_mem_data(mem, &data);
+
+- if (data) {
+- memset(&buf, '\0', sizeof(buf));
+- memcpy(buf, data, datalen);
+- buf[datalen] = '\0';
+- buf[sizeof(buf)-1] = '\0';
++ if (data) {
++ memset(&buf, '\0', sizeof(buf));
+
+- BIO_free(mem);
+- return buf;
++ if (datalen >= sizeof(buf)) {
++ datalen = sizeof(buf)-1;
++ }
++
++ memcpy(buf, data, datalen);
++
++ buf[datalen] = '\0';
++ buf[sizeof(buf)-1] = '\0';
++
++ BIO_free(mem);
++ return buf;
++ }
+ }
+
+ BIO_free(mem);
diff --git a/ftp/proftpd-devel/files/patch-support.c b/ftp/proftpd-devel/files/patch-support.c
new file mode 100644
index 000000000000..b4066f378711
--- /dev/null
+++ b/ftp/proftpd-devel/files/patch-support.c
@@ -0,0 +1,79 @@
+--- src/support.c 2005/09/28 02:06:26 1.78
++++ src/support.c 2006/11/27 14:49:47 1.80
+@@ -27,7 +27,7 @@
+ /* Various basic support routines for ProFTPD, used by all modules
+ * and not specific to one or another.
+ *
+- * $Id: support.c,v 1.78 2005/09/28 02:06:26 castaglia Exp $
++ * $Id: support.c,v 1.80 2006/11/27 14:49:47 jwm Exp $
+ */
+
+ #include "conf.h"
+@@ -632,7 +632,8 @@
+ char **mptr,**rptr;
+ char *marr[33],*rarr[33];
+ char buf[PR_TUNABLE_PATH_MAX] = {'\0'}, *pbuf = NULL;
+- size_t mlen = 0, rlen = 0, blen;
++ size_t mlen = 0, rlen = 0;
++ int blen;
+ int dyn = TRUE;
+
+ cp = buf;
+@@ -646,7 +647,7 @@
+
+ while ((m = va_arg(args, char *)) != NULL && mlen < sizeof(marr)-1) {
+ char *tmp = NULL;
+- size_t count = 0;
++ int count = 0;
+
+ if ((r = va_arg(args, char *)) == NULL)
+ break;
+@@ -659,6 +660,12 @@
+ while (tmp) {
+ pr_signals_handle();
+ count++;
++ if (count < 0) {
++ /* Integer overflow. In order to overflow integer range with a count
++ * of escapes, somebody must be doing something very strange.
++ */
++ return s;
++ }
+
+ /* Be sure to increment the pointer returned by strstr(3), to
+ * advance past the beginning of the substring for which we are
+@@ -674,6 +681,12 @@
+ */
+ if (count) {
+ blen += count * (strlen(r) - strlen(m));
++ if (blen < 0) {
++ /* Integer overflow. In order to overflow this, somebody must be
++ * doing something very strange.
++ */
++ return s;
++ }
+ marr[mlen] = m;
+ rarr[mlen++] = r;
+ }
+@@ -722,10 +735,11 @@
+ }
+
+ if (!*mptr) {
+- if ((cp - pbuf + 1) > blen) {
++ if ((cp - pbuf + 1) >= blen) {
+ pr_log_pri(PR_LOG_ERR,
+ "WARNING: attempt to overflow internal ProFTPD buffers");
+ cp = pbuf + blen - 1;
++ goto done;
+ }
+ *cp++ = *src++;
+ }
+@@ -768,6 +782,9 @@
+ char *sstrcat(char *dest, const char *src, size_t n) {
+ register char *d;
+
++ if (n == 0)
++ return NULL;
++
+ for (d = dest; *d && n > 1; d++, n--) ;
+
+ while (n-- > 1 && *src)
diff --git a/ftp/proftpd/Makefile b/ftp/proftpd/Makefile
index d392044538e3..fc13ea8ed65a 100644
--- a/ftp/proftpd/Makefile
+++ b/ftp/proftpd/Makefile
@@ -7,7 +7,7 @@
PORTNAME= proftpd
DISTVERSION= 1.3.0
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= ftp
MASTER_SITES= ftp://ftp.proftpd.org/distrib/source/ \
ftp://ftp.fastorama.com/mirrors/ftp.proftpd.org/distrib/source/ \
diff --git a/ftp/proftpd/files/patch-mod_tls.c b/ftp/proftpd/files/patch-mod_tls.c
new file mode 100644
index 000000000000..61b62a827fef
--- /dev/null
+++ b/ftp/proftpd/files/patch-mod_tls.c
@@ -0,0 +1,38 @@
+diff -u -r1.100 mod_tls.c
+--- contrib/mod_tls.c 29 Nov 2006 03:47:56 -0000 1.100
++++ contrib/mod_tls.c 29 Nov 2006 04:09:06 -0000
+@@ -3103,17 +3103,25 @@
+ long datalen = 0;
+ int ok;
+
+- if ((ok = X509_NAME_print_ex(mem, x509_name, 0, XN_FLAG_ONELINE)))
+- datalen = BIO_get_mem_data(mem, &data);
++ ok = X509_NAME_print_ex(mem, x509_name, 0, XN_FLAG_ONELINE);
++ if (ok) {
++ datalen = BIO_get_mem_data(mem, &data);
+
+- if (data) {
+- memset(&buf, '\0', sizeof(buf));
+- memcpy(buf, data, datalen);
+- buf[datalen] = '\0';
+- buf[sizeof(buf)-1] = '\0';
++ if (data) {
++ memset(&buf, '\0', sizeof(buf));
+
+- BIO_free(mem);
+- return buf;
++ if (datalen >= sizeof(buf)) {
++ datalen = sizeof(buf)-1;
++ }
++
++ memcpy(buf, data, datalen);
++
++ buf[datalen] = '\0';
++ buf[sizeof(buf)-1] = '\0';
++
++ BIO_free(mem);
++ return buf;
++ }
+ }
+
+ BIO_free(mem);
diff --git a/ftp/proftpd/files/patch-support.c b/ftp/proftpd/files/patch-support.c
new file mode 100644
index 000000000000..b4066f378711
--- /dev/null
+++ b/ftp/proftpd/files/patch-support.c
@@ -0,0 +1,79 @@
+--- src/support.c 2005/09/28 02:06:26 1.78
++++ src/support.c 2006/11/27 14:49:47 1.80
+@@ -27,7 +27,7 @@
+ /* Various basic support routines for ProFTPD, used by all modules
+ * and not specific to one or another.
+ *
+- * $Id: support.c,v 1.78 2005/09/28 02:06:26 castaglia Exp $
++ * $Id: support.c,v 1.80 2006/11/27 14:49:47 jwm Exp $
+ */
+
+ #include "conf.h"
+@@ -632,7 +632,8 @@
+ char **mptr,**rptr;
+ char *marr[33],*rarr[33];
+ char buf[PR_TUNABLE_PATH_MAX] = {'\0'}, *pbuf = NULL;
+- size_t mlen = 0, rlen = 0, blen;
++ size_t mlen = 0, rlen = 0;
++ int blen;
+ int dyn = TRUE;
+
+ cp = buf;
+@@ -646,7 +647,7 @@
+
+ while ((m = va_arg(args, char *)) != NULL && mlen < sizeof(marr)-1) {
+ char *tmp = NULL;
+- size_t count = 0;
++ int count = 0;
+
+ if ((r = va_arg(args, char *)) == NULL)
+ break;
+@@ -659,6 +660,12 @@
+ while (tmp) {
+ pr_signals_handle();
+ count++;
++ if (count < 0) {
++ /* Integer overflow. In order to overflow integer range with a count
++ * of escapes, somebody must be doing something very strange.
++ */
++ return s;
++ }
+
+ /* Be sure to increment the pointer returned by strstr(3), to
+ * advance past the beginning of the substring for which we are
+@@ -674,6 +681,12 @@
+ */
+ if (count) {
+ blen += count * (strlen(r) - strlen(m));
++ if (blen < 0) {
++ /* Integer overflow. In order to overflow this, somebody must be
++ * doing something very strange.
++ */
++ return s;
++ }
+ marr[mlen] = m;
+ rarr[mlen++] = r;
+ }
+@@ -722,10 +735,11 @@
+ }
+
+ if (!*mptr) {
+- if ((cp - pbuf + 1) > blen) {
++ if ((cp - pbuf + 1) >= blen) {
+ pr_log_pri(PR_LOG_ERR,
+ "WARNING: attempt to overflow internal ProFTPD buffers");
+ cp = pbuf + blen - 1;
++ goto done;
+ }
+ *cp++ = *src++;
+ }
+@@ -768,6 +782,9 @@
+ char *sstrcat(char *dest, const char *src, size_t n) {
+ register char *d;
+
++ if (n == 0)
++ return NULL;
++
+ for (d = dest; *d && n > 1; d++, n--) ;
+
+ while (n-- > 1 && *src)