From 3d3b4c365b37791b3d74ced893445f51f21986c2 Mon Sep 17 00:00:00 2001 From: nectar Date: Fri, 27 Apr 2001 18:15:34 +0000 Subject: Security fix: ``Buffer overflows exist in the FTP daemon included with MIT krb5.'' See and . Obtained from: MIT Kerberos mailing list --- security/krb5-16/files/patch-bd | 19 +++++++++++++++++++ security/krb5-17/files/patch-bd | 19 +++++++++++++++++++ security/krb5-appl/files/patch-bd | 19 +++++++++++++++++++ security/krb5/files/patch-bd | 19 +++++++++++++++++++ 4 files changed, 76 insertions(+) create mode 100644 security/krb5-16/files/patch-bd create mode 100644 security/krb5-17/files/patch-bd create mode 100644 security/krb5-appl/files/patch-bd create mode 100644 security/krb5/files/patch-bd diff --git a/security/krb5-16/files/patch-bd b/security/krb5-16/files/patch-bd new file mode 100644 index 00000000000..b2bf41284bb --- /dev/null +++ b/security/krb5-16/files/patch-bd @@ -0,0 +1,19 @@ +--- appl/gssftp/ftpd/ftpcmd.y.ORIG Wed Feb 28 16:06:45 2001 ++++ appl/gssftp/ftpd/ftpcmd.y Fri Apr 27 10:18:01 2001 +@@ -805,11 +805,13 @@ + * This is a valid reply in some cases but not in others. + */ + if (logged_in && $1 && strncmp((char *) $1, "~", 1) == 0) { +- *(char **)&($$) = *ftpglob((char *) $1); +- if (globerr != NULL) { ++ char **vv; ++ vv = ftpglob((char *) $1); ++ if (vv == NULL || globerr != NULL) { + reply(550, globerr); + $$ = NULL; +- } ++ } else ++ $$ = *vv; + free((char *) $1); + } else + $$ = $1; diff --git a/security/krb5-17/files/patch-bd b/security/krb5-17/files/patch-bd new file mode 100644 index 00000000000..b2bf41284bb --- /dev/null +++ b/security/krb5-17/files/patch-bd @@ -0,0 +1,19 @@ +--- appl/gssftp/ftpd/ftpcmd.y.ORIG Wed Feb 28 16:06:45 2001 ++++ appl/gssftp/ftpd/ftpcmd.y Fri Apr 27 10:18:01 2001 +@@ -805,11 +805,13 @@ + * This is a valid reply in some cases but not in others. + */ + if (logged_in && $1 && strncmp((char *) $1, "~", 1) == 0) { +- *(char **)&($$) = *ftpglob((char *) $1); +- if (globerr != NULL) { ++ char **vv; ++ vv = ftpglob((char *) $1); ++ if (vv == NULL || globerr != NULL) { + reply(550, globerr); + $$ = NULL; +- } ++ } else ++ $$ = *vv; + free((char *) $1); + } else + $$ = $1; diff --git a/security/krb5-appl/files/patch-bd b/security/krb5-appl/files/patch-bd new file mode 100644 index 00000000000..b2bf41284bb --- /dev/null +++ b/security/krb5-appl/files/patch-bd @@ -0,0 +1,19 @@ +--- appl/gssftp/ftpd/ftpcmd.y.ORIG Wed Feb 28 16:06:45 2001 ++++ appl/gssftp/ftpd/ftpcmd.y Fri Apr 27 10:18:01 2001 +@@ -805,11 +805,13 @@ + * This is a valid reply in some cases but not in others. + */ + if (logged_in && $1 && strncmp((char *) $1, "~", 1) == 0) { +- *(char **)&($$) = *ftpglob((char *) $1); +- if (globerr != NULL) { ++ char **vv; ++ vv = ftpglob((char *) $1); ++ if (vv == NULL || globerr != NULL) { + reply(550, globerr); + $$ = NULL; +- } ++ } else ++ $$ = *vv; + free((char *) $1); + } else + $$ = $1; diff --git a/security/krb5/files/patch-bd b/security/krb5/files/patch-bd new file mode 100644 index 00000000000..b2bf41284bb --- /dev/null +++ b/security/krb5/files/patch-bd @@ -0,0 +1,19 @@ +--- appl/gssftp/ftpd/ftpcmd.y.ORIG Wed Feb 28 16:06:45 2001 ++++ appl/gssftp/ftpd/ftpcmd.y Fri Apr 27 10:18:01 2001 +@@ -805,11 +805,13 @@ + * This is a valid reply in some cases but not in others. + */ + if (logged_in && $1 && strncmp((char *) $1, "~", 1) == 0) { +- *(char **)&($$) = *ftpglob((char *) $1); +- if (globerr != NULL) { ++ char **vv; ++ vv = ftpglob((char *) $1); ++ if (vv == NULL || globerr != NULL) { + reply(550, globerr); + $$ = NULL; +- } ++ } else ++ $$ = *vv; + free((char *) $1); + } else + $$ = $1; -- cgit