+++ /dev/null
-diff -ruN proftpd-1.2.10-old/src/main.c proftpd-1.2.10/src/main.c
---- proftpd-1.2.10-old/src/main.c 2006-11-20 14:06:17.000000000 +0100
-+++ proftpd-1.2.10/src/main.c 2006-11-20 14:07:03.000000000 +0100
-@@ -118,6 +118,8 @@
-
- static char sbuf[PR_TUNABLE_BUFFER_SIZE] = {'\0'};
-
-+#define PR_DEFAULT_CMD_BUFSZ 512
-+
- static char **Argv = NULL;
- static char *LastArgv = NULL;
- static const char *PidPath = PID_FILE_PATH;
-@@ -810,16 +812,25 @@
- reset_timer(TIMER_IDLE, NULL);
-
- if (cmd_buf_size == -1) {
-- long *buf_size = get_param_ptr(main_server->conf,
-- "CommandBufferSize", FALSE);
--
-- if (buf_size == NULL || *buf_size <= 0)
-- cmd_buf_size = 512;
-+ int *bufsz = get_param_ptr(main_server->conf, "CommandBufferSize", FALSE);
-+ if (bufsz == NULL) {
-+ cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
-+
-+ } else if (*bufsz <= 0) {
-+ pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
-+ "given, using default buffer size (%u) instead",
-+ *bufsz, PR_DEFAULT_CMD_BUFSZ);
-+ cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
-+
-+ } else if (*bufsz + 1 > sizeof(buf)) {
-+ pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
-+ "given, using default buffer size (%u) instead",
-+ *bufsz, PR_DEFAULT_CMD_BUFSZ);
-+ cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
-
-- else if (*buf_size + 1 > sizeof(buf)) {
-- pr_log_pri(PR_LOG_WARNING, "Invalid CommandBufferSize size given. "
-- "Resetting to 512.");
-- cmd_buf_size = 512;
-+ } else {
-+ pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz);
-+ cmd_buf_size = (long) *bufsz;
- }
- }
-
+++ /dev/null
-diff -ruN proftpd-1.2.10-old/contrib/mod_tls.c proftpd-1.2.10/contrib/mod_tls.c
---- proftpd-1.2.10-old/contrib/mod_tls.c 2004-07-01 03:06:09.000000000 +0200
-+++ proftpd-1.2.10/contrib/mod_tls.c 2006-11-29 11:33:05.000000000 +0100
-@@ -2288,17 +2288,25 @@
- long datalen = 0;
- int ok;
-
-- if ((ok = X509_NAME_print_ex(mem, x509_name, 0, XN_FLAG_ONELINE)))
-- datalen = BIO_get_mem_data(mem, &data);
-+ ok = X509_NAME_print_ex(mem, x509_name, 0, XN_FLAG_ONELINE);
-+ if (ok) {
-+ datalen = BIO_get_mem_data(mem, &data);
-
-- if (data) {
-- memset(&buf, '\0', sizeof(buf));
-- memcpy(buf, data, datalen);
-- buf[datalen] = '\0';
-- buf[sizeof(buf)-1] = '\0';
-+ if (data) {
-+ memset(&buf, '\0', sizeof(buf));
-
-- BIO_free(mem);
-- return buf;
-+ if (datalen >= sizeof(buf)) {
-+ datalen = sizeof(buf)-1;
-+ }
-+
-+ memcpy(buf, data, datalen);
-+
-+ buf[datalen] = '\0';
-+ buf[sizeof(buf)-1] = '\0';
-+
-+ BIO_free(mem);
-+ return buf;
-+ }
- }
-
- BIO_free(mem);
+++ /dev/null
-Index: src/ctrls.c
-===================================================================
-RCS file: /cvsroot/proftp/proftpd/src/ctrls.c,v
-retrieving revision 1.14
-diff -u -r1.14 ctrls.c
---- src/ctrls.c 24 Oct 2006 16:13:31 -0000 1.14
-+++ src/ctrls.c 8 Dec 2006 17:02:34 -0000
-@@ -534,11 +534,20 @@
- return -1;
- }
-
-+ if (reqarglen >= sizeof(reqaction)) {
-+ pr_signals_unblock();
-+ errno = ENOMEM;
-+ return -1;
-+ }
-+
-+ memset(reqaction, '\0', sizeof(reqaction));
-+
- if (read(cl->cl_fd, reqaction, reqarglen) < 0) {
- pr_signals_unblock();
- return -1;
- }
-
-+ reqaction[sizeof(reqaction)-1] = '\0';
- nreqargs--;
-
- /* Find a matching action object, and use it to populate a ctrl object,
-@@ -657,17 +666,16 @@
- return -1;
- }
-
-- memset(response, '\0', sizeof(response));
--
- /* Make sure resparglen is not too big */
-- if (resparglen > sizeof(response)) {
-+ if (resparglen >= sizeof(response)) {
- pr_signals_unblock();
- errno = ENOMEM;
- return -1;
- }
-
-- bread = read(ctrls_sockfd, response, resparglen);
-+ memset(response, '\0', sizeof(response));
-
-+ bread = read(ctrls_sockfd, response, resparglen);
- while (bread != resparglen) {
- if (bread < 0) {
- pr_signals_unblock();