SOURCES: proftpd-ctrls-reqarglen.patch (NEW) - fix CORE-2006-1127, ...
baggins
baggins at pld-linux.org
Thu Dec 14 17:11:20 CET 2006
Author: baggins Date: Thu Dec 14 16:11:20 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- fix CORE-2006-1127, ProFTPD Controls Buffer Overflow
---- Files affected:
SOURCES:
proftpd-ctrls-reqarglen.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/proftpd-ctrls-reqarglen.patch
diff -u /dev/null SOURCES/proftpd-ctrls-reqarglen.patch:1.1
--- /dev/null Thu Dec 14 17:11:20 2006
+++ SOURCES/proftpd-ctrls-reqarglen.patch Thu Dec 14 17:11:15 2006
@@ -0,0 +1,49 @@
+Index: src/ctrls.c
+===================================================================
+RCS file: /cvsroot/proftp/proftpd/src/ctrls.c,v
+retrieving revision 1.14
+diff -u -r1.14 ctrls.c
+--- src/ctrls.c 24 Oct 2006 16:13:31 -0000 1.14
++++ src/ctrls.c 8 Dec 2006 17:02:34 -0000
+@@ -534,11 +534,20 @@
+ return -1;
+ }
+
++ if (reqarglen >= sizeof(reqaction)) {
++ pr_signals_unblock();
++ errno = ENOMEM;
++ return -1;
++ }
++
++ memset(reqaction, '\0', sizeof(reqaction));
++
+ if (read(cl->cl_fd, reqaction, reqarglen) < 0) {
+ pr_signals_unblock();
+ return -1;
+ }
+
++ reqaction[sizeof(reqaction)-1] = '\0';
+ nreqargs--;
+
+ /* Find a matching action object, and use it to populate a ctrl object,
+@@ -657,17 +666,16 @@
+ return -1;
+ }
+
+- memset(response, '\0', sizeof(response));
+-
+ /* Make sure resparglen is not too big */
+- if (resparglen > sizeof(response)) {
++ if (resparglen >= sizeof(response)) {
+ pr_signals_unblock();
+ errno = ENOMEM;
+ return -1;
+ }
+
+- bread = read(ctrls_sockfd, response, resparglen);
++ memset(response, '\0', sizeof(response));
+
++ bread = read(ctrls_sockfd, response, resparglen);
+ while (bread != resparglen) {
+ if (bread < 0) {
+ pr_signals_unblock();
================================================================
More information about the pld-cvs-commit
mailing list