- from Debian

author Jakub Bogusz <qboosh@pld-linux.org>

Fri, 15 Dec 2006 08:38:38 +0000 (08:38 +0000)

committer cvs2git <feedback@pld-linux.org>

Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
author Jakub Bogusz <qboosh@pld-linux.org>
Fri, 15 Dec 2006 08:38:38 +0000 (08:38 +0000)
committer cvs2git <feedback@pld-linux.org>
Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
diff --git a/proftpd-CVE-2006-6170.patch b/proftpd-CVE-2006-6170.patch

new file mode 100644 (file)

index 0000000..779426c
--- /dev/null
+++ b/proftpd-CVE-2006-6170.patch
@@ -0,0 +1,38 @@
+diff -ruN proftpd-1.2.10-old/contrib/mod_tls.c proftpd-1.2.10/contrib/mod_tls.c
+--- proftpd-1.2.10-old/contrib/mod_tls.c       2004-07-01 03:06:09.000000000 +0200
++++ proftpd-1.2.10/contrib/mod_tls.c   2006-11-29 11:33:05.000000000 +0100
+@@ -2288,17 +2288,25 @@
+   long datalen = 0;
+   int ok;
+    
+-  if ((ok = X509_NAME_print_ex(mem, x509_name, 0, XN_FLAG_ONELINE)))
+-     datalen = BIO_get_mem_data(mem, &data);
++  ok = X509_NAME_print_ex(mem, x509_name, 0, XN_FLAG_ONELINE);
++  if (ok) {
++    datalen = BIO_get_mem_data(mem, &data);
+ 
+-  if (data) {
+-    memset(&buf, '\0', sizeof(buf));
+-    memcpy(buf, data, datalen);
+-    buf[datalen] = '\0';
+-    buf[sizeof(buf)-1] = '\0';
++    if (data) {
++      memset(&buf, '\0', sizeof(buf));
+ 
+-    BIO_free(mem);
+-    return buf;
++      if (datalen >= sizeof(buf)) {
++        datalen = sizeof(buf)-1;
++      }
++
++      memcpy(buf, data, datalen);
++
++      buf[datalen] = '\0';
++      buf[sizeof(buf)-1] = '\0';
++
++      BIO_free(mem);
++      return buf;
++    }
+   }
+ 
+   BIO_free(mem);
author	Jakub Bogusz <qboosh@pld-linux.org>
	Fri, 15 Dec 2006 08:38:38 +0000 (08:38 +0000)
committer	cvs2git <feedback@pld-linux.org>
	Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)