freebsd-ports/ftp/wu-ftpd/files/patch-aa
Andrey A. Chernov f3e622985b Use snprintf to prevent non-exploitable in real life overflow
Submitted by:	Jun Kuriyama <kuriyama@FreeBSD.org>
2000-06-14 15:37:56 +00:00

31 lines
784 B
Plaintext

--- src/ftpd.c.orig Thu Oct 14 23:41:47 1999
+++ src/ftpd.c Wed Jun 14 14:48:27 2000
@@ -1602,9 +1602,9 @@
/* Display s/key challenge where appropriate. */
if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf))
- sprintf(buf, "Password required for %s.", name);
+ snprintf(buf, 128, "Password required for %s.", name);
else
- sprintf(buf, "%s %s for %s.", sbuf,
+ snprintf(buf, 128, "%s %s for %s.", sbuf,
pwok ? "allowed" : "required", name);
return (buf);
}
@@ -6346,7 +6346,6 @@
}
goto globfree;
}
- if ((st.st_mode & S_IFMT) != S_IFDIR) {
if (dout == NULL) {
dout = dataconn("file list", (off_t) - 1, "w");
if (dout == NULL)
@@ -6369,7 +6368,6 @@
byte_count_out++;
}
#endif
- }
}
if (dout != NULL) {