bad stack overflows #66495

author: Mike Frysinger <vapier@gentoo.org> 2004-10-07 04:52:05 +0000
committer: Mike Frysinger <vapier@gentoo.org> 2004-10-07 04:52:05 +0000
commit: b1c9dfe558b7dd2679cf730aee5e4db223334759 (patch)
tree: dd1a70de5a5973271c85e94c2cd98af19afa18f5 /net-ftp/glftpd
parent: add a small sandbox fix and a /dev/null check to aid in debugging bug 65876 (diff)
download: historical-b1c9dfe558b7dd2679cf730aee5e4db223334759.tar.gz
historical-b1c9dfe558b7dd2679cf730aee5e4db223334759.tar.bz2
historical-b1c9dfe558b7dd2679cf730aee5e4db223334759.zip
5 files changed, 58 insertions, 9 deletions
diff --git a/net-ftp/glftpd/ChangeLog b/net-ftp/glftpd/ChangeLog
index 61c32f6983aa..f4090bad60f2 100644
--- a/net-ftp/glftpd/ChangeLog
+++ b/net-ftp/glftpd/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-ftp/glftpd
 # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/ChangeLog,v 1.10 2004/09/21 01:59:46 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/ChangeLog,v 1.11 2004/10/07 04:52:05 vapier Exp $
+
+*glftpd-1.32-r2 (07 Oct 2004)
+
+  07 Oct 2004; Mike Frysinger <vapier@gentoo.org>
+  files/1.32-stack-overflow.patch, -glftpd-1.32-r1.ebuild,
+  +glftpd-1.32-r2.ebuild:
+  More stack overflow fixes #66495.
 
 *glftpd-1.32-r1 (20 Sep 2004)
 
diff --git a/net-ftp/glftpd/Manifest b/net-ftp/glftpd/Manifest
index c6ebb8fb2a1b..8c2dc7fe6f64 100644
--- a/net-ftp/glftpd/Manifest
+++ b/net-ftp/glftpd/Manifest
@@ -1,17 +1,17 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-MD5 78b5f0b1caeb66a743083e78ca60ad24 ChangeLog 961
-MD5 2b647d0a96e8b30705782d2b79bec1e8 glftpd-1.32-r1.ebuild 2815
+MD5 1fef3ca1f661daced2176fc7546f366c ChangeLog 1164
+MD5 9dd1420157cac21f15cbcb10e0197dbf glftpd-1.32-r2.ebuild 2815
 MD5 4acdfa97d781bcecd8107b66a882ada8 files/1.32-install.patch 1432
 MD5 81335a6d3e45dc6d3d00f1b30eedd849 files/glftpd.env.d 26
 MD5 6399dbb185314c6017b02b3df2cdf5ea files/glftpd.xinetd.d 384
-MD5 421ebf4ff7a3d7618578fa291d8bef23 files/digest-glftpd-1.32-r1 65
-MD5 f619ff9e604df95944d54c1d624970a6 files/1.32-stack-overflow.patch 411
+MD5 16562ebfbe49bca89d32784bca1126f2 files/1.32-stack-overflow.patch 1818
+MD5 421ebf4ff7a3d7618578fa291d8bef23 files/digest-glftpd-1.32-r2 65
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.9.10 (GNU/Linux)
 
-iD8DBQFBT4suHTu7gpaalycRAlqEAKCDMwByqO60OPsAVS13Xcxj2xej/ACeIUAU
-na+bp8yibYhlg0rKbFwwywk=
-=hPxv
+iD8DBQFBZMuEHTu7gpaalycRAo1RAJ9eaaQcxlSktgA+7+ZdUOUtRswacgCg+AEG
+3+U7w2TVs/x+t4/6pwfBK3g=
+=3MIk
 -----END PGP SIGNATURE-----
diff --git a/net-ftp/glftpd/files/1.32-stack-overflow.patch b/net-ftp/glftpd/files/1.32-stack-overflow.patch
index d10182606760..b6ffed04d991 100644
--- a/net-ftp/glftpd/files/1.32-stack-overflow.patch
+++ b/net-ftp/glftpd/files/1.32-stack-overflow.patch
@@ -10,3 +10,45 @@
    if((fp = fopen(dupefile, "r")) == NULL)
      return 0;
  
+--- bin/sources/dirlogclean.c.orig	2002-11-24 08:52:14.000000000 -0500
++++ bin/sources/dirlogclean.c	2004-10-06 20:49:02.357541216 -0400
+@@ -99,14 +99,16 @@
+     if (argv[x][0] != '-') { } else {
+       switch ( argv[x][1] ) {
+         case 'r':
+-	        strcpy(config_file, argv[x+1]);
++	        strncpy(config_file, argv[x+1], sizeof(config_file) - 1);
++		config_file[ sizeof(config_file) - 1 ] = '\0';
+ 	        break;
+       }
+     }
+     x++;
+    }
+   
+-   strcpy(cleanname, argv[argc-1]);
++   strncpy(cleanname, argv[argc-1], sizeof(cleanname) - 1);
++   cleanname[ sizeof(cleanname) - 1 ] = '\0';
+    printf("CLEANING: %s\n", cleanname);
+ 
+    read_conf_datapath(datapath, config_file);
+--- bin/sources/formateduser.c.orig	2002-11-24 08:52:14.000000000 -0500
++++ bin/sources/formateduser.c	2004-10-06 20:51:35.995184744 -0400
+@@ -238,7 +238,8 @@
+     if (argv[x][0] != '-') { } else {
+       switch ( argv[x][1] ) {
+         case 'r':
+-	        strcpy(config_file, argv[x+1]);
++	        strncpy(config_file, argv[x+1], sizeof(config_file) - 1);
++		config_file[ sizeof(config_file) - 1 ] = '\0';
+ 	        break;
+       }
+     }
+@@ -246,7 +247,7 @@
+    }
+    
+    read_conf_datapath(datapath, config_file);
+-   sprintf(userfile, "%s/users/%s", datapath, argv[argc-1]);
++   snprintf(userfile, sizeof(userfile), "%s/users/%s", datapath, argv[argc-1]);
+    
+ 
+    if((fp = fopen(userfile, "r")) == NULL)
diff --git a/net-ftp/glftpd/files/digest-glftpd-1.32-r1 b/net-ftp/glftpd/files/digest-glftpd-1.32-r2
index ae51c837d55b..ae51c837d55b 100644
--- a/net-ftp/glftpd/files/digest-glftpd-1.32-r1
+++ b/net-ftp/glftpd/files/digest-glftpd-1.32-r2
diff --git a/net-ftp/glftpd/glftpd-1.32-r1.ebuild b/net-ftp/glftpd/glftpd-1.32-r2.ebuild
index 02fda6ffda6b..bbd768c14a97 100644
--- a/net-ftp/glftpd/glftpd-1.32-r1.ebuild
+++ b/net-ftp/glftpd/glftpd-1.32-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/glftpd-1.32-r1.ebuild,v 1.1 2004/09/21 01:59:46 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/glftpd/glftpd-1.32-r2.ebuild,v 1.1 2004/10/07 04:52:05 vapier Exp $
 
 inherit eutils
author	Mike Frysinger <vapier@gentoo.org>	2004-10-07 04:52:05 +0000
committer	Mike Frysinger <vapier@gentoo.org>	2004-10-07 04:52:05 +0000
commit	b1c9dfe558b7dd2679cf730aee5e4db223334759 (patch)
tree	dd1a70de5a5973271c85e94c2cd98af19afa18f5 /net-ftp/glftpd
parent	add a small sandbox fix and a /dev/null check to aid in debugging bug 65876 (diff)
download	historical-b1c9dfe558b7dd2679cf730aee5e4db223334759.tar.gz historical-b1c9dfe558b7dd2679cf730aee5e4db223334759.tar.bz2 historical-b1c9dfe558b7dd2679cf730aee5e4db223334759.zip