SOURCES: proftpd-CVE-2006-5815.patch (NEW) - needed on head, too

Tue Jan 2 01:45:49 CET 2007

Author: arekm                        Date: Tue Jan  2 00:45:49 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- needed on head, too

---- Files affected:
SOURCES:
   proftpd-CVE-2006-5815.patch (1.2 -> 1.3)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/proftpd-CVE-2006-5815.patch
diff -u /dev/null SOURCES/proftpd-CVE-2006-5815.patch:1.3

--- /dev/null	Tue Jan  2 01:45:49 2007
+++ SOURCES/proftpd-CVE-2006-5815.patch	Tue Jan  2 01:45:44 2007
@@ -0,0 +1,47 @@
+diff -ruN proftpd-1.2.10-old/src/main.c proftpd-1.2.10/src/main.c
+--- proftpd-1.2.10-old/src/main.c	2006-11-20 14:06:17.000000000 +0100
++++ proftpd-1.2.10/src/main.c	2006-11-20 14:07:03.000000000 +0100
+@@ -118,6 +118,8 @@
+ 
+ static char sbuf[PR_TUNABLE_BUFFER_SIZE] = {'\0'};
+ 
++#define PR_DEFAULT_CMD_BUFSZ 512
++
+ static char **Argv = NULL;
+ static char *LastArgv = NULL;
+ static const char *PidPath = PID_FILE_PATH;
+@@ -810,16 +812,25 @@
+       reset_timer(TIMER_IDLE, NULL);
+ 
+     if (cmd_buf_size == -1) {
+-      long *buf_size = get_param_ptr(main_server->conf,
+-        "CommandBufferSize", FALSE);
+-
+-      if (buf_size == NULL || *buf_size <= 0)
+-        cmd_buf_size = 512;
++      int *bufsz = get_param_ptr(main_server->conf, "CommandBufferSize", FALSE);
++      if (bufsz == NULL) {
++        cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
++
++      } else if (*bufsz <= 0) {
++        pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
++          "given, using default buffer size (%u) instead",
++          *bufsz, PR_DEFAULT_CMD_BUFSZ);
++        cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
++
++      } else if (*bufsz + 1 > sizeof(buf)) {
++        pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
++          "given, using default buffer size (%u) instead",
++          *bufsz, PR_DEFAULT_CMD_BUFSZ);
++        cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
+ 
+-      else if (*buf_size + 1 > sizeof(buf)) {
+-	pr_log_pri(PR_LOG_WARNING, "Invalid CommandBufferSize size given. "
+-          "Resetting to 512.");
+-	cmd_buf_size = 512;
++      } else {
++        pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz);
++        cmd_buf_size = (long) *bufsz;
+       }
+     }
+ 
================================================================
