- fix CORE-2006-1127, ProFTPD Controls Buffer Overflow

author Jan Rękorajski <baggins@pld-linux.org>

Thu, 14 Dec 2006 16:12:21 +0000 (16:12 +0000)

committer cvs2git <feedback@pld-linux.org>

Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
author Jan Rękorajski <baggins@pld-linux.org>
Thu, 14 Dec 2006 16:12:21 +0000 (16:12 +0000)
committer cvs2git <feedback@pld-linux.org>
Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
diff --git a/proftpd-ctrls-reqarglen.patch b/proftpd-ctrls-reqarglen.patch

new file mode 100644 (file)

index 0000000..db0bcfc
--- /dev/null
+++ b/proftpd-ctrls-reqarglen.patch
@@ -0,0 +1,49 @@
+Index: src/ctrls.c
+===================================================================
+RCS file: /cvsroot/proftp/proftpd/src/ctrls.c,v
+retrieving revision 1.14
+diff -u -r1.14 ctrls.c
+--- src/ctrls.c        24 Oct 2006 16:13:31 -0000      1.14
++++ src/ctrls.c        8 Dec 2006 17:02:34 -0000
+@@ -534,11 +534,20 @@
+     return -1;
+   }
+ 
++  if (reqarglen >= sizeof(reqaction)) {
++    pr_signals_unblock();
++    errno = ENOMEM;
++    return -1;
++  }
++
++  memset(reqaction, '\0', sizeof(reqaction));
++
+   if (read(cl->cl_fd, reqaction, reqarglen) < 0) {
+     pr_signals_unblock();
+     return -1;
+   }
+ 
++  reqaction[sizeof(reqaction)-1] = '\0';
+   nreqargs--;
+ 
+   /* Find a matching action object, and use it to populate a ctrl object,
+@@ -657,17 +666,16 @@
+       return -1;
+     }
+ 
+-    memset(response, '\0', sizeof(response));
+-
+     /* Make sure resparglen is not too big */
+-    if (resparglen > sizeof(response)) {
++    if (resparglen >= sizeof(response)) {
+       pr_signals_unblock();
+       errno = ENOMEM;
+       return -1;
+     }
+ 
+-    bread = read(ctrls_sockfd, response, resparglen);
++    memset(response, '\0', sizeof(response));
+ 
++    bread = read(ctrls_sockfd, response, resparglen);
+     while (bread != resparglen) {
+       if (bread < 0) {
+         pr_signals_unblock(); 
diff --git a/proftpd.spec b/proftpd.spec

index f1cd4d40130dc90f26cd8aac4e2aac77f91850aa..308260f7a41c7da785b97206f91a0f804772ffaf 100644 (file)
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -43,6 +43,7 @@ Patch3:               %{name}-wtmp.patch
  Patch4:                %{name}-configure.patch
  Patch5:                %{name}-pool.patch
  Patch6:                %{name}-CVE-2006-5815.patch
+Patch7:                %{name}-ctrls-reqarglen.patch
  URL:           http://www.proftpd.org/
  BuildRequires: autoconf
  BuildRequires: automake
@@ -427,6 +428,7 @@ dodaje hosty do pliku /etc/hosts.deny.
  %patch4 -p1
  %patch5 -p1
  %patch6 -p1
+%patch7 -p0
  
  cp -f /usr/share/automake/config.sub .
author	Jan Rękorajski <baggins@pld-linux.org>
	Thu, 14 Dec 2006 16:12:21 +0000 (16:12 +0000)
committer	cvs2git <feedback@pld-linux.org>
	Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
proftpd-ctrls-reqarglen.patch	[new file with mode: 0644]	patch \| blob
proftpd.spec		patch \| blob \| blame \| history