Security fix:

``Buffer overflows exist in the FTP daemon included with MIT krb5.'' See <URL:http://web.mit.edu/kerberos/www/advisories/ftpbuf.txt> and <URL:http://web.mit.edu/kerberos/www/advisories/ftpbuf_122_patch.txt>. Obtained from: MIT Kerberos mailing list
svn path=/head/; revision=41972
2001-04-27 18:15:34 +00:00 · 2001-04-27 18:15:34 +00:00 · 9168f72db8 · 2021-03-31 03:12:20 +00:00
commit 9168f72db8
parent 3f37ef937e
4 changed files with 76 additions and 0 deletions
--- a/security/krb5-16/files/patch-bd
+++ b/security/krb5-16/files/patch-bd
@ -0,0 +1,19 @@
+--- appl/gssftp/ftpd/ftpcmd.y.ORIG	Wed Feb 28 16:06:45 2001
+++ appl/gssftp/ftpd/ftpcmd.y	Fri Apr 27 10:18:01 2001
+@@ -805,11 +805,13 @@
+ 		 * This is a valid reply in some cases but not in others.
+ 		 */
+ 		if (logged_in && $1 && strncmp((char *) $1, "~", 1) == 0) {
+-			*(char **)&($$) = *ftpglob((char *) $1);
+-			if (globerr != NULL) {
+			char **vv;
+			vv = ftpglob((char *) $1);
+			if (vv == NULL || globerr != NULL) {
+ 				reply(550, globerr);
+ 				$$ = NULL;
+-			}
+			} else
+				$$ = *vv;
+ 			free((char *) $1);
+ 		} else
+ 			$$ = $1;
--- a/security/krb5-17/files/patch-bd
+++ b/security/krb5-17/files/patch-bd
@ -0,0 +1,19 @@
+--- appl/gssftp/ftpd/ftpcmd.y.ORIG	Wed Feb 28 16:06:45 2001
+++ appl/gssftp/ftpd/ftpcmd.y	Fri Apr 27 10:18:01 2001
+@@ -805,11 +805,13 @@
+ 		 * This is a valid reply in some cases but not in others.
+ 		 */
+ 		if (logged_in && $1 && strncmp((char *) $1, "~", 1) == 0) {
+-			*(char **)&($$) = *ftpglob((char *) $1);
+-			if (globerr != NULL) {
+			char **vv;
+			vv = ftpglob((char *) $1);
+			if (vv == NULL || globerr != NULL) {
+ 				reply(550, globerr);
+ 				$$ = NULL;
+-			}
+			} else
+				$$ = *vv;
+ 			free((char *) $1);
+ 		} else
+ 			$$ = $1;
--- a/security/krb5-appl/files/patch-bd
+++ b/security/krb5-appl/files/patch-bd
@ -0,0 +1,19 @@
+--- appl/gssftp/ftpd/ftpcmd.y.ORIG	Wed Feb 28 16:06:45 2001
+++ appl/gssftp/ftpd/ftpcmd.y	Fri Apr 27 10:18:01 2001
+@@ -805,11 +805,13 @@
+ 		 * This is a valid reply in some cases but not in others.
+ 		 */
+ 		if (logged_in && $1 && strncmp((char *) $1, "~", 1) == 0) {
+-			*(char **)&($$) = *ftpglob((char *) $1);
+-			if (globerr != NULL) {
+			char **vv;
+			vv = ftpglob((char *) $1);
+			if (vv == NULL || globerr != NULL) {
+ 				reply(550, globerr);
+ 				$$ = NULL;
+-			}
+			} else
+				$$ = *vv;
+ 			free((char *) $1);
+ 		} else
+ 			$$ = $1;
--- a/security/krb5/files/patch-bd
+++ b/security/krb5/files/patch-bd
@ -0,0 +1,19 @@
+--- appl/gssftp/ftpd/ftpcmd.y.ORIG	Wed Feb 28 16:06:45 2001
+++ appl/gssftp/ftpd/ftpcmd.y	Fri Apr 27 10:18:01 2001
+@@ -805,11 +805,13 @@
+ 		 * This is a valid reply in some cases but not in others.
+ 		 */
+ 		if (logged_in && $1 && strncmp((char *) $1, "~", 1) == 0) {
+-			*(char **)&($$) = *ftpglob((char *) $1);
+-			if (globerr != NULL) {
+			char **vv;
+			vv = ftpglob((char *) $1);
+			if (vv == NULL || globerr != NULL) {
+ 				reply(550, globerr);
+ 				$$ = NULL;
+-			}
+			} else
+				$$ = *vv;
+ 			free((char *) $1);
+ 		} else
+ 			$$ = $1;